def test_get_secret_string_no_current(self): response = {} versions = {'01234567890123456789012345678901': ['NOTCURRENT']} version_response = {'Name': 'test'} cache = SecretCache( client=self.get_client(response, versions, version_response)) self.assertIsNone(cache.get_secret_string('test'))
def test_get_secret_string_empty(self): response = {} versions = {'01234567890123456789012345678901': ['AWSCURRENT']} version_response = {} cache = SecretCache( client=self.get_client(response, versions, version_response)) self.assertIsNone(cache.get_secret_string('test'))
def test_get_secret_string(self): secret = 'mysecret' response = {} versions = {'01234567890123456789012345678901': ['AWSCURRENT']} version_response = {'SecretString': secret} cache = SecretCache( client=self.get_client(response, versions, version_response)) for _ in range(10): self.assertEqual(secret, cache.get_secret_string('test'))
def test_get_secret_binary(self): secret = b'01010101' response = {} versions = {'01234567890123456789012345678901': ['AWSCURRENT']} version_response = {'SecretBinary': secret} cache = SecretCache( client=self.get_client(response, versions, version_response)) for _ in range(10): self.assertEqual(secret, cache.get_secret_binary('test'))
def test_get_secret_binary(self, client, secret_binary): cache = SecretCache(client=client) secret = client.get_secret_value( SecretId=secret_binary['ARN'])['SecretBinary'] for _ in range(10): assert cache.get_secret_binary("{0}{1}{2}".format( TestAwsSecretsManagerCachingInteg.fixture_prefix, inspect.stack()[0][3], TestAwsSecretsManagerCachingInteg.uuid_suffix)) == secret
def test_get_secret_string_stage(self, client, secret_string_stage): cache = SecretCache(client=client) secret = client.get_secret_value( SecretId=secret_string_stage['ARN'], VersionStage='AWSPREVIOUS')['SecretString'] for _ in range(10): assert cache.get_secret_string( "{0}{1}{2}".format( TestAwsSecretsManagerCachingInteg.fixture_prefix, inspect.stack()[0][3], TestAwsSecretsManagerCachingInteg.uuid_suffix), 'AWSPREVIOUS') == secret
def test_calls_hook_binary(self): secret = b'01010101' hooked_secret = secret + b'1111111100000000' response = {} versions = { '01234567890123456789012345678901': ['AWSCURRENT'] } version_response = {'SecretBinary': secret} hook = DummySecretCacheHook() config = SecretCacheConfig(secret_cache_hook=hook) cache = SecretCache(config=config, client=self.get_client(response, versions, version_response)) for _ in range(10): self.assertEqual(hooked_secret, cache.get_secret_binary('test')[0:24])
def test_get_secret_string_exception(self): client = botocore.session.get_session().create_client( 'secretsmanager', region_name='us-west-2') stubber = Stubber(client) cache = SecretCache(client=client) for _ in range(3): stubber.add_client_error('describe_secret') stubber.activate() self.assertRaises(ClientError, cache.get_secret_binary, 'test')
def test_calls_hook_string(self): secret = 'mysecret' hooked_secret = secret + "+hook_put+hook_get" response = {} versions = { '01234567890123456789012345678901': ['AWSCURRENT'] } version_response = {'SecretString': secret} hook = DummySecretCacheHook() config = SecretCacheConfig(secret_cache_hook=hook) cache = SecretCache(config=config, client=self.get_client(response, versions, version_response)) for _ in range(10): fetched_secret = cache.get_secret_string('test') self.assertTrue(fetched_secret.startswith(hooked_secret))
def test_get_secret_string_refresh(self, client, secret_string): cache = SecretCache( config=SecretCacheConfig(secret_refresh_interval=1), client=client) secret = client.get_secret_value( SecretId=secret_string['ARN'])['SecretString'] for _ in range(10): assert cache.get_secret_string("{0}{1}{2}".format( TestAwsSecretsManagerCachingInteg.fixture_prefix, inspect.stack()[0][3], TestAwsSecretsManagerCachingInteg.uuid_suffix)) == secret client.put_secret_value(SecretId=secret_string['ARN'], SecretString='test2', VersionStages=['AWSCURRENT']) time.sleep(2) secret = client.get_secret_value( SecretId=secret_string['ARN'])['SecretString'] for _ in range(10): assert cache.get_secret_string("{0}{1}{2}".format( TestAwsSecretsManagerCachingInteg.fixture_prefix, inspect.stack()[0][3], TestAwsSecretsManagerCachingInteg.uuid_suffix)) == secret
def test_string_with_additional_kwargs(self): secret = 'not json' response = {} versions = {'01234567890123456789012345678901': ['AWSCURRENT']} version_response = {'SecretString': secret} cache = SecretCache( client=self.get_client(response, versions, version_response)) @InjectSecretString('test', cache) def function_to_be_decorated(arg1, arg2, arg3): self.assertEqual(arg1, secret) self.assertEqual(arg2, 'foo') self.assertEqual(arg3, 'bar') function_to_be_decorated(arg2='foo', arg3='bar')
def test_invalid_json(self): secret = 'not json' response = {} versions = {'01234567890123456789012345678901': ['AWSCURRENT']} version_response = {'SecretString': secret} cache = SecretCache( client=self.get_client(response, versions, version_response)) with self.assertRaises((RuntimeError, json.decoder.JSONDecodeError)): @InjectKeywordedSecretString(secret_id='test', cache=cache, func_username='******', func_passsword='password') def function_to_be_decorated(func_username, func_password, keyworded_argument='foo'): return function_to_be_decorated()
def test_missing_key(self): secret = {'username': '******'} secret_string = json.dumps(secret) response = {} versions = {'01234567890123456789012345678901': ['AWSCURRENT']} version_response = {'SecretString': secret_string} cache = SecretCache( client=self.get_client(response, versions, version_response)) with self.assertRaises((RuntimeError, ValueError)): @InjectKeywordedSecretString(secret_id='test', cache=cache, func_username='******', func_passsword='password') def function_to_be_decorated(func_username, func_password, keyworded_argument='foo'): return function_to_be_decorated()
def test_valid_json_with_mixed_args(self): secret = {'username': '******', 'password': '******'} secret_string = json.dumps(secret) response = {} versions = {'01234567890123456789012345678901': ['AWSCURRENT']} version_response = {'SecretString': secret_string} cache = SecretCache( client=self.get_client(response, versions, version_response)) @InjectKeywordedSecretString(secret_id='test', cache=cache, arg2='username', arg3='password') def function_to_be_decorated(arg1, arg2, arg3, arg4='bar'): self.assertEqual(arg1, 'foo') self.assertEqual(secret['username'], arg2) self.assertEqual(secret['password'], arg3) self.assertEqual(arg4, 'bar') function_to_be_decorated('foo')
def test_valid_json_with_no_secret_kwarg(self): secret = {'username': '******', 'password': '******'} secret_string = json.dumps(secret) response = {} versions = {'01234567890123456789012345678901': ['AWSCURRENT']} version_response = {'SecretString': secret_string} cache = SecretCache( client=self.get_client(response, versions, version_response)) @InjectKeywordedSecretString('test', cache=cache, func_username='******', func_password='******') def function_to_be_decorated(func_username, func_password, keyworded_argument='foo'): self.assertEqual(secret['username'], func_username) self.assertEqual(secret['password'], func_password) self.assertEqual(keyworded_argument, 'foo') function_to_be_decorated()
def test_get_secret_string_empty(self, client, secret_binary): cache = SecretCache(client=client) assert cache.get_secret_string("{0}{1}{2}".format( TestAwsSecretsManagerCachingInteg.fixture_prefix, inspect.stack()[0][3], TestAwsSecretsManagerCachingInteg.uuid_suffix)) is None
def test_get_secret_string_multiple(self): cache = SecretCache(client=self.get_client()) for _ in range(100): self.assertIsNone(cache.get_secret_string('test'))
def test_get_secret_binary_no_versions(self): cache = SecretCache(client=self.get_client()) self.assertIsNone(cache.get_secret_binary('test'))
def test_default_session(self): try: SecretCache() except NoRegionError: pass
def test_client_stub(self): SecretCache(client=self.get_client())
def test_get_secret_string_no_versions(self): response = {'Name': 'test'} cache = SecretCache(client=self.get_client(response)) self.assertIsNone(cache.get_secret_string('test'))
def test_get_secret_string_none(self): cache = SecretCache(client=self.get_client()) self.assertIsNone(cache.get_secret_string('test'))