m/rdp-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial project snapshot

Browse Source
This commit is contained in:
Mikhail
2026-04-28 22:29:50 +03:00
commit 8ba0561f4f
365 changed files with 91832 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/internal/platform/secrets/resource_metadata_test.go
+52
View File
@@ -0,0 +1,52 @@
package secrets
import (
"encoding/json"
"errors"
"slices"
"testing"
)
func TestValidateResourceSecretReadinessAllowsPlaintextInDevelopment(t *testing.T) {
metadata := json.RawMessage(`{"username":"m","password":"secret"}`)
if err := ValidateResourceSecretReadiness("rdp", nil, metadata, "development"); err != nil {
t.Fatalf("development metadata should remain allowed for smoke/dev: %v", err)
}
}
func TestValidateResourceSecretReadinessRejectsPlaintextCredentialsInProduction(t *testing.T) {
metadata := json.RawMessage(`{"rdp_host":"host","credentials":{"username":"m","password":"secret"}}`)
err := ValidateResourceSecretReadiness("rdp", stringPtr("vault://org/resource"), metadata, "production")
if !errors.Is(err, ErrPlaintextResourceCredentials) {
t.Fatalf("expected plaintext credential rejection, got %v", err)
}
paths, err := PlaintextCredentialMetadataPaths(metadata)
if err != nil {
t.Fatalf("metadata paths: %v", err)
}
for _, expected := range []string{"credentials", "credentials.password", "credentials.username"} {
if !slices.Contains(paths, expected) {
t.Fatalf("expected sensitive path %q in %v", expected, paths)
}
}
}
func TestValidateResourceSecretReadinessRequiresSecretRefForProductionRDP(t *testing.T) {
metadata := json.RawMessage(`{"rdp_host":"host","rdp_port":3389}`)
err := ValidateResourceSecretReadiness("rdp", nil, metadata, "production")
if !errors.Is(err, ErrMissingResourceSecretRef) {
t.Fatalf("expected missing secret_ref rejection, got %v", err)
}
}
func TestValidateResourceSecretReadinessAllowsProductionSecretRef(t *testing.T) {
metadata := json.RawMessage(`{"rdp_host":"host","rdp_port":3389,"secret_ref":"vault://org/resource"}`)
if err := ValidateResourceSecretReadiness("rdp", stringPtr("vault://org/resource"), metadata, "production"); err != nil {
t.Fatalf("production secret_ref metadata should be accepted: %v", err)
}
}
func stringPtr(value string) *string {
return &value
}