D3706.diff
No OneTemporary
Actions

Size

11 KB

Referenced Files

None

Subscribers

None

D3706.diff
View Options

	diff --git a/tools/secretsmith/tests/Makefile b/tools/secretsmith/tests/Makefile
	new file mode 100644
	--- /dev/null
	+++ b/tools/secretsmith/tests/Makefile
	@@ -0,0 +1,13 @@
	+# -------------------------------------------------------------
	+# Secretsmith :: Tests
	+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	+# Project: Nasqueron
	+# License: Trivial work, not eligible to copyright
	+# -------------------------------------------------------------
	+
	+PYTHON=python3
	+RUN_TESTS_SUITE=$(PYTHON) -m unittest discover
	+
	+test:
	+ $(RUN_TESTS_SUITE) vault/
	+ $(RUN_TESTS_SUITE) vault/client/
	diff --git a/tools/secretsmith/tests/vault/client/test_from_config.py b/tools/secretsmith/tests/vault/client/test_from_config.py
	new file mode 100644
	--- /dev/null
	+++ b/tools/secretsmith/tests/vault/client/test_from_config.py
	@@ -0,0 +1,64 @@
	+# -------------------------------------------------------------
	+# Secretsmith :: Vault :: Client
	+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	+# Project: Nasqueron
	+# License: BSD-2-Clause
	+# -------------------------------------------------------------
	+
	+
	+import unittest
	+from unittest.mock import Mock, patch
	+
	+from secretsmith.vault.client import from_config
	+
	+
	+class TestFromConfig(unittest.TestCase):
	+ @patch("secretsmith.vault.client.Client")
	+ @patch("secretsmith.vault.client.login_with_approle")
	+ def test_from_config_approle_method(self, mock_login_approle, mock_client):
	+ mock_client_instance = Mock()
	+ mock_client.return_value = mock_client_instance
	+
	+ config = {
	+ "server": {"url": "https://vault.domain.tld"},
	+ "auth": {
	+ "method": "approle",
	+ "role_id": "00000000-0000-0000-0000-000000000000",
	+ "secret_id": "00000000-0000-0000-0000-000000000000",
	+ },
	+ }
	+ from_config(config)
	+
	+ mock_login_approle.assert_called_once_with(mock_client_instance, config["auth"])
	+
	+ @patch("secretsmith.vault.client.Client")
	+ def test_from_config_token_method(self, mock_client):
	+ mock_client_instance = Mock()
	+ mock_client.return_value = mock_client_instance
	+
	+ config = {
	+ "server": {"url": "https://vault.domain.tld"},
	+ "auth": {"method": "token", "token": "s.test-token"},
	+ }
	+ from_config(config)
	+
	+ mock_client.assert_called_once_with(
	+ url="https://vault.domain.tld",
	+ token="s.test-token",
	+ verify=None,
	+ namespace=None,
	+ )
	+
	+ @patch("secretsmith.vault.client.Client")
	+ def test_from_config_unknown_method_raises_error(self, mock_client):
	+ """Test that an unknown authentication method raises ValueError"""
	+ mock_client_instance = Mock()
	+ mock_client.return_value = mock_client_instance
	+
	+ config = {"auth": {"method": "notexisting"}}
	+
	+ self.assertRaises(ValueError, from_config, config)
	+
	+
	+if __name__ == "__main__":
	+ unittest.main()
	diff --git a/tools/secretsmith/tests/vault/client/test_integration.py b/tools/secretsmith/tests/vault/client/test_integration.py
	new file mode 100644
	--- /dev/null
	+++ b/tools/secretsmith/tests/vault/client/test_integration.py
	@@ -0,0 +1,55 @@
	+# -------------------------------------------------------------
	+# Secretsmith :: Vault :: Client
	+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	+# Project: Nasqueron
	+# License: BSD-2-Clause
	+# -------------------------------------------------------------
	+
	+
	+import os
	+import unittest
	+from unittest.mock import patch, Mock
	+
	+from secretsmith.vault.client import from_config
	+
	+
	+class TestIntegration(unittest.TestCase):
	+ @patch("secretsmith.vault.client.Client")
	+ def test_full_config_with_all_options(self, mock_client):
	+ config = {
	+ "server": {
	+ "url": "https://vault.domain.tld",
	+ "verify": "/path/to/ca.crt",
	+ "namespace": "test-namespace",
	+ },
	+ "auth": {
	+ "method": "token",
	+ "token": "s.full-test-token",
	+ },
	+ }
	+ mock_client_instance = Mock()
	+ mock_client.return_value = mock_client_instance
	+
	+ from_config(config)
	+ mock_client.assert_called_once_with(
	+ url="https://vault.domain.tld",
	+ token="s.full-test-token",
	+ verify="/path/to/ca.crt",
	+ namespace="test-namespace",
	+ )
	+
	+ @patch("secretsmith.vault.client.Client")
	+ def test_empty_config(self, mock_client):
	+ from_config({})
	+
	+ with patch.dict(os.environ, {}, clear=True):
	+ mock_client.assert_called_once_with(
	+ url=None,
	+ token=None,
	+ verify=None,
	+ namespace=None,
	+ )
	+
	+
	+if __name__ == "__main__":
	+ unittest.main()
	diff --git a/tools/secretsmith/tests/vault/client/test_login_with_approle.py b/tools/secretsmith/tests/vault/client/test_login_with_approle.py
	new file mode 100644
	--- /dev/null
	+++ b/tools/secretsmith/tests/vault/client/test_login_with_approle.py
	@@ -0,0 +1,43 @@
	+# -------------------------------------------------------------
	+# Secretsmith :: Vault :: Client
	+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	+# Project: Nasqueron
	+# License: BSD-2-Clause
	+# -------------------------------------------------------------
	+
	+
	+import unittest
	+from unittest.mock import Mock
	+
	+from secretsmith.vault.client import login_with_approle
	+
	+
	+class TestLoginWithApprole(unittest.TestCase):
	+
	+ def test_login_with_approle_success(self):
	+ mock_client = Mock()
	+ config_auth = {"role_id": "test-role-id", "secret_id": "test-secret-id"}
	+
	+ login_with_approle(mock_client, config_auth)
	+ mock_client.auth.approle.login.assert_called_once_with(
	+ role_id="test-role-id", secret_id="test-secret-id"
	+ )
	+
	+ def test_login_with_approle_no_secret_id(self):
	+ mock_client = Mock()
	+ config_auth = {"role_id": "test-role-id"}
	+
	+ login_with_approle(mock_client, config_auth)
	+ mock_client.auth.approle.login.assert_called_once_with(
	+ role_id="test-role-id", secret_id=None
	+ )
	+
	+ def test_login_with_approle_missing_role_id_raises_error(self):
	+ mock_client = Mock()
	+ config_auth = {"secret_id": "test-secret-id"}
	+
	+ self.assertRaises(ValueError, login_with_approle, mock_client, config_auth)
	+
	+
	+if __name__ == "__main__":
	+ unittest.main()
	diff --git a/tools/secretsmith/tests/vault/client/test_resolve_namespace.py b/tools/secretsmith/tests/vault/client/test_resolve_namespace.py
	new file mode 100644
	--- /dev/null
	+++ b/tools/secretsmith/tests/vault/client/test_resolve_namespace.py
	@@ -0,0 +1,48 @@
	+# -------------------------------------------------------------
	+# Secretsmith :: Vault :: Client
	+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	+# Project: Nasqueron
	+# License: BSD-2-Clause
	+# -------------------------------------------------------------
	+
	+
	+import os
	+import unittest
	+from unittest.mock import patch
	+
	+from secretsmith.vault.client import resolve_namespace
	+
	+
	+class TestResolveNamespace(unittest.TestCase):
	+ """Test the resolve_namespace function"""
	+
	+ def test_resolve_namespace_from_config(self):
	+ config = {"namespace": "quux"}
	+ result = resolve_namespace(config)
	+
	+ self.assertEqual("quux", result)
	+
	+ def test_resolve_namespace_from_environment(self):
	+ config = {}
	+ os.environ["VAULT_NAMESPACE"] = "quux"
	+
	+ result = resolve_namespace(config)
	+ self.assertEqual("quux", result)
	+
	+ def test_resolve_namespace_config_overrides_environment(self):
	+ config = {"namespace": "config-namespace"}
	+ os.environ["VAULT_NAMESPACE"] = "env-namespace"
	+
	+ result = resolve_namespace(config)
	+ self.assertEqual("config-namespace", result)
	+
	+ def test_resolve_namespace_no_config_no_env_returns_none(self):
	+ config = {}
	+
	+ with patch.dict(os.environ, {}, clear=True):
	+ result = resolve_namespace(config)
	+ self.assertIsNone(result)
	+
	+
	+if __name__ == "__main__":
	+ unittest.main()
	diff --git a/tools/secretsmith/tests/vault/client/test_resolve_token.py b/tools/secretsmith/tests/vault/client/test_resolve_token.py
	new file mode 100644
	--- /dev/null
	+++ b/tools/secretsmith/tests/vault/client/test_resolve_token.py
	@@ -0,0 +1,45 @@
	+# -------------------------------------------------------------
	+# Secretsmith :: Vault :: Client
	+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	+# Project: Nasqueron
	+# License: BSD-2-Clause
	+# -------------------------------------------------------------
	+
	+
	+import os
	+import unittest
	+import tempfile
	+
	+from secretsmith.vault.client import resolve_token
	+
	+
	+class TestResolveToken(unittest.TestCase):
	+ def test_empty_config_returns_none(self):
	+ result = resolve_token({})
	+
	+ self.assertIsNone(result)
	+
	+ def test_resolve_token_from_file(self):
	+ token_content = "s.test-file-token"
	+
	+ with tempfile.NamedTemporaryFile(mode="w", delete=False) as temp_file:
	+ # Extra whitespaces ensure the token is correctly stripped
	+ temp_file.write(token_content + "\n ")
	+
	+ try:
	+ config_auth = {"tokenfile": temp_file.name}
	+ result = resolve_token(config_auth)
	+
	+ self.assertEqual(token_content, result)
	+ finally:
	+ os.unlink(temp_file.name)
	+
	+ def test_resolve_token_from_config(self):
	+ config_auth = {"token": "s.0000"}
	+ result = resolve_token(config_auth)
	+
	+ self.assertEqual("s.0000", result)
	+
	+
	+if __name__ == "__main__":
	+ unittest.main()
	diff --git a/tools/secretsmith/tests/vault/test_secrets.py b/tools/secretsmith/tests/vault/test_secrets.py
	--- a/tools/secretsmith/tests/vault/test_secrets.py
	+++ b/tools/secretsmith/tests/vault/test_secrets.py
	@@ -5,6 +5,7 @@
	# License: BSD-2-Clause
	# -------------------------------------------------------------

	+
	import unittest
	from unittest.mock import MagicMock

	diff --git a/tools/secretsmith/tests/vault/test_utils.py b/tools/secretsmith/tests/vault/test_utils.py
	new file mode 100644
	--- /dev/null
	+++ b/tools/secretsmith/tests/vault/test_utils.py
	@@ -0,0 +1,48 @@
	+# -------------------------------------------------------------
	+# Secretsmith :: Vault :: Utilities
	+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	+# Project: Nasqueron
	+# License: BSD-2-Clause
	+# -------------------------------------------------------------
	+
	+
	+import unittest
	+
	+from secretsmith.vault.utils import split_path
	+
	+
	+class TestUtils(unittest.TestCase):
	+
	+ def test_split_path_basic(self):
	+ full_path = "mount/secret/path/to/data"
	+ expected = ("mount", "secret/path/to/data")
	+
	+ self.assertEqual(expected, split_path(full_path))
	+
	+ def test_split_path_no_secret_path(self):
	+ full_path = "mount"
	+ expected = ("mount", "")
	+
	+ self.assertEqual(expected, split_path(full_path))
	+
	+ def test_split_path_leading_slash(self):
	+ full_path = "/mount/secret/path"
	+ expected = ("", "mount/secret/path")
	+
	+ self.assertEqual(expected, split_path(full_path))
	+
	+ def test_split_path_trailing_slash(self):
	+ full_path = "mount/secret/"
	+ expected = ("mount", "secret/")
	+
	+ self.assertEqual(expected, split_path(full_path))
	+
	+ def test_split_path_empty_string(self):
	+ full_path = ""
	+ expected = ("", "")
	+
	+ self.assertEqual(expected, split_path(full_path))
	+
	+
	+if __name__ == "__main__":
	+ unittest.main()

File Metadata

Mime Type: text/plain
Expires: Mon, Sep 22, 21:15 (10 h, 6 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 3006520
Default Alt Text: D3706.diff (11 KB)

D3706.diffNo OneTemporaryActions

D3706.diffView Options

File Metadata

Event Timeline

D3706.diff
No OneTemporary
Actions

D3706.diff
View Options