203 lines
4.5 KiB
Go
203 lines
4.5 KiB
Go
package jose
|
|
|
|
import (
|
|
"os"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/influxdata/telegraf/config"
|
|
)
|
|
|
|
func TestSampleConfig(t *testing.T) {
|
|
plugin := &Jose{}
|
|
require.NotEmpty(t, plugin.SampleConfig())
|
|
}
|
|
|
|
func TestInitFail(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
plugin *Jose
|
|
expected string
|
|
}{
|
|
{
|
|
name: "invalid id",
|
|
plugin: &Jose{},
|
|
expected: "id missing",
|
|
},
|
|
{
|
|
name: "missing path",
|
|
plugin: &Jose{
|
|
ID: "test",
|
|
},
|
|
expected: "path missing",
|
|
},
|
|
{
|
|
name: "invalid password",
|
|
plugin: &Jose{
|
|
ID: "test",
|
|
Path: t.TempDir(),
|
|
Password: config.NewSecret([]byte("@{unresolvable:secret}")),
|
|
},
|
|
expected: "getting password failed",
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := tt.plugin.Init()
|
|
require.ErrorContains(t, err, tt.expected)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestSetListGet(t *testing.T) {
|
|
secrets := map[string]string{
|
|
"a secret": "I won't tell",
|
|
"another one": "secret",
|
|
"foo": "bar",
|
|
}
|
|
|
|
// Create a temporary directory we can use to store the secrets
|
|
testdir := t.TempDir()
|
|
|
|
// Initialize the plugin
|
|
plugin := &Jose{
|
|
ID: "test",
|
|
Password: config.NewSecret([]byte("test")),
|
|
Path: testdir,
|
|
}
|
|
require.NoError(t, plugin.Init())
|
|
|
|
// Store the secrets
|
|
for k, v := range secrets {
|
|
require.NoError(t, plugin.Set(k, v))
|
|
}
|
|
|
|
// Check if the secrets were actually stored
|
|
entries, err := os.ReadDir(testdir)
|
|
require.NoError(t, err)
|
|
require.Len(t, entries, len(secrets))
|
|
for _, e := range entries {
|
|
_, found := secrets[e.Name()]
|
|
require.True(t, found)
|
|
require.False(t, e.IsDir())
|
|
}
|
|
|
|
// List the secrets
|
|
keys, err := plugin.List()
|
|
require.NoError(t, err)
|
|
require.Len(t, keys, len(secrets))
|
|
for _, k := range keys {
|
|
_, found := secrets[k]
|
|
require.True(t, found)
|
|
}
|
|
|
|
// Get the secrets
|
|
require.Len(t, keys, len(secrets))
|
|
for _, k := range keys {
|
|
value, err := plugin.Get(k)
|
|
require.NoError(t, err)
|
|
v, found := secrets[k]
|
|
require.True(t, found)
|
|
require.Equal(t, v, string(value))
|
|
}
|
|
}
|
|
|
|
func TestResolver(t *testing.T) {
|
|
secretKey := "a secret"
|
|
secretVal := "I won't tell"
|
|
|
|
// Create a temporary directory we can use to store the secrets
|
|
testdir := t.TempDir()
|
|
|
|
// Initialize the plugin
|
|
plugin := &Jose{
|
|
ID: "test",
|
|
Password: config.NewSecret([]byte("test")),
|
|
Path: testdir,
|
|
}
|
|
require.NoError(t, plugin.Init())
|
|
require.NoError(t, plugin.Set(secretKey, secretVal))
|
|
|
|
// Get the resolver
|
|
resolver, err := plugin.GetResolver(secretKey)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, resolver)
|
|
s, dynamic, err := resolver()
|
|
require.NoError(t, err)
|
|
require.False(t, dynamic)
|
|
require.Equal(t, secretVal, string(s))
|
|
}
|
|
|
|
func TestResolverInvalid(t *testing.T) {
|
|
secretKey := "a secret"
|
|
secretVal := "I won't tell"
|
|
|
|
// Create a temporary directory we can use to store the secrets
|
|
testdir := t.TempDir()
|
|
|
|
// Initialize the plugin
|
|
plugin := &Jose{
|
|
ID: "test",
|
|
Password: config.NewSecret([]byte("test")),
|
|
Path: testdir,
|
|
}
|
|
require.NoError(t, plugin.Init())
|
|
require.NoError(t, plugin.Set(secretKey, secretVal))
|
|
|
|
// Get the resolver
|
|
resolver, err := plugin.GetResolver("foo")
|
|
require.NoError(t, err)
|
|
require.NotNil(t, resolver)
|
|
_, _, err = resolver()
|
|
require.Error(t, err)
|
|
}
|
|
|
|
func TestGetNonExistent(t *testing.T) {
|
|
secretKey := "a secret"
|
|
secretVal := "I won't tell"
|
|
|
|
// Create a temporary directory we can use to store the secrets
|
|
testdir := t.TempDir()
|
|
|
|
// Initialize the plugin
|
|
plugin := &Jose{
|
|
ID: "test",
|
|
Password: config.NewSecret([]byte("test")),
|
|
Path: testdir,
|
|
}
|
|
require.NoError(t, plugin.Init())
|
|
require.NoError(t, plugin.Set(secretKey, secretVal))
|
|
|
|
// Get the resolver
|
|
_, err := plugin.Get("foo")
|
|
require.EqualError(t, err, "The specified item could not be found in the keyring")
|
|
}
|
|
|
|
func TestGetInvalidPassword(t *testing.T) {
|
|
secretKey := "a secret"
|
|
secretVal := "I won't tell"
|
|
|
|
// Create a temporary directory we can use to store the secrets
|
|
testdir := t.TempDir()
|
|
|
|
// Initialize the stored secrets
|
|
creator := &Jose{
|
|
ID: "test",
|
|
Password: config.NewSecret([]byte("test")),
|
|
Path: testdir,
|
|
}
|
|
require.NoError(t, creator.Init())
|
|
require.NoError(t, creator.Set(secretKey, secretVal))
|
|
|
|
// Initialize the plugin with a wrong password
|
|
// and try to access an existing secret
|
|
plugin := &Jose{
|
|
ID: "test",
|
|
Password: config.NewSecret([]byte("lala")),
|
|
Path: testdir,
|
|
}
|
|
require.NoError(t, plugin.Init())
|
|
_, err := plugin.Get(secretKey)
|
|
require.ErrorContains(t, err, "integrity check failed")
|
|
}
|