mirror of https://github.com/pulumi/pulumi.git
110 lines
3.2 KiB
Go
110 lines
3.2 KiB
Go
// Copyright 2016-2022, Pulumi Corporation.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/url"
|
|
"testing"
|
|
|
|
secretsrpc "github.com/pulumi/pulumi/sdk/v3/proto/go/secrets"
|
|
"github.com/stretchr/testify/assert"
|
|
"gocloud.dev/secrets"
|
|
"gocloud.dev/secrets/driver"
|
|
)
|
|
|
|
//nolint:paralleltest
|
|
func TestSecretsProviderOverride(t *testing.T) {
|
|
// Don't call t.Parallel because we temporarily modify
|
|
// PULUMI_CLOUD_SECRET_OVERRIDE env var and it may interfere with other
|
|
// tests.
|
|
|
|
ctx := context.Background()
|
|
|
|
opener := &mockSecretsKeeperOpener{}
|
|
secrets.DefaultURLMux().RegisterKeeper("test", opener)
|
|
|
|
//nolint:paralleltest
|
|
t.Run("without override", func(t *testing.T) {
|
|
opener.wantURL = "test://foo"
|
|
|
|
cloudPlugin := NewCloudSecretPlugin()
|
|
resp, err := cloudPlugin.Initialize(ctx, &secretsrpc.InitializeRequest{
|
|
Args: []string{"test://foo"},
|
|
})
|
|
assert.NoError(t, err)
|
|
assert.Nil(t, resp.Prompt)
|
|
assert.NotNil(t, resp.State)
|
|
|
|
cloudPlugin = NewCloudSecretPlugin()
|
|
resp, err = cloudPlugin.Initialize(ctx, &secretsrpc.InitializeRequest{
|
|
Args: []string{"test://bar"},
|
|
})
|
|
assert.Error(t, err)
|
|
assert.Nil(t, resp)
|
|
})
|
|
|
|
//nolint:paralleltest
|
|
t.Run("with override", func(t *testing.T) {
|
|
opener.wantURL = "test://bar"
|
|
t.Setenv("PULUMI_CLOUD_SECRET_OVERRIDE", "test://bar")
|
|
|
|
// Last argument here shouldn't matter anymore, since it gets overridden
|
|
// by the env var. Both calls should succeed.
|
|
msg := "creating the secrets manager should succeed regardless of secrets provider"
|
|
cloudPlugin := NewCloudSecretPlugin()
|
|
resp, err := cloudPlugin.Initialize(ctx, &secretsrpc.InitializeRequest{
|
|
Args: []string{"test://foo"},
|
|
})
|
|
assert.NoError(t, err, msg)
|
|
assert.Nil(t, resp.Prompt)
|
|
assert.NotNil(t, resp.State)
|
|
|
|
cloudPlugin = NewCloudSecretPlugin()
|
|
resp, err = cloudPlugin.Initialize(ctx, &secretsrpc.InitializeRequest{
|
|
Args: []string{"test://bar"},
|
|
})
|
|
assert.NoError(t, err, msg)
|
|
assert.Nil(t, resp.Prompt)
|
|
assert.NotNil(t, resp.State)
|
|
})
|
|
}
|
|
|
|
type mockSecretsKeeperOpener struct {
|
|
wantURL string
|
|
}
|
|
|
|
func (m *mockSecretsKeeperOpener) OpenKeeperURL(ctx context.Context, u *url.URL) (*secrets.Keeper, error) {
|
|
if m.wantURL != u.String() {
|
|
return nil, fmt.Errorf("got keeper URL: %q, want: %q", u, m.wantURL)
|
|
}
|
|
return secrets.NewKeeper(&dummySecretsKeeper{}), nil
|
|
}
|
|
|
|
type dummySecretsKeeper struct {
|
|
driver.Keeper
|
|
}
|
|
|
|
func (k dummySecretsKeeper) Close() error { return nil }
|
|
|
|
func (k dummySecretsKeeper) Decrypt(ctx context.Context, ciphertext []byte) ([]byte, error) {
|
|
return ciphertext, nil
|
|
}
|
|
|
|
func (k dummySecretsKeeper) Encrypt(ctx context.Context, plaintext []byte) ([]byte, error) {
|
|
return plaintext, nil
|
|
}
|