essentials/tests/test_secrets.py at 1381cfeb701d517279a4da1e802c918793398f58 · Neoteroi/essentials · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
import pytest

from essentials.exceptions import EnvironmentVariableNotFound
from essentials.secrets import Secret


def test_from_env_success(monkeypatch):
    """Test creating Secret from environment variable."""
    monkeypatch.setenv("TEST_SECRET", "secret_value")
    secret = Secret.from_env("TEST_SECRET")
    assert secret.get_value() == "secret_value"


def test_from_env_missing_raises_exception():
    """Test that missing environment variable raises EnvironmentVariableNotFound."""
    with pytest.raises(EnvironmentVariableNotFound):
        Secret.from_env("NON_EXISTENT_VAR").get_value()


def test_from_plain_text_success():
    """Test creating Secret from plain text."""
    secret = Secret.from_plain_text("my_secret")
    assert secret.get_value() == "my_secret"


def test_direct_constructor_with_env_var(monkeypatch):
    """Test direct constructor with environment variable reference."""
    monkeypatch.setenv("TEST_SECRET", "secret_value")
    secret = Secret("$TEST_SECRET")
    assert secret.get_value() == "secret_value"


def test_direct_constructor_with_direct_value():
    """Test direct constructor with direct_value=True."""
    secret = Secret("hardcoded_secret", direct_value=True)
    assert secret.get_value() == "hardcoded_secret"


def test_hardcoded_secret_without_permission_raises_error():
    """Test that hardcoded secrets without permission raise ValueError."""
    with pytest.raises(ValueError, match="Hardcoded secrets are not allowed"):
        Secret("hardcoded_secret")


def test_empty_secret_raises_error(monkeypatch):
    """Test that empty secret values raise ValueError."""
    monkeypatch.setenv("EMPTY_SECRET", "")
    with pytest.raises(ValueError, match="Secret value must be a non-empty string"):
        Secret.from_env("EMPTY_SECRET")


def test_str_representation_hides_value(monkeypatch):
    """Test that __str__ never exposes the actual value."""
    monkeypatch.setenv("TEST_SECRET", "secret_value")
    secret = Secret.from_env("TEST_SECRET")
    assert str(secret) == "******"


def test_repr_shows_env_var_name(monkeypatch):
    """Test that __repr__ shows environment variable name but not value."""
    monkeypatch.setenv("TEST_SECRET", "secret_value")
    secret = Secret.from_env("TEST_SECRET")
    assert repr(secret) == "Secret.from_env('TEST_SECRET')"


def test_repr_hides_hardcoded_value():
    """Test that __repr__ hides hardcoded secret values."""
    secret = Secret.from_plain_text("secret")
    assert repr(secret) == "Secret('******')"


def test_equality_with_string(monkeypatch):
    """Test that Secret can be compared with strings."""
    monkeypatch.setenv("TEST_SECRET", "secret_value")
    secret = Secret.from_env("TEST_SECRET")
    assert secret == "secret_value"
    assert secret != "wrong_value"


def test_equality_with_another_secret(monkeypatch):
    """Test that Secrets can be compared with each other."""
    monkeypatch.setenv("SECRET1", "same_value")
    monkeypatch.setenv("SECRET2", "same_value")
    monkeypatch.setenv("SECRET3", "different_value")

    secret1 = Secret.from_env("SECRET1")
    secret2 = Secret.from_env("SECRET2")
    secret3 = Secret.from_env("SECRET3")

    assert secret1 == secret2
    assert secret1 != secret3


def test_equality_with_incompatible_type(monkeypatch):
    """Test that comparison with incompatible types returns NotImplemented."""
    monkeypatch.setenv("TEST_SECRET", "secret_value")
    secret = Secret.from_env("TEST_SECRET")
    assert secret.__eq__(123) == NotImplemented
    assert secret != 123


def test_mixed_secret_sources_comparison(monkeypatch):
    """Test comparing secrets from different sources."""
    monkeypatch.setenv("ENV_SECRET", "same_value")
    env_secret = Secret.from_env("ENV_SECRET")
    plain_secret = Secret.from_plain_text("same_value")

    assert env_secret == plain_secret


def test_get_value_called_multiple_times(monkeypatch):
    """Test that get_value works consistently across multiple calls."""
    monkeypatch.setenv("TEST_SECRET", "secret_value")
    secret = Secret.from_env("TEST_SECRET")

    assert secret.get_value() == "secret_value"
    assert secret.get_value() == "secret_value"


def test_env_var_change_at_runtime(monkeypatch):
    """Test that Secret picks up environment variable changes."""
    monkeypatch.setenv("DYNAMIC_SECRET", "initial_value")
    secret = Secret.from_env("DYNAMIC_SECRET")
    assert secret.get_value() == "initial_value"

    monkeypatch.setenv("DYNAMIC_SECRET", "changed_value")
    assert secret.get_value() == "changed_value"


def test_constructor_validation_with_empty_env_var(monkeypatch):
    """Test constructor validation when env var exists but is empty."""
    monkeypatch.setenv("EMPTY_VAR", "")
    with pytest.raises(ValueError, match="Secret value must be a non-empty string"):
        Secret("$EMPTY_VAR")


def test_from_plain_text_with_empty_string():
    """Test that from_plain_text with empty string raises ValueError."""
    with pytest.raises(ValueError, match="Secret value must be a non-empty string"):
        Secret.from_plain_text("")