def test_should_catch_approle_invalid_secret_id_abort_the_run(hvac): config = { "vault_addr": "http://someaddr.com", "vault_role_id": "mighty_id", "vault_role_secret": "expired", } fake_client = MagicMock() fake_client.auth_approle.side_effect = InvalidRequest() hvac.Client.return_value = fake_client with pytest.raises(InvalidExperiment): create_vault_client(config)
def test_should_catch_service_account_invalid_abort_the_run(hvac): config = { "vault_addr": "http://someaddr.com", "vault_sa_role": "invalid", "vault_kv_version": "1", } fake_client = MagicMock() fake_client.auth_kubernetes.side_effect = InvalidRequest() hvac.Client.return_value = fake_client with pytest.raises(InvalidExperiment): create_vault_client(config)
def test_should_auth_with_token(hvac): config = { "vault_addr": "http://someaddr.com", "vault_token": "not_awesome_token", "vault_kv_version": "1", } fake_client = MagicMock() hvac.Client.return_value = fake_client vault_client = create_vault_client(config) assert vault_client.token == config["vault_token"] fake_client.auth_approle.assert_not_called()
def test_should_auth_with_token(hvac): config = { 'vault_addr': 'http://someaddr.com', 'vault_token': 'not_awesome_token', 'vault_kv_version': '1' } fake_client = MagicMock() hvac.Client.return_value = fake_client vault_client = create_vault_client(config) assert vault_client.token == config['vault_token'] fake_client.auth_approle.assert_not_called()
def test_should_auth_with_approle(hvac): config = { "vault_addr": "http://someaddr.com", "vault_role_id": "mighty_id", "vault_role_secret": "secret_secret", } fake_auth_object = {"auth": {"client_token": "awesome_token"}} fake_client = MagicMock() fake_client.auth_approle.return_value = fake_auth_object hvac.Client.return_value = fake_client vault_client = create_vault_client(config) assert vault_client.token == fake_auth_object["auth"]["client_token"] fake_client.auth_approle.assert_called_with(config["vault_role_id"], config["vault_role_secret"])
def test_should_auth_with_approle(hvac): config = { 'vault_addr': 'http://someaddr.com', 'vault_role_id': 'mighty_id', 'vault_role_secret': 'secret_secret' } fake_auth_object = {'auth': {'client_token': 'awesome_token'}} fake_client = MagicMock() fake_client.auth_approle.return_value = fake_auth_object hvac.Client.return_value = fake_client vault_client = create_vault_client(config) assert vault_client.token == fake_auth_object['auth']['client_token'] fake_client.auth_approle.assert_called_with(config['vault_role_id'], config['vault_role_secret'])
def test_should_auth_with_service_account(hvac): config = { 'vault_addr': 'http://someaddr.com', 'vault_sa_role': 'some_role', 'vault_k8s_mount_point': 'not_kubernetes', 'vault_kv_version': '1' } fake_client = MagicMock() hvac.Client.return_value = fake_client with patch('chaoslib.secret.open', mock_open(read_data="fake_sa_token")): vault_client = create_vault_client(config) vault_client.auth_approle.assert_not_called() vault_client.auth_kubernetes.assert_called_with( role=config['vault_sa_role'], jwt='fake_sa_token', use_token=True, mount_point=config['vault_k8s_mount_point'])
def test_should_auth_with_service_account(hvac): config = { "vault_addr": "http://someaddr.com", "vault_sa_role": "some_role", "vault_k8s_mount_point": "not_kubernetes", "vault_kv_version": "1", } fake_client = MagicMock() hvac.Client.return_value = fake_client with patch("chaoslib.secret.open", mock_open(read_data="fake_sa_token")): vault_client = create_vault_client(config) vault_client.auth_approle.assert_not_called() vault_client.auth_kubernetes.assert_called_with( role=config["vault_sa_role"], jwt="fake_sa_token", use_token=True, mount_point=config["vault_k8s_mount_point"], )
@patch("chaoslib.secret.hvac") def test_should_auth_with_approle(hvac): config = { "vault_addr": "http://someaddr.com", "vault_role_id": "mighty_id", "vault_role_secret": "secret_secret", } fake_auth_object = {"auth": {"client_token": "awesome_token"}} fake_client = MagicMock() fake_client.auth_approle.return_value = fake_auth_object hvac.Client.return_value = fake_client vault_client = create_vault_client(config) assert vault_client.token == fake_auth_object["auth"]["client_token"] fake_client.auth_approle.assert_called_with( config["vault_role_id"], config["vault_role_secret"] ) @patch("chaoslib.secret.hvac") def test_should_catch_approle_invalid_secret_id_abort_the_run(hvac): config = { "vault_addr": "http://someaddr.com", "vault_role_id": "mighty_id", "vault_role_secret": "expired", }