def test_should_catch_service_account_invalid_abort_the_run(hvac):
config = {
"vault_addr": "http://someaddr.com",
"vault_sa_role": "invalid",
"vault_kv_version": "1",
}
fake_client = MagicMock()
fake_client.auth_kubernetes.side_effect = InvalidRequest()
hvac.Client.return_value = fake_client
with pytest.raises(InvalidExperiment):
create_vault_client(config)
def test_should_catch_approle_invalid_secret_id_abort_the_run(hvac):
config = {
"vault_addr": "http://someaddr.com",
"vault_role_id": "mighty_id",
"vault_role_secret": "expired",
}
fake_client = MagicMock()
fake_client.auth_approle.side_effect = InvalidRequest()
hvac.Client.return_value = fake_client
with pytest.raises(InvalidExperiment):
create_vault_client(config)
assert vault_client.token == fake_auth_object["auth"]["client_token"]
fake_client.auth_approle.assert_called_with(
config["vault_role_id"], config["vault_role_secret"]
)
@patch("chaoslib.secret.hvac")
def test_should_catch_approle_invalid_secret_id_abort_the_run(hvac):
config = {
"vault_addr": "http://someaddr.com",
"vault_role_id": "mighty_id",
"vault_role_secret": "expired",
}
fake_client = MagicMock()
fake_client.auth_approle.side_effect = InvalidRequest()
hvac.Client.return_value = fake_client
with pytest.raises(InvalidExperiment):
create_vault_client(config)
@patch("chaoslib.secret.hvac")
def test_should_auth_with_token(hvac):
config = {
"vault_addr": "http://someaddr.com",
"vault_token": "not_awesome_token",
"vault_kv_version": "1",
}
fake_client = MagicMock()