示例#1
0
def test_auth_from_file(mock_auto_auth):
    """
    Tests that auth_from_file calls auto_auth
    """
    client = VaultAnyConfig()
    client.auth_from_file("test.json")
    mock_auto_auth.assert_called_once_with("test.json", ac_parser=None)
def configure(config_file, vault_config, vault_creds):
    """
    Loads the configuration of the Slackbot
    Args:
        config_file: filename for the bot configuration file
        vault_config: filename for the vault client configuration file
        vault_creds: filename for the vault credentials file
    """
    global config  # pylint: disable=invalid-name
    config_client = VaultAnyConfig(vault_config)
    config_client.auth_from_file(vault_creds)
    config = config_client.load(config_file)["ebr-trackerbot"]

    log_level = logging.getLevelName(config.get("log_level", "ERROR"))

    logging.basicConfig(level=log_level,
                        format="[%(asctime)s] [%(levelname)s] %(message)s",
                        datefmt="%Y-%m-%d %H:%M:%S")
    if "api_url" not in config:
        raise RuntimeError("Missing api url in configuration.")
    if "slack_token" not in config:
        raise RuntimeError("Missing Slack Token in configuration.")

    default_slack_message_template = "Test *{{test}}* failed *{{count}}* in the last {{period}}\n"
    config.setdefault("slack_message_template", default_slack_message_template)
    config.setdefault("init_channel", "#test-slackbot")

    config.setdefault("check_tests_delay", 86400)  # in seconds, 86400 = 1 day
示例#3
0
def test_auth_with_already_authenticated_and_passthrough(
        mock_is_authenticated):
    """
    Tests that the auto_auth will simply be bypassed when using an instance with passthrough set and the client is already authenticated
    """
    mock_is_authenticated.return_value = True
    client = VaultAnyConfig()
    assert client.auto_auth("config.json")
示例#4
0
def test_detect_kv_v2(contents, secret_key, gen_vault_response_kv1,
                      gen_vault_response_kv2):
    """
    Tests that kv2 is detected correctly
    """
    read_response_v1 = gen_vault_response_kv1(contents, secret_key)
    read_response_v2 = gen_vault_response_kv2(contents, secret_key)

    assert VaultAnyConfig._VaultAnyConfig__is_key_value_v2(read_response_v2)
    assert not VaultAnyConfig._VaultAnyConfig__is_key_value_v2(
        read_response_v1)
def test_load_no_vault_with_secrets(mock_load, gen_input_config):
    """
    Basic test of the load function
    """
    mock_load.return_value = gen_input_config()

    input_config_edited = gen_input_config()
    del input_config_edited["vault_secrets"]

    client = VaultAnyConfig()

    with pytest.warns(UserWarning):
        assert client.load("in.json") == input_config_edited

    mock_load.assert_called_with("in.json")
示例#6
0
def test_dump_passthrough(
    mock_hvac_client_read,
    mock_dump,
    mock_open_handle,
    mock_chmod,
    localhost_client,
    gen_input_config,
    gen_processed_config,
    gen_vault_response_kv1,
    file_path,
    file_path_normalized,
    file_contents,
    secret_path,
):
    """
    Tests a warning is thrown where there are files specified but the passthrough flag is set.
    """
    mock_hvac_client_read.return_value = gen_vault_response_kv1()

    with warns(UserWarning):
        VaultAnyConfig().dump(gen_input_config(),
                              "out.json",
                              process_secret_files=True)

    mock_dump.assert_called_once_with(gen_input_config(), "out.json")
    mock_hvac_client_read.assert_not_called()
    mock_open_handle.assert_not_called()
    mock_chmod.assert_not_called()
def test_init_no_file(mock_hvac_client):
    """
    Tests the init function without a config file (i.e. filling the parameters directly)
    """
    client = VaultAnyConfig(url="http://localhost")
    assert not client.pass_through_flag
    mock_hvac_client.assert_called_with(url="http://localhost")
def test_init_passthrough_no_vault_config_section(mock_load):
    """
    Tests that with a vault configuration where there is no vault_config section, the passthrough flag is set
    """
    mock_load.return_value = {}

    client = VaultAnyConfig(vault_config_in="test:\n", ac_parser="test_parser")
    assert client.pass_through_flag
    mock_load.assert_called_with("test:\n", ac_parser="test_parser")
def test_init_passthrough(mock_load, gen_vault_config):
    """
    Tests that with a vault configuration where the vault_config section is empty, the passthrough flag is set
    """
    mock_load.return_value = gen_vault_config(empty=True)

    client = VaultAnyConfig(vault_config_in="test\n", ac_parser="test_parser")
    assert client.pass_through_flag
    mock_load.assert_called_with("test\n", ac_parser="test_parser")
示例#10
0
def test_init_passthrough_file_no_vault_config_section(mock_load):
    """
    Tests that with a vault configuration file where there is no vault_config section, the passthrough flag is set
    """
    mock_load.return_value = {}

    client = VaultAnyConfig(vault_config_file="config.json")
    assert client.pass_through_flag
    mock_load.assert_called_with("config.json")
def test_init_passthrough_file(mock_load, mock_isfile):
    """
    Tests that with a vault configuration file where there is no vault_config section, the passthrough flag is set
    """
    mock_isfile.return_value = True
    mock_load.return_value = {}

    client = VaultAnyConfig(vault_config_in="config.json")
    assert client.pass_through_flag
    mock_load.assert_called_with("config.json", ac_parser=None)
示例#12
0
def test_init_with_file(mock_hvac_client, mock_load, gen_vault_config):
    """
    Tests the init function with an init file
    """
    mock_load.return_value = gen_vault_config()

    client = VaultAnyConfig(vault_config_file="config.json")

    assert not client.pass_through_flag
    mock_load.assert_called_with("config.json")
    mock_hvac_client.assert_called_with(url="http://localhost")
def test_init_passthrough_test_both_vault_config_in_and_vault_config_file(
        mock_load):
    """
    Tests that with a vault configuration in which both the vault_config_in and vault_config_file are set the vault_config_in parameter takes precedence.
    """
    mock_load.return_value = {}

    client = VaultAnyConfig(vault_config_in="test:\n",
                            vault_config_file="config.json",
                            ac_parser="test_parser")
    assert client.pass_through_flag
    mock_load.assert_called_with("test:\n", ac_parser="test_parser")
示例#14
0
    def __init__(self,
                 config,
                 vault_config,
                 vault_creds,
                 config_format=None,
                 load_certs=False):
        """
        Args:
            config{str} -- [File path to configuration or a string containing the configuration] (default: {'config.yaml'})
            vault_config {str} -- [File path to configuration or a string containing the configuration] (default: {'vault.yaml'})
            vault_creds {str} -- [File path to configuration or a string containing the configuration](default: {'vault.yaml'})
            load_certs {bool} -- Automatically load certificate and key files during configuration (default: {False})
            config_format {str} -- Specifies the parser to use when reading the configuration, only needed if reading a string. See the ac_parser option
            in python-anyconfig for available formats. Common ones are `json` and `yaml`.
        """
        config_client = VaultAnyConfig(vault_config, ac_parser=config_format)
        config_client.auto_auth(vault_creds, ac_parser=config_format)
        if os.path.isfile(config):
            self.config = config_client.load(config,
                                             process_secret_files=load_certs)
        else:
            self.config = config_client.loads(config,
                                              process_secret_files=load_certs,
                                              ac_parser=config_format)

        # Elastic Search
        elastic_config = self.config["elastic"]
        self.connect_elastic(elastic_config)
        self.ES_INDEX = elastic_config["index"]
示例#15
0
def main():
    """
    Main entrypoint
    """
    args = parse_args(sys.argv[1:])

    client = VaultAnyConfig(vault_config_in=args.vault_config)
    client.auto_auth(args.vault_creds)

    config = client.load(args.in_file, process_secret_files=args.secret_files_write, ac_parser=args.file_type)

    client.dump(config, args.out_file, process_secret_files=args.secret_files_write, ac_parser=args.file_type)
示例#16
0
def test_init_string(mock_hvac, parser_dump_function, parser_name):
    """
    Tests that using a string to initialize the client will work
    """
    test_config = {
        "vault_config": {
            "test_value": 1,
            "test_value2": "value2"
        },
        "extra_stuff": "test_me"
    }
    VaultAnyConfig(vault_config_in=parser_dump_function(test_config),
                   ac_parser=parser_name)
    mock_hvac.assert_called_once_with(test_value=1, test_value2="value2")
示例#17
0
def test_auto_auth(mock_auth_approle, mock_is_authenticated,
                   parser_dump_function, parser_name):
    """
    Tests that string inputs to auto_auth will be correctly parsed
    """
    creds = {
        "vault_creds": {
            "auth_method": "approle",
            "role_id": "test_jim_bob",
            "secret_id": "test_123password"
        }
    }
    mock_is_authenticated.return_value = False

    VaultAnyConfig(url="http://localhost").auto_auth(
        parser_dump_function(creds), ac_parser=parser_name)

    mock_auth_approle.assert_called_with(
        role_id=creds["vault_creds"]["role_id"],
        secret_id=creds["vault_creds"]["secret_id"])
    mock_is_authenticated.assert_called_with()
def test_init_passthrough_args(gen_vault_config):
    """
    Tests that with an empty argument set, the passthrough flag is set
    """
    client = VaultAnyConfig(**gen_vault_config(empty=True)["vault_config"])
    assert client.pass_through_flag
示例#19
0
def localhost_client(mock_hvac_client):
    """
    Configures a mock instance of the HVAC client
    """
    return VaultAnyConfig(url="http://localhost")
示例#20
0
def test_auth_with_passthrough():
    """
    Tests that the auto_auth will simply be bypassed when using an instance with passthrough
    """
    client = VaultAnyConfig()
    assert client.auto_auth("config.json")