def test_get_env(self, environment):
# given
policy = Policy(
{environment + "/myTeam/myService/someSecret": {
"policy": "read"
}})
# then
self.assertEquals(environment, policy.get_env())
def test_str(self):
# given
json = {"develop/myTeam/myService/someSecret": {"policy": "read"}}
# when
policy = Policy(json)
# then
self.assertEquals(
"path \"develop/myTeam/myService/someSecret\" {\n\tpolicy = \"read\"\n}\n",
policy.__str__())
def load_policies(self, mesos_framework, mesos_group, team, service):
"""
:type mesos_framework: string
:type mesos_group: string
:type team: string
:type service: string
:rtype: list
"""
self._policies = set()
self._mesos_framework = mesos_framework
self._mesos_group = mesos_group
self._team = team
self._service = service
regular_expression = self._policy_template.replace(".", "\.").format(
mesos_framework=self._mesos_framework,
group=self._mesos_group,
team=self._team,
service=self._service,
environment=".*",
label=".*")
files = [
self._policy_dir + "/" + f for f in os.listdir(self._policy_dir)
if re.match(regular_expression, f)
]
for f in files:
file = open(f, 'r')
hcl = api.load(file).get("path")
for key in hcl.keys():
self._policies.add(Policy({key: hcl.get(key)}))
return self._sorted_policies()
def remove_read_policy(self, secret_path):
"""
:type secret_path: string
"""
self._policies.discard(
Policy({self._normalize_path(secret_path): {
"policy": "read"
}}))
def add_read_policy(self, secret_path):
"""
:type secret_path: string
"""
self._policies.add(
Policy({self._normalize_path(secret_path): {
"policy": "read"
}}))
def test_remove_policy(self):
# given
mesos_framework = "chronos"
mesos_group = "myGroup"
team = "myTeam"
service = "myService"
policy1 = Policy(
{"ci/myTeam/myService/mongo.password": {
"policy": "read"
}})
policy2 = Policy(
{"ci/myTeam/myService/mysql.password": {
"policy": "read"
}})
when(PolicyService).load_policies(mesos_framework, mesos_group, team,
service).thenReturn(
{policy1, policy2})
when(PolicyService).persist().thenReturn(None)
# when
runner = CliRunner()
result = runner.invoke(cli, [
"remove_policies", "--mesos_framework", mesos_framework,
"--mesos_group", mesos_group, "--microservice", "myTeam-myService",
"--path", SOME_NONLIVE_SECRET_PATH, "--config_path",
self.config_path
])
# then
self.assertEquals(0, result.exit_code)
verify(PolicyService,
times=1).load_policies(mesos_framework, mesos_group, team,
service)
verify(PolicyService, times=1).persist()
self.assertNotIn("myTeam/myService/mongo.password", str(result.output))
self.assertNotIn("ci/myTeam/myService/mysql.password",
str(result.output))
def _create_policy(secret_path):
return Policy({secret_path: {"policy": "read"}})