Esempio n. 1
0
    def test_create_kubernetes_configuration(self, test_label, mount_point,
                                             kubernetes_host, pem_keys,
                                             requests_mocker):
        expected_status_code = 204
        mock_url = 'http://localhost:8200/v1/auth/{0}/config'.format(
            'kubernetes' if mount_point is None else mount_point, )
        requests_mocker.register_uri(
            method='POST',
            url=mock_url,
            status_code=expected_status_code,
        )
        client = Client()

        test_arguments = dict(
            kubernetes_host=kubernetes_host,
            pem_keys=pem_keys,
        )
        if mount_point:
            test_arguments['mount_point'] = mount_point

        actual_response = client.create_kubernetes_configuration(
            **test_arguments)

        self.assertEquals(
            first=expected_status_code,
            second=actual_response.status_code,
        )
Esempio n. 2
0
    def test_create_kubernetes_configuration(self, test_label, mount_point, kubernetes_host, pem_keys, requests_mocker):
        expected_status_code = 204
        mock_url = 'http://localhost:8200/v1/auth/{0}/config'.format(
            'kubernetes' if mount_point is None else mount_point,
        )
        requests_mocker.register_uri(
            method='POST',
            url=mock_url,
            status_code=expected_status_code,
        )
        client = Client()

        test_arguments = dict(
            kubernetes_host=kubernetes_host,
            pem_keys=pem_keys,
        )
        if mount_point:
            test_arguments['mount_point'] = mount_point

        actual_response = client.create_kubernetes_configuration(**test_arguments)

        self.assertEquals(
            first=expected_status_code,
            second=actual_response.status_code,
        )
Esempio n. 3
0
                      verify=False)

# Enable Kubernetes auth
k8s_addr = os.getenv('KUBERNETES_PORT_443_TCP_ADDR')
k8s_ca_crt = k8s_client.read_namespaced_config_map('kube-root-ca.crt',
                                                   'platform').data["ca.crt"]
k8s_vault_sa = k8s_client.read_namespaced_service_account('vault', 'platform')
k8s_vault_sa_jwt_data = k8s_client.read_namespaced_secret(
    k8s_vault_sa.secrets[0].name, "platform").data
k8s_vault_sa_jwt = base64.b64decode(k8s_vault_sa_jwt_data['token']).decode()

vault_client.sys.enable_auth_method("kubernetes")

vault_client.create_kubernetes_configuration(
    kubernetes_host=f"https://{k8s_addr}:443",
    kubernetes_ca_cert=k8s_ca_crt,
    token_reviewer_jwt=k8s_vault_sa_jwt,
    mount_point="kubernetes")

# Some prefixes
project_prefix = "humble"
main_secret_path = 'humble'

# Create policies
read_only_policy = f"""
path "{main_secret_path}/*" {{
  capabilities = ["read", "list"]
}}
"""

read_only_policy_name = f"{project_prefix}-read-only"