Initial project snapshot
This commit is contained in:
@@ -0,0 +1,65 @@
|
||||
package secrets
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestEncryptorRoundTrip(t *testing.T) {
|
||||
key := base64.StdEncoding.EncodeToString([]byte("0123456789abcdef0123456789abcdef"))
|
||||
encryptor, err := NewEncryptor(key, "test-key")
|
||||
if err != nil {
|
||||
t.Fatalf("NewEncryptor returned error: %v", err)
|
||||
}
|
||||
aad := ResourceSecretAAD("org-1", "resource-1", "rap-secret://test", "rdp")
|
||||
encrypted, err := encryptor.Encrypt([]byte(`{"username":"user","password":"secret"}`), aad)
|
||||
if err != nil {
|
||||
t.Fatalf("Encrypt returned error: %v", err)
|
||||
}
|
||||
plaintext, err := encryptor.Decrypt(encrypted, aad)
|
||||
if err != nil {
|
||||
t.Fatalf("Decrypt returned error: %v", err)
|
||||
}
|
||||
if string(plaintext) != `{"username":"user","password":"secret"}` {
|
||||
t.Fatalf("unexpected plaintext: %s", plaintext)
|
||||
}
|
||||
}
|
||||
|
||||
func TestEncryptorRejectsWrongAAD(t *testing.T) {
|
||||
key := base64.StdEncoding.EncodeToString([]byte("0123456789abcdef0123456789abcdef"))
|
||||
encryptor, err := NewEncryptor(key, "test-key")
|
||||
if err != nil {
|
||||
t.Fatalf("NewEncryptor returned error: %v", err)
|
||||
}
|
||||
encrypted, err := encryptor.Encrypt([]byte(`{"password":"secret"}`), ResourceSecretAAD("org-1", "resource-1", "ref", "rdp"))
|
||||
if err != nil {
|
||||
t.Fatalf("Encrypt returned error: %v", err)
|
||||
}
|
||||
if _, err := encryptor.Decrypt(encrypted, ResourceSecretAAD("org-2", "resource-1", "ref", "rdp")); err == nil {
|
||||
t.Fatalf("expected decrypt with wrong aad to fail")
|
||||
}
|
||||
}
|
||||
|
||||
func TestMergeResourceSecretIntoAssignmentMetadata(t *testing.T) {
|
||||
metadata := map[string]any{
|
||||
"resource": map[string]any{
|
||||
"id": "resource-1",
|
||||
"metadata": map[string]any{
|
||||
"rdp_host": "host",
|
||||
},
|
||||
},
|
||||
}
|
||||
merged, err := MergeResourceSecretIntoAssignmentMetadata(metadata, json.RawMessage(`{"username":"user","password":"secret","domain":"corp"}`))
|
||||
if err != nil {
|
||||
t.Fatalf("MergeResourceSecretIntoAssignmentMetadata returned error: %v", err)
|
||||
}
|
||||
resource := merged.Metadata["resource"].(map[string]any)
|
||||
resourceMetadata := resource["metadata"].(map[string]any)
|
||||
if resourceMetadata["rdp_host"] != "host" {
|
||||
t.Fatalf("existing metadata was not preserved")
|
||||
}
|
||||
if resourceMetadata["username"] != "user" || resourceMetadata["password"] != "secret" || resourceMetadata["domain"] != "corp" {
|
||||
t.Fatalf("secret payload was not merged: %#v", resourceMetadata)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user