More tests for pass
backend
This commit is contained in:
parent
81264a3b6c
commit
fa3f8f38b4
|
@ -110,6 +110,7 @@ class SecretLoader:
|
||||||
self.vault_client = None
|
self.vault_client = None
|
||||||
self.env_key_prefix = None
|
self.env_key_prefix = None
|
||||||
self.secret_folder = None
|
self.secret_folder = None
|
||||||
|
self.pass_executable = '/usr/bin/pass' # noqa: S105
|
||||||
|
|
||||||
# Setup environment
|
# Setup environment
|
||||||
self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX)
|
self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX)
|
||||||
|
@ -198,12 +199,19 @@ class SecretLoader:
|
||||||
if self.pass_folder is None:
|
if self.pass_folder is None:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
try:
|
||||||
process = subprocess.run( # noqa: S603
|
process = subprocess.run( # noqa: S603
|
||||||
['/usr/bin/pass', 'show', f'{self.pass_folder}/{secret_name.lower()}'],
|
[
|
||||||
|
self.pass_executable,
|
||||||
|
'show',
|
||||||
|
f'{self.pass_folder}/{secret_name.lower()}',
|
||||||
|
],
|
||||||
capture_output=True,
|
capture_output=True,
|
||||||
check=False,
|
check=False,
|
||||||
shell=False,
|
shell=False,
|
||||||
)
|
)
|
||||||
|
except FileNotFoundError:
|
||||||
|
return None
|
||||||
|
|
||||||
return self._convert_pass_process_result_to_password(
|
return self._convert_pass_process_result_to_password(
|
||||||
process.returncode,
|
process.returncode,
|
||||||
|
|
|
@ -36,6 +36,38 @@ def test_fail_hardcoded_prefix_with_trailing_underscore():
|
||||||
secret_loader.SecretLoader(ENV_KEY_PREFIX='TEST_')
|
secret_loader.SecretLoader(ENV_KEY_PREFIX='TEST_')
|
||||||
|
|
||||||
|
|
||||||
|
def test_fail_to_load_from_password_store_due_to_status():
|
||||||
|
loader = secret_loader.SecretLoader(
|
||||||
|
PASS_STORE_SUBFOLDER='test', # noqa: S106
|
||||||
|
)
|
||||||
|
loader.pass_executable = '/usr/bin/false' # noqa: S105
|
||||||
|
with pytest.raises(
|
||||||
|
ValueError,
|
||||||
|
match='Failed to load secret with key:.*UNKNOWN.*',
|
||||||
|
):
|
||||||
|
assert loader.load_or_fail('UNKNOWN')
|
||||||
|
|
||||||
|
|
||||||
|
def test_load_empty_from_password_store():
|
||||||
|
loader = secret_loader.SecretLoader(
|
||||||
|
PASS_STORE_SUBFOLDER='test', # noqa: S106
|
||||||
|
)
|
||||||
|
loader.pass_executable = '/usr/bin/true' # noqa: S105
|
||||||
|
assert loader.load_or_fail('UNKNOWN') == ''
|
||||||
|
|
||||||
|
|
||||||
|
def test_fail_due_to_unknown_executable():
|
||||||
|
loader = secret_loader.SecretLoader(
|
||||||
|
PASS_STORE_SUBFOLDER='test', # noqa: S106
|
||||||
|
)
|
||||||
|
loader.pass_executable = '/not/an/executable' # noqa: S105
|
||||||
|
with pytest.raises(
|
||||||
|
ValueError,
|
||||||
|
match='Failed to load secret with key:.*UNKNOWN.*',
|
||||||
|
):
|
||||||
|
assert loader.load_or_fail('UNKNOWN')
|
||||||
|
|
||||||
|
|
||||||
def test_lookup_unknown_or_fail():
|
def test_lookup_unknown_or_fail():
|
||||||
loader = secret_loader.SecretLoader(
|
loader = secret_loader.SecretLoader(
|
||||||
ENV_KEY_PREFIX='TEST',
|
ENV_KEY_PREFIX='TEST',
|
||||||
|
|
Loading…
Reference in New Issue
Block a user