def _list_secrets(vault_name: str, confirm, **kwargs): mssg = "Show secret values (y/n)?" print(f"Secrets currently in vault {vault_name}") show_secrets = _prompt_yn(mssg, confirm) kv_client = BHKeyVaultClient(vault_name=vault_name, **kwargs) for sec_name in kv_client.secrets: print(f"Secret: {sec_name}", end=": ") if show_secrets: secret = kv_client.get_secret(secret_name=sec_name) print(secret.value) else: print("************") print("Done")
def test_keyvault_client( self, sec_client, az_connect_core_patch, html_ip, display_ip, is_ipython_ip, ): kv_sec_client = SecretClientTest() sec_client_obj = MagicMock() sec_client_obj.list_properties_of_secrets = ( kv_sec_client.list_properties_of_secrets ) sec_client_obj.get_secret = kv_sec_client.get_secret sec_client_obj.set_secret = kv_sec_client.set_secret sec_client.return_value = sec_client_obj # call_prompt = lambda client_id, authority, prompt_callback: _prompt_for_code( # DEV_CODE # ) # az_connect_core_patch.side_effect = call_prompt kv_settings = get_kv_settings("msticpyconfig-kv.yaml") # Check both vault params BHKeyVaultClient( tenant_id=kv_settings.tenantid, vault_uri="https://myvault.vault.azure.net", debug=True, ) BHKeyVaultClient( tenant_id=kv_settings.tenantid, vault_name="myvault", debug=True ) # Check missing tenantid no_tenant_id = deepcopy(kv_settings) no_tenant_id.tenantid = None with self.assertRaises(MsticpyKeyVaultConfigError): BHKeyVaultClient(settings=no_tenant_id, debug=True) keyvault_client = BHKeyVaultClient(debug=True) # Check secret methods for sec_id in keyvault_client.secrets: sec_name = sec_id.split("/")[-1] self.assertIn(sec_name, KV_SECRETS) for sec, val in KV_SECRETS.items(): kv_val = keyvault_client.get_secret(sec) self.assertEqual(val, kv_val) with self.assertRaises(MsticpyKeyVaultMissingSecretError): keyvault_client.get_secret("DoesntExist") kv_sec_client.set_secret("NoSecret", "") with self.assertRaises(MsticpyKeyVaultMissingSecretError): keyvault_client.get_secret("NoSecret") kv_sec_client.set_secret("MyTestSecret", "TheActualValue") self.assertEqual(keyvault_client.get_secret("MyTestSecret"), "TheActualValue")
def test_keyvault_client( self, sec_client, interact_cred, devcode_cred, html_ip, display_ip, is_ipython_ip, ): kv_sec_client = SecretClientTest() sec_client_obj = MagicMock() sec_client_obj.list_properties_of_secrets = ( kv_sec_client.list_properties_of_secrets) sec_client_obj.get_secret = kv_sec_client.get_secret sec_client_obj.set_secret = kv_sec_client.set_secret sec_client.return_value = sec_client_obj call_prompt = lambda client_id, authority, prompt_callback: _prompt_for_code( DEV_CODE) devcode_cred.side_effect = call_prompt kv_settings = get_kv_settings("msticpyconfig-kv.yaml") # Check both vault params BHKeyVaultClient( tenant_id=kv_settings.tenantid, vault_uri="https://myvault.vault.azure.net", debug=True, ) BHKeyVaultClient(tenant_id=kv_settings.tenantid, vault_name="myvault", debug=True) # Check missing tenantid no_tenant_id = deepcopy(kv_settings) no_tenant_id.tenantid = None with self.assertRaises(MsticpyKeyVaultConfigError): BHKeyVaultClient(settings=no_tenant_id, debug=True) # Device auth - simulating IPython # Get most things from settings is_ipython_ip.return_value = True keyvault_client = BHKeyVaultClient(debug=True, authn_type="device") # Check values in logon message logon_message_call = html_ip.call_args_list[-1][0][0] self.assertIn(DEV_CODE["user_code"], logon_message_call) self.assertIn(DEV_CODE["verification_url"], logon_message_call) # Device auth - not IPython (capture std out) is_ipython_ip.return_value = False txt_stream = StringIO() with redirect_stdout(txt_stream): keyvault_client = BHKeyVaultClient(debug=True, authn_type="device") txt_out = txt_stream.getvalue() self.assertIn(DEV_CODE["user_code"], txt_out) self.assertIn(DEV_CODE["verification_url"], txt_out) # Check secret methods for sec_id in keyvault_client.secrets: sec_name = sec_id.split("/")[-1] self.assertIn(sec_name, KV_SECRETS) for sec, val in KV_SECRETS.items(): kv_val = keyvault_client.get_secret(sec) self.assertEqual(val, kv_val) with self.assertRaises(MsticpyKeyVaultMissingSecretError): keyvault_client.get_secret("DoesntExist") kv_sec_client.set_secret("NoSecret", "") with self.assertRaises(MsticpyKeyVaultMissingSecretError): keyvault_client.get_secret("NoSecret") kv_sec_client.set_secret("MyTestSecret", "TheActualValue") self.assertEqual(keyvault_client.get_secret("MyTestSecret"), "TheActualValue")