def test_interactive_flag_allows_input_and_dynamic_plan_file(
self,
fixtures,
):
environment = fixtures['environment']
release_path = fixtures['release_path']
account_alias = fixtures['account_alias']
utcnow = fixtures['utcnow']
access_key = fixtures['access_key']
secret_key = fixtures['secret_key']
token = fixtures['token']
aws_region = fixtures['aws_region']
secrets = fixtures['secrets']
account_scheme = MagicMock(spec=AccountScheme)
account_scheme.default_region = aws_region
account_scheme.account_for_environment.return_value = \
create_mock_account(account_alias)
boto_session = Mock()
boto_session.region_name = aws_region
credentials = BotoCredentials(access_key, secret_key, token)
boto_session.get_credentials.return_value = credentials
deploy = Deploy(
environment,
release_path,
secrets,
account_scheme,
boto_session,
interactive=True,
)
with ExitStack() as stack:
path_exists = stack.enter_context(
patch('cdflow_commands.deploy.path.exists'))
check_call = stack.enter_context(
patch('cdflow_commands.deploy.check_call'))
popen_call = stack.enter_context(
patch('cdflow_commands.deploy.Popen'))
NamedTemporaryFile = stack.enter_context(
patch('cdflow_commands.deploy.NamedTemporaryFile'))
mock_os = stack.enter_context(patch('cdflow_commands.deploy.os'))
time = stack.enter_context(patch('cdflow_commands.deploy.time'))
time.return_value = utcnow
process_mock = Mock()
process_mock.poll.return_value = 0
attrs = {
'communicate.return_value':
(''.encode('utf-8'), ''.encode('utf-8'))
}
process_mock.configure_mock(**attrs)
popen_call.return_value = process_mock
secret_file_path = NamedTemporaryFile.return_value.__enter__\
.return_value.name
mock_os.environ = {}
def mock_path_exists(path):
return False
path_exists.side_effect = mock_path_exists
deploy.run()
popen_call.assert_any_call(
[
'terraform',
'plan',
'-var',
'env={}'.format(environment),
'-var-file',
'release.json',
'-var-file',
'platform-config/{}/{}.json'.format(
account_alias, boto_session.region_name),
'-var-file',
secret_file_path,
'-out',
'plan-$(date +%s)',
'infra',
],
cwd=release_path,
env={
'AWS_ACCESS_KEY_ID': credentials.access_key,
'AWS_SECRET_ACCESS_KEY': credentials.secret_key,
'AWS_SESSION_TOKEN': credentials.token,
'AWS_DEFAULT_REGION': aws_region,
},
stdout=PIPE,
stderr=PIPE)
check_call.assert_called()
def test_deploy_runs_terraform_apply_obfuscates_secrets(self, fixtures):
environment = fixtures['environment']
release_path = fixtures['release_path']
account_alias = fixtures['account_alias']
utcnow = fixtures['utcnow']
access_key = fixtures['access_key']
secret_key = fixtures['secret_key']
token = fixtures['token']
aws_region = fixtures['aws_region']
secrets = {'secrets': fixtures['secrets']}
plan_output = fixtures['plan_output']
account_scheme = MagicMock(spec=AccountScheme)
account_scheme.default_region = aws_region
account_scheme.account_for_environment.return_value = \
create_mock_account(account_alias)
boto_session = Mock()
boto_session.region_name = aws_region
credentials = BotoCredentials(access_key, secret_key, token)
boto_session.get_credentials.return_value = credentials
deploy = Deploy(
environment,
release_path,
secrets,
account_scheme,
boto_session,
)
with ExitStack() as stack:
stack.enter_context(patch('cdflow_commands.deploy.path.exists'))
stack.enter_context(
patch('cdflow_commands.deploy.NamedTemporaryFile'))
check_call = stack.enter_context(
patch('cdflow_commands.deploy.check_call'))
popen_call = stack.enter_context(
patch('cdflow_commands.deploy.Popen'))
mock_os = stack.enter_context(patch('cdflow_commands.deploy.os'))
time = stack.enter_context(patch('cdflow_commands.deploy.time'))
mock_stdout = stack.enter_context(
patch('cdflow_commands.deploy.sys.stdout'))
time.return_value = utcnow
process_mock = Mock()
process_mock.poll.return_value = 0
attrs = {
'communicate.return_value': ((plan_output + random.choice(
list(secrets['secrets'].values()))).encode('utf-8'),
''.encode('utf-8'))
}
process_mock.configure_mock(**attrs)
popen_call.return_value = process_mock
mock_os.environ = {}
deploy.run()
check_call.assert_any_call(
[
'terraform', 'apply', '-input=false',
'plan-{}'.format(utcnow)
],
cwd=release_path,
env={
'AWS_ACCESS_KEY_ID': credentials.access_key,
'AWS_SECRET_ACCESS_KEY': credentials.secret_key,
'AWS_SESSION_TOKEN': credentials.token,
'AWS_DEFAULT_REGION': aws_region,
})
for value in secrets['secrets'].values():
assert value not in mock_stdout.write.call_args[0][0]