Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #70419 > unrolled thread

[OT] Testing and credentials best practices?

Back to article view | Back to comp.lang.python

Contents

  [OT] Testing and credentials best practices? Miki Tebeka <miki.tebeka@gmail.com> - 2014-04-20 09:36 -0700
    Re: [OT] Testing and credentials best practices? Chris Angelico <rosuav@gmail.com> - 2014-04-21 02:45 +1000
      Re: [OT] Testing and credentials best practices? Miki Tebeka <miki.tebeka@gmail.com> - 2014-04-21 12:03 -0700
    Re: [OT] Testing and credentials best practices? Roy Smith <roy@panix.com> - 2014-04-20 14:32 -0700

#70419 — [OT] Testing and credentials best practices?

Greetings,

How do you deal with tests (both on dev machine and Jenkins) that need credentials (such as AWS keys)?. I know of the following methods:

1. Test user with known (stored in source control) limited credentials
2. ~/.secrets (or any other known location) RC file which is not in source control
3. Credentials service (such as ZooKeeper) accessed only from VPN
4. Credentials pre user encrypted (gpg) and stored in source control

What method are you using? Are there any best practices in the subject?

Thanks,
--
Miki

[toc] | [next] | [standalone]

#70421

On Mon, Apr 21, 2014 at 2:36 AM, Miki Tebeka <miki.tebeka@gmail.com> wrote:
> How do you deal with tests (both on dev machine and Jenkins) that need credentials (such as AWS keys)?. I know of the following methods:
>
> 1. Test user with known (stored in source control) limited credentials
> 2. ~/.secrets (or any other known location) RC file which is not in source control
> 3. Credentials service (such as ZooKeeper) accessed only from VPN
> 4. Credentials pre user encrypted (gpg) and stored in source control

I've done several of these. Another option that may work in some
contexts is to mock the test altogether; have a server that simulates
whatever you needed credentials for, and accepts a key of all zeroes
or equivalent. Obviously that key can happily go into the source code
:)

ChrisA

[toc] | [prev] | [next] | [standalone]

#70474

>> How do you deal with tests (both on dev machine and Jenkins) that need credentials (such as AWS keys)?.
> I've done several of these. Another option that may work in some
> contexts is to mock the test altogether;
Thanks, but mocking is last resort for me, it reduces the value of testing greatly and has the burden of catching up with the mocked service.

[toc] | [prev] | [next] | [standalone]

#70431

In article <267e12d3-ea01-4886-bfa7-5c7270adbe92@googlegroups.com>,
 Miki Tebeka <miki.tebeka@gmail.com> wrote:

> Greetings,
> 
> How do you deal with tests (both on dev machine and Jenkins) that need 
> credentials (such as AWS keys)?. I know of the following methods:
> 
> 1. Test user with known (stored in source control) limited credentials
> 2. ~/.secrets (or any other known location) RC file which is not in source 
> control
> 3. Credentials service (such as ZooKeeper) accessed only from VPN
> 4. Credentials pre user encrypted (gpg) and stored in source control
> 
> What method are you using? Are there any best practices in the subject?

We've been looking at using etcd to store credentials (essentially the 
same solution as zookeeper).  It seems like the right way to go.

So far, my impression of etcd is "neat, promising, not ready for prime 
time yet" (to be fair, the etcd folks don't claim it's stable yet).  
ZooKeeper at least has the advantage of being in production use for a 
long time, so it should be pretty bullet-proof.

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web