1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
import io
import sys
import pytest
from flexmock import flexmock
from borgmatic.hooks.credential import systemd as module
@pytest.mark.parametrize('credential_parameters', ((), ('foo', 'bar')))
def test_load_credential_with_invalid_credential_parameters_raises(credential_parameters):
flexmock(module.os.environ).should_receive('get').never()
with pytest.raises(ValueError):
module.load_credential(
hook_config={},
config={},
credential_parameters=credential_parameters,
)
def test_load_credential_without_credentials_directory_falls_back_to_systemd_creds_command():
flexmock(module.os.environ).should_receive('get').with_args('CREDENTIALS_DIRECTORY').and_return(
None,
)
flexmock(module.borgmatic.execute).should_receive(
'execute_command_and_capture_output'
).with_args(('systemd-creds', 'decrypt', '/etc/credstore.encrypted/mycredential')).and_return(
'password'
).once()
assert (
module.load_credential(hook_config={}, config={}, credential_parameters=('mycredential',))
== 'password'
)
def test_load_credential_without_credentials_directory_calls_custom_systemd_creds_command():
flexmock(module.os.environ).should_receive('get').with_args('CREDENTIALS_DIRECTORY').and_return(
None,
)
flexmock(module.borgmatic.execute).should_receive(
'execute_command_and_capture_output'
).with_args(
('/path/to/systemd-creds', '--flag', 'decrypt', '/etc/credstore.encrypted/mycredential')
).and_return('password').once()
assert (
module.load_credential(
hook_config={'systemd_creds_command': '/path/to/systemd-creds --flag'},
config={},
credential_parameters=('mycredential',),
)
== 'password'
)
def test_load_credential_without_credentials_directory_uses_custom_encrypted_credentials_directory():
flexmock(module.os.environ).should_receive('get').with_args('CREDENTIALS_DIRECTORY').and_return(
None,
)
flexmock(module.borgmatic.execute).should_receive(
'execute_command_and_capture_output'
).with_args(('systemd-creds', 'decrypt', '/my/credstore.encrypted/mycredential')).and_return(
'password'
).once()
assert (
module.load_credential(
hook_config={'encrypted_credentials_directory': '/my/credstore.encrypted'},
config={},
credential_parameters=('mycredential',),
)
== 'password'
)
def test_load_credential_with_invalid_credential_name_raises():
flexmock(module.os.environ).should_receive('get').with_args('CREDENTIALS_DIRECTORY').and_return(
'/var',
)
with pytest.raises(ValueError):
module.load_credential(
hook_config={},
config={},
credential_parameters=('../../my!@#$credential',),
)
def test_load_credential_reads_named_credential_from_file():
flexmock(module.os.environ).should_receive('get').with_args('CREDENTIALS_DIRECTORY').and_return(
'/var',
)
credential_stream = io.StringIO('password')
credential_stream.name = '/var/borgmatic.pw'
builtins = flexmock(sys.modules['builtins'])
builtins.should_receive('open').with_args('/var/borgmatic.pw', encoding='utf-8').and_return(
credential_stream
)
assert (
module.load_credential(hook_config={}, config={}, credential_parameters=('borgmatic.pw',))
== 'password'
)
def test_load_credential_with_file_not_found_error_raises():
flexmock(module.os.environ).should_receive('get').with_args('CREDENTIALS_DIRECTORY').and_return(
'/var',
)
builtins = flexmock(sys.modules['builtins'])
builtins.should_receive('open').with_args('/var/mycredential', encoding='utf-8').and_raise(
FileNotFoundError
)
with pytest.raises(ValueError):
module.load_credential(hook_config={}, config={}, credential_parameters=('mycredential',))
|
