def test_unlimited_use_token_no_decrement(json_success, cache_unlimited):
"""
Given unlimited-use token, function should succeed not del cache or decrement
"""
mock = _mock_json_response(json_success)
expected_headers = {
"X-Vault-Token": "test",
"Content-Type": "application/json"
}
with patch.object(vault, "get_cache") as mock_get_cache:
mock_get_cache.return_value = cache_unlimited
with patch("requests.request", mock):
with patch.object(vault, "del_cache") as mock_del_cache:
with patch.object(vault, "write_cache") as mock_write_cache:
vault_return = vault.make_request("/secret/my/secret",
"key")
mock.assert_called_with(
"/secret/my/secret",
"http://127.0.0.1:8200/key",
headers=expected_headers,
verify=ANY,
)
assert (
not mock_del_cache.called
), "del cache should not be called for unlimited use token"
assert (
not mock_write_cache.called
), "write cache should not be called for unlimited use token"
assert vault_return.json() == json_success
assert mock.call_count == 1
def test_multi_use_token_last_use(json_success, cache_uses_last):
"""
Given last use of multi-use token, function should succeed and flush token cache
"""
mock = _mock_json_response(json_success)
expected_headers = {
"X-Vault-Token": "test",
"Content-Type": "application/json"
}
with patch.object(vault, "get_cache") as mock_get_cache:
mock_get_cache.return_value = cache_uses_last
with patch("requests.request", mock):
with patch.object(vault, "del_cache") as mock_del_cache:
with patch.object(vault, "write_cache") as mock_write_cache:
vault_return = vault.make_request("/secret/my/secret",
"key")
mock.assert_called_with(
"/secret/my/secret",
"http://127.0.0.1:8200/key",
headers=expected_headers,
verify=ANY,
)
mock_del_cache.assert_called()
assert vault_return.json() == json_success
assert mock.call_count == 1
def test_multi_use_token_successful_run(json_success, cache_uses):
"""
Given multi-use token, function should get secret and decrement token
"""
expected_cache_write = {
"url": "http://127.0.0.1:8200",
"token": "test",
"verify": None,
"namespace": None,
"uses": 9,
"lease_duration": 100,
"issued": 3000,
"unlimited_use_token": False,
}
mock = _mock_json_response(json_success)
expected_headers = {
"X-Vault-Token": "test",
"Content-Type": "application/json"
}
with patch.object(vault, "get_cache") as mock_get_cache:
mock_get_cache.return_value = copy(cache_uses)
with patch("requests.request", mock):
with patch.object(vault, "del_cache") as mock_del_cache:
with patch.object(vault, "write_cache") as mock_write_cache:
vault_return = vault.make_request("/secret/my/secret",
"key")
mock.assert_called_with(
"/secret/my/secret",
"http://127.0.0.1:8200/key",
headers=expected_headers,
verify=ANY,
)
mock_write_cache.assert_called_with(expected_cache_write)
assert vault_return.json() == json_success
assert mock.call_count == 1
def test_make_request_single_use_token_run_auth_error(json_denied,
cache_single):
"""
Given single use token in __context__ and login error, function should request token and re-run
"""
# Disable logging because simulated http failures are logged as errors
logging.disable(logging.CRITICAL)
mock = _mock_json_response(json_denied, status_code=400)
supplied_context = {"vault_token": cache_single}
expected_headers = {
"X-Vault-Token": "test",
"Content-Type": "application/json"
}
with patch.dict(vault.__context__, supplied_context):
with patch("requests.request", mock):
with patch.object(vault, "del_cache") as mock_del_cache:
vault_return = vault.make_request("/secret/my/secret", "key")
assert vault.__context__ == {}
mock.assert_called_with(
"/secret/my/secret",
"http://127.0.0.1:8200/key",
headers=expected_headers,
verify=ANY,
)
assert vault_return.json() == json_denied
mock_del_cache.assert_called()
assert mock.call_count == 2
logging.disable(logging.NOTSET)
def test_make_request_single_use_token_run_ok(self):
"""
Given single use token in __context__, function should run successful secret lookup with no other modifications
"""
mock = self._mock_json_response(self.json_success)
supplied_context = {"vault_token": copy(self.cache_single)}
expected_headers = {"X-Vault-Token": "test", "Content-Type": "application/json"}
with patch.dict(vault.__context__, supplied_context):
with patch("requests.request", mock):
vault_return = vault.make_request("/secret/my/secret", "key")
self.assertEqual(vault.__context__, {})
mock.assert_called_with(
"/secret/my/secret",
"http://127.0.0.1:8200/key",
headers=expected_headers,
verify=ANY,
)
self.assertEqual(vault_return.json(), self.json_success)
def test_request_with_namespace(json_success, cache_single_namespace):
"""
Test request with namespace configured
"""
mock = _mock_json_response(json_success)
expected_headers = {
"X-Vault-Token": "test",
"X-Vault-Namespace": "test_namespace",
"Content-Type": "application/json",
}
supplied_config = {"namespace": "test_namespace"}
supplied_context = {"vault_token": copy(cache_single_namespace)}
with patch.dict(vault.__context__, supplied_context):
with patch.dict(vault.__opts__["vault"], supplied_config):
with patch("requests.request", mock):
vault_return = vault.make_request("/secret/my/secret", "key")
mock.assert_called_with(
"/secret/my/secret",
"http://127.0.0.1:8200/key",
headers=expected_headers,
verify=ANY,
)
assert vault_return.json() == json_success
