Store and pull tenant creds from Key Vault.

The tenant ID should be hashed and used as the key for the JSON blob of relevant creds for any given tenant. Azure CSP interface methods that need to source creds should call the internal `_source_creds` method, either with a `tenant_id` or no parameters. That method will source the creds. If a tenant ID is provided, it will source them from the Key Vault. If not provided, it will return the default creds for the app registration in the home tenant.
2020-01-27 15:00:20 -05:00
parent a10d733fb7
commit abd03be806
10 changed files with 186 additions and 50 deletions
--- a/tests/domain/cloud/test_azure_csp.py
+++ b/tests/domain/cloud/test_azure_csp.py
@@ -1,5 +1,7 @@
+import pytest
+import json
 from uuid import uuid4
-from unittest.mock import Mock
+from unittest.mock import Mock, patch

 from tests.factories import ApplicationFactory, EnvironmentFactory
 from tests.mock_azure import AUTH_CREDENTIALS, mock_azure
@@ -84,13 +86,28 @@ def test_create_environment_succeeds(mock_azure: AzureCloudProvider):
    assert result.id == "Test Id"


+# mock the get_secret so it returns a JSON string
+MOCK_CREDS = {
+    "tenant_id": str(uuid4()),
+    "tenant_sp_client_id": str(uuid4()),
+    "tenant_sp_key": "1234",
+}
+
+
+def mock_get_secret(azure, func):
+    azure.get_secret = func
+
+    return azure
+
+
 def test_create_application_succeeds(mock_azure: AzureCloudProvider):
    application = ApplicationFactory.create()
-
    mock_management_group_create(mock_azure, {"id": "Test Id"})

+    mock_azure = mock_get_secret(mock_azure, lambda *a, **k: json.dumps(MOCK_CREDS))
+
    payload = ApplicationCSPPayload(
-        creds={}, display_name=application.name, parent_id=str(uuid4())
+        tenant_id="1234", display_name=application.name, parent_id=str(uuid4())
    )
    result = mock_azure.create_application(payload)