Fix all the unittests

plugins/module_utils/_hashi_vault_common.py

@@ -303,7 +303,10 @@ def deprecate(self, message, version=None, date=None, collection_name=None):
         self._deprecator(message, version=version, date=date, collection_name=collection_name)
 
     def get_context(self, client, raw_response, revoke_token=None):
-        return HashiVaultAuthContext(self, client, raw_response, revoke_token)
+        return HashiVaultAuthContext(
+            self, client, raw_response,
+            revoke_token=revoke_token,
+        )
 
     @staticmethod
     def _stringify(input):

tests/unit/conftest.py

@@ -14,6 +14,7 @@
 from .compat import mock
 
 from ...plugins.module_utils._authenticator import HashiVaultAuthenticator
+from ...plugins.module_utils._hashi_vault_common import HashiVaultAuthContext
 
 
 @pytest.fixture(autouse=True)
@@ -52,10 +53,10 @@ def vault_client():
 
 
 @pytest.fixture
-def authenticator():
+def authenticator(vault_client):
     authenticator = HashiVaultAuthenticator
     authenticator.validate = mock.Mock(wraps=lambda: True)
-    authenticator.authenticate = mock.Mock(wraps=lambda client: 'throwaway')
+    authenticator.authenticate = mock.Mock(wraps=lambda client: HashiVaultAuthContext(authenticator, vault_client, "throwaway"))
     authenticator.logout = mock.Mock(warps=lambda: None)
 
     return authenticator

tests/unit/plugins/module_utils/authentication/test_auth_approle.py

@@ -95,5 +95,5 @@ def _set_client_token(*args, **kwargs):
             response = auth_approle.authenticate(client, use_token=use_token)
             approle_login.assert_called_once_with(**expected_login_params)
 
-        assert response['auth']['client_token'] == approle_login_response['auth']['client_token']
+        assert response.raw['auth']['client_token'] == approle_login_response['auth']['client_token']
         assert (client.token == approle_login_response['auth']['client_token']) is use_token

tests/unit/plugins/module_utils/authentication/test_auth_aws_iam.py

@@ -17,6 +17,7 @@
 from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import (
     HashiVaultAuthMethodBase,
     HashiVaultValueError,
+    HashiVaultAuthContext,
 )
 
 
@@ -144,7 +145,8 @@ def test_auth_aws_iam_authenticate(
             response = auth_aws_iam.authenticate(client, use_token=use_token)
             aws_iam_login.assert_called_once_with(use_token=use_token, **expected_login_params)
 
-        assert response['auth']['client_token'] == aws_iam_login_response['auth']['client_token']
+        assert isinstance(response, HashiVaultAuthContext)
+        assert response.raw['auth']['client_token'] == aws_iam_login_response['auth']['client_token']
 
     def test_auth_aws_iam_validate_no_creds_no_boto(self, auth_aws_iam, mock_import_error):
         with mock_import_error('botocore', 'boto3'):

tests/unit/plugins/module_utils/authentication/test_auth_azure.py

@@ -17,6 +17,7 @@
 from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import (
     HashiVaultAuthMethodBase,
     HashiVaultValueError,
+    HashiVaultAuthContext,
 )
 
 
@@ -116,8 +117,9 @@ def test_auth_azure_authenticate_use_jwt(
             response = auth_azure.authenticate(client, use_token=use_token)
             azure_login.assert_called_once_with(use_token=use_token, **params)
 
+        assert isinstance(response, HashiVaultAuthContext)
         assert (
-            response['auth']['client_token']
+            response.raw['auth']['client_token']
             == azure_login_response['auth']['client_token']
         )
 

tests/unit/plugins/module_utils/authentication/test_auth_cert.py

@@ -17,6 +17,7 @@
 from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import (
     HashiVaultAuthMethodBase,
     HashiVaultValueError,
+    HashiVaultAuthContext,
 )
 
 
@@ -85,5 +86,6 @@ def _set_client_token(*args, **kwargs):
             response = auth_cert.authenticate(client, use_token=use_token)
             cert_login.assert_called_once_with(**expected_login_params)
 
-        assert response["auth"]["client_token"] == cert_login_response["auth"]["client_token"]
+        assert isinstance(response, HashiVaultAuthContext)
+        assert response.raw["auth"]["client_token"] == cert_login_response["auth"]["client_token"]
         assert (client.token == cert_login_response["auth"]["client_token"]) is use_token

tests/unit/plugins/module_utils/authentication/test_auth_jwt.py

@@ -17,6 +17,7 @@
 from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import (
     HashiVaultAuthMethodBase,
     HashiVaultValueError,
+    HashiVaultAuthContext,
 )
 
 
@@ -91,5 +92,6 @@ def test_auth_jwt_authenticate(self, auth_jwt, client, adapter, jwt, role_id, mo
             response = auth_jwt.authenticate(client, use_token=use_token)
             jwt_login.assert_called_once_with(**expected_login_params)
 
-        assert response['auth']['client_token'] == jwt_login_response['auth']['client_token']
+        assert isinstance(response, HashiVaultAuthContext)
+        assert response.raw['auth']['client_token'] == jwt_login_response['auth']['client_token']
         assert (client.token == jwt_login_response['auth']['client_token']) is use_token

tests/unit/plugins/module_utils/authentication/test_auth_ldap.py

@@ -17,6 +17,7 @@
 from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import (
     HashiVaultAuthMethodBase,
     HashiVaultValueError,
+    HashiVaultAuthContext,
 )
 
 
@@ -99,5 +100,6 @@ def _set_client_token(*args, **kwargs):
             response = auth_ldap.authenticate(client, use_token=use_token)
             ldap_login.assert_called_once_with(use_token=use_token, **expected_login_params)
 
-        assert response['auth']['client_token'] == ldap_login_response['auth']['client_token']
+        assert isinstance(response, HashiVaultAuthContext)
+        assert response.raw['auth']['client_token'] == ldap_login_response['auth']['client_token']
         assert (client.token == ldap_login_response['auth']['client_token']) is use_token

tests/unit/plugins/module_utils/authentication/test_auth_none.py

@@ -12,7 +12,10 @@
 
 from ansible_collections.community.hashi_vault.plugins.module_utils._auth_method_none import HashiVaultAuthMethodNone
 
-from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import HashiVaultAuthMethodBase
+from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import (
+    HashiVaultAuthMethodBase,
+    HashiVaultAuthContext,
+)
 
 
 @pytest.fixture
@@ -32,5 +35,6 @@ def test_auth_none_validate(self, auth_none):
     def test_auth_none_authenticate(self, auth_none, client, use_token):
         result = auth_none.authenticate(client, use_token=use_token)
 
-        assert result is None
+        assert isinstance(result, HashiVaultAuthContext)
+        assert result.raw is None
         assert client.token is None

tests/unit/plugins/module_utils/authentication/test_auth_token.py

@@ -26,6 +26,7 @@
 from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import (
     HashiVaultAuthMethodBase,
     HashiVaultValueError,
+    HashiVaultAuthContext,
 )
 
 
@@ -146,7 +147,8 @@ def test_auth_token_authenticate(self, auth_token, client, adapter, token, use_t
 
             sim_login.assert_called_once_with(token, expected_lookup_value)
 
-        assert response['auth']['client_token'] == token
+        assert isinstance(response, HashiVaultAuthContext)
+        assert response.raw['auth']['client_token'] == token
         assert (client.token == token) is use_token
 
     def test_auth_token_authenticate_success_on_no_validate(self, auth_token, adapter, client, token, validation_failure):
@@ -162,7 +164,7 @@ def test_auth_token_authenticate_success_on_no_validate(self, auth_token, adapte
 
             sim_login.assert_called_once_with(token, None)
 
-        assert response['auth']['client_token'] == token
+        assert response.raw['auth']['client_token'] == token
         assert client.token == token
 
     def test_auth_token_authenticate_failed_validation(self, auth_token, adapter, client, token, validation_failure):

tests/unit/plugins/module_utils/authentication/test_auth_userpass.py

@@ -17,6 +17,7 @@
 from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import (
     HashiVaultAuthMethodBase,
     HashiVaultValueError,
+    HashiVaultAuthContext,
 )
 
 
@@ -95,5 +96,6 @@ def _set_client_token(*args, **kwargs):
             response = auth_userpass.authenticate(client, use_token=use_token)
             userpass_login.assert_called_once_with(**expected_login_params)
 
-        assert response['auth']['client_token'] == userpass_login_response['auth']['client_token']
+        assert isinstance(response, HashiVaultAuthContext)
+        assert response.raw['auth']['client_token'] == userpass_login_response['auth']['client_token']
         assert (client.token == userpass_login_response['auth']['client_token']) is use_token

tests/unit/plugins/module_utils/authentication/test_hashi_vault_authenticator.py

@@ -69,19 +69,13 @@ def test_get_method_object_implicit(self, authenticator, adapter, fake_auth_clas
 
         assert isinstance(obj, type(fake_auth_class))
 
-    @pytest.mark.parametrize('kwargs', [
-        {},
-        {'one': 1},
-        {'one': '1', 'two': 2},
-    ])
     @pytest.mark.parametrize('revoke', [True, False])
-    def test_method_logout_logs_out_with_token_if_revocation_requested(self, authenticator, fake_auth_class, revoke, kwargs):
+    def test_method_logout_logs_out_with_token_if_revocation_requested(self, authenticator, fake_auth_class, adapter, revoke):
+        adapter.set_option("revoke_ephemeral_token", revoke)
         client = mock.MagicMock()
-        fake_auth_class.should_revoke_token.return_value = revoke
 
-        authenticator.logout(client, **kwargs)
+        authenticator.logout(client)
 
-        fake_auth_class.should_revoke_token.assert_called_once_with(**kwargs)
         client.logout.assert_called_once_with(revoke_token=revoke)
 
     def test_logout_not_implemented(self, authenticator, fake_auth_class):

tests/unit/plugins/modules/test_vault_login.py

@@ -99,7 +99,9 @@ def test_vault_login_return_data(
         self, patch_ansible_module, token_lookup_full_response, authenticator, vault_client,
         opt__ansible_check_mode, opt_auth_method, opt_token, opt_role_id, capfd
     ):
-        authenticator.authenticate.return_value = token_lookup_full_response
+        result = mock.MagicMock()
+        result.raw = token_lookup_full_response
+        authenticator.authenticate.return_value = result
 
         with pytest.raises(SystemExit) as e:
             vault_login.main()

tests/unit/plugins/plugin_utils/authentication/test_auth_token.py

@@ -49,7 +49,7 @@ def test_auth_token_unsafes(self, auth_token, client, adapter, token):
         with mock.patch.object(auth_token, '_stringify', wrapper):
             response = auth_token.authenticate(client, use_token=True, lookup_self=False)
 
-        assert isinstance(response['auth']['client_token'], (bytes, type(u''))), repr(response['auth']['client_token'])
+        assert isinstance(response.raw['auth']['client_token'], (bytes, type(u''))), repr(response.raw['auth']['client_token'])
         assert isinstance(client.token, (bytes, type(u''))), repr(client.token)
-        assert not isinstance(response['auth']['client_token'], AnsibleUnsafe), repr(response['auth']['client_token'])
+        assert not isinstance(response.raw['auth']['client_token'], AnsibleUnsafe), repr(response.raw['auth']['client_token'])
         assert not isinstance(client.token, AnsibleUnsafe), repr(client.token)