def test_get_secret_hashes():
with mock.patch(
'paasta_tools.secret_tools.is_secret_ref',
autospec=True,
return_value=False,
) as mock_is_secret_ref, mock.patch(
'paasta_tools.secret_tools.get_hmac_for_secret',
autospec=True,
) as mock_get_hmac_for_secret:
env = {'SOME_VAR': 'SOME_VAL'}
assert get_secret_hashes(env, 'dev', 'service', DEFAULT_SOA_DIR) == {}
mock_is_secret_ref.assert_called_with("SOME_VAL")
assert not mock_get_hmac_for_secret.called
mock_is_secret_ref.return_value = True
expected = {"SOME_VAL": mock_get_hmac_for_secret.return_value}
assert get_secret_hashes(env, 'dev', 'service',
DEFAULT_SOA_DIR) == expected
mock_is_secret_ref.assert_called_with("SOME_VAL")
mock_get_hmac_for_secret.assert_called_with(
env_var_val="SOME_VAL",
service="service",
soa_dir=DEFAULT_SOA_DIR,
secret_environment='dev',
)
def get_config_for_bounce_hash(complete_config, service, soa_dir, system_paasta_config):
environment_variables = {x['name']: x['value'] for x in complete_config['environmentVariables']}
secret_hashes = get_secret_hashes(
environment_variables=environment_variables,
secret_environment=system_paasta_config.get_vault_environment(),
service=service,
soa_dir=soa_dir,
)
if secret_hashes:
complete_config['paasta_secrets'] = secret_hashes
return complete_config
