github.com/tommi2day/pwcli@v0.0.0-20240317203041-4d1177a5ab91/cmd/kms_test.go (about) 1 package cmd 2 3 import ( 4 "fmt" 5 "os" 6 "testing" 7 8 "github.com/tommi2day/pwcli/test" 9 10 "github.com/aws/aws-sdk-go-v2/service/kms" 11 "github.com/spf13/viper" 12 "github.com/stretchr/testify/assert" 13 "github.com/stretchr/testify/require" 14 "github.com/tommi2day/gomodules/common" 15 "github.com/tommi2day/gomodules/pwlib" 16 ) 17 18 func TestKMS(t *testing.T) { 19 if os.Getenv("SKIP_KMS") != "" { 20 t.Skip("Skipping KMS testing in CI environment") 21 } 22 var err error 23 var out = "" 24 test.Testinit(t) 25 26 kmsapp := "test_kms_file" 27 testdata := test.TestData 28 kmspc := pwlib.NewConfig(kmsapp, testdata, testdata, kmsapp, typeKMS) 29 30 err = os.Chdir(test.TestDir) 31 require.NoErrorf(t, err, "ChDir failed") 32 filename := kmspc.PlainTextFile 33 _ = os.Remove(filename) 34 //nolint gosec 35 err = os.WriteFile(filename, []byte(plain), 0644) 36 require.NoErrorf(t, err, "Create testdata failed") 37 38 var kmsClient *kms.Client 39 kmsContainer, err := prepareKmsContainer() 40 require.NoErrorf(t, err, "KMS Server not available") 41 require.NotNil(t, kmsContainer, "Prepare failed") 42 defer common.DestroyDockerContainer(kmsContainer) 43 44 _ = os.Setenv("AWS_ACCESS_KEY_ID", "abcdef") 45 _ = os.Setenv("AWS_SECRET_ACCESS_KEY", "abcdefSecret") 46 _ = os.Setenv("AWS_DEFAULT_REGION", "eu-central-1") 47 _ = os.Setenv("KMS_ENDPOINT", kmsAddress) 48 49 kmsClient = pwlib.ConnectToKMS() 50 require.NotNil(t, kmsClient, "Connect to KMS failed") 51 keyID := "" 52 alias := fmt.Sprintf("alias/%s", kmsapp) 53 if kmsClient == nil { 54 t.Fatal("Connect to KMS failed") 55 } 56 t.Run("Create KMS Key", func(t *testing.T) { 57 keyout, err := pwlib.GenKMSKey(kmsClient, "", fmt.Sprintf("Key for %s", kmsapp), map[string]string{"app": kmsapp}) 58 require.NoErrorf(t, err, "CreateKMSKey failed:%s", err) 59 require.NotNil(t, keyout, "CreateKMSKey response empty") 60 if keyout != nil { 61 keyID, _ = pwlib.GetKMSKeyIDs(keyout.KeyMetadata) 62 _, err = pwlib.CreateKMSAlias(kmsClient, alias, keyID) 63 require.NoErrorf(t, err, "CreateKMSAlias failed:%s", err) 64 } 65 }) 66 if keyID == "" { 67 t.Fatal("CreateKMSKey failed") 68 return 69 } 70 71 t.Run("CMD Encrypt KMS", func(t *testing.T) { 72 args := []string{ 73 "encrypt", 74 "--app", kmsapp, 75 "-D", testdata, 76 "-K", testdata, 77 "--kms_keyid", keyID, 78 "--method", typeKMS, 79 "--info", 80 "--unit-test", 81 } 82 out, err = common.CmdRun(RootCmd, args) 83 require.NoErrorf(t, err, "Encrypt command should not return an error:%s", err) 84 assert.FileExistsf(t, pc.CryptedFile, "Crypted file '%s' not found", pc.CryptedFile) 85 assert.Contains(t, out, "successfully created", "Output should confirm encryption") 86 t.Logf(out) 87 }) 88 viper.Set("kms_keyid", "") 89 t.Run("CMD list KMS with alias", func(t *testing.T) { 90 args := []string{ 91 "list", 92 "--app", kmsapp, 93 "-D", testdata, 94 "-K", testdata, 95 "--method", typeKMS, 96 "--kms_keyid", alias, 97 "--info", 98 "--unit-test", 99 } 100 out, err = common.CmdRun(RootCmd, args) 101 require.NoErrorf(t, err, "list command should not return an error:%s", err) 102 assert.Contains(t, out, "List returned 10 lines", "Output should lines of plainfile") 103 t.Logf(out) 104 }) 105 106 t.Run("CMD get KMS with Key Env", func(t *testing.T) { 107 _ = os.Setenv("KMS_KEYID", keyID) 108 args := []string{ 109 "get", 110 "--app", kmsapp, 111 "--method", typeKMS, 112 "-D", testdata, 113 "-K", testdata, 114 "--info", 115 "--unit-test", 116 "--system", "test", 117 "--user", "testuser", 118 } 119 out, err = common.CmdRun(RootCmd, args) 120 require.NoErrorf(t, err, "get command should not return an error:%s", err) 121 assert.Contains(t, out, "Found matching entry", "Output should confirm match") 122 assert.Contains(t, out, "'testpass'", "Output should return correct match") 123 t.Logf(out) 124 }) 125 }