github.com/opentofu/opentofu@v1.7.1/internal/encryption/keyprovider/static/provider_test.go (about)

     1  // Copyright (c) The OpenTofu Authors
     2  // SPDX-License-Identifier: MPL-2.0
     3  // Copyright (c) 2023 HashiCorp, Inc.
     4  // SPDX-License-Identifier: MPL-2.0
     5  
     6  package static
     7  
     8  import (
     9  	"bytes"
    10  	"fmt"
    11  	"testing"
    12  
    13  	"github.com/opentofu/opentofu/internal/encryption/keyprovider/compliancetest"
    14  
    15  	"github.com/opentofu/opentofu/internal/encryption/keyprovider"
    16  )
    17  
    18  func TestKeyProvider(t *testing.T) {
    19  	compliancetest.ComplianceTest(
    20  		t,
    21  		compliancetest.TestConfiguration[*descriptor, *Config, *Metadata, *staticKeyProvider]{
    22  			Descriptor: New().(*descriptor),
    23  			HCLParseTestCases: map[string]compliancetest.HCLParseTestCase[*Config, *staticKeyProvider]{
    24  				"success": {
    25  					HCL: `key_provider "static" "foo" {
    26      key = "48656c6c6f20776f726c6421"
    27  }`,
    28  					ValidHCL:   true,
    29  					ValidBuild: true,
    30  					Validate: func(config *Config, keyProvider *staticKeyProvider) error {
    31  						if config.Key != "48656c6c6f20776f726c6421" {
    32  							return fmt.Errorf("incorrect key returned")
    33  						}
    34  						if !bytes.Equal(keyProvider.key, []byte("Hello world!")) {
    35  							return fmt.Errorf("key provider contains invalid key")
    36  						}
    37  						return nil
    38  					},
    39  				},
    40  				"empty": {
    41  					HCL:        `key_provider "static" "foo" {}`,
    42  					ValidHCL:   false,
    43  					ValidBuild: false,
    44  				},
    45  				"bad-hex": {
    46  					HCL: `key_provider "static" "foo" {
    47  	key = "G"
    48  }`,
    49  					ValidHCL:   true,
    50  					ValidBuild: false,
    51  				},
    52  				"bad-argument": {
    53  					HCL: `key_provider "static" "foo" {
    54  	keys = "48656c6c6f20776f726c6421" # Note the incorrect key name
    55  }`,
    56  					ValidHCL:   false,
    57  					ValidBuild: false,
    58  				},
    59  			},
    60  			ConfigStructTestCases: map[string]compliancetest.ConfigStructTestCase[*Config, *staticKeyProvider]{
    61  				"empty": {
    62  					Config: &Config{
    63  						Key: "",
    64  					},
    65  					ValidBuild: false,
    66  					Validate:   nil,
    67  				},
    68  			},
    69  			MetadataStructTestCases: map[string]compliancetest.MetadataStructTestCase[*Config, *Metadata]{
    70  				"empty": {
    71  					ValidConfig: &Config{
    72  						Key: "48656c6c6f20776f726c6421",
    73  					},
    74  					Meta:      &Metadata{},
    75  					IsPresent: false,
    76  					IsValid:   false,
    77  				},
    78  				"invalid": {
    79  					ValidConfig: &Config{
    80  						Key: "48656c6c6f20776f726c6421",
    81  					},
    82  					Meta: &Metadata{
    83  						Magic: "Invalid",
    84  					},
    85  					IsPresent: true,
    86  					IsValid:   false,
    87  				},
    88  				"valid": {
    89  					ValidConfig: &Config{
    90  						Key: "48656c6c6f20776f726c6421",
    91  					},
    92  					Meta: &Metadata{
    93  						Magic: "Hello world!",
    94  					},
    95  					IsPresent: true,
    96  					IsValid:   true,
    97  				},
    98  			},
    99  			ProvideTestCase: compliancetest.ProvideTestCase[*Config, *Metadata]{
   100  				ValidConfig: &Config{
   101  					Key: "48656c6c6f20776f726c6421",
   102  				},
   103  				ExpectedOutput: &keyprovider.Output{
   104  					EncryptionKey: []byte("Hello world!"), // "48656c6c6f20776f726c6421" in hex is "Hello world!"
   105  					DecryptionKey: []byte("Hello world!"),
   106  				},
   107  				ValidateKeys: nil,
   108  				ValidateMetadata: func(meta *Metadata) error {
   109  					if meta.Magic != "Hello world!" {
   110  						return fmt.Errorf("incorrect output magic: %s", meta.Magic)
   111  					}
   112  					return nil
   113  				},
   114  			},
   115  		},
   116  	)
   117  }