def test_read_team_mapping(self, test_label, mount_point, requests_mocker): expected_status_code = 200 team_name = 'hvac' mock_response = { 'auth': None, 'data': { 'key': 'SOME_TEAM', 'value': 'some-team-policy' }, 'lease_duration': 0, 'lease_id': '', 'renewable': False, 'request_id': '50346cc8-34e7-f2ea-f36a-fcb9d45c1676', 'warnings': None, 'wrap_info': None } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/map/teams/{team_name}'.format( mount_point=mount_point, team_name=team_name, ) requests_mocker.register_uri( method='GET', url=mock_url, status_code=expected_status_code, json=mock_response, ) github = Github(adapter=Request()) response = github.read_team_mapping( team_name=team_name, mount_point=mount_point, ) self.assertEqual( first=mock_response, second=response, )
def test_list_users(self, test_label, mount_point, requests_mocker): expected_status_code = 200 mock_response = { 'lease_id': '', 'warnings': None, 'wrap_info': None, 'auth': None, 'lease_duration': 0, 'request_id': '0c34cc02-2f75-7deb-a531-33cf7434a729', 'data': { 'keys': ['somedude'] }, 'renewable': False } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/users'.format( mount_point=mount_point, ) requests_mocker.register_uri( method='LIST', url=mock_url, status_code=expected_status_code, json=mock_response, ) ldap = Ldap(adapter=Request()) response = ldap.list_users( mount_point=mount_point, ) self.assertEqual( first=mock_response, second=response, )
def test_read_configuration(self, test_label, mount_point, requests_mocker): expected_status_code = 200 mock_response = { 'auth': None, 'data': { 'base_url': '', 'max_ttl': 0, 'organization': '', 'ttl': 0 }, 'lease_duration': 0, 'lease_id': '', 'renewable': False, 'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533', 'warnings': None, 'wrap_info': None } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/config'.format( mount_point=mount_point, ) requests_mocker.register_uri( method='GET', url=mock_url, status_code=expected_status_code, json=mock_response, ) github = Github(adapter=Request()) response = github.read_configuration(mount_point=mount_point, ) self.assertEqual( first=mock_response, second=response, )
def test_read_duo_behvaior_configuration(self, test_label, mount_point, requests_mocker): expected_status_code = 200 mock_response = { 'lease_id': '', 'warnings': None, 'wrap_info': None, 'auth': None, 'lease_duration': 0, 'request_id': '7ea734e8-bbc4-e2de-2769-d052d6a320c6', 'data': { 'username_format': '%s', 'push_info': '', 'user_agent': '' }, 'renewable': False } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/duo/config'.format( mount_point=mount_point, ) requests_mocker.register_uri( method='GET', url=mock_url, status_code=expected_status_code, json=mock_response, ) mfa = Mfa(adapter=Request()) response = mfa.read_duo_behavior_configuration( mount_point=mount_point, ) self.assertEqual( first=mock_response, second=response, )
def test_read_user(self, test_label, mount_point, requests_mocker): expected_status_code = 200 username = '******' mock_response = { 'lease_id': '', 'warnings': None, 'wrap_info': None, 'auth': None, 'lease_duration': 0, 'request_id': 'c39914d5-70c1-b585-c6bd-ac8f0dcdf997', 'data': { 'policies': [], 'groups': '' }, 'renewable': False } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/users/{username}'.format( mount_point=mount_point, username=username, ) requests_mocker.register_uri( method='GET', url=mock_url, status_code=expected_status_code, json=mock_response, ) ldap = Ldap(adapter=Request()) response = ldap.read_user( mount_point=mount_point, username=username, ) self.assertEqual( first=mock_response, second=response, )
def test_list_groups(self, test_label, mount_point, requests_mocker): expected_status_code = 200 mock_response = { 'lease_id': '', 'warnings': None, 'wrap_info': None, 'auth': None, 'lease_duration': 0, 'request_id': '89144def-b675-4c8a-590c-4f2ad4f1fae7', 'data': { 'keys': ['cats'] }, 'renewable': False } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/groups'.format( mount_point=mount_point, ) requests_mocker.register_uri( method='LIST', url=mock_url, status_code=expected_status_code, json=mock_response, ) ldap = Ldap(adapter=Request()) response = ldap.list_groups( mount_point=mount_point, ) self.assertEqual( first=mock_response, second=response, )
def test_read_group(self, test_label, mount_point, requests_mocker): expected_status_code = 200 group_name = 'hvac' mock_response = { 'lease_id': '', 'warnings': None, 'wrap_info': None, 'auth': None, 'lease_duration': 0, 'request_id': '448bc87c-e948-ac5f-907c-9b01fb9d26c6', 'data': { 'policies': [] }, 'renewable': False } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/groups/{name}'.format( mount_point=mount_point, name=group_name, ) requests_mocker.register_uri( method='GET', url=mock_url, status_code=expected_status_code, json=mock_response, ) ldap = Ldap(adapter=Request()) response = ldap.read_group( name=group_name, mount_point=mount_point, ) self.assertEqual( first=mock_response, second=response, )
def test_list_roles(self, test_label, requests_mocker): expected_status_code = 200 role_names = ['hvac'] mock_response = { 'data': { 'roles': role_names, }, } mock_url = 'http://localhost:8200/v1/{mount_point}/roles'.format( mount_point=DEFAULT_MOUNT_POINT, ) requests_mocker.register_uri( method='LIST', url=mock_url, status_code=expected_status_code, json=mock_response, ) azure = Azure(adapter=Request()) list_roles_response = azure.list_roles(mount_point=DEFAULT_MOUNT_POINT) logging.debug('list_roles_response: %s' % list_roles_response) self.assertEqual( first=mock_response['data'], second=list_roles_response, )
def test_generate_credentials(self, test_label, requests_mocker): expected_status_code = 200 role_name = 'hvac' mock_response = { 'data': { 'client_id': 'some_client_id', 'client_secret': 'some_client_secret', }, } mock_url = 'http://localhost:8200/v1/{mount_point}/creds/{name}'.format( mount_point=DEFAULT_MOUNT_POINT, name=role_name, ) requests_mocker.register_uri( method='GET', url=mock_url, status_code=expected_status_code, json=mock_response, ) azure = Azure(adapter=Request()) generate_credentials_response = azure.generate_credentials( name=role_name, mount_point=DEFAULT_MOUNT_POINT) logging.debug('generate_credentials_response: %s' % generate_credentials_response) self.assertEqual( first=mock_response['data'], second=generate_credentials_response, )
def test_create_or_update_role(self, test_label, azure_roles, requests_mocker): expected_status_code = 204 role_name = 'hvac' if azure_roles is None: azure_roles = [ { 'role_name': "Contributor", 'scope': "/subscriptions/95e675fa-307a-455e-8cdf-0a66aeaa35ae", }, ] mock_url = 'http://localhost:8200/v1/{mount_point}/roles/{name}'.format( mount_point=DEFAULT_MOUNT_POINT, name=role_name, ) requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, # json=mock_response, ) azure = Azure(adapter=Request()) create_or_update_role_response = azure.create_or_update_role( name=role_name, azure_roles=azure_roles, mount_point=DEFAULT_MOUNT_POINT) logging.debug('create_or_update_role_response: %s' % create_or_update_role_response) self.assertEqual( first=expected_status_code, second=create_or_update_role_response.status_code, )
def test_read_configuration(self, test_label, mount_point, requests_mocker): expected_status_code = 200 mock_response = { 'lease_id': '', 'warnings': None, 'wrap_info': None, 'auth': None, 'lease_duration': 0, 'request_id': '18ecf194-aba2-ba99-ebb5-1b90e5e231c7', 'data': { 'type': 'duo' }, 'renewable': False } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/mfa_config'.format( mount_point=mount_point, ) requests_mocker.register_uri( method='GET', url=mock_url, status_code=expected_status_code, json=mock_response, ) mfa = Mfa(adapter=Request()) response = mfa.read_configuration(mount_point=mount_point, ) self.assertEqual( first=mock_response, second=response, )
def test_read_user_mapping(self, test_label, mount_point, requests_mocker): expected_status_code = 200 user_name = 'hvac' mock_response = { 'auth': None, 'data': None, 'lease_duration': 0, 'lease_id': '', 'renewable': False, 'request_id': '71ec6e1b-6d4e-6374-ddc2-ff1cdd860e60', 'warnings': None, 'wrap_info': None } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/map/users/{user_name}'.format( mount_point=mount_point, user_name=user_name, ) requests_mocker.register_uri( method='GET', url=mock_url, status_code=expected_status_code, json=mock_response, ) github = Github(adapter=Request()) response = github.read_user_mapping( user_name=user_name, mount_point=mount_point, ) self.assertEqual( first=mock_response, second=response, )
def test_rotate_root_iam_credentials(self, test_label, mount_point=DEFAULT_MOUNT_POINT): expected_status_code = 200 mock_response = { "data": { "access_key": "AKIA..." } } aws = Aws(adapter=Request()) mock_url = 'http://localhost:8200/v1/{mount_point}/config/rotate-root'.format( mount_point=mount_point, ) logging.debug('Mocking URL: %s' % mock_url) with requests_mock.mock() as requests_mocker: requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, json=mock_response, ) rotate_root_response = aws.rotate_root_iam_credentials( mount_point=mount_point, ) logging.debug('rotate_root_response: %s' % rotate_root_response) self.assertEqual( first=mock_response, second=rotate_root_response, )
def test_login(self, label, test_params, raises, requests_mocker): role_name = 'hvac' test_policies = [ "default", "dev", "prod", ] expected_status_code = 200 mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login'.format( mount_point=self.TEST_MOUNT_POINT, ) mock_response = { "auth": { "client_token": "38fe9691-e623-7238-f618-c94d4e7bc674", "accessor": "78e87a38-84ed-2692-538f-ca8b9f400ab3", "policies": test_policies, "metadata": { "role": role_name, "service_account_name": "vault-auth", "service_account_namespace": "default", "service_account_secret_name": "vault-auth-token-pd21c", "service_account_uid": "aa9aa8ff-98d0-11e7-9bb7-0800276d99bf" }, "lease_duration": 2764800, "renewable": True, }, } requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, json=mock_response, ) kubernetes = Kubernetes(adapter=Request()) if raises is not None: with self.assertRaises(raises): kubernetes.login( role=role_name, jwt='my-jwt', mount_point=self.TEST_MOUNT_POINT, **test_params ) else: login_response = kubernetes.login( role=role_name, jwt='my-jwt', mount_point=self.TEST_MOUNT_POINT, **test_params ) logging.debug('login_response: %s' % login_response) self.assertEqual( first=login_response['auth']['policies'], second=test_policies, )
def test_generate_credentials(self, test_label, role_name='hvac-test-role', mount_point=DEFAULT_MOUNT_POINT, endpoint='creds', raises=None, exception_msg=''): expected_status_code = 200 mock_response = { "data": { "access_key": "AKIA...", "secret_key": "xlCs...", "security_token": None } } mock_url = 'http://localhost:8200/v1/{mount_point}/creds/{role_name}'.format( mount_point=mount_point, role_name=role_name, ) logging.debug('Mocking URL: %s' % mock_url) aws = Aws(adapter=Request()) with requests_mock.mock() as requests_mocker: requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, json=mock_response, ) if raises: with self.assertRaises(raises) as cm: aws.generate_credentials( name=role_name, endpoint=endpoint, mount_point=mount_point, ) self.assertIn( member=exception_msg, container=str(cm.exception), ) else: gen_creds_response = aws.generate_credentials( name=role_name, endpoint=endpoint, mount_point=mount_point, ) logging.debug('gen_creds_response: %s' % gen_creds_response) self.assertEqual( first=mock_response, second=gen_creds_response, )
def test_configure(self, test_label, mount_point, requests_mocker): expected_status_code = 204 mock_url = 'http://localhost:8200/v1/auth/{mount_point}/mfa_config'.format( mount_point=mount_point, ) requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, ) mfa = Mfa(adapter=Request()) response = mfa.configure(mount_point=mount_point, ) self.assertEqual( first=expected_status_code, second=response.status_code, )
def test_login(self, label, test_params, raises, requests_mocker): test_policies = [ "default", ] expected_status_code = 200 mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login/{username}'.format( mount_point=self.TEST_MOUNT_POINT, username=self.TEST_USERNAME, ) mock_response = { "lease_id": "", "data": None, "warnings": None, "auth": { "client_token": "64d2a8f2-2a2f-5688-102b-e6088b76e344", "accessor": "18bb8f89-826a-56ee-c65b-1736dc5ea27d", "policies": ["default"], "metadata": { "username": self.TEST_USERNAME, "policies": "default" }, }, "lease_duration": 7200, "renewable": True, } requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, json=mock_response, ) okta = Okta(adapter=Request()) if raises is not None: with self.assertRaises(raises): okta.login(username=self.TEST_USERNAME, password='******', mount_point=self.TEST_MOUNT_POINT, **test_params) else: login_response = okta.login(username=self.TEST_USERNAME, password='******', mount_point=self.TEST_MOUNT_POINT, **test_params) logging.debug('login_response: %s' % login_response) self.assertEqual( first=login_response['auth']['policies'], second=test_policies, )
def test_read_configuration(self, test_label, mount_point, requests_mocker): expected_status_code = 200 mock_response = { 'lease_id': '', 'warnings': None, 'wrap_info': None, 'auth': None, 'lease_duration': 0, 'request_id': 'dd7c3635-8e1c-d454-7381-bf11970fe8de', 'data': { 'binddn': '', 'certificate': '', 'deny_null_bind': True, 'starttls': False, 'case_sensitive_names': False, 'userattr': '', 'insecure_tls': False, 'userdn': '', 'url': 'ldap://ldap.hvac.network', 'groupfilter': '', 'tls_max_version': 'tls12', 'tls_min_version': 'tls12', 'groupdn': '', 'groupattr': '', 'upndomain': '', 'discoverdn': False }, 'renewable': False } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/config'.format( mount_point=mount_point, ) requests_mocker.register_uri( method='GET', url=mock_url, status_code=expected_status_code, json=mock_response, ) ldap = Ldap(adapter=Request()) response = ldap.read_configuration( mount_point=mount_point, ) self.assertEqual( first=mock_response, second=response, )
def test_login(self, label, test_params, raises, requests_mocker): role_name = 'hvac' test_policies = [ "default", "dev", "prod", ] expected_status_code = 200 mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login'.format( mount_point=self.TEST_MOUNT_POINT, ) mock_response = { "auth": { "client_token": "f33f8c72-924e-11f8-cb43-ac59d697597c", "accessor": "0e9e354a-520f-df04-6867-ee81cae3d42d", "policies": test_policies, "lease_duration": 2764800, "renewable": True, }, } requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, json=mock_response, ) azure = Azure(adapter=Request()) if raises is not None: with self.assertRaises(raises): azure.login( role=role_name, jwt='my-jwt', mount_point=self.TEST_MOUNT_POINT, **test_params ) else: login_response = azure.login( role=role_name, jwt='my-jwt', mount_point=self.TEST_MOUNT_POINT, **test_params ) logging.debug('login_response: %s' % login_response) self.assertEqual( first=login_response['auth']['policies'], second=test_policies, )
def test_login(self, test_label, mount_point, requests_mocker): mock_response = { 'auth': { 'accessor': 'f578d442-94ec-11e8-afe4-0af6a65f93f6', 'client_token': 'edf5c2c0-94ec-11e8-afe4-0af6a65f93f6', 'entity_id': 'f9268760-94ec-11e8-afe4-0af6a65f93f6', 'lease_duration': 3600, 'metadata': { 'org': 'hvac', 'username': '******' }, 'policies': [ 'default', ], 'renewable': True, 'token_policies': ['default'] }, 'data': None, 'lease_duration': 0, 'lease_id': '', 'renewable': False, 'request_id': '488cf309-2f81-cc04-51bf-c43063d309eb', 'warnings': None, 'wrap_info': None } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login'.format( mount_point=mount_point, ) requests_mocker.register_uri( method='POST', url=mock_url, json=mock_response, ) github = Github(adapter=Request()) response = github.login( token='valid-token', mount_point=mount_point, ) self.assertEqual( first=mock_response, second=response, ) self.assertEqual( first=mock_response['auth']['client_token'], second=github._adapter.token, )
def test_login(self, test_label, mount_point, requests_mocker): expected_status_code = 200 username = '******' mock_response = { 'lease_id': '', 'warnings': None, 'wrap_info': None, 'auth': { 'entity_id': '5bc030bc-2000-1176-aafb-82747ae9c874', 'lease_duration': 2764800, 'policies': [ 'default', 'test-ldap-policy' ], 'client_token': '5a01125e-d823-578e-86c8-049bea022b9e', 'accessor': '71f512de-18ab-af6e-02f7-e37b3aa48780', 'renewable': True, 'metadata': {'username': '******'} }, 'lease_duration': 0, 'request_id': 'c7a85e6c-fb1f-1d97-83a1-63746cb65551', 'data': {}, 'renewable': False } mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login/{username}'.format( mount_point=mount_point, username=username, ) requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, json=mock_response, ) ldap = Ldap(adapter=Request()) response = ldap.login( mount_point=mount_point, username=username, password='******' ) self.assertEqual( first=mock_response, second=response, )
def test_configure(self, test_label, mount_point, requests_mocker): expected_status_code = 204 mock_url = 'http://localhost:8200/v1/auth/{mount_point}/config'.format( mount_point=mount_point, ) requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, ) ldap = Ldap(adapter=Request()) response = ldap.configure( user_dn='dc=users,cn=hvac,cn=network', group_dn='ou=groups,cn=hvac,cn=network', url='ldaps://ldap.python-hvac.org', mount_point=mount_point, ) self.assertEqual( first=expected_status_code, second=response.status_code, )
def test_configure_duo_access(self, test_label, mount_point, requests_mocker): expected_status_code = 204 mock_url = 'http://localhost:8200/v1/auth/{mount_point}/duo/access'.format( mount_point=mount_point, ) requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, ) mfa = Mfa(adapter=Request()) response = mfa.configure_duo_access( mount_point=mount_point, host='someapisubdomain.hvac.network', integration_key='ikey', secret_key='supersecret', ) self.assertEqual( first=expected_status_code, second=response.status_code, )
def test_delete_user(self, test_label, mount_point, requests_mocker): expected_status_code = 204 username = '******' mock_url = 'http://localhost:8200/v1/auth/{mount_point}/users/{username}'.format( mount_point=mount_point, username=username, ) requests_mocker.register_uri( method='DELETE', url=mock_url, status_code=expected_status_code, ) ldap = Ldap(adapter=Request()) response = ldap.delete_user( username=username, mount_point=mount_point, ) self.assertEqual( first=expected_status_code, second=response.status_code, )
def test_map_team(self, test_label, mount_point, requests_mocker): expected_status_code = 204 team_name = 'hvac' mock_url = 'http://localhost:8200/v1/auth/{mount_point}/map/teams/{team_name}'.format( mount_point=mount_point, team_name=team_name, ) requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, ) github = Github(adapter=Request()) response = github.map_team( team_name=team_name, mount_point=mount_point, ) self.assertEqual( first=expected_status_code, second=response.status_code, )
def test_create_or_update_group(self, test_label, mount_point, requests_mocker): expected_status_code = 204 group_name = 'hvac' mock_url = 'http://localhost:8200/v1/auth/{mount_point}/groups/{group_name}'.format( mount_point=mount_point, group_name=group_name, ) requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, ) ldap = Ldap(adapter=Request()) response = ldap.create_or_update_group( name=group_name, mount_point=mount_point, ) self.assertEqual( first=expected_status_code, second=response.status_code, )
def test_create_or_update_roleset(self, label, secret_type='access_token', raises=False, exception_message=''): bindings = { 'resource': { "//cloudresourcemanager.googleapis.com/projects/{project}".format(project=self.TEST_PROJECT_ID): { "roles": ['roles/viewer'], }, }, } bindings = """ resource "//cloudresourcemanager.googleapis.com/project/{project}" { roles = [ "roles/viewer" ], } """ bindings = dedent(bindings) token_scopes = None if secret_type == 'access_token': token_scopes = [ 'https://www.googleapis.com/auth/cloud-platform', 'https://www.googleapis.com/auth/bigquery', ] gcp = Gcp(adapter=Request()) mock_url = 'http://localhost:8200/v1/{mount_point}/roleset/{name}'.format( mount_point=self.TEST_MOUNT_POINT, name=self.TEST_ROLESET_NAME, ) expected_status_code = 204 with requests_mock.mock() as requests_mocker: requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, ) if raises: with self.assertRaises(raises) as cm: gcp.create_or_update_roleset( name=self.TEST_ROLESET_NAME, project=self.TEST_PROJECT_ID, bindings=bindings, secret_type=secret_type, token_scopes=token_scopes, mount_point=self.TEST_MOUNT_POINT, ) self.assertIn( member=exception_message, container=str(cm.exception), ) else: create_or_update_response = gcp.create_or_update_roleset( name=self.TEST_ROLESET_NAME, project=self.TEST_PROJECT_ID, bindings=bindings, secret_type=secret_type, token_scopes=token_scopes, mount_point=self.TEST_MOUNT_POINT, ) logging.debug('configure_response: %s' % create_or_update_response) self.assertEqual( first=create_or_update_response.status_code, second=204, )