github.com/cornelk/go-cloud@v0.17.1/secrets/gcpkms/kms_test.go (about) 1 // Copyright 2018 The Go Cloud Development Kit Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package gcpkms 16 17 import ( 18 "context" 19 "errors" 20 "testing" 21 22 cloudkms "cloud.google.com/go/kms/apiv1" 23 "github.com/cornelk/go-cloud/internal/testing/setup" 24 "github.com/cornelk/go-cloud/secrets" 25 "github.com/cornelk/go-cloud/secrets/driver" 26 "github.com/cornelk/go-cloud/secrets/drivertest" 27 "golang.org/x/oauth2" 28 "google.golang.org/api/option" 29 "google.golang.org/grpc/status" 30 ) 31 32 // These constants capture values that were used during the last --record. 33 // If you want to use --record mode, 34 // 1. Update projectID to your GCP project name (not number!) 35 // 2. Enable the Cloud KMS API. 36 // 3. Create a key ring and a key, change their name below accordingly. 37 const ( 38 project = "go-cloud-test-216917" 39 location = "global" 40 keyRing = "test" 41 keyID1 = "password" 42 keyID2 = "password2" 43 ) 44 45 type harness struct { 46 client *cloudkms.KeyManagementClient 47 close func() 48 } 49 50 func (h *harness) MakeDriver(ctx context.Context) (driver.Keeper, driver.Keeper, error) { 51 return &keeper{KeyResourceID(project, location, keyRing, keyID1), h.client}, 52 &keeper{KeyResourceID(project, location, keyRing, keyID2), h.client}, nil 53 } 54 55 func (h *harness) Close() { 56 h.close() 57 } 58 59 func newHarness(ctx context.Context, t *testing.T) (drivertest.Harness, error) { 60 conn, done := setup.NewGCPgRPCConn(ctx, t, endPoint, "secrets") 61 client, err := cloudkms.NewKeyManagementClient(ctx, option.WithGRPCConn(conn)) 62 if err != nil { 63 return nil, err 64 } 65 return &harness{ 66 client: client, 67 close: func() { 68 client.Close() 69 done() 70 }, 71 }, nil 72 } 73 74 func TestConformance(t *testing.T) { 75 drivertest.RunConformanceTests(t, newHarness, []drivertest.AsTest{verifyAs{}}) 76 } 77 78 type verifyAs struct{} 79 80 func (v verifyAs) Name() string { 81 return "verify As function" 82 } 83 84 func (v verifyAs) ErrorCheck(k *secrets.Keeper, err error) error { 85 var s *status.Status 86 if !k.ErrorAs(err, &s) { 87 return errors.New("Keeper.ErrorAs failed") 88 } 89 return nil 90 } 91 92 // KMS-specific tests. 93 94 func TestNoConnectionError(t *testing.T) { 95 ctx := context.Background() 96 client, done, err := Dial(ctx, oauth2.StaticTokenSource(&oauth2.Token{ 97 AccessToken: "fake", 98 })) 99 if err != nil { 100 t.Fatal(err) 101 } 102 defer done() 103 104 keeper := OpenKeeper(client, "", nil) 105 defer keeper.Close() 106 107 if _, err := keeper.Encrypt(ctx, []byte("test")); err == nil { 108 t.Error("got nil, want rpc error") 109 } 110 } 111 112 func TestOpenKeeper(t *testing.T) { 113 cleanup := setup.FakeGCPDefaultCredentials(t) 114 defer cleanup() 115 116 tests := []struct { 117 URL string 118 WantErr bool 119 }{ 120 // OK. 121 {"gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY", false}, 122 // Invalid query parameter. 123 {"gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY?param=val", true}, 124 } 125 126 ctx := context.Background() 127 for _, test := range tests { 128 keeper, err := secrets.OpenKeeper(ctx, test.URL) 129 if (err != nil) != test.WantErr { 130 t.Errorf("%s: got error %v, want error %v", test.URL, err, test.WantErr) 131 } 132 if err == nil { 133 if err = keeper.Close(); err != nil { 134 t.Errorf("%s: got error during close: %v", test.URL, err) 135 } 136 } 137 } 138 }