github.com/opentofu/opentofu@v1.7.1/internal/encryption/keyprovider/aws_kms/provider_test.go (about) 1 package aws_kms 2 3 import ( 4 "os" 5 "testing" 6 ) 7 8 func getKey(t *testing.T) string { 9 if os.Getenv("TF_ACC") == "" && os.Getenv("TF_KMS_TEST") == "" { 10 return "" 11 } 12 return os.Getenv("TF_AWS_KMS_KEY_ID") 13 } 14 15 func TestKMSProvider_Simple(t *testing.T) { 16 testKeyId := getKey(t) 17 if testKeyId == "" { 18 testKeyId = "alias/my-mock-key" 19 injectDefaultMock() 20 21 t.Setenv("AWS_REGION", "us-east-1") 22 t.Setenv("AWS_ACCESS_KEY_ID", "accesskey") 23 t.Setenv("AWS_SECRET_ACCESS_KEY", "secretkey") 24 } 25 26 // Constructs a aws kms key provider config that accepts the key id 27 providerConfig := Config{ 28 KMSKeyID: testKeyId, 29 KeySpec: "AES_256", 30 31 SkipCredsValidation: true, // Required for mocking 32 } 33 34 // Now that we have the config, we can build the provider 35 provider, metaIn, err := providerConfig.Build() 36 if err != nil { 37 t.Fatalf("Error building provider: %s", err) 38 } 39 40 // Now we can test the provider 41 output, meta, err := provider.Provide(metaIn) 42 if err != nil { 43 t.Fatalf("Error providing keys: %s", err) 44 } 45 46 if len(output.EncryptionKey) == 0 { 47 t.Fatalf("No encryption key provided") 48 } 49 50 if len(output.DecryptionKey) != 0 { 51 t.Fatalf("Decryption key provided and should not be") 52 } 53 54 if len(meta.(*keyMeta).CiphertextBlob) == 0 { 55 t.Fatalf("No ciphertext blob provided") 56 } 57 58 t.Log("Continue to meta -> decryption key") 59 60 // Now that we have a encyption key and it's meta, let's get the decryption key 61 output, meta, err = provider.Provide(meta) 62 if err != nil { 63 t.Fatalf("Error providing keys: %s", err) 64 } 65 66 if len(output.EncryptionKey) == 0 { 67 t.Fatalf("No encryption key provided") 68 } 69 70 if len(output.DecryptionKey) == 0 { 71 t.Fatalf("No decryption key provided") 72 } 73 74 if len(meta.(*keyMeta).CiphertextBlob) == 0 { 75 t.Fatalf("No ciphertext blob provided") 76 } 77 }