-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathtest_webhook_secret_resolution.py
More file actions
95 lines (69 loc) · 3.52 KB
/
test_webhook_secret_resolution.py
File metadata and controls
95 lines (69 loc) · 3.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
import logging
import pytest
from matrix_webhook_bridge.config_loader import load_config_from_yaml
@pytest.fixture
def config_file(tmp_path):
"""Minimal valid config file."""
def _write(webhook_secret=None):
secret_block = f"server:\n webhook_secret: {webhook_secret}\n" if webhook_secret else ""
(tmp_path / "bridge.yml").write_text(
f"matrix:\n"
f" base_url: https://matrix.example.com\n"
f" room_id: '!room:example.com'\n"
f" domain: example.com\n"
f"{secret_block}"
)
return str(tmp_path / "bridge.yml")
return _write
@pytest.fixture
def secrets_dir(tmp_path, monkeypatch):
d = tmp_path / "secrets"
d.mkdir()
monkeypatch.setattr("matrix_webhook_bridge.config_loader._SECRETS_DIR", str(d))
return d
def test_config_value_used_when_no_secret_file(config_file, secrets_dir):
path = config_file(webhook_secret="config-secret")
config = load_config_from_yaml(path)
assert config.webhook_secret == "config-secret" # pragma: allowlist secret
def test_secret_file_used_when_no_config_value(config_file, secrets_dir):
(secrets_dir / "webhook_secret").write_text("file-secret")
path = config_file()
config = load_config_from_yaml(path)
assert config.webhook_secret == "file-secret" # pragma: allowlist secret
def test_secret_file_wins_over_config_value(config_file, secrets_dir):
(secrets_dir / "webhook_secret").write_text("file-secret")
path = config_file(webhook_secret="config-secret")
config = load_config_from_yaml(path)
assert config.webhook_secret == "file-secret" # pragma: allowlist secret
def test_empty_secret_file_falls_through_to_config(config_file, secrets_dir):
(secrets_dir / "webhook_secret").write_text(" ")
path = config_file(webhook_secret="config-secret")
config = load_config_from_yaml(path)
assert config.webhook_secret == "config-secret" # pragma: allowlist secret
def test_neither_source_set_gives_none(config_file, secrets_dir):
path = config_file()
config = load_config_from_yaml(path)
assert config.webhook_secret is None
def test_warns_when_secret_file_overrides_config(config_file, secrets_dir, caplog):
(secrets_dir / "webhook_secret").write_text("file-secret")
path = config_file(webhook_secret="config-secret")
with caplog.at_level(logging.WARNING, logger="matrix_webhook_bridge.config_loader"):
load_config_from_yaml(path)
assert any("takes precedence" in r.getMessage() for r in caplog.records)
def test_warns_when_secret_file_is_empty(config_file, secrets_dir, caplog):
(secrets_dir / "webhook_secret").write_text("")
path = config_file(webhook_secret="config-secret")
with caplog.at_level(logging.WARNING, logger="matrix_webhook_bridge.config_loader"):
load_config_from_yaml(path)
assert any("empty" in r.getMessage() for r in caplog.records)
def test_info_logged_when_secret_file_loaded(config_file, secrets_dir, caplog):
(secrets_dir / "webhook_secret").write_text("file-secret")
path = config_file()
with caplog.at_level(logging.INFO, logger="matrix_webhook_bridge.config_loader"):
load_config_from_yaml(path)
assert any("loaded from Docker secret" in r.getMessage() for r in caplog.records)
def test_secret_file_value_is_stripped(config_file, secrets_dir):
(secrets_dir / "webhook_secret").write_text(" file-secret\n")
path = config_file()
config = load_config_from_yaml(path)
assert config.webhook_secret == "file-secret" # pragma: allowlist secret