forked from pulumi/pulumi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
manager_test.go
129 lines (101 loc) 路 4.01 KB
/
manager_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package passphrase
import (
"os"
"strings"
"testing"
"github.com/stretchr/testify/assert"
)
const (
state = `
{"salt": "v1:fozI5u6B030=:v1:F+6ZduKKd8G0/V7L:PGMFeIzwobWRKmEAzUdaQHqC5mMRIQ=="}
`
brokenState = `
{"salt": "fozI5u6B030=:v1:F+6ZduL:PGMFeIzwobWRKmEAzUdaQHqC5mMRIQ=="}
`
)
func resetPassphraseTestEnvVars() func() {
clearCachedSecretsManagers()
oldPassphrase := os.Getenv("PULUMI_CONFIG_PASSPHRASE")
oldPassphraseFile := os.Getenv("PULUMI_CONFIG_PASSPHRASE_FILE")
return func() {
os.Setenv("PULUMI_CONFIG_PASSPHRASE", oldPassphrase)
os.Setenv("PULUMI_CONFIG_PASSPHRASE_FILE", oldPassphraseFile)
}
}
//nolint:paralleltest // mutates environment variables
func TestPassphraseManagerIncorrectPassphraseReturnsErrorCrypter(t *testing.T) {
resetEnv := resetPassphraseTestEnvVars()
defer resetEnv()
os.Setenv("PULUMI_CONFIG_PASSPHRASE", "password123")
os.Unsetenv("PULUMI_CONFIG_PASSPHRASE_FILE")
manager, err := NewPromptingPassphaseSecretsManagerFromState([]byte(state))
assert.NoError(t, err) // even if we pass the wrong provider, we should get a lockedPassphraseProvider
assert.Equal(t, manager, &localSecretsManager{
state: localSecretsManagerState{Salt: "v1:fozI5u6B030=:v1:F+6ZduKKd8G0/V7L:PGMFeIzwobWRKmEAzUdaQHqC5mMRIQ=="},
crypter: &errorCrypter{},
})
}
//nolint:paralleltest // mutates environment variables
func TestPassphraseManagerIncorrectStateReturnsError(t *testing.T) {
resetEnv := resetPassphraseTestEnvVars()
defer resetEnv()
os.Setenv("PULUMI_CONFIG_PASSPHRASE", "password")
os.Unsetenv("PULUMI_CONFIG_PASSPHRASE_FILE")
_, err := NewPromptingPassphaseSecretsManagerFromState([]byte(brokenState))
assert.Error(t, err)
}
//nolint:paralleltest // mutates environment variables
func TestPassphraseManagerCorrectPassphraseReturnsSecretsManager(t *testing.T) {
resetEnv := resetPassphraseTestEnvVars()
defer resetEnv()
os.Setenv("PULUMI_CONFIG_PASSPHRASE", "password")
os.Unsetenv("PULUMI_CONFIG_PASSPHRASE_FILE")
sm, err := NewPromptingPassphaseSecretsManagerFromState([]byte(state))
assert.NoError(t, err)
assert.NotNil(t, sm)
}
//nolint:paralleltest // mutates environment variables
func TestPassphraseManagerNoEnvironmentVariablesReturnsError(t *testing.T) {
resetEnv := resetPassphraseTestEnvVars()
defer resetEnv()
os.Unsetenv("PULUMI_CONFIG_PASSPHRASE")
os.Unsetenv("PULUMI_CONFIG_PASSPHRASE_FILE")
_, err := NewPromptingPassphaseSecretsManagerFromState([]byte(state))
assert.NotNil(t, err, strings.Contains(err.Error(), "unable to find either `PULUMI_CONFIG_PASSPHRASE` nor "+
"`PULUMI_CONFIG_PASSPHRASE_FILE`"))
}
//nolint:paralleltest // mutates environment variables
func TestPassphraseManagerEmptyPassphraseIsValid(t *testing.T) {
resetEnv := resetPassphraseTestEnvVars()
defer resetEnv()
os.Setenv("PULUMI_CONFIG_PASSPHRASE", "")
os.Unsetenv("PULUMI_CONFIG_PASSPHRASE_FILE")
sm, err := NewPromptingPassphaseSecretsManagerFromState([]byte(state))
assert.NoError(t, err)
assert.NotNil(t, sm)
}
//nolint:paralleltest // mutates environment variables
func TestPassphraseManagerCorrectPassfileReturnsSecretsManager(t *testing.T) {
resetEnv := resetPassphraseTestEnvVars()
defer resetEnv()
tmpFile, err := os.CreateTemp("", "pulumi-secret-test")
assert.NoError(t, err)
defer os.Remove(tmpFile.Name())
_, err = tmpFile.WriteString("password")
assert.NoError(t, err)
os.Unsetenv("PULUMI_CONFIG_PASSPHRASE")
os.Setenv("PULUMI_CONFIG_PASSPHRASE_FILE", tmpFile.Name())
sm, err := NewPromptingPassphaseSecretsManagerFromState([]byte(state))
assert.NoError(t, err)
assert.NotNil(t, sm)
}
//nolint:paralleltest // mutates environment variables
func TestPassphraseManagerEmptyPassfileReturnsError(t *testing.T) {
resetEnv := resetPassphraseTestEnvVars()
defer resetEnv()
os.Unsetenv("PULUMI_CONFIG_PASSPHRASE")
os.Setenv("PULUMI_CONFIG_PASSPHRASE_FILE", "")
_, err := NewPromptingPassphaseSecretsManagerFromState([]byte(state))
assert.NotNil(t, err, strings.Contains(err.Error(), "unable to find either `PULUMI_CONFIG_PASSPHRASE` nor "+
"`PULUMI_CONFIG_PASSPHRASE_FILE`"))
}