Make vault tests conditional

galaxyproject · Nov 24, 2021 · 6706e74 · 6706e74
1 parent 062618b
commit 6706e74
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 13 deletions.
diff --git a/lib/galaxy/app_unittest_utils/galaxy_mock.py b/lib/galaxy/app_unittest_utils/galaxy_mock.py
@@ -182,7 +182,7 @@ def __init__(self, **kwargs):
         self.enable_tool_shed_check = False
         self.monitor_thread_join_timeout = 1
         self.integrated_tool_panel_config = None
-        self.vault_config_file = None
+        self.vault_config_file = kwargs.get('vault_config_file')
 
     @property
     def config_dict(self):

diff --git a/test/unit/security/fixtures/vault_conf_hashicorp.yaml b/test/unit/security/fixtures/vault_conf_hashicorp.yaml
@@ -1,3 +1,5 @@
+# to run tests, start vault with:
+# $ vault server -dev -dev-root-token-id=galaxy_test_token
 type: hashicorp
-vault_address: http://localhost:8200
-vault_token: galaxy_test_token
+vault_address: ${vault_address}
+vault_token: ${vault_token}
diff --git a/test/unit/security/test_vault.py b/test/unit/security/test_vault.py
@@ -10,31 +10,41 @@
 from galaxy.security.vault import NullVault, Vault, VaultFactory
 
 
-class VaultTestBase(ABC, unittest.TestCase):
-
-    def __init__(self):
-        self.vault = NullVault()  # type: Vault
+class VaultTestBase(ABC):
+    vault: Vault
 
     def test_read_write_secret(self):
         self.vault.write_secret("my/test/secret", "hello world")
-        self.assertEqual(self.vault.read_secret("my/test/secret"), "hello world")
+        self.assertEqual(self.vault.read_secret("my/test/secret"), "hello world")  # type: ignore
 
     def test_overwrite_secret(self):
         self.vault.write_secret("my/new/secret", "hello world")
         self.vault.write_secret("my/new/secret", "hello overwritten")
-        self.assertEqual(self.vault.read_secret("my/new/secret"), "hello overwritten")
+        self.assertEqual(self.vault.read_secret("my/new/secret"), "hello overwritten")  # type: ignore
 
 
 VAULT_CONF_HASHICORP = os.path.join(os.path.dirname(__file__), "fixtures/vault_conf_hashicorp.yaml")
 
 
+@unittest.skipIf(not os.environ.get('VAULT_ADDRESS') or not os.environ.get('VAULT_TOKEN'),
+                 "VAULT_ADDRESS and VAULT_TOKEN env vars not set")
 class TestHashicorpVault(VaultTestBase, unittest.TestCase):
 
     def setUp(self) -> None:
-        config = MockAppConfig(vault_config_file=VAULT_CONF_HASHICORP)
+        with tempfile.NamedTemporaryFile(
+                mode="w", prefix="vault_hashicorp", delete=False) as tempconf, open(VAULT_CONF_HASHICORP) as f:
+            content = string.Template(f.read()).safe_substitute(
+                vault_address=os.environ.get('VAULT_ADDRESS'),
+                vault_token=os.environ.get('VAULT_TOKEN'))
+            tempconf.write(content)
+            self.vault_temp_conf = tempconf.name
+        config = MockAppConfig(vault_config_file=self.vault_temp_conf)
         app = MockApp(config=config)
         self.vault = VaultFactory.from_app(app)
 
+    def tearDown(self) -> None:
+        os.remove(self.vault_temp_conf)
+
 
 VAULT_CONF_DATABASE = os.path.join(os.path.dirname(__file__), "fixtures/vault_conf_database.yaml")
 VAULT_CONF_DATABASE_ROTATED = os.path.join(os.path.dirname(__file__), "fixtures/vault_conf_database_rotated.yaml")
@@ -75,12 +85,16 @@ def test_wrong_keys(self):
 VAULT_CONF_CUSTOS = os.path.join(os.path.dirname(__file__), "fixtures/vault_conf_custos.yaml")
 
 
+@unittest.skipIf(not os.environ.get('CUSTOS_CLIENT_ID') or not os.environ.get('CUSTOS_CLIENT_SECRET'),
+                 "CUSTOS_CLIENT_ID and CUSTOS_CLIENT_SECRET env vars not set")
 class TestCustosVault(VaultTestBase, unittest.TestCase):
 
     def setUp(self) -> None:
-        with tempfile.NamedTemporaryFile(mode="w", prefix="vault_custos", delete=False) as tempconf, open(VAULT_CONF_CUSTOS) as f:
-            content = string.Template(f.read()).safe_substitute(custos_client_id=os.environ.get('CUSTOS_CLIENT_ID'),
-                                                                custos_client_secret=os.environ.get('CUSTOS_CLIENT_SECRET'))
+        with tempfile.NamedTemporaryFile(
+                mode="w", prefix="vault_custos", delete=False) as tempconf, open(VAULT_CONF_CUSTOS) as f:
+            content = string.Template(f.read()).safe_substitute(
+                custos_client_id=os.environ.get('CUSTOS_CLIENT_ID'),
+                custos_client_secret=os.environ.get('CUSTOS_CLIENT_SECRET'))
             tempconf.write(content)
             self.vault_temp_conf = tempconf.name
         config = MockAppConfig(vault_config_file=self.vault_temp_conf)