def test_variable_get_with_special_chars_returns_special_chars(self):
self.invoke_cli(self.cli_auth_params, [
'policy', 'replace', '-b', 'root', '-f',
self.environment.path_provider.get_policy_path("variable")
])
utils.set_variable(self, 'variablespecialchars', '"[]{}#@^&<>~\/'
'\/?\;\';\'"')
output = utils.get_variable(self, 'variablespecialchars')
self.assertIn('"[]{}#@^&<>~\/' '\/?\;\';\'"', output.strip())
def test_variable_get_insecure_prints_warning_in_log(self):
with self.assertLogs('', level='DEBUG') as mock_log:
expected_value = uuid.uuid4().hex
utils.set_variable(self, 'one/password', expected_value)
self.invoke_cli(
self.cli_auth_params,
['--insecure', 'variable', 'get', '-i', 'one/password'])
self.assertIn(
"Warning: Running the command with '--insecure' makes your system vulnerable to security attacks",
str(mock_log.output))
def test_basic_secret_retrieval_with_keyring(self):
"""
Note about version tests, the Conjur server only keeps a certain number of versions.
With each run of the integration tests, version tests are resetting variable values
making, after a certain number of runs, version=1 not valid and fail
Therefore, the variable name needs to be a random string so that the version
will still be accessible
"""
utils.setup_cli(self)
variable_name = "someversionedvar" + uuid.uuid4().hex
policy = f"- !variable {variable_name}"
utils.load_policy_from_string(self, policy)
expected_value = "anothersecret"
utils.set_variable(self, variable_name, expected_value)
output = self.invoke_cli(self.cli_auth_params,
['variable', 'get', '-i', variable_name, '--version', '1'])
self.assertIn(expected_value, output.strip())
def test_variable_different_version_calls_returns_different_versions(self):
variable_name = "someversionedsecret" + uuid.uuid4().hex
policy = f"- !variable {variable_name}"
utils.load_policy_from_string(self, policy)
first_version = "first_secret"
utils.set_variable(self, variable_name, first_version)
output = self.invoke_cli(
self.cli_auth_params,
['variable', 'get', '-i', variable_name, '--version', '1'])
self.assertIn(first_version, output.strip())
second_version = "second_secret"
utils.set_variable(self, variable_name, second_version)
output = self.invoke_cli(
self.cli_auth_params,
['variable', 'get', '-i', variable_name, '--version', '2'])
self.assertIn(second_version, output.strip())
def test_cli_can_batch_get_multiple_variables(self):
policy, variables = utils.generate_policy_string()
file_name = os.path.join(tempfile.gettempdir(), os.urandom(24).hex())
with open(file_name, 'w+b') as temp_policy_file:
temp_policy_file.write(policy.encode('utf-8'))
temp_policy_file.flush()
utils.load_policy(self, temp_policy_file.name)
value_map = {}
for variable in variables:
value = uuid.uuid4().hex
utils.set_variable(self, variable, value)
value_map[variable] = value
batch_result_string = utils.get_variable(self, *variables)
batch_result = json.loads(batch_result_string)
for variable_name, variable_value in value_map.items():
self.assertIn(batch_result[variable_name], variable_value)
os.remove(file_name)
def test_variable_get_short_variable_returns_variable_value(self):
expected_value = uuid.uuid4().hex
utils.set_variable(self, 'one/password', expected_value)
output = self.invoke_cli(self.cli_auth_params,
['variable', 'get', '-i', 'one/password'])
self.assertIn(expected_value, output)