More tests for pass
backend
This commit is contained in:
parent
81264a3b6c
commit
fa3f8f38b4
|
@ -110,6 +110,7 @@ class SecretLoader:
|
|||
self.vault_client = None
|
||||
self.env_key_prefix = None
|
||||
self.secret_folder = None
|
||||
self.pass_executable = '/usr/bin/pass' # noqa: S105
|
||||
|
||||
# Setup environment
|
||||
self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX)
|
||||
|
@ -198,12 +199,19 @@ class SecretLoader:
|
|||
if self.pass_folder is None:
|
||||
return None
|
||||
|
||||
try:
|
||||
process = subprocess.run( # noqa: S603
|
||||
['/usr/bin/pass', 'show', f'{self.pass_folder}/{secret_name.lower()}'],
|
||||
[
|
||||
self.pass_executable,
|
||||
'show',
|
||||
f'{self.pass_folder}/{secret_name.lower()}',
|
||||
],
|
||||
capture_output=True,
|
||||
check=False,
|
||||
shell=False,
|
||||
)
|
||||
except FileNotFoundError:
|
||||
return None
|
||||
|
||||
return self._convert_pass_process_result_to_password(
|
||||
process.returncode,
|
||||
|
|
|
@ -36,6 +36,38 @@ def test_fail_hardcoded_prefix_with_trailing_underscore():
|
|||
secret_loader.SecretLoader(ENV_KEY_PREFIX='TEST_')
|
||||
|
||||
|
||||
def test_fail_to_load_from_password_store_due_to_status():
|
||||
loader = secret_loader.SecretLoader(
|
||||
PASS_STORE_SUBFOLDER='test', # noqa: S106
|
||||
)
|
||||
loader.pass_executable = '/usr/bin/false' # noqa: S105
|
||||
with pytest.raises(
|
||||
ValueError,
|
||||
match='Failed to load secret with key:.*UNKNOWN.*',
|
||||
):
|
||||
assert loader.load_or_fail('UNKNOWN')
|
||||
|
||||
|
||||
def test_load_empty_from_password_store():
|
||||
loader = secret_loader.SecretLoader(
|
||||
PASS_STORE_SUBFOLDER='test', # noqa: S106
|
||||
)
|
||||
loader.pass_executable = '/usr/bin/true' # noqa: S105
|
||||
assert loader.load_or_fail('UNKNOWN') == ''
|
||||
|
||||
|
||||
def test_fail_due_to_unknown_executable():
|
||||
loader = secret_loader.SecretLoader(
|
||||
PASS_STORE_SUBFOLDER='test', # noqa: S106
|
||||
)
|
||||
loader.pass_executable = '/not/an/executable' # noqa: S105
|
||||
with pytest.raises(
|
||||
ValueError,
|
||||
match='Failed to load secret with key:.*UNKNOWN.*',
|
||||
):
|
||||
assert loader.load_or_fail('UNKNOWN')
|
||||
|
||||
|
||||
def test_lookup_unknown_or_fail():
|
||||
loader = secret_loader.SecretLoader(
|
||||
ENV_KEY_PREFIX='TEST',
|
||||
|
|
Loading…
Reference in New Issue
Block a user