salt/tests/unit/runners/test_vault.py

# -*- coding: utf-8 -*-
'''
Unit tests for the Vault runner
'''

# Import Python Libs
from __future__ import absolute_import, print_function, unicode_literals
import logging

# Import Salt Testing Libs
from tests.support.mixins import LoaderModuleMockMixin
from tests.support.unit import skipIf, TestCase
from tests.support.mock import (
    MagicMock,
    patch,
    NO_MOCK,
    NO_MOCK_REASON
)

# Import salt libs
from salt.ext import six
import salt.runners.vault as vault

log = logging.getLogger(__name__)


class VaultTest(TestCase, LoaderModuleMockMixin):
    '''
    Tests for the runner module of the Vault integration
    '''

    def setup_loader_modules(self):
        return {vault: {}}

    def setUp(self):
        self.grains = {
                        'id': 'test-minion',
                        'roles': ['web', 'database'],
                        'aux': ['foo', 'bar'],
                        'deep': {
                            'foo': {
                                'bar': {
                                    'baz': [
                                        'hello',
                                        'world'
                                    ]
                                }
                            }
                        },
                        'mixedcase': 'UP-low-UP'
                      }

    def tearDown(self):
        del self.grains

    def test_pattern_list_expander(self):
        '''
        Ensure _expand_pattern_lists works as intended:
        - Expand list-valued patterns
        - Do not change non-list-valued tokens
        '''
        cases = {
                    'no-tokens-to-replace': ['no-tokens-to-replace'],
                    'single-dict:{minion}': ['single-dict:{minion}'],
                    'single-list:{grains[roles]}': ['single-list:web', 'single-list:database'],
                    'multiple-lists:{grains[roles]}+{grains[aux]}': [
                       'multiple-lists:web+foo',
                       'multiple-lists:web+bar',
                       'multiple-lists:database+foo',
                       'multiple-lists:database+bar',
                    ],
                    'single-list-with-dicts:{grains[id]}+{grains[roles]}+{grains[id]}': [
                        'single-list-with-dicts:{grains[id]}+web+{grains[id]}',
                        'single-list-with-dicts:{grains[id]}+database+{grains[id]}'
                    ],
                    'deeply-nested-list:{grains[deep][foo][bar][baz]}': [
                        'deeply-nested-list:hello',
                        'deeply-nested-list:world'
                    ]
                }

        # The mappings dict is assembled in _get_policies, so emulate here
        mappings = {'minion': self.grains['id'], 'grains': self.grains}
        for case, correct_output in six.iteritems(cases):
            output = vault._expand_pattern_lists(case, **mappings)  # pylint: disable=protected-access
            diff = set(output).symmetric_difference(set(correct_output))
            if len(diff) != 0:
                log.debug('Test %s failed', case)
                log.debug('Expected:\n\t%s\nGot\n\t%s', output, correct_output)
                log.debug('Difference:\n\t%s', diff)
            self.assertEqual(output, correct_output)

    def test_get_policies_for_nonexisting_minions(self):
        minion_id = 'salt_master'
        # For non-existing minions, or the master-minion, grains will be None
        cases = {
                    'no-tokens-to-replace': ['no-tokens-to-replace'],
                    'single-dict:{minion}': ['single-dict:{0}'.format(minion_id)],
                    'single-list:{grains[roles]}': []
        }
        with patch('salt.utils.minions.get_minion_data',
                   MagicMock(return_value=(None, None, None))):
            for case, correct_output in six.iteritems(cases):
                test_config = {'policies': [case]}
                output = vault._get_policies(minion_id, test_config)  # pylint: disable=protected-access
                diff = set(output).symmetric_difference(set(correct_output))
                if len(diff) != 0:
                    log.debug('Test %s failed', case)
                    log.debug('Expected:\n\t%s\nGot\n\t%s', output, correct_output)
                    log.debug('Difference:\n\t%s', diff)
                self.assertEqual(output, correct_output)

    @skipIf(NO_MOCK, NO_MOCK_REASON)
    def test_get_policies(self):
        '''
        Ensure _get_policies works as intended, including expansion of lists
        '''
        cases = {
                    'no-tokens-to-replace': ['no-tokens-to-replace'],
                    'single-dict:{minion}': ['single-dict:test-minion'],
                    'single-list:{grains[roles]}': ['single-list:web', 'single-list:database'],
                    'multiple-lists:{grains[roles]}+{grains[aux]}': [
                       'multiple-lists:web+foo',
                       'multiple-lists:web+bar',
                       'multiple-lists:database+foo',
                       'multiple-lists:database+bar',
                    ],
                    'single-list-with-dicts:{grains[id]}+{grains[roles]}+{grains[id]}': [
                        'single-list-with-dicts:test-minion+web+test-minion',
                        'single-list-with-dicts:test-minion+database+test-minion'
                    ],
                    'deeply-nested-list:{grains[deep][foo][bar][baz]}': [
                        'deeply-nested-list:hello',
                        'deeply-nested-list:world'
                    ],
                    'should-not-cause-an-exception,but-result-empty:{foo}': [],
                    'Case-Should-Be-Lowered:{grains[mixedcase]}': [
                        'case-should-be-lowered:up-low-up'
                    ]
                }

        with patch('salt.utils.minions.get_minion_data',
                   MagicMock(return_value=(None, self.grains, None))):
            for case, correct_output in six.iteritems(cases):
                test_config = {'policies': [case]}
                output = vault._get_policies('test-minion', test_config)  # pylint: disable=protected-access
                diff = set(output).symmetric_difference(set(correct_output))
                if len(diff) != 0:
                    log.debug('Test %s failed', case)
                    log.debug('Expected:\n\t%s\nGot\n\t%s', output, correct_output)
                    log.debug('Difference:\n\t%s', diff)
                self.assertEqual(output, correct_output)
Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00			`# -- coding: utf-8 --`
			`'''`
			`Unit tests for the Vault runner`
			`'''`

			`# Import Python Libs`
Add unicode_literals to runner modules 2017-12-15 01:21:00 +00:00			`from __future__ import absolute_import, print_function, unicode_literals`
Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00			`import logging`

			`# Import Salt Testing Libs`
Allow passing different loader_module_globals per loader_module 2017-03-21 23:56:24 +00:00			`from tests.support.mixins import LoaderModuleMockMixin`
Absolute imports and A LOT of code cleanup. 2017-02-27 15:59:04 +00:00			`from tests.support.unit import skipIf, TestCase`
			`from tests.support.mock import (`
Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00			`MagicMock,`
			`patch,`
			`NO_MOCK,`
			`NO_MOCK_REASON`
			`)`

Absolute imports and A LOT of code cleanup. 2017-02-27 15:59:04 +00:00			`# Import salt libs`
Use explicit unicode strings + break up salt.utils This PR is part of what will be an ongoing effort to use explicit unicode strings in Salt. Because Python 3 does not suport Python 2's raw unicode string syntax (i.e. `ur'\d+'`), we must use `salt.utils.locales.sdecode()` to ensure that the raw string is unicode. However, because of how `salt/utils/__init__.py` has evolved into the hulking monstrosity it is today, this means importing a large module in places where it is not needed, which could negatively impact performance. For this reason, this PR also breaks out some of the functions from `salt/utils/__init__.py` into new/existing modules under `salt/utils/`. The long term goal will be that the modules within this directory do not depend on importing `salt.utils`. A summary of the changes in this PR is as follows: * Moves the following functions from `salt.utils` to new locations (including a deprecation warning if invoked from `salt.utils`): `to_bytes`, `to_str`, `to_unicode`, `str_to_num`, `is_quoted`, `dequote`, `is_hex`, `is_bin_str`, `rand_string`, `contains_whitespace`, `clean_kwargs`, `invalid_kwargs`, `which`, `which_bin`, `path_join`, `shlex_split`, `rand_str`, `is_windows`, `is_proxy`, `is_linux`, `is_darwin`, `is_sunos`, `is_smartos`, `is_smartos_globalzone`, `is_smartos_zone`, `is_freebsd`, `is_netbsd`, `is_openbsd`, `is_aix` * Moves the functions already deprecated by @rallytime to the bottom of `salt/utils/__init__.py` for better organization, so we can keep the deprecated ones separate from the ones yet to be deprecated as we continue to break up `salt.utils` * Updates `salt/.py` and all files under `salt/client/` to use explicit unicode string literals. Gets rid of implicit imports of `salt.utils` (e.g. `from salt.utils import foo` becomes `import salt.utils.foo as foo`). * Renames the `test.rand_str` function to `test.random_hash` to more accurately reflect what it does * Modifies `salt.utils.stringutils.random()` (née `salt.utils.rand_string()`) such that it returns a string matching the passed size. Previously this function would get `size` bytes from `os.urandom()`, base64-encode it, and return the result, which would in most cases not be equal to the passed size. 2017-07-25 01:47:15 +00:00			`from salt.ext import six`
Import the full module namespace to avoid import shadowing. https://github.com/saltstack/salt/pull/39996#issuecomment-287857698 2017-03-21 17:15:36 +00:00			`import salt.runners.vault as vault`
Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00
			`log = logging.getLogger(__name__)`


Allow passing different loader_module_globals per loader_module 2017-03-21 23:56:24 +00:00			`class VaultTest(TestCase, LoaderModuleMockMixin):`
Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00			`'''`
			`Tests for the runner module of the Vault integration`
			`'''`

Adjust to the new LoaderModuleMockMixin usage 2017-03-22 12:12:36 +00:00			`def setup_loader_modules(self):`
			`return {vault: {}}`
Allow passing different loader_module_globals per loader_module 2017-03-21 23:56:24 +00:00
Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00			`def setUp(self):`
			`self.grains = {`
			`'id': 'test-minion',`
			`'roles': ['web', 'database'],`
			`'aux': ['foo', 'bar'],`
			`'deep': {`
			`'foo': {`
			`'bar': {`
			`'baz': [`
			`'hello',`
			`'world'`
			`]`
			`}`
			`}`
			`},`
Salt-vault: Fix handling of None-grains 2017-04-04 14:50:35 +00:00			`'mixedcase': 'UP-low-UP'`
Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00			`}`

Allow passing different loader_module_globals per loader_module 2017-03-21 23:56:24 +00:00			`def tearDown(self):`
			`del self.grains`

Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00			`def test_pattern_list_expander(self):`
			`'''`
			`Ensure _expand_pattern_lists works as intended:`
			`- Expand list-valued patterns`
			`- Do not change non-list-valued tokens`
			`'''`
			`cases = {`
			`'no-tokens-to-replace': ['no-tokens-to-replace'],`
			`'single-dict:{minion}': ['single-dict:{minion}'],`
			`'single-list:{grains[roles]}': ['single-list:web', 'single-list:database'],`
			`'multiple-lists:{grains[roles]}+{grains[aux]}': [`
			`'multiple-lists:web+foo',`
			`'multiple-lists:web+bar',`
			`'multiple-lists:database+foo',`
			`'multiple-lists:database+bar',`
			`],`
			`'single-list-with-dicts:{grains[id]}+{grains[roles]}+{grains[id]}': [`
			`'single-list-with-dicts:{grains[id]}+web+{grains[id]}',`
			`'single-list-with-dicts:{grains[id]}+database+{grains[id]}'`
			`],`
			`'deeply-nested-list:{grains[deep][foo][bar][baz]}': [`
			`'deeply-nested-list:hello',`
			`'deeply-nested-list:world'`
			`]`
			`}`

			`# The mappings dict is assembled in _get_policies, so emulate here`
			`mappings = {'minion': self.grains['id'], 'grains': self.grains}`
			`for case, correct_output in six.iteritems(cases):`
			`output = vault._expand_pattern_lists(case, **mappings) # pylint: disable=protected-access`
			`diff = set(output).symmetric_difference(set(correct_output))`
			`if len(diff) != 0:`
Add unicode_literals to runner modules 2017-12-15 01:21:00 +00:00			`log.debug('Test %s failed', case)`
			`log.debug('Expected:\n\t%s\nGot\n\t%s', output, correct_output)`
			`log.debug('Difference:\n\t%s', diff)`
Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00			`self.assertEqual(output, correct_output)`

Salt-vault: Fix handling of None-grains 2017-04-04 14:50:35 +00:00			`def test_get_policies_for_nonexisting_minions(self):`
			`minion_id = 'salt_master'`
			`# For non-existing minions, or the master-minion, grains will be None`
			`cases = {`
			`'no-tokens-to-replace': ['no-tokens-to-replace'],`
			`'single-dict:{minion}': ['single-dict:{0}'.format(minion_id)],`
			`'single-list:{grains[roles]}': []`
			`}`
			`with patch('salt.utils.minions.get_minion_data',`
			`MagicMock(return_value=(None, None, None))):`
			`for case, correct_output in six.iteritems(cases):`
			`test_config = {'policies': [case]}`
			`output = vault._get_policies(minion_id, test_config) # pylint: disable=protected-access`
			`diff = set(output).symmetric_difference(set(correct_output))`
			`if len(diff) != 0:`
Add unicode_literals to runner modules 2017-12-15 01:21:00 +00:00			`log.debug('Test %s failed', case)`
			`log.debug('Expected:\n\t%s\nGot\n\t%s', output, correct_output)`
			`log.debug('Difference:\n\t%s', diff)`
Salt-vault: Fix handling of None-grains 2017-04-04 14:50:35 +00:00			`self.assertEqual(output, correct_output)`

Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00			`@skipIf(NO_MOCK, NO_MOCK_REASON)`
			`def test_get_policies(self):`
			`'''`
			`Ensure _get_policies works as intended, including expansion of lists`
			`'''`
			`cases = {`
			`'no-tokens-to-replace': ['no-tokens-to-replace'],`
			`'single-dict:{minion}': ['single-dict:test-minion'],`
			`'single-list:{grains[roles]}': ['single-list:web', 'single-list:database'],`
			`'multiple-lists:{grains[roles]}+{grains[aux]}': [`
			`'multiple-lists:web+foo',`
			`'multiple-lists:web+bar',`
			`'multiple-lists:database+foo',`
			`'multiple-lists:database+bar',`
			`],`
			`'single-list-with-dicts:{grains[id]}+{grains[roles]}+{grains[id]}': [`
			`'single-list-with-dicts:test-minion+web+test-minion',`
			`'single-list-with-dicts:test-minion+database+test-minion'`
			`],`
			`'deeply-nested-list:{grains[deep][foo][bar][baz]}': [`
			`'deeply-nested-list:hello',`
			`'deeply-nested-list:world'`
Vault: Handle patterns with non-existing keys 2017-02-28 20:07:49 +00:00			`],`
Vault: Always lowercase policies 2017-03-03 08:05:27 +00:00			`'should-not-cause-an-exception,but-result-empty:{foo}': [],`
			`'Case-Should-Be-Lowered:{grains[mixedcase]}': [`
			`'case-should-be-lowered:up-low-up'`
			`]`
Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00			`}`

			`with patch('salt.utils.minions.get_minion_data',`
			`MagicMock(return_value=(None, self.grains, None))):`
			`for case, correct_output in six.iteritems(cases):`
			`test_config = {'policies': [case]}`
			`output = vault._get_policies('test-minion', test_config) # pylint: disable=protected-access`
			`diff = set(output).symmetric_difference(set(correct_output))`
			`if len(diff) != 0:`
Add unicode_literals to runner modules 2017-12-15 01:21:00 +00:00			`log.debug('Test %s failed', case)`
			`log.debug('Expected:\n\t%s\nGot\n\t%s', output, correct_output)`
			`log.debug('Difference:\n\t%s', diff)`
Vault: Add support for expanding lists in policies 2017-02-26 20:05:36 +00:00			`self.assertEqual(output, correct_output)`