Пример #1
0
def test_vault_auth_missing(monkeypatch, server_api):
    """
    Verify that either VAULT_TOKEN or VAULT_ROLE_ID/VAULT_SECRET_ID are required.
    """
    monkeypatch.setenv("VAULT_ADDR", "http://localhost:8200")
    with pytest.raises(ValueError,
                       match=r"Supported methods"), prefect.context(secrets={
                           "VAULT_CREDENTIALS": {
                               "WRONG_TOKEN": "wrong-token-value"
                           }
                       }):
        task = VaultSecret("fake-remote-secret")
        out = task.run()
        assert out == "assert-wont-be-reached"
def test_vault_secret_lookup(monkeypatch, vault_creds, server_api):
    """
    Mocked lookup of a secret from vault
    The prefect server/cloud secret also mocked
    """
    monkeypatch.setenv("VAULT_ADDR", "http://localhost:8200")
    hvac.Client.is_authenticated = MagicMock(return_value=True)
    hvac.Client.auth_approle = MagicMock(return_value=None)
    mock_vault_response = {"data": {"data": {"fake-key": "fake-value"}}}
    hvac.api.secrets_engines.KvV2.read_secret_version = MagicMock(
        return_value=mock_vault_response)
    with prefect.context(secrets={"VAULT_CREDENTIALS": vault_creds}):
        task = VaultSecret("secret/fake-path")
        out = task.run()
        assert out == {"fake-key": "fake-value"}
Пример #3
0
def test_vault_secret_use_in_flow(monkeypatch, server_api):
    """
    Verify use of VaultSecret in a flow defintion
    """
    monkeypatch.setenv("VAULT_ADDR", "http://localhost:8200")
    hvac.Client.is_authenticated = MagicMock(return_value=True)
    hvac.Client.auth_approle = MagicMock(return_value=None)
    mock_vault_response = {"data": {"data": {"fake-key": "fake-value"}}}
    hvac.api.secrets_engines.KvV2.read_secret_version = MagicMock(
        return_value=mock_vault_response)
    vault_creds = {"VAULT_TOKEN": "fake-token"}
    with prefect.context(secrets={"VAULT_CREDENTIALS": vault_creds}):
        with Flow("vault-secret-test-flow") as flow:
            secret = VaultSecret("secret/fake-path")
            ret = vault_secret_test_task(secret)

        state = flow.run()
        assert state.result[ret].result == {"fake-key": "fake-value"}
Пример #4
0
def test_vault_secret_lookup_using_alt_creds(monkeypatch, vault_creds,
                                             server_api):
    """
    Mocked lookup of a secret from vault
    The prefect server/cloud secret also mocked
    """
    monkeypatch.setenv("VAULT_ADDR", "http://localhost:8200")
    mock_vault_response = {"data": {"data": {"fake-key": "fake-value"}}}
    hvac.api.secrets_engines.KvV2.read_secret_version = MagicMock(
        return_value=mock_vault_response)

    with mock.patch("hvac.Client.auth"):
        with prefect.context(secrets={"MY_VAULT_CREDS": vault_creds}):
            with mock.patch("builtins.open",
                            mock.mock_open(read_data="fake-path")):
                task = VaultSecret("secret/fake-path",
                                   vault_credentials_secret="MY_VAULT_CREDS")
                out = task.run()
                assert out == {"fake-key": "fake-value"}