From 6bba91ee5a445a4fc9928c18ab26637cf26b0053 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Sch=C3=A4fer?= Date: Thu, 29 Sep 2022 10:16:28 +0200 Subject: [PATCH] Fix all the unittests --- plugins/module_utils/_hashi_vault_common.py | 5 ++++- tests/unit/conftest.py | 5 +++-- .../module_utils/authentication/test_auth_approle.py | 2 +- .../module_utils/authentication/test_auth_aws_iam.py | 4 +++- .../module_utils/authentication/test_auth_azure.py | 4 +++- .../module_utils/authentication/test_auth_cert.py | 4 +++- .../module_utils/authentication/test_auth_jwt.py | 4 +++- .../module_utils/authentication/test_auth_ldap.py | 4 +++- .../module_utils/authentication/test_auth_none.py | 8 ++++++-- .../module_utils/authentication/test_auth_token.py | 6 ++++-- .../authentication/test_auth_userpass.py | 4 +++- .../authentication/test_hashi_vault_authenticator.py | 12 +++--------- tests/unit/plugins/modules/test_vault_login.py | 4 +++- .../plugin_utils/authentication/test_auth_token.py | 4 ++-- 14 files changed, 44 insertions(+), 26 deletions(-) diff --git a/plugins/module_utils/_hashi_vault_common.py b/plugins/module_utils/_hashi_vault_common.py index 4f88c1d04..53bbfc0fc 100644 --- a/plugins/module_utils/_hashi_vault_common.py +++ b/plugins/module_utils/_hashi_vault_common.py @@ -303,7 +303,10 @@ def deprecate(self, message, version=None, date=None, collection_name=None): self._deprecator(message, version=version, date=date, collection_name=collection_name) def get_context(self, client, raw_response, revoke_token=None): - return HashiVaultAuthContext(self, client, raw_response, revoke_token) + return HashiVaultAuthContext( + self, client, raw_response, + revoke_token=revoke_token, + ) @staticmethod def _stringify(input): diff --git a/tests/unit/conftest.py b/tests/unit/conftest.py index f9748b840..8d9f2955e 100644 --- a/tests/unit/conftest.py +++ b/tests/unit/conftest.py @@ -14,6 +14,7 @@ from .compat import mock from ...plugins.module_utils._authenticator import HashiVaultAuthenticator +from ...plugins.module_utils._hashi_vault_common import HashiVaultAuthContext @pytest.fixture(autouse=True) @@ -52,10 +53,10 @@ def vault_client(): @pytest.fixture -def authenticator(): +def authenticator(vault_client): authenticator = HashiVaultAuthenticator authenticator.validate = mock.Mock(wraps=lambda: True) - authenticator.authenticate = mock.Mock(wraps=lambda client: 'throwaway') + authenticator.authenticate = mock.Mock(wraps=lambda client: HashiVaultAuthContext(authenticator, vault_client, "throwaway")) authenticator.logout = mock.Mock(warps=lambda: None) return authenticator diff --git a/tests/unit/plugins/module_utils/authentication/test_auth_approle.py b/tests/unit/plugins/module_utils/authentication/test_auth_approle.py index 4507b1bd8..2fb5778c1 100644 --- a/tests/unit/plugins/module_utils/authentication/test_auth_approle.py +++ b/tests/unit/plugins/module_utils/authentication/test_auth_approle.py @@ -95,5 +95,5 @@ def _set_client_token(*args, **kwargs): response = auth_approle.authenticate(client, use_token=use_token) approle_login.assert_called_once_with(**expected_login_params) - assert response['auth']['client_token'] == approle_login_response['auth']['client_token'] + assert response.raw['auth']['client_token'] == approle_login_response['auth']['client_token'] assert (client.token == approle_login_response['auth']['client_token']) is use_token diff --git a/tests/unit/plugins/module_utils/authentication/test_auth_aws_iam.py b/tests/unit/plugins/module_utils/authentication/test_auth_aws_iam.py index 678146b92..7703e1f40 100644 --- a/tests/unit/plugins/module_utils/authentication/test_auth_aws_iam.py +++ b/tests/unit/plugins/module_utils/authentication/test_auth_aws_iam.py @@ -17,6 +17,7 @@ from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import ( HashiVaultAuthMethodBase, HashiVaultValueError, + HashiVaultAuthContext, ) @@ -144,7 +145,8 @@ def test_auth_aws_iam_authenticate( response = auth_aws_iam.authenticate(client, use_token=use_token) aws_iam_login.assert_called_once_with(use_token=use_token, **expected_login_params) - assert response['auth']['client_token'] == aws_iam_login_response['auth']['client_token'] + assert isinstance(response, HashiVaultAuthContext) + assert response.raw['auth']['client_token'] == aws_iam_login_response['auth']['client_token'] def test_auth_aws_iam_validate_no_creds_no_boto(self, auth_aws_iam, mock_import_error): with mock_import_error('botocore', 'boto3'): diff --git a/tests/unit/plugins/module_utils/authentication/test_auth_azure.py b/tests/unit/plugins/module_utils/authentication/test_auth_azure.py index 747a432df..59a785398 100644 --- a/tests/unit/plugins/module_utils/authentication/test_auth_azure.py +++ b/tests/unit/plugins/module_utils/authentication/test_auth_azure.py @@ -17,6 +17,7 @@ from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import ( HashiVaultAuthMethodBase, HashiVaultValueError, + HashiVaultAuthContext, ) @@ -116,8 +117,9 @@ def test_auth_azure_authenticate_use_jwt( response = auth_azure.authenticate(client, use_token=use_token) azure_login.assert_called_once_with(use_token=use_token, **params) + assert isinstance(response, HashiVaultAuthContext) assert ( - response['auth']['client_token'] + response.raw['auth']['client_token'] == azure_login_response['auth']['client_token'] ) diff --git a/tests/unit/plugins/module_utils/authentication/test_auth_cert.py b/tests/unit/plugins/module_utils/authentication/test_auth_cert.py index b8cc4c14b..84cde7f67 100644 --- a/tests/unit/plugins/module_utils/authentication/test_auth_cert.py +++ b/tests/unit/plugins/module_utils/authentication/test_auth_cert.py @@ -17,6 +17,7 @@ from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import ( HashiVaultAuthMethodBase, HashiVaultValueError, + HashiVaultAuthContext, ) @@ -85,5 +86,6 @@ def _set_client_token(*args, **kwargs): response = auth_cert.authenticate(client, use_token=use_token) cert_login.assert_called_once_with(**expected_login_params) - assert response["auth"]["client_token"] == cert_login_response["auth"]["client_token"] + assert isinstance(response, HashiVaultAuthContext) + assert response.raw["auth"]["client_token"] == cert_login_response["auth"]["client_token"] assert (client.token == cert_login_response["auth"]["client_token"]) is use_token diff --git a/tests/unit/plugins/module_utils/authentication/test_auth_jwt.py b/tests/unit/plugins/module_utils/authentication/test_auth_jwt.py index f5971ae00..ccccea039 100644 --- a/tests/unit/plugins/module_utils/authentication/test_auth_jwt.py +++ b/tests/unit/plugins/module_utils/authentication/test_auth_jwt.py @@ -17,6 +17,7 @@ from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import ( HashiVaultAuthMethodBase, HashiVaultValueError, + HashiVaultAuthContext, ) @@ -91,5 +92,6 @@ def test_auth_jwt_authenticate(self, auth_jwt, client, adapter, jwt, role_id, mo response = auth_jwt.authenticate(client, use_token=use_token) jwt_login.assert_called_once_with(**expected_login_params) - assert response['auth']['client_token'] == jwt_login_response['auth']['client_token'] + assert isinstance(response, HashiVaultAuthContext) + assert response.raw['auth']['client_token'] == jwt_login_response['auth']['client_token'] assert (client.token == jwt_login_response['auth']['client_token']) is use_token diff --git a/tests/unit/plugins/module_utils/authentication/test_auth_ldap.py b/tests/unit/plugins/module_utils/authentication/test_auth_ldap.py index 0e6d1007f..a42cf071d 100644 --- a/tests/unit/plugins/module_utils/authentication/test_auth_ldap.py +++ b/tests/unit/plugins/module_utils/authentication/test_auth_ldap.py @@ -17,6 +17,7 @@ from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import ( HashiVaultAuthMethodBase, HashiVaultValueError, + HashiVaultAuthContext, ) @@ -99,5 +100,6 @@ def _set_client_token(*args, **kwargs): response = auth_ldap.authenticate(client, use_token=use_token) ldap_login.assert_called_once_with(use_token=use_token, **expected_login_params) - assert response['auth']['client_token'] == ldap_login_response['auth']['client_token'] + assert isinstance(response, HashiVaultAuthContext) + assert response.raw['auth']['client_token'] == ldap_login_response['auth']['client_token'] assert (client.token == ldap_login_response['auth']['client_token']) is use_token diff --git a/tests/unit/plugins/module_utils/authentication/test_auth_none.py b/tests/unit/plugins/module_utils/authentication/test_auth_none.py index 87cfe91fb..b400ef278 100644 --- a/tests/unit/plugins/module_utils/authentication/test_auth_none.py +++ b/tests/unit/plugins/module_utils/authentication/test_auth_none.py @@ -12,7 +12,10 @@ from ansible_collections.community.hashi_vault.plugins.module_utils._auth_method_none import HashiVaultAuthMethodNone -from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import HashiVaultAuthMethodBase +from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import ( + HashiVaultAuthMethodBase, + HashiVaultAuthContext, +) @pytest.fixture @@ -32,5 +35,6 @@ def test_auth_none_validate(self, auth_none): def test_auth_none_authenticate(self, auth_none, client, use_token): result = auth_none.authenticate(client, use_token=use_token) - assert result is None + assert isinstance(result, HashiVaultAuthContext) + assert result.raw is None assert client.token is None diff --git a/tests/unit/plugins/module_utils/authentication/test_auth_token.py b/tests/unit/plugins/module_utils/authentication/test_auth_token.py index 1d8d3a708..d9956ab60 100644 --- a/tests/unit/plugins/module_utils/authentication/test_auth_token.py +++ b/tests/unit/plugins/module_utils/authentication/test_auth_token.py @@ -26,6 +26,7 @@ from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import ( HashiVaultAuthMethodBase, HashiVaultValueError, + HashiVaultAuthContext, ) @@ -146,7 +147,8 @@ def test_auth_token_authenticate(self, auth_token, client, adapter, token, use_t sim_login.assert_called_once_with(token, expected_lookup_value) - assert response['auth']['client_token'] == token + assert isinstance(response, HashiVaultAuthContext) + assert response.raw['auth']['client_token'] == token assert (client.token == token) is use_token def test_auth_token_authenticate_success_on_no_validate(self, auth_token, adapter, client, token, validation_failure): @@ -162,7 +164,7 @@ def test_auth_token_authenticate_success_on_no_validate(self, auth_token, adapte sim_login.assert_called_once_with(token, None) - assert response['auth']['client_token'] == token + assert response.raw['auth']['client_token'] == token assert client.token == token def test_auth_token_authenticate_failed_validation(self, auth_token, adapter, client, token, validation_failure): diff --git a/tests/unit/plugins/module_utils/authentication/test_auth_userpass.py b/tests/unit/plugins/module_utils/authentication/test_auth_userpass.py index 27ffafb92..df21ce17d 100644 --- a/tests/unit/plugins/module_utils/authentication/test_auth_userpass.py +++ b/tests/unit/plugins/module_utils/authentication/test_auth_userpass.py @@ -17,6 +17,7 @@ from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import ( HashiVaultAuthMethodBase, HashiVaultValueError, + HashiVaultAuthContext, ) @@ -95,5 +96,6 @@ def _set_client_token(*args, **kwargs): response = auth_userpass.authenticate(client, use_token=use_token) userpass_login.assert_called_once_with(**expected_login_params) - assert response['auth']['client_token'] == userpass_login_response['auth']['client_token'] + assert isinstance(response, HashiVaultAuthContext) + assert response.raw['auth']['client_token'] == userpass_login_response['auth']['client_token'] assert (client.token == userpass_login_response['auth']['client_token']) is use_token diff --git a/tests/unit/plugins/module_utils/authentication/test_hashi_vault_authenticator.py b/tests/unit/plugins/module_utils/authentication/test_hashi_vault_authenticator.py index 9f62733a2..f03775062 100644 --- a/tests/unit/plugins/module_utils/authentication/test_hashi_vault_authenticator.py +++ b/tests/unit/plugins/module_utils/authentication/test_hashi_vault_authenticator.py @@ -69,19 +69,13 @@ def test_get_method_object_implicit(self, authenticator, adapter, fake_auth_clas assert isinstance(obj, type(fake_auth_class)) - @pytest.mark.parametrize('kwargs', [ - {}, - {'one': 1}, - {'one': '1', 'two': 2}, - ]) @pytest.mark.parametrize('revoke', [True, False]) - def test_method_logout_logs_out_with_token_if_revocation_requested(self, authenticator, fake_auth_class, revoke, kwargs): + def test_method_logout_logs_out_with_token_if_revocation_requested(self, authenticator, fake_auth_class, adapter, revoke): + adapter.set_option("revoke_ephemeral_token", revoke) client = mock.MagicMock() - fake_auth_class.should_revoke_token.return_value = revoke - authenticator.logout(client, **kwargs) + authenticator.logout(client) - fake_auth_class.should_revoke_token.assert_called_once_with(**kwargs) client.logout.assert_called_once_with(revoke_token=revoke) def test_logout_not_implemented(self, authenticator, fake_auth_class): diff --git a/tests/unit/plugins/modules/test_vault_login.py b/tests/unit/plugins/modules/test_vault_login.py index 95356a5c5..f85b321e5 100644 --- a/tests/unit/plugins/modules/test_vault_login.py +++ b/tests/unit/plugins/modules/test_vault_login.py @@ -99,7 +99,9 @@ def test_vault_login_return_data( self, patch_ansible_module, token_lookup_full_response, authenticator, vault_client, opt__ansible_check_mode, opt_auth_method, opt_token, opt_role_id, capfd ): - authenticator.authenticate.return_value = token_lookup_full_response + result = mock.MagicMock() + result.raw = token_lookup_full_response + authenticator.authenticate.return_value = result with pytest.raises(SystemExit) as e: vault_login.main() diff --git a/tests/unit/plugins/plugin_utils/authentication/test_auth_token.py b/tests/unit/plugins/plugin_utils/authentication/test_auth_token.py index f80dfd9fd..611e17616 100644 --- a/tests/unit/plugins/plugin_utils/authentication/test_auth_token.py +++ b/tests/unit/plugins/plugin_utils/authentication/test_auth_token.py @@ -49,7 +49,7 @@ def test_auth_token_unsafes(self, auth_token, client, adapter, token): with mock.patch.object(auth_token, '_stringify', wrapper): response = auth_token.authenticate(client, use_token=True, lookup_self=False) - assert isinstance(response['auth']['client_token'], (bytes, type(u''))), repr(response['auth']['client_token']) + assert isinstance(response.raw['auth']['client_token'], (bytes, type(u''))), repr(response.raw['auth']['client_token']) assert isinstance(client.token, (bytes, type(u''))), repr(client.token) - assert not isinstance(response['auth']['client_token'], AnsibleUnsafe), repr(response['auth']['client_token']) + assert not isinstance(response.raw['auth']['client_token'], AnsibleUnsafe), repr(response.raw['auth']['client_token']) assert not isinstance(client.token, AnsibleUnsafe), repr(client.token)