-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
aa55f72
commit a24968d
Showing
5 changed files
with
159 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
[pytest] | ||
asyncio_mode=auto |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,151 @@ | ||
import pytest | ||
from unittest.mock import AsyncMock | ||
|
||
from plover_1password import secret | ||
|
||
|
||
@pytest.fixture() | ||
def mock_client(mocker): | ||
async_mock = AsyncMock() | ||
mocker.patch( | ||
"onepassword.client.Client.authenticate", | ||
return_value=async_mock | ||
) | ||
return async_mock | ||
|
||
# REF: https://stackoverflow.com/questions/8294618/define-a-lambda-expression-that-raises-an-exception | ||
def raise_(exc): | ||
raise exc | ||
|
||
async def test_blank_secret_reference(): | ||
with pytest.raises( | ||
ValueError, | ||
match="Secret Reference cannot be blank" | ||
): | ||
await secret.resolve("service_account_token", "") | ||
|
||
async def test_service_account_token_invalid(monkeypatch): | ||
monkeypatch.setattr( | ||
"onepassword.client.Client.authenticate", | ||
lambda *args, **kwargs: raise_(Exception( | ||
"invalid service account token, please make sure you provide a " | ||
"valid service account token as parameter: service account " | ||
"deserialization failed, please create another token" | ||
)) | ||
) | ||
|
||
with pytest.raises( | ||
ValueError, | ||
match=( | ||
"Service Account Token is invalid. " | ||
"Create another token and restart Plover." | ||
) | ||
): | ||
await secret.resolve("service_account_token", "secret_reference") | ||
|
||
async def test_service_account_token_invalid_format(monkeypatch): | ||
monkeypatch.setattr( | ||
"onepassword.client.Client.authenticate", | ||
lambda *args, **kwargs: raise_(Exception( | ||
"invalid user input: encountered the following errors: " | ||
"service account token had invalid format" | ||
)) | ||
) | ||
|
||
with pytest.raises( | ||
ValueError, | ||
match=( | ||
"Service Account Token has invalid format. " | ||
"Fix token format or create a new one and restart Plover." | ||
) | ||
): | ||
await secret.resolve("service_account_token", "secret_reference") | ||
|
||
async def test_secret_reference_invalid_format(mock_client): | ||
mock_client.secrets.resolve.side_effect = Exception( | ||
"error resolving secret reference: " | ||
"secret reference has invalid format - " | ||
"must be \"op://<vault>/<item>/[section/]field\"" | ||
) | ||
|
||
with pytest.raises( | ||
ValueError, | ||
match=( | ||
"Secret Reference has invalid format. " | ||
"URI must be \"op://<vault>/<item>/\\[section/\\]field\"" | ||
) | ||
): | ||
await secret.resolve("service_account_token", "secret_reference") | ||
|
||
async def test_secret_reference_missing_prefix(mock_client): | ||
mock_client.secrets.resolve.side_effect = Exception( | ||
"error resolving secret reference: " | ||
"secret reference is not prefixed with \"op://\"" | ||
) | ||
|
||
with pytest.raises( | ||
ValueError, | ||
match="Secret Reference needs to be prefixed with \"op://\"" | ||
): | ||
await secret.resolve("service_account_token", "secret_reference") | ||
|
||
async def test_secret_reference_vault_not_found(mock_client): | ||
mock_client.secrets.resolve.side_effect = Exception( | ||
"error resolving secret reference: " | ||
"no vault matched the secret reference query" | ||
) | ||
|
||
with pytest.raises( | ||
ValueError, | ||
match="Vault specified in Secret Reference not found." | ||
): | ||
await secret.resolve("service_account_token", "secret_reference") | ||
|
||
async def test_secret_reference_item_not_found(mock_client): | ||
mock_client.secrets.resolve.side_effect = Exception( | ||
"error resolving secret reference: " | ||
"no item matched the secret reference query" | ||
) | ||
|
||
with pytest.raises( | ||
ValueError, | ||
match="Item specified in Secret Reference not found." | ||
): | ||
await secret.resolve("service_account_token", "secret_reference") | ||
|
||
async def test_secret_reference_section_not_found(mock_client): | ||
mock_client.secrets.resolve.side_effect = Exception( | ||
"error resolving secret reference: " | ||
"no section matched the secret reference query" | ||
) | ||
|
||
with pytest.raises( | ||
ValueError, | ||
match="Section specified in Secret Reference not found." | ||
): | ||
await secret.resolve("service_account_token", "secret_reference") | ||
|
||
async def test_secret_reference_field_not_found(mock_client): | ||
mock_client.secrets.resolve.side_effect = Exception( | ||
"error resolving secret reference: " | ||
"the specified field cannot be found within the item" | ||
) | ||
|
||
with pytest.raises( | ||
ValueError, | ||
match="Field specified Secret Reference not found." | ||
): | ||
await secret.resolve("service_account_token", "secret_reference") | ||
|
||
async def test_unexpected_exception(mock_client): | ||
mock_client.secrets.resolve.side_effect = Exception("Some exception") | ||
|
||
with pytest.raises(ValueError, match="Some exception"): | ||
await secret.resolve("service_account_token", "secret_reference") | ||
|
||
async def test_successful_secret_retrieval(mock_client): | ||
mock_client.secrets.resolve.return_value = "secret" | ||
remote_secret = await secret.resolve( | ||
"service_account_token", "secret_reference" | ||
) | ||
assert remote_secret == "secret" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters