def test_get_secret_hashes(): with mock.patch( 'paasta_tools.secret_tools.is_secret_ref', autospec=True, return_value=False, ) as mock_is_secret_ref, mock.patch( 'paasta_tools.secret_tools.get_hmac_for_secret', autospec=True, ) as mock_get_hmac_for_secret: env = {'SOME_VAR': 'SOME_VAL'} assert get_secret_hashes(env, 'dev', 'service', DEFAULT_SOA_DIR) == {} mock_is_secret_ref.assert_called_with("SOME_VAL") assert not mock_get_hmac_for_secret.called mock_is_secret_ref.return_value = True expected = {"SOME_VAL": mock_get_hmac_for_secret.return_value} assert get_secret_hashes(env, 'dev', 'service', DEFAULT_SOA_DIR) == expected mock_is_secret_ref.assert_called_with("SOME_VAL") mock_get_hmac_for_secret.assert_called_with( env_var_val="SOME_VAL", service="service", soa_dir=DEFAULT_SOA_DIR, secret_environment='dev', )
def get_config_for_bounce_hash(complete_config, service, soa_dir, system_paasta_config): environment_variables = {x['name']: x['value'] for x in complete_config['environmentVariables']} secret_hashes = get_secret_hashes( environment_variables=environment_variables, secret_environment=system_paasta_config.get_vault_environment(), service=service, soa_dir=soa_dir, ) if secret_hashes: complete_config['paasta_secrets'] = secret_hashes return complete_config