Storing secrets in azure keyvault (#326)

2025-06-17 20:38:06 +00:00 · 2021-01-25 08:12:07 -08:00
parent dc31ffc92b
commit 3f2883d38e
12 changed files with 358 additions and 28 deletions
--- a/src/api-service/tests/test_secrets.py
+++ b/src/api-service/tests/test_secrets.py
@ -0,0 +1,91 @@
+#!/usr/bin/env python
+#
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+import json
+import unittest
+
+from onefuzztypes.enums import OS, ContainerType
+from onefuzztypes.job_templates import (
+    JobTemplate,
+    JobTemplateIndex,
+    JobTemplateNotification,
+)
+from onefuzztypes.models import (
+    JobConfig,
+    Notification,
+    NotificationConfig,
+    SecretAddress,
+    SecretData,
+    TeamsTemplate,
+)
+from onefuzztypes.primitives import Container
+
+from __app__.onefuzzlib.orm import ORMMixin
+
+
+class TestSecret(unittest.TestCase):
+    def test_hide(self) -> None:
+        def hider(secret_data: SecretData) -> None:
+            if not isinstance(secret_data.secret, SecretAddress):
+                secret_data.secret = SecretAddress(url="blah blah")
+
+        notification = Notification(
+            container=Container("data"),
+            config=TeamsTemplate(url=SecretData(secret="http://test")),
+        )
+        ORMMixin.hide_secrets(notification, hider)
+
+        if isinstance(notification.config, TeamsTemplate):
+            self.assertIsInstance(notification.config.url, SecretData)
+            self.assertIsInstance(notification.config.url.secret, SecretAddress)
+        else:
+            self.fail(f"Invalid config type {type(notification.config)}")
+
+    def test_hide_nested_list(self) -> None:
+        def hider(secret_data: SecretData) -> None:
+            if not isinstance(secret_data.secret, SecretAddress):
+                secret_data.secret = SecretAddress(url="blah blah")
+
+        job_template_index = JobTemplateIndex(
+            name="test",
+            template=JobTemplate(
+                os=OS.linux,
+                job=JobConfig(name="test", build="test", project="test", duration=1),
+                tasks=[],
+                notifications=[
+                    JobTemplateNotification(
+                        container_type=ContainerType.unique_inputs,
+                        notification=NotificationConfig(
+                            config=TeamsTemplate(url=SecretData(secret="http://test"))
+                        ),
+                    )
+                ],
+                user_fields=[],
+            ),
+        )
+        ORMMixin.hide_secrets(job_template_index, hider)
+        notification = job_template_index.template.notifications[0].notification
+        if isinstance(notification.config, TeamsTemplate):
+            self.assertIsInstance(notification.config.url, SecretData)
+            self.assertIsInstance(notification.config.url.secret, SecretAddress)
+        else:
+            self.fail(f"Invalid config type {type(notification.config)}")
+
+    def test_read_secret(self) -> None:
+        json_data = """
+            {
+                "notification_id": "b52b24d1-eec6-46c9-b06a-818a997da43c",
+                "container": "data",
+                "config" : {"url": {"secret": {"url": "http://test"}}}
+            }
+            """
+        data = json.loads(json_data)
+        notification = Notification.parse_obj(data)
+        self.assertIsInstance(notification.config, TeamsTemplate)
+        if isinstance(notification.config, TeamsTemplate):
+            self.assertIsInstance(notification.config.url, SecretData)
+            self.assertIsInstance(notification.config.url.secret, SecretAddress)
+        else:
+            self.fail(f"Invalid config type {type(notification.config)}")