def test_secrets_vault_query(self, fixture_working_dir_env_repo_scoped):
client = fixture_working_dir_env_repo_scoped[2]
im = InventoryManager(fixture_working_dir_env_repo_scoped[0])
lb = im.create_labbook("default", "default", "unittest-create-secret")
sec_store = SecretStore(lb, "default")
container_dst = '/tmp/secrets1'
sec_store['data1.key'] = container_dst
sec_store['absent.key'] = container_dst
with tempfile.TemporaryDirectory() as tdir:
path = os.path.join(tdir, 'data1.key')
f1 = open(path, 'w')
f1.write('<<<keydata>>>')
f1.close()
sec_store.insert_file(f1.name)
query = """
{
labbook(owner: "default", name: "unittest-create-secret") {
environment {
secretsFileMapping {
edges {
node {
filename
mountPath
isPresent
}
}
}
}
}
}
"""
r = client.execute(query)
pprint.pprint(r)
assert 'errors' not in r
# Test that an absent file (whose contents should be uploaded) is acknowledged, but returns
# False for isPresent
assert r['data']['labbook']['environment']['secretsFileMapping'][
'edges'][0]['node']['filename'] == 'absent.key'
assert r['data']['labbook']['environment']['secretsFileMapping'][
'edges'][0]['node']['isPresent'] == False
assert r['data']['labbook']['environment']['secretsFileMapping'][
'edges'][0]['node']['mountPath'] == container_dst
# This file is in the registry AND isPresent
assert r['data']['labbook']['environment']['secretsFileMapping'][
'edges'][1]['node']['filename'] == 'data1.key'
assert r['data']['labbook']['environment']['secretsFileMapping'][
'edges'][1]['node']['isPresent'] == True
assert r['data']['labbook']['environment']['secretsFileMapping'][
'edges'][1]['node']['mountPath'] == container_dst
def test_delete_secrets_file(self, fixture_working_dir_env_repo_scoped):
client = fixture_working_dir_env_repo_scoped[2]
im = InventoryManager(fixture_working_dir_env_repo_scoped[0])
lb = im.create_labbook("default", "default",
"unittest-mutation-delete-secret")
secstore = SecretStore(lb, "default")
secstore['remove.key'] = '/mnt/nowhere'
secstore['absent.key'] = '/mnt/nowhere2'
with tempfile.TemporaryDirectory() as tdir:
path = os.path.join(tdir, 'remove.key')
f1 = open(path, 'w')
f1.write('<<<keydata>>>')
f1.close()
secstore.insert_file(f1.name)
query = """
mutation delete {
deleteSecretsFile(input: {
owner: "default",
labbookName: "unittest-mutation-delete-secret",
filename: "remove.key",
}) {
environment {
secretsFileMapping {
edges {
node {
filename
mountPath
isPresent
}
}
}
}
}
}"""
r = client.execute(query)
assert 'errors' not in r
n = r['data']['deleteSecretsFile']['environment'][
'secretsFileMapping']['edges']
assert n[0]['node']['filename'] == 'absent.key'
assert n[0]['node']['isPresent'] is False
assert n[0]['node']['mountPath'] == '/mnt/nowhere2'
assert n[1]['node']['filename'] == 'remove.key'
assert n[1]['node']['isPresent'] is False
assert n[1]['node']['mountPath'] == '/mnt/nowhere'
def mutate_and_process_upload(cls, info, upload_file_path, upload_filename,
**kwargs):
if not upload_file_path:
logger.error('No file uploaded')
raise ValueError('No file uploaded')
username = get_logged_in_username()
owner = kwargs.get('owner')
labbook_name = kwargs.get('labbook_name')
lb = InventoryManager().load_labbook(username, owner, labbook_name)
with lb.lock():
secret_store = SecretStore(lb, username)
inserted_path = secret_store.insert_file(
upload_file_path, dst_filename=upload_filename)
env = Environment(owner=owner, name=lb.name)
return UploadSecretsFile(environment=env)
def test_with_secrets(self, build_lb_image_for_jupyterlab):
fix = ContainerFixture(build_lb_image_for_jupyterlab)
fix.docker_client.containers.get(fix.docker_container_id).stop()
fix.docker_client.containers.get(fix.docker_container_id).remove()
sectore = SecretStore(fix.labbook, fix.username)
target_dir = '/root/.aws-sample-creds'
sectore['private-key.key'] = target_dir
sectore['public-key.key'] = target_dir
with tempfile.TemporaryDirectory() as tempdir:
p1 = open(os.path.join(tempdir, 'private-key.key'), 'wb')
p1.write(b'AWS-mock-PRIVATE')
p1.close()
p2 = open(os.path.join(tempdir, 'public-key.key'), 'wb')
p2.write(b'AWS-mock-PUBLIC')
p2.close()
# Add the mock AWS keys
l1 = sectore.insert_file(p1.name)
l2 = sectore.insert_file(p2.name)
container_id = ContainerWorkflows.start_labbook(fix.labbook, fix.username)
with tempfile.TemporaryDirectory() as td2:
tfile = open(os.path.join(td2, 'sample.py'), 'w')
tfile.write("""
import os
r = os.path.expanduser('~/.aws-sample-creds')
pri_key = open(os.path.join(r, 'private-key.key')).read(1000)
pub_key = open(os.path.join(r, 'public-key.key')).read(1000)
print(pri_key, pub_key)""")
tfile.close()
ContainerOperations.copy_into_container(fix.labbook, fix.username,
src_path=tfile.name,
dst_dir='/tmp/samplescript')
r = fix.docker_client.containers.get(container_id).\
exec_run(f'sh -c "python /tmp/samplescript/sample.py"')
# Run the script to load and print out the mock "secret" keys
assert r.output.decode().strip() == 'AWS-mock-PRIVATE AWS-mock-PUBLIC'