More tests for pass backend

2024-10-27 18:00:32 +01:00 · 2024-10-27 18:00:32 +01:00 · fa3f8f38b4
commit fa3f8f38b4
parent 81264a3b6c
2 changed files with 46 additions and 6 deletions
--- a/secret_loader/init.py
+++ b/secret_loader/init.py
@ -110,6 +110,7 @@ class SecretLoader:
        self.vault_client = None
        self.env_key_prefix = None
        self.secret_folder = None
+        self.pass_executable = '/usr/bin/pass'  # noqa: S105

        # Setup environment
        self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX)
@ -198,12 +199,19 @@ class SecretLoader:
        if self.pass_folder is None:
            return None

+        try:
            process = subprocess.run(  # noqa: S603
-            ['/usr/bin/pass', 'show', f'{self.pass_folder}/{secret_name.lower()}'],
+                [
+                    self.pass_executable,
+                    'show',
+                    f'{self.pass_folder}/{secret_name.lower()}',
+                ],
                capture_output=True,
                check=False,
                shell=False,
            )
+        except FileNotFoundError:
+            return None

        return self._convert_pass_process_result_to_password(
            process.returncode,
--- a/test/test_init.py
+++ b/test/test_init.py
@ -36,6 +36,38 @@ def test_fail_hardcoded_prefix_with_trailing_underscore():
        secret_loader.SecretLoader(ENV_KEY_PREFIX='TEST_')


+def test_fail_to_load_from_password_store_due_to_status():
+    loader = secret_loader.SecretLoader(
+        PASS_STORE_SUBFOLDER='test',  # noqa: S106
+    )
+    loader.pass_executable = '/usr/bin/false'  # noqa: S105
+    with pytest.raises(
+        ValueError,
+        match='Failed to load secret with key:.*UNKNOWN.*',
+    ):
+        assert loader.load_or_fail('UNKNOWN')
+
+
+def test_load_empty_from_password_store():
+    loader = secret_loader.SecretLoader(
+        PASS_STORE_SUBFOLDER='test',  # noqa: S106
+    )
+    loader.pass_executable = '/usr/bin/true'  # noqa: S105
+    assert loader.load_or_fail('UNKNOWN') == ''
+
+
+def test_fail_due_to_unknown_executable():
+    loader = secret_loader.SecretLoader(
+        PASS_STORE_SUBFOLDER='test',  # noqa: S106
+    )
+    loader.pass_executable = '/not/an/executable'  # noqa: S105
+    with pytest.raises(
+        ValueError,
+        match='Failed to load secret with key:.*UNKNOWN.*',
+    ):
+        assert loader.load_or_fail('UNKNOWN')
+
+
 def test_lookup_unknown_or_fail():
    loader = secret_loader.SecretLoader(
        ENV_KEY_PREFIX='TEST',