github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/creds/secretsmanager/secretsmanager_test.go

github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/creds/secretsmanager/secretsmanager_test.go (about)

     1  package secretsmanager_test
     2  
     3  import (
     4  	"errors"
     5  
     6  	"code.cloudfoundry.org/lager/lagertest"
     7  
     8  	"github.com/pf-qiu/concourse/v6/atc/creds"
     9  
    10  	"github.com/aws/aws-sdk-go/aws"
    11  	"github.com/aws/aws-sdk-go/aws/awserr"
    12  	"github.com/aws/aws-sdk-go/service/secretsmanager"
    13  	"github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface"
    14  	"github.com/pf-qiu/concourse/v6/vars"
    15  
    16  	. "github.com/pf-qiu/concourse/v6/atc/creds/secretsmanager"
    17  	. "github.com/onsi/ginkgo"
    18  	. "github.com/onsi/gomega"
    19  )
    20  
    21  type MockSecretsManagerService struct {
    22  	secretsmanageriface.SecretsManagerAPI
    23  
    24  	stubGetParameter func(name string) (*secretsmanager.GetSecretValueOutput, error)
    25  }
    26  
    27  func (mock *MockSecretsManagerService) GetSecretValue(input *secretsmanager.GetSecretValueInput) (*secretsmanager.GetSecretValueOutput, error) {
    28  	if mock.stubGetParameter == nil {
    29  		return nil, errors.New("stubGetParameter is not defined")
    30  	}
    31  	Expect(input).ToNot(BeNil())
    32  	Expect(input.SecretId).ToNot(BeNil())
    33  	value, err := mock.stubGetParameter(*input.SecretId)
    34  	if err != nil {
    35  		return nil, err
    36  	}
    37  	return value, nil
    38  }
    39  
    40  var _ = Describe("SecretsManager", func() {
    41  	var secretAccess *SecretsManager
    42  	var variables vars.Variables
    43  	var varRef vars.Reference
    44  	var mockService MockSecretsManagerService
    45  
    46  	JustBeforeEach(func() {
    47  		varRef = vars.Reference{Path: "cheery"}
    48  		t1, err := creds.BuildSecretTemplate("t1", DefaultPipelineSecretTemplate)
    49  		Expect(t1).NotTo(BeNil())
    50  		Expect(err).To(BeNil())
    51  		t2, err := creds.BuildSecretTemplate("t2", DefaultTeamSecretTemplate)
    52  		Expect(t2).NotTo(BeNil())
    53  		Expect(err).To(BeNil())
    54  		secretAccess = NewSecretsManager(lagertest.NewTestLogger("secretsmanager_test"), &mockService, []*creds.SecretTemplate{t1, t2})
    55  		variables = creds.NewVariables(secretAccess, "alpha", "bogus", false)
    56  		Expect(secretAccess).NotTo(BeNil())
    57  		mockService.stubGetParameter = func(input string) (*secretsmanager.GetSecretValueOutput, error) {
    58  			if input == "/concourse/alpha/bogus/cheery" {
    59  				return &secretsmanager.GetSecretValueOutput{SecretString: aws.String("secret value"), Name: &input}, nil
    60  			}
    61  			return nil, awserr.New(secretsmanager.ErrCodeResourceNotFoundException, "", nil)
    62  		}
    63  	})
    64  
    65  	Describe("Get()", func() {
    66  		It("should get parameter if exists", func() {
    67  			value, found, err := variables.Get(varRef)
    68  			Expect(value).To(BeEquivalentTo("secret value"))
    69  			Expect(found).To(BeTrue())
    70  			Expect(err).To(BeNil())
    71  		})
    72  
    73  		It("should get complex parameter", func() {
    74  			mockService.stubGetParameter = func(path string) (*secretsmanager.GetSecretValueOutput, error) {
    75  				return &secretsmanager.GetSecretValueOutput{
    76  					SecretBinary: []byte(`{"name": "yours", "pass": "truely"}`),
    77  				}, nil
    78  			}
    79  			value, found, err := variables.Get(vars.Reference{Path: "user"})
    80  			Expect(err).To(BeNil())
    81  			Expect(found).To(BeTrue())
    82  			Expect(value).To(BeEquivalentTo(map[string]interface{}{
    83  				"name": "yours",
    84  				"pass": "truely",
    85  			}))
    86  		})
    87  
    88  		It("should get team parameter if exists", func() {
    89  			mockService.stubGetParameter = func(input string) (*secretsmanager.GetSecretValueOutput, error) {
    90  				if input != "/concourse/alpha/cheery" {
    91  					return nil, awserr.New(secretsmanager.ErrCodeResourceNotFoundException, "", nil)
    92  				}
    93  				return &secretsmanager.GetSecretValueOutput{SecretString: aws.String("team decrypted value")}, nil
    94  			}
    95  			value, found, err := variables.Get(varRef)
    96  			Expect(value).To(BeEquivalentTo("team decrypted value"))
    97  			Expect(found).To(BeTrue())
    98  			Expect(err).To(BeNil())
    99  		})
   100  
   101  		It("should return not found on error", func() {
   102  			mockService.stubGetParameter = nil
   103  			value, found, err := variables.Get(varRef)
   104  			Expect(value).To(BeNil())
   105  			Expect(found).To(BeFalse())
   106  			Expect(err).NotTo(BeNil())
   107  		})
   108  
   109  		It("should allow empty pipeline name", func() {
   110  			variables := creds.NewVariables(secretAccess, "alpha", "", false)
   111  			mockService.stubGetParameter = func(input string) (*secretsmanager.GetSecretValueOutput, error) {
   112  				Expect(input).To(Equal("/concourse/alpha/cheery"))
   113  				return &secretsmanager.GetSecretValueOutput{SecretString: aws.String("team power")}, nil
   114  			}
   115  			value, found, err := variables.Get(varRef)
   116  			Expect(value).To(BeEquivalentTo("team power"))
   117  			Expect(found).To(BeTrue())
   118  			Expect(err).To(BeNil())
   119  		})
   120  	})
   121  })