Merge pull request #23 from ewjoachim/lib

Refactor the tool to be usable as a Python lib too

.gitignore

@@ -3,3 +3,7 @@
 __pycache__/
 build
 dist
+.coverage
+htmlcov
+.tox
+*.pyc

.travis.yml

@@ -0,0 +1,32 @@
+# Config file for automatic testing at travis-ci.org
+language: python
+
+services:
+  - docker
+
+matrix:
+  include:
+
+  - python: 3.6
+    env: TOX_ENV=py36-unit-tests COVERAGE_FLAG=unit
+
+  - python: 3.6
+    env: TOX_ENV=py36-integration-tests COVERAGE_FLAG=integration
+
+  - python: 2.7
+    env: TOX_ENV=py27-unit-tests COVERAGE_FLAG=unit
+
+  - python: 2.7
+    env: TOX_ENV=py27-integration-tests COVERAGE_FLAG=integration
+
+before_install:
+  - "if [ $COVERAGE_FLAG = integration ]; then ./dev-env; fi"
+
+install:
+  - pip install tox codecov
+
+script:
+  - tox -e $TOX_ENV
+
+after_success:
+- bash <(curl -s https://codecov.io/bash) -c -F $COVERAGE_FLAG

README.md

@@ -25,18 +25,20 @@ Usage: vault [OPTIONS] COMMAND [ARGS]...
   Interact with a Vault. See subcommands for details.
 
 Options:
-  -U, --url TEXT                URL of the vault instance
-  --verify / --no-verify        Verify HTTPS certificate
-  -c, --certificate FILENAME    The certificate to connect to vault
-  -t, --token TEXT              The token to connect to Vault
-  -T, --token-file FILENAME     File which contains the token to connect to
-                                Vault
-  -u, --username TEXT           The username used for userpass authentication
-  -w, --password-file FILENAME  Can read from stdin if "-" is used as
-                                parameter
-  -b, --base-path TEXT          Base path for requests
-  --backend TEXT                Name of the backend to use (requests, hvac)
-  -h, --help                    Show this message and exit.
+  -U, --url TEXT               URL of the vault instance
+  --verify / --no-verify       Verify HTTPS certificate
+  -c, --certificate-file PATH  Certificate to connect to vault. Configuration
+                               file can also contain a "certificate" key.
+  -T, --token-file PATH        File which contains the token to connect to
+                               Vault. Configuration file can also contain a
+                               "token" key.
+  -u, --username TEXT          Username used for userpass authentication
+  -w, --password-file PATH     Can read from stdin if "-" is used as
+                               parameter. Configuration file can also contain
+                               a "password" key.
+  -b, --base-path TEXT         Base path for requests
+  --backend TEXT               Name of the backend to use (requests, hvac)
+  -h, --help                   Show this message and exit.
 
 Commands:
   delete   Deletes a single secret.
@@ -45,6 +47,7 @@ Commands:
   list     List all the secrets at the given path.
   set      Set a single secret to the given value(s).
 
+
 ```
 
 ## Authentication
@@ -108,14 +111,13 @@ Done
 
 ## Configuration
 
-All files at the following location are read (in increasing priority order),
-parsed, merged and used:
+The first file found in the following location is read, parsed and used:
 1. `/etc/vault.yml`
 2. `~/.vault.yml`
 3. `./.vault.yml`
 
 Any option passed as command line flag will be used over the corresponding
-option in the documentation.
+option in the documentation (use either `-` or `_`).
 
 The expected format of the configuration is a mapping, with option names and
 their corresponding values:
@@ -132,12 +134,32 @@ base-path: project/
 ...
 ```
 
+Make sure the secret files have their permissions set accordingly.
+
+For simple cases, you can directly define your `token` or `password` in the
+file:
+
+```yaml
+---
+username: my_username
+password: secret-password
+# or
+token: secret-token
+url: https://vault.mydomain:8200
+verify: no
+base-path: project/
+...
+```
+
+If you do so, make sure the permissions of the configuration file itself are
+not too broad
+
 Just note that the `--verify / --no-verify` flag become `verify: yes` or
 `verify: no`
 
 ## State
 
-The tool is currently in beta mode. It's missing docs, tests, CI, and such.
+The tool is currently in beta mode. It's missing docs, linting, and such.
 Be warned.
 
 ## License

conftest.py

@@ -0,0 +1,11 @@
+import pytest
+
+from vault_cli import settings
+
+
+@pytest.fixture
+def config():
+    old = settings.CONFIG
+    settings.CONFIG = {}
+    yield settings.CONFIG
+    settings.CONFIG = old

setup.cfg

@@ -28,7 +28,7 @@ install_requires =
 
 [options.entry_points]
 console_scripts =
-    vault = vault_cli.vault:main
+    vault = vault_cli.cli:main
 
 [options.extras_require]
 hvac =
@@ -40,7 +40,13 @@ dev =
 test =
     pytest
     pytest-mock
+    requests-mock
+    pytest-cov
+    pytest-click
 
 [bdist_wheel]
 universal = 1
 
+
+[tool:pytest]
+addopts = --cov-report term-missing --cov-branch --cov-report html --cov-report term --cov=vault_cli -vv

tests/integration/test_integration.py

@@ -0,0 +1,64 @@
+from vault_cli.cli import cli
+from vault_cli import get_client
+from vault_cli import settings
+
+
+def call(cli_runner, *args):
+    call = cli_runner.invoke(cli, *args, default_map=settings.CONFIG)
+    assert call.exit_code == 0, call.output
+    return call
+
+
+def test_integration_cli(cli_runner):
+    call(cli_runner, ["set", "a", "b"])
+
+    assert call(cli_runner, ["get", "a", "--text"]).output == "b\n"
+
+    assert call(cli_runner, ["list"]).output == "a\n"
+
+    call(cli_runner, ["set", "c/d", "e"])
+
+    assert call(cli_runner, ["get", "c/d"]).output == "--- e\n...\n"
+
+    assert call(cli_runner, ["list"]).output == "a\nc/\n"
+
+    assert call(cli_runner, ["list", "c"]).output == "d\n"
+
+    assert call(cli_runner, ["get-all", ""]).output == ("""---
+a: b
+c:
+  d: e
+""")
+
+    call(cli_runner, ["delete", "a"])
+
+    assert call(cli_runner, ["list"]).output == "c/\n"
+
+    call(cli_runner, ["delete", "c/d"])
+
+
+def test_integration_lib():
+
+    client = get_client()
+
+    client.set_secret("a", "b")
+
+    assert client.get_secret("a") == "b"
+
+    assert client.list_secrets("") == ["a"]
+
+    client.set_secret("c/d", "e")
+
+    assert client.get_secret("c/d") == "e"
+
+    assert client.list_secrets("") == ["a", "c/"]
+
+    assert client.list_secrets("c") == ["d"]
+
+    assert client.get_all([""]) == {"a": "b", "c": {"d": "e"}}
+
+    client.delete_secret("a")
+
+    assert client.list_secrets("") == ["c/"]
+
+    client.delete_secret("c/d")