Address issues mentioned in review

2026-04-03 18:56:54 +00:00 · 2017-01-03 19:05:49 +01:00 · 2017-01-03 19:05:49 +01:00 · 3939aee4a3
commit 3939aee4a3
parent 53697318ee
2 changed files with 112 additions and 81 deletions
--- a/tests/detect_aws_credentials_test.py
+++ b/tests/detect_aws_credentials_test.py
@ -1,4 +1,5 @@
 import pytest
+from mock import patch

 from pre_commit_hooks.detect_aws_credentials import get_aws_credential_files_from_env
 from pre_commit_hooks.detect_aws_credentials import get_aws_secrets_from_env
@ -7,72 +8,100 @@ from pre_commit_hooks.detect_aws_credentials import main
 from testing.util import get_resource_path


-def test_get_aws_credentials_file_from_env(monkeypatch):
+@pytest.mark.parametrize(
+    ('env_vars', 'values'),
+    (
+        ({}, set()),
+        ({'AWS_DUMMY_KEY': '/foo'}, set()),
+        ({'AWS_CONFIG_FILE': '/foo'}, {'/foo'}),
+        ({'AWS_CREDENTIAL_FILE': '/foo'}, {'/foo'}),
+        ({'AWS_SHARED_CREDENTIALS_FILE': '/foo'}, {'/foo'}),
+        ({'BOTO_CONFIG': '/foo'}, {'/foo'}),
+        ({'AWS_DUMMY_KEY': '/foo', 'AWS_CONFIG_FILE': '/bar'}, {'/bar'}),
+        (
+            {
+                'AWS_DUMMY_KEY': '/foo', 'AWS_CONFIG_FILE': '/bar',
+                'AWS_CREDENTIAL_FILE': '/baz'
+            },
+            {'/bar', '/baz'}
+        ),
+        (
+            {
+                'AWS_CONFIG_FILE': '/foo', 'AWS_CREDENTIAL_FILE': '/bar',
+                'AWS_SHARED_CREDENTIALS_FILE': '/baz'
+            },
+            {'/foo', '/bar', '/baz'}
+        ),
+    ),
+)
+def test_get_aws_credentials_file_from_env(env_vars, values):
    """Test that reading credential files names from environment variables works."""
-    monkeypatch.delenv('AWS_CREDENTIAL_FILE', raising=False)
-    monkeypatch.delenv('AWS_SHARED_CREDENTIALS_FILE', raising=False)
-    monkeypatch.delenv('BOTO_CONFIG', raising=False)
-    assert get_aws_credential_files_from_env() == set()
-    monkeypatch.setenv('AWS_CREDENTIAL_FILE', '/foo')
-    assert get_aws_credential_files_from_env() == {'/foo'}
-    monkeypatch.setenv('AWS_SHARED_CREDENTIALS_FILE', '/bar')
-    assert get_aws_credential_files_from_env() == {'/foo', '/bar'}
-    monkeypatch.setenv('BOTO_CONFIG', '/baz')
-    assert get_aws_credential_files_from_env() == {'/foo', '/bar', '/baz'}
-    monkeypatch.setenv('AWS_CONFIG_FILE', '/xxx')
-    assert get_aws_credential_files_from_env() == {'/foo', '/bar', '/baz', '/xxx'}
-    monkeypatch.setenv('AWS_DUMMY_KEY', 'foobar')
-    assert get_aws_credential_files_from_env() == {'/foo', '/bar', '/baz', '/xxx'}
+    with patch.dict('os.environ', env_vars, clear=True):
+        assert get_aws_credential_files_from_env() == values


-def test_get_aws_secrets_from_env(monkeypatch):
+@pytest.mark.parametrize(
+    ('env_vars', 'values'),
+    (
+        ({}, set()),
+        ({'AWS_DUMMY_KEY': 'foo'}, set()),
+        ({'AWS_SECRET_ACCESS_KEY': 'foo'}, {'foo'}),
+        ({'AWS_SECURITY_TOKEN': 'foo'}, {'foo'}),
+        ({'AWS_SESSION_TOKEN': 'foo'}, {'foo'}),
+        ({'AWS_DUMMY_KEY': 'foo', 'AWS_SECRET_ACCESS_KEY': 'bar'}, {'bar'}),
+        (
+            {'AWS_SECRET_ACCESS_KEY': 'foo', 'AWS_SECURITY_TOKEN': 'bar'},
+            {'foo', 'bar'}
+        ),
+    ),
+)
+def test_get_aws_secrets_from_env(env_vars, values):
    """Test that reading secrets from environment variables works."""
-    monkeypatch.delenv('AWS_SECRET_ACCESS_KEY', raising=False)
-    monkeypatch.delenv('AWS_SESSION_TOKEN', raising=False)
-    assert get_aws_secrets_from_env() == set()
-    monkeypatch.setenv('AWS_SECRET_ACCESS_KEY', 'foo')
-    assert get_aws_secrets_from_env() == {'foo'}
-    monkeypatch.setenv('AWS_SESSION_TOKEN', 'bar')
-    assert get_aws_secrets_from_env() == {'foo', 'bar'}
-    monkeypatch.setenv('AWS_SECURITY_TOKEN', 'baz')
-    assert get_aws_secrets_from_env() == {'foo', 'bar', 'baz'}
-    monkeypatch.setenv('AWS_DUMMY_KEY', 'baz')
-    assert get_aws_secrets_from_env() == {'foo', 'bar', 'baz'}
+    with patch.dict('os.environ', env_vars, clear=True):
+        assert get_aws_secrets_from_env() == values


-@pytest.mark.parametrize(('filename', 'expected_keys'), (
-    ('aws_config_with_secret.ini', {
-        'z2rpgs5uit782eapz5l1z0y2lurtsyyk6hcfozlb'}),
-    ('aws_config_with_session_token.ini', {'foo'}),
-    ('aws_config_with_secret_and_session_token.ini',
-     {'z2rpgs5uit782eapz5l1z0y2lurtsyyk6hcfozlb', 'foo'}),
-    ('aws_config_with_multiple_sections.ini', {
-        '7xebzorgm5143ouge9gvepxb2z70bsb2rtrh099e',
-        'z2rpgs5uit782eapz5l1z0y2lurtsyyk6hcfozlb',
-        'ixswosj8gz3wuik405jl9k3vdajsnxfhnpui38ez',
-        'foo'}),
-    ('aws_config_without_secrets.ini', set()),
-    ('nonsense.txt', set()),
-    ('ok_json.json', set()),
-))
+@pytest.mark.parametrize(
+    ('filename', 'expected_keys'),
+    (
+        (
+            'aws_config_with_secret.ini',
+            {'z2rpgs5uit782eapz5l1z0y2lurtsyyk6hcfozlb'}
+        ),
+        ('aws_config_with_session_token.ini', {'foo'}),
+        ('aws_config_with_secret_and_session_token.ini',
+         {'z2rpgs5uit782eapz5l1z0y2lurtsyyk6hcfozlb', 'foo'}),
+        (
+            'aws_config_with_multiple_sections.ini',
+            {
+                '7xebzorgm5143ouge9gvepxb2z70bsb2rtrh099e',
+                'z2rpgs5uit782eapz5l1z0y2lurtsyyk6hcfozlb',
+                'ixswosj8gz3wuik405jl9k3vdajsnxfhnpui38ez',
+                'foo'
+            }
+        ),
+        ('aws_config_without_secrets.ini', set()),
+        ('nonsense.txt', set()),
+        ('ok_json.json', set()),
+    ),
+)
 def test_get_aws_secrets_from_file(filename, expected_keys):
    """Test that reading secrets from files works."""
    keys = get_aws_secrets_from_file(get_resource_path(filename))
    assert keys == expected_keys


-# Input filename, expected return value
-TESTS = (
-    ('aws_config_with_secret.ini', 1),
-    ('aws_config_with_session_token.ini', 1),
-    ('aws_config_with_multiple_sections.ini', 1),
-    ('aws_config_without_secrets.ini', 0),
-    ('nonsense.txt', 0),
-    ('ok_json.json', 0),
+@pytest.mark.parametrize(
+    ('filename', 'expected_retval'),
+    (
+        ('aws_config_with_secret.ini', 1),
+        ('aws_config_with_session_token.ini', 1),
+        ('aws_config_with_multiple_sections.ini', 1),
+        ('aws_config_without_secrets.ini', 0),
+        ('nonsense.txt', 0),
+        ('ok_json.json', 0),
+    ),
 )
-
-
-@pytest.mark.parametrize(('filename', 'expected_retval'), TESTS)
 def test_detect_aws_credentials(filename, expected_retval):
    """Test if getting configured AWS secrets from files to be checked in works."""

@ -84,20 +113,20 @@ def test_detect_aws_credentials(filename, expected_retval):
    assert ret == expected_retval


-def test_non_existent_credentials(capsys, monkeypatch):
+@patch('pre_commit_hooks.detect_aws_credentials.get_aws_secrets_from_file')
+@patch('pre_commit_hooks.detect_aws_credentials.get_aws_secrets_from_env')
+def test_non_existent_credentials(mock_secrets_env, mock_secrets_file, capsys):
    """Test behavior with no configured AWS secrets."""
-    monkeypatch.setattr(
-        'pre_commit_hooks.detect_aws_credentials.get_aws_secrets_from_env',
-        lambda: set())
-    monkeypatch.setattr(
-        'pre_commit_hooks.detect_aws_credentials.get_aws_secrets_from_file',
-        lambda x: set())
+    mock_secrets_env.return_value = set()
+    mock_secrets_file.return_value = set()
    ret = main((
        get_resource_path('aws_config_without_secrets.ini'),
        "--credentials-file=testing/resources/credentailsfilethatdoesntexist"
    ))
    assert ret == 2
    out, _ = capsys.readouterr()
-    assert out == ('No AWS keys were found in the configured credential files '
-                   'and environment variables.\nPlease ensure you have the '
-                   'correct setting for --credentials-file\n')
+    assert out == (
+        'No AWS keys were found in the configured credential files '
+        'and environment variables.\nPlease ensure you have the '
+        'correct setting for --credentials-file\n'
+    )