126 lines
5.4 KiB
Python
126 lines
5.4 KiB
Python
"""Tests of client loader."""
|
|
# pyright: reportUninitializedInstanceVariable=false, reportImplicitOverride=false
|
|
|
|
import unittest
|
|
from sshecret.backends import FileTableBackend
|
|
from sshecret.utils import generate_client_object
|
|
from sshecret.testing import TestClientSpec, test_context
|
|
|
|
|
|
class TestFileTableBackend(unittest.TestCase):
|
|
"""Test the file table backend."""
|
|
|
|
def setUp(self) -> None:
|
|
"""Set up tests."""
|
|
self.test_dataset: list[TestClientSpec] = [
|
|
TestClientSpec("webserver", {"SECRET_TOKEN": "mysecrettoken"}),
|
|
TestClientSpec("dbserver", {"DB_ROOT_PASSWORD": "mysecretpassword"}),
|
|
]
|
|
|
|
def test_init(self) -> None:
|
|
"""Test instance creation."""
|
|
with test_context(self.test_dataset) as testdir:
|
|
backend = FileTableBackend(testdir)
|
|
self.assertGreater(len(backend.table), 0)
|
|
|
|
def test_lookup_name(self) -> None:
|
|
"""Test lookup name."""
|
|
with test_context(self.test_dataset) as testdir:
|
|
backend = FileTableBackend(testdir)
|
|
webserver = backend.lookup_name("webserver")
|
|
self.assertIsNotNone(webserver)
|
|
assert webserver is not None
|
|
self.assertEqual(webserver.name, "webserver")
|
|
|
|
def test_add_client(self) -> None:
|
|
"""Test whether it is possible to add a client."""
|
|
with test_context(self.test_dataset) as testdir:
|
|
backend = FileTableBackend(testdir)
|
|
new_client = generate_client_object(
|
|
"backupserver", {"BACKUP_KEY": "mysecretbackupkey"}
|
|
)
|
|
backend.add_client(new_client)
|
|
expected_file = testdir / "backupserver.json"
|
|
self.assertTrue(expected_file.exists())
|
|
result = backend.lookup_name("backupserver")
|
|
self.assertIsNotNone(result)
|
|
|
|
def test_add_secret(self) -> None:
|
|
"""Test whether it is possible to add a secret."""
|
|
with test_context(self.test_dataset) as testdir:
|
|
backend = FileTableBackend(testdir)
|
|
backend.add_secret("webserver", "OTHER_SECRET_TOKEN", "myothersecrettoken")
|
|
webserver = backend.lookup_name("webserver")
|
|
assert webserver is not None
|
|
self.assertIsNotNone(webserver.secrets.get("OTHER_SECRET_TOKEN"))
|
|
self.assertNotEqual(
|
|
webserver.secrets["OTHER_SECRET_TOKEN"], "myothersecrettoken"
|
|
)
|
|
|
|
backend.add_secret(
|
|
"dbserver", "UNENCRYPTED_THING", "thisiscleartext", encrypted=True
|
|
)
|
|
dbserver = backend.lookup_name("dbserver")
|
|
assert dbserver is not None
|
|
self.assertEqual(dbserver.secrets["UNENCRYPTED_THING"], "thisiscleartext")
|
|
|
|
def test_update_client(self) -> None:
|
|
"""Test update_client method."""
|
|
with test_context(self.test_dataset) as testdir:
|
|
backend = FileTableBackend(testdir)
|
|
webserver = backend.lookup_name("webserver")
|
|
assert webserver is not None
|
|
webserver.allowed_ips = "192.0.2.1"
|
|
backend.update_client("webserver", webserver)
|
|
new_obj = backend.lookup_name("webserver")
|
|
assert new_obj is not None
|
|
self.assertEqual(new_obj.allowed_ips, "192.0.2.1")
|
|
|
|
def test_remove_client(self) -> None:
|
|
"""Test removal of client."""
|
|
with test_context(self.test_dataset) as testdir:
|
|
backend = FileTableBackend(testdir)
|
|
backend.remove_client("webserver", persistent=False)
|
|
webserver = backend.lookup_name("webserver")
|
|
self.assertIsNone(webserver)
|
|
webserver_file = testdir / "webserver.json"
|
|
self.assertTrue(webserver_file.exists())
|
|
|
|
def test_remove_client_persistent(self) -> None:
|
|
"""Test removal of client."""
|
|
with test_context(self.test_dataset) as testdir:
|
|
backend = FileTableBackend(testdir)
|
|
backend.remove_client("webserver", persistent=True)
|
|
webserver = backend.lookup_name("webserver")
|
|
self.assertIsNone(webserver)
|
|
webserver_file = testdir / "webserver.json"
|
|
self.assertFalse(webserver_file.exists())
|
|
|
|
def test_lookup_by_secret(self) -> None:
|
|
"""Test lookup of secrets."""
|
|
dataset = [
|
|
TestClientSpec("webserver", {"SECRET_TOKEN": "mysecrettoken"}),
|
|
TestClientSpec("webserver2", {"SECRET_TOKEN": "mysecrettoken"}),
|
|
TestClientSpec("webserver3", {"SECRET_TOKEN": "mysecrettoken"}),
|
|
TestClientSpec("dbserver", {"DB_ROOT_PASSWORD": "mysecretpassword"}),
|
|
TestClientSpec("dbserver2", {"DB_ROOT_PASSWORD": "mysecretpassword"}),
|
|
TestClientSpec("appserver", {"DB_ROOT_PASSWORD": "mysecretpassword", "SECRET_TOKEN": "mysecrettoken"}),
|
|
]
|
|
with test_context(dataset) as testdir:
|
|
backend = FileTableBackend(testdir)
|
|
token_mapping = backend.lookup_by_secret("SECRET_TOKEN")
|
|
self.assertEqual(len(token_mapping), 4)
|
|
token_mapping_names = [client.name for client in token_mapping]
|
|
self.assertIn("webserver2", token_mapping_names)
|
|
self.assertIn("appserver", token_mapping_names)
|
|
db_mapping = backend.lookup_by_secret("DB_ROOT_PASSWORD")
|
|
db_mapping_names = [client.name for client in db_mapping]
|
|
self.assertEqual(len(db_mapping), 3)
|
|
self.assertNotIn("webserver", db_mapping_names)
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main()
|