def test_get_vault_client_approle_in_config(mocker: MockerFixture, monkeypatch: MonkeyPatch) -> None: # vault_secret_id is a str class Settings(BaseSettings): class Config: vault_url: str = "https://vault.tld" vault_role_id: str = "fake-role-id" vault_secret_id: str = "fake-secret-id" settings: BaseSettings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with("https://vault.tld") vault_client_mock.return_value.auth.approle.login.assert_called_once_with( role_id="fake-role-id", secret_id="fake-secret-id") # vault_secret_id is a SecretStr, we will need to unwrap it class SettingsWithSecretSecretId(BaseSettings): class Config: vault_url: str = "https://vault.tld" vault_role_id: str = "fake-role-id" vault_secret_id: SecretStr = SecretStr("fake-secret-id") settings = SettingsWithSecretSecretId() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with("https://vault.tld") vault_client_mock.return_value.auth.approle.login.assert_called_once_with( role_id="fake-role-id", secret_id="fake-secret-id")
def test_get_vault_client_with_vault_token_in_config( mocker: MockerFixture) -> None: # vault_token is a str class Settings(BaseSettings): class Config: vault_url: str = "https://vault.tld" vault_token: str = "fake-token" settings: BaseSettings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with("https://vault.tld", token="fake-token") # vault_token is a SecretStr, we will need to unwrap it class SettingsWithSecretToken(BaseSettings): class Config: vault_url: str = "https://vault.tld" vault_token: SecretStr = SecretStr("fake-token") settings = SettingsWithSecretToken() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with("https://vault.tld", token="fake-token")
def test_get_vault_client_with_no_vault_url_fails() -> None: class Settings(BaseSettings): pass settings = Settings() with pytest.raises(VaultParameterError) as e: _get_authenticated_vault_client(settings) assert "URL" in str(e)
def test_get_vault_client_with_vault_url_in_config( mocker: MockerFixture) -> None: class Settings(BaseSettings): class Config: vault_url: str = "https://vault.tld" settings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with("https://vault.tld")
def test_get_vault_client_with_vault_url_in_environment( mocker: MockerFixture, monkeypatch: MonkeyPatch) -> None: class Settings(BaseSettings): pass monkeypatch.setenv("VAULT_ADDR", "https://vault.tld") settings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with("https://vault.tld")
def test_get_vault_client_with_namespace_in_environment( mocker: MockerFixture, monkeypatch: MonkeyPatch) -> None: class Settings(BaseSettings): class Config: vault_url: str = "https://vault.tld" monkeypatch.setenv("VAULT_NAMESPACE", "some/namespace") settings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with("https://vault.tld", namespace="some/namespace")
def test_get_vault_client_with_vault_token_in_environment( mocker: MockerFixture, monkeypatch: MonkeyPatch) -> None: class Settings(BaseSettings): class Config: vault_url: str = "https://vault.tld" monkeypatch.setenv("VAULT_TOKEN", "fake-token") settings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with("https://vault.tld", token="fake-token")
def test_get_vault_client_with_namespace_in_config( mocker: MockerFixture) -> None: class Settings(BaseSettings): class Config: vault_url: str = "https://vault.tld" vault_token: str = "fake-token" vault_namespace: str = "some/namespace" settings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with("https://vault.tld", namespace="some/namespace", token="fake-token")
def test_get_vault_client_approle_in_environment_and_config( mocker: MockerFixture, monkeypatch: MonkeyPatch) -> None: class Settings(BaseSettings): class Config: vault_url: str = "https://vault.tld" vault_role_id: str = "fake-role-id" monkeypatch.setenv("VAULT_SECRET_ID", "fake-secret-id") settings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with("https://vault.tld") vault_client_mock.return_value.auth.approle.login.assert_called_once_with( role_id="fake-role-id", secret_id="fake-secret-id")
def test_get_vault_client_vault_url_priority(mocker: MockerFixture, monkeypatch: MonkeyPatch) -> None: """ Environment variable VAULT_ADDR should be preferred over value in Config class """ class Settings(BaseSettings): class Config: vault_url: str = "https://vault-from-config.tld" monkeypatch.setenv("VAULT_ADDR", "https://vault-from-environment.tld") settings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with( "https://vault-from-environment.tld")
def test_get_vault_client_vault_token_priority_file_config( mocker: MockerFixture, monkeypatch: MonkeyPatch, mock_vault_token_from_file: str) -> None: """ .vault-token file should be preferred over value in Config class """ class Settings(BaseSettings): class Config: vault_url: str = "https://vault.tld" vault_token: str = "fake-token-from-config" settings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with("https://vault.tld", token=mock_vault_token_from_file)
def test_get_vault_client_namespace_priority(mocker: MockerFixture, monkeypatch: MonkeyPatch) -> None: """ Environment variable VAULT_NAMESPACE should be preferred over value in Config class """ class Settings(BaseSettings): class Config: vault_url: str = "https://vault.tld" vault_namespace: str = "some/namespace/from/config" monkeypatch.setenv("VAULT_NAMESPACE", "some/namespace/from/environment") settings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with( "https://vault.tld", namespace="some/namespace/from/environment")
def test_get_vault_client_vault_token_priority_env_file( mocker: MockerFixture, monkeypatch: MonkeyPatch, mock_vault_token_from_file: str) -> None: """ Environment variable VAULT_TOKEN should be preferred over .vault-token file """ class Settings(BaseSettings): class Config: vault_url: str = "https://vault.tld" monkeypatch.setenv("VAULT_TOKEN", "fake-token-from-environment") settings = Settings() vault_client_mock = mocker.patch( "pydantic_vault.vault_settings.HvacClient") _get_authenticated_vault_client(settings) vault_client_mock.assert_called_once_with( "https://vault.tld", token="fake-token-from-environment")