package jose import ( "os" "testing" "github.com/stretchr/testify/require" "github.com/influxdata/telegraf/config" ) func TestSampleConfig(t *testing.T) { plugin := &Jose{} require.NotEmpty(t, plugin.SampleConfig()) } func TestInitFail(t *testing.T) { tests := []struct { name string plugin *Jose expected string }{ { name: "invalid id", plugin: &Jose{}, expected: "id missing", }, { name: "missing path", plugin: &Jose{ ID: "test", }, expected: "path missing", }, { name: "invalid password", plugin: &Jose{ ID: "test", Path: t.TempDir(), Password: config.NewSecret([]byte("@{unresolvable:secret}")), }, expected: "getting password failed", }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { err := tt.plugin.Init() require.ErrorContains(t, err, tt.expected) }) } } func TestSetListGet(t *testing.T) { secrets := map[string]string{ "a secret": "I won't tell", "another one": "secret", "foo": "bar", } // Create a temporary directory we can use to store the secrets testdir := t.TempDir() // Initialize the plugin plugin := &Jose{ ID: "test", Password: config.NewSecret([]byte("test")), Path: testdir, } require.NoError(t, plugin.Init()) // Store the secrets for k, v := range secrets { require.NoError(t, plugin.Set(k, v)) } // Check if the secrets were actually stored entries, err := os.ReadDir(testdir) require.NoError(t, err) require.Len(t, entries, len(secrets)) for _, e := range entries { _, found := secrets[e.Name()] require.True(t, found) require.False(t, e.IsDir()) } // List the secrets keys, err := plugin.List() require.NoError(t, err) require.Len(t, keys, len(secrets)) for _, k := range keys { _, found := secrets[k] require.True(t, found) } // Get the secrets require.Len(t, keys, len(secrets)) for _, k := range keys { value, err := plugin.Get(k) require.NoError(t, err) v, found := secrets[k] require.True(t, found) require.Equal(t, v, string(value)) } } func TestResolver(t *testing.T) { secretKey := "a secret" secretVal := "I won't tell" // Create a temporary directory we can use to store the secrets testdir := t.TempDir() // Initialize the plugin plugin := &Jose{ ID: "test", Password: config.NewSecret([]byte("test")), Path: testdir, } require.NoError(t, plugin.Init()) require.NoError(t, plugin.Set(secretKey, secretVal)) // Get the resolver resolver, err := plugin.GetResolver(secretKey) require.NoError(t, err) require.NotNil(t, resolver) s, dynamic, err := resolver() require.NoError(t, err) require.False(t, dynamic) require.Equal(t, secretVal, string(s)) } func TestResolverInvalid(t *testing.T) { secretKey := "a secret" secretVal := "I won't tell" // Create a temporary directory we can use to store the secrets testdir := t.TempDir() // Initialize the plugin plugin := &Jose{ ID: "test", Password: config.NewSecret([]byte("test")), Path: testdir, } require.NoError(t, plugin.Init()) require.NoError(t, plugin.Set(secretKey, secretVal)) // Get the resolver resolver, err := plugin.GetResolver("foo") require.NoError(t, err) require.NotNil(t, resolver) _, _, err = resolver() require.Error(t, err) } func TestGetNonExistent(t *testing.T) { secretKey := "a secret" secretVal := "I won't tell" // Create a temporary directory we can use to store the secrets testdir := t.TempDir() // Initialize the plugin plugin := &Jose{ ID: "test", Password: config.NewSecret([]byte("test")), Path: testdir, } require.NoError(t, plugin.Init()) require.NoError(t, plugin.Set(secretKey, secretVal)) // Get the resolver _, err := plugin.Get("foo") require.EqualError(t, err, "The specified item could not be found in the keyring") } func TestGetInvalidPassword(t *testing.T) { secretKey := "a secret" secretVal := "I won't tell" // Create a temporary directory we can use to store the secrets testdir := t.TempDir() // Initialize the stored secrets creator := &Jose{ ID: "test", Password: config.NewSecret([]byte("test")), Path: testdir, } require.NoError(t, creator.Init()) require.NoError(t, creator.Set(secretKey, secretVal)) // Initialize the plugin with a wrong password // and try to access an existing secret plugin := &Jose{ ID: "test", Password: config.NewSecret([]byte("lala")), Path: testdir, } require.NoError(t, plugin.Init()) _, err := plugin.Get(secretKey) require.ErrorContains(t, err, "integrity check failed") }