Esempio n. 1
0
    def test_create_role(self, test_label, mount_point, role_name,
                         bound_service_account_names,
                         bound_service_account_namespaces, requests_mocker):
        expected_status_code = 204
        mock_url = 'http://localhost:8200/v1/auth/{0}/role/{1}'.format(
            'kubernetes' if mount_point is None else mount_point,
            role_name,
        )
        requests_mocker.register_uri(
            method='POST',
            url=mock_url,
            status_code=expected_status_code,
        )
        client = Client()

        test_arguments = dict(
            name=role_name,
            bound_service_account_names=bound_service_account_names,
            bound_service_account_namespaces=bound_service_account_namespaces,
        )
        if mount_point:
            test_arguments['mount_point'] = mount_point
        actual_response = client.create_kubernetes_role(**test_arguments)

        self.assertEquals(
            first=expected_status_code,
            second=actual_response.status_code,
        )
Esempio n. 2
0
    def test_create_role(self, test_label, mount_point, role_name, bound_service_account_names, bound_service_account_namespaces, requests_mocker):
        expected_status_code = 204
        mock_url = 'http://localhost:8200/v1/auth/{0}/role/{1}'.format(
            'kubernetes' if mount_point is None else mount_point,
            role_name,
        )
        requests_mocker.register_uri(
            method='POST',
            url=mock_url,
            status_code=expected_status_code,
        )
        client = Client()

        test_arguments = dict(
            name=role_name,
            bound_service_account_names=bound_service_account_names,
            bound_service_account_namespaces=bound_service_account_namespaces,
        )
        if mount_point:
            test_arguments['mount_point'] = mount_point
        actual_response = client.create_kubernetes_role(**test_arguments)

        self.assertEquals(
            first=expected_status_code,
            second=actual_response.status_code,
        )
Esempio n. 3
0
admin_policy_name = f"{project_prefix}-admin"
vault_client.sys.create_or_update_policy(
    name=admin_policy_name,
    policy=admin_policy,
)

# Create vault-app role with read-only policy
vault_app_sa = k8s_client.read_namespaced_service_account(
    'vault-app', 'platform')
vault_app_sa_secret = k8s_client.read_namespaced_secret(
    vault_app_sa.secrets[0].name, "platform").data
vault_app_sa_token = base64.b64decode(vault_app_sa_secret['token']).decode()

vault_client.create_kubernetes_role(
    "vault-kubernetes", [vault_app_sa.metadata.name, "external-secrets"],
    ['platform'],
    mount_point="kubernetes",
    policies=[read_only_policy_name])

vault_client.sys.enable_secrets_engine(backend_type='kv',
                                       path=main_secret_path,
                                       options={'version': 2})


def gen_secret(length: int = 64):
    return secrets.token_urlsafe(length)


# Feed init secrets
secrets_list = {
    'ak_admin_token': gen_secret(),