Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F24893890
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
15 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/tools/secretsmith/tests/Makefile b/tools/secretsmith/tests/Makefile
new file mode 100644
index 0000000..d564454
--- /dev/null
+++ b/tools/secretsmith/tests/Makefile
@@ -0,0 +1,13 @@
+# -------------------------------------------------------------
+# Secretsmith :: Tests
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+PYTHON=python3
+RUN_TESTS_SUITE=$(PYTHON) -m unittest discover
+
+test:
+ $(RUN_TESTS_SUITE) vault/
+ $(RUN_TESTS_SUITE) vault/client/
diff --git a/tools/secretsmith/tests/vault/client/test_from_config.py b/tools/secretsmith/tests/vault/client/test_from_config.py
new file mode 100644
index 0000000..b34627f
--- /dev/null
+++ b/tools/secretsmith/tests/vault/client/test_from_config.py
@@ -0,0 +1,64 @@
+# -------------------------------------------------------------
+# Secretsmith :: Vault :: Client
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+import unittest
+from unittest.mock import Mock, patch
+
+from secretsmith.vault.client import from_config
+
+
+class TestFromConfig(unittest.TestCase):
+ @patch("secretsmith.vault.client.Client")
+ @patch("secretsmith.vault.client.login_with_approle")
+ def test_from_config_approle_method(self, mock_login_approle, mock_client):
+ mock_client_instance = Mock()
+ mock_client.return_value = mock_client_instance
+
+ config = {
+ "server": {"url": "https://vault.domain.tld"},
+ "auth": {
+ "method": "approle",
+ "role_id": "00000000-0000-0000-0000-000000000000",
+ "secret_id": "00000000-0000-0000-0000-000000000000",
+ },
+ }
+ from_config(config)
+
+ mock_login_approle.assert_called_once_with(mock_client_instance, config["auth"])
+
+ @patch("secretsmith.vault.client.Client")
+ def test_from_config_token_method(self, mock_client):
+ mock_client_instance = Mock()
+ mock_client.return_value = mock_client_instance
+
+ config = {
+ "server": {"url": "https://vault.domain.tld"},
+ "auth": {"method": "token", "token": "s.test-token"},
+ }
+ from_config(config)
+
+ mock_client.assert_called_once_with(
+ url="https://vault.domain.tld",
+ token="s.test-token",
+ verify=None,
+ namespace=None,
+ )
+
+ @patch("secretsmith.vault.client.Client")
+ def test_from_config_unknown_method_raises_error(self, mock_client):
+ """Test that an unknown authentication method raises ValueError"""
+ mock_client_instance = Mock()
+ mock_client.return_value = mock_client_instance
+
+ config = {"auth": {"method": "notexisting"}}
+
+ self.assertRaises(ValueError, from_config, config)
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/tools/secretsmith/tests/vault/client/test_integration.py b/tools/secretsmith/tests/vault/client/test_integration.py
new file mode 100644
index 0000000..9005963
--- /dev/null
+++ b/tools/secretsmith/tests/vault/client/test_integration.py
@@ -0,0 +1,55 @@
+# -------------------------------------------------------------
+# Secretsmith :: Vault :: Client
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+import os
+import unittest
+from unittest.mock import patch, Mock
+
+from secretsmith.vault.client import from_config
+
+
+class TestIntegration(unittest.TestCase):
+ @patch("secretsmith.vault.client.Client")
+ def test_full_config_with_all_options(self, mock_client):
+ config = {
+ "server": {
+ "url": "https://vault.domain.tld",
+ "verify": "/path/to/ca.crt",
+ "namespace": "test-namespace",
+ },
+ "auth": {
+ "method": "token",
+ "token": "s.full-test-token",
+ },
+ }
+ mock_client_instance = Mock()
+ mock_client.return_value = mock_client_instance
+
+ from_config(config)
+ mock_client.assert_called_once_with(
+ url="https://vault.domain.tld",
+ token="s.full-test-token",
+ verify="/path/to/ca.crt",
+ namespace="test-namespace",
+ )
+
+ @patch("secretsmith.vault.client.Client")
+ def test_empty_config(self, mock_client):
+ from_config({})
+
+ with patch.dict(os.environ, {}, clear=True):
+ mock_client.assert_called_once_with(
+ url=None,
+ token=None,
+ verify=None,
+ namespace=None,
+ )
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/tools/secretsmith/tests/vault/client/test_login_with_approle.py b/tools/secretsmith/tests/vault/client/test_login_with_approle.py
new file mode 100644
index 0000000..d4d03f4
--- /dev/null
+++ b/tools/secretsmith/tests/vault/client/test_login_with_approle.py
@@ -0,0 +1,43 @@
+# -------------------------------------------------------------
+# Secretsmith :: Vault :: Client
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+import unittest
+from unittest.mock import Mock
+
+from secretsmith.vault.client import login_with_approle
+
+
+class TestLoginWithApprole(unittest.TestCase):
+
+ def test_login_with_approle_success(self):
+ mock_client = Mock()
+ config_auth = {"role_id": "test-role-id", "secret_id": "test-secret-id"}
+
+ login_with_approle(mock_client, config_auth)
+ mock_client.auth.approle.login.assert_called_once_with(
+ role_id="test-role-id", secret_id="test-secret-id"
+ )
+
+ def test_login_with_approle_no_secret_id(self):
+ mock_client = Mock()
+ config_auth = {"role_id": "test-role-id"}
+
+ login_with_approle(mock_client, config_auth)
+ mock_client.auth.approle.login.assert_called_once_with(
+ role_id="test-role-id", secret_id=None
+ )
+
+ def test_login_with_approle_missing_role_id_raises_error(self):
+ mock_client = Mock()
+ config_auth = {"secret_id": "test-secret-id"}
+
+ self.assertRaises(ValueError, login_with_approle, mock_client, config_auth)
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/tools/secretsmith/tests/vault/client/test_resolve_namespace.py b/tools/secretsmith/tests/vault/client/test_resolve_namespace.py
new file mode 100644
index 0000000..98ca184
--- /dev/null
+++ b/tools/secretsmith/tests/vault/client/test_resolve_namespace.py
@@ -0,0 +1,48 @@
+# -------------------------------------------------------------
+# Secretsmith :: Vault :: Client
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+import os
+import unittest
+from unittest.mock import patch
+
+from secretsmith.vault.client import resolve_namespace
+
+
+class TestResolveNamespace(unittest.TestCase):
+ """Test the resolve_namespace function"""
+
+ def test_resolve_namespace_from_config(self):
+ config = {"namespace": "quux"}
+ result = resolve_namespace(config)
+
+ self.assertEqual("quux", result)
+
+ def test_resolve_namespace_from_environment(self):
+ config = {}
+ os.environ["VAULT_NAMESPACE"] = "quux"
+
+ result = resolve_namespace(config)
+ self.assertEqual("quux", result)
+
+ def test_resolve_namespace_config_overrides_environment(self):
+ config = {"namespace": "config-namespace"}
+ os.environ["VAULT_NAMESPACE"] = "env-namespace"
+
+ result = resolve_namespace(config)
+ self.assertEqual("config-namespace", result)
+
+ def test_resolve_namespace_no_config_no_env_returns_none(self):
+ config = {}
+
+ with patch.dict(os.environ, {}, clear=True):
+ result = resolve_namespace(config)
+ self.assertIsNone(result)
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/tools/secretsmith/tests/vault/client/test_resolve_token.py b/tools/secretsmith/tests/vault/client/test_resolve_token.py
new file mode 100644
index 0000000..8d7ff91
--- /dev/null
+++ b/tools/secretsmith/tests/vault/client/test_resolve_token.py
@@ -0,0 +1,45 @@
+# -------------------------------------------------------------
+# Secretsmith :: Vault :: Client
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+import os
+import unittest
+import tempfile
+
+from secretsmith.vault.client import resolve_token
+
+
+class TestResolveToken(unittest.TestCase):
+ def test_empty_config_returns_none(self):
+ result = resolve_token({})
+
+ self.assertIsNone(result)
+
+ def test_resolve_token_from_file(self):
+ token_content = "s.test-file-token"
+
+ with tempfile.NamedTemporaryFile(mode="w", delete=False) as temp_file:
+ # Extra whitespaces ensure the token is correctly stripped
+ temp_file.write(token_content + "\n ")
+
+ try:
+ config_auth = {"tokenfile": temp_file.name}
+ result = resolve_token(config_auth)
+
+ self.assertEqual(token_content, result)
+ finally:
+ os.unlink(temp_file.name)
+
+ def test_resolve_token_from_config(self):
+ config_auth = {"token": "s.0000"}
+ result = resolve_token(config_auth)
+
+ self.assertEqual("s.0000", result)
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/tools/secretsmith/tests/vault/test_secrets.py b/tools/secretsmith/tests/vault/test_secrets.py
index e796e26..5f3c418 100644
--- a/tools/secretsmith/tests/vault/test_secrets.py
+++ b/tools/secretsmith/tests/vault/test_secrets.py
@@ -1,98 +1,99 @@
# -------------------------------------------------------------
# Secretsmith :: Vault :: KV secrets engine - version 2
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: BSD-2-Clause
# -------------------------------------------------------------
+
import unittest
from unittest.mock import MagicMock
from secretsmith.vault.secrets import *
class TestReadSecret(unittest.TestCase):
def setUp(self):
self.mock_client = MagicMock()
secret_mock = MagicMock(return_value=self.mock_kv2_secret())
self.mock_client.secrets.kv.read_secret_version = secret_mock
@staticmethod
def mock_kv2_secret():
return {
"data": {
"data": {
"username": "someuser",
"password": "somepass",
},
"metadata": {
"created_time": "2021-01-01T00:00:00.000000Z",
"deletion_time": "",
"destroyed": False,
"version": 1,
"custom_metadata": {"owner": "someone"},
},
}
}
def test_read_secret(self):
result = read_secret(self.mock_client, "test_mount", "test_path")
expected = {"username": "someuser", "password": "somepass"}
self.assertEqual(expected, result)
def test_read_secret_empty_data(self):
self.mock_client.secrets.kv.read_secret_version.return_value = {
"data": {"data": {}}
}
result = read_secret(self.mock_client, "test_mount", "empty_data_path")
self.assertEqual({}, result)
def test_read_secret_with_metadata_(self):
result_data, result_metadata = read_secret_with_metadata(
self.mock_client, "test_mount", "test_path"
)
expected_data = {"username": "someuser", "password": "somepass"}
expected_metadata = {
"created_time": "2021-01-01T00:00:00.000000Z",
"deletion_time": "",
"destroyed": False,
"version": 1,
"custom_metadata": {"owner": "someone"},
}
self.assertEqual(expected_data, result_data)
self.assertEqual(expected_metadata, result_metadata)
def test_read_secret_with_custom_metadata(self):
result_data, result_metadata = read_secret_with_custom_metadata(
self.mock_client, "test_mount", "test_path"
)
expected_data = {"username": "someuser", "password": "somepass"}
expected_metadata = {
"created_time": "2021-01-01T00:00:00.000000Z",
"deletion_time": "",
"destroyed": False,
"version": 1,
"owner": "someone",
}
self.assertEqual(expected_data, result_data)
self.assertEqual(expected_metadata, result_metadata)
def test_get_username(self):
result = get_username(self.mock_client, "test_mount", "test_path")
self.assertEqual("someuser", result)
def test_get_password(self):
result = get_password(self.mock_client, "test_mount", "test_path")
self.assertEqual("somepass", result)
def test_get_field(self):
result = get_field(self.mock_client, "test_mount", "test_path", "username")
self.assertEqual("someuser", result)
if __name__ == "__main__":
unittest.main()
diff --git a/tools/secretsmith/tests/vault/test_utils.py b/tools/secretsmith/tests/vault/test_utils.py
new file mode 100644
index 0000000..3c832f4
--- /dev/null
+++ b/tools/secretsmith/tests/vault/test_utils.py
@@ -0,0 +1,48 @@
+# -------------------------------------------------------------
+# Secretsmith :: Vault :: Utilities
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+import unittest
+
+from secretsmith.vault.utils import split_path
+
+
+class TestUtils(unittest.TestCase):
+
+ def test_split_path_basic(self):
+ full_path = "mount/secret/path/to/data"
+ expected = ("mount", "secret/path/to/data")
+
+ self.assertEqual(expected, split_path(full_path))
+
+ def test_split_path_no_secret_path(self):
+ full_path = "mount"
+ expected = ("mount", "")
+
+ self.assertEqual(expected, split_path(full_path))
+
+ def test_split_path_leading_slash(self):
+ full_path = "/mount/secret/path"
+ expected = ("", "mount/secret/path")
+
+ self.assertEqual(expected, split_path(full_path))
+
+ def test_split_path_trailing_slash(self):
+ full_path = "mount/secret/"
+ expected = ("mount", "secret/")
+
+ self.assertEqual(expected, split_path(full_path))
+
+ def test_split_path_empty_string(self):
+ full_path = ""
+ expected = ("", "")
+
+ self.assertEqual(expected, split_path(full_path))
+
+
+if __name__ == "__main__":
+ unittest.main()
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Wed, Mar 18, 12:24 (19 h, 25 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3537147
Default Alt Text
(15 KB)
Attached To
Mode
rRPRT Nasqueron internal reports
Attached
Detach File
Event Timeline
Log In to Comment