github.com/zntrio/harp/v2@v2.0.9/pkg/bundle/encryption_test.go (about) 1 // Licensed to Elasticsearch B.V. under one or more contributor 2 // license agreements. See the NOTICE file distributed with 3 // this work for additional information regarding copyright 4 // ownership. Elasticsearch B.V. licenses this file to you under 5 // the Apache License, Version 2.0 (the "License"); you may 6 // not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, 12 // software distributed under the License is distributed on an 13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 // KIND, either express or implied. See the License for the 15 // specific language governing permissions and limitations 16 // under the License. 17 package bundle 18 19 import ( 20 "context" 21 "fmt" 22 "testing" 23 24 bundlev1 "github.com/zntrio/harp/v2/api/gen/go/harp/bundle/v1" 25 "github.com/zntrio/harp/v2/pkg/bundle/secret" 26 "github.com/zntrio/harp/v2/pkg/sdk/value" 27 ) 28 29 // -----------------------------------------------------------------------------. 30 var _ value.Transformer = (*mockedTransformer)(nil) 31 32 type mockedTransformer struct { 33 err error 34 } 35 36 func (m *mockedTransformer) To(ctx context.Context, input []byte) ([]byte, error) { 37 return input, m.err 38 } 39 func (m *mockedTransformer) From(ctx context.Context, input []byte) ([]byte, error) { 40 return input, m.err 41 } 42 43 // -----------------------------------------------------------------------------. 44 func TestPartialLock(t *testing.T) { 45 type args struct { 46 ctx context.Context 47 b *bundlev1.Bundle 48 transformerMap map[string]value.Transformer 49 skipUnresolved bool 50 } 51 tests := []struct { 52 name string 53 args args 54 wantErr bool 55 }{ 56 { 57 name: "Nil bundle", 58 wantErr: true, 59 }, 60 { 61 name: "Nil transformer map", 62 args: args{ 63 b: &bundlev1.Bundle{}, 64 transformerMap: nil, 65 }, 66 wantErr: true, 67 }, 68 { 69 name: "no annotation found", 70 args: args{ 71 b: &bundlev1.Bundle{ 72 Packages: []*bundlev1.Package{ 73 { 74 Name: "test/app/encrypted", 75 Secrets: &bundlev1.SecretChain{ 76 Data: []*bundlev1.KV{ 77 { 78 Key: "test", 79 Value: secret.MustPack("value"), 80 }, 81 }, 82 }, 83 }, 84 }, 85 }, 86 transformerMap: map[string]value.Transformer{ 87 "test": &mockedTransformer{}, 88 }, 89 }, 90 wantErr: false, 91 }, 92 { 93 name: "no key alias found", 94 args: args{ 95 b: &bundlev1.Bundle{ 96 Packages: []*bundlev1.Package{ 97 { 98 Name: "test/app/encrypted", 99 Annotations: map[string]string{ 100 packageEncryptionAnnotation: "test", 101 }, 102 Secrets: &bundlev1.SecretChain{ 103 Data: []*bundlev1.KV{ 104 { 105 Key: "test", 106 Value: secret.MustPack("value"), 107 }, 108 }, 109 }, 110 }, 111 }, 112 }, 113 transformerMap: map[string]value.Transformer{ 114 "invalid": &mockedTransformer{}, 115 }, 116 }, 117 wantErr: true, 118 }, 119 { 120 name: "alias point to nil transformer", 121 args: args{ 122 b: &bundlev1.Bundle{ 123 Packages: []*bundlev1.Package{ 124 { 125 Name: "test/app/encrypted", 126 Annotations: map[string]string{ 127 packageEncryptionAnnotation: "test", 128 }, 129 Secrets: &bundlev1.SecretChain{ 130 Data: []*bundlev1.KV{ 131 { 132 Key: "test", 133 Value: secret.MustPack("value"), 134 }, 135 }, 136 }, 137 }, 138 }, 139 }, 140 transformerMap: map[string]value.Transformer{ 141 "test": nil, 142 }, 143 }, 144 wantErr: true, 145 }, 146 { 147 name: "bundle secret unpack error", 148 args: args{ 149 b: &bundlev1.Bundle{ 150 Packages: []*bundlev1.Package{ 151 { 152 Name: "test/app/encrypted", 153 Annotations: map[string]string{ 154 packageEncryptionAnnotation: "test", 155 }, 156 Secrets: &bundlev1.SecretChain{ 157 Data: []*bundlev1.KV{ 158 { 159 Key: "test", 160 Value: []byte("value"), 161 }, 162 }, 163 }, 164 }, 165 }, 166 }, 167 transformerMap: map[string]value.Transformer{ 168 "test": &mockedTransformer{}, 169 }, 170 }, 171 wantErr: true, 172 }, 173 { 174 name: "transformer error", 175 args: args{ 176 b: &bundlev1.Bundle{ 177 Packages: []*bundlev1.Package{ 178 { 179 Name: "test/app/encrypted", 180 Annotations: map[string]string{ 181 packageEncryptionAnnotation: "test", 182 }, 183 Secrets: &bundlev1.SecretChain{ 184 Data: []*bundlev1.KV{ 185 { 186 Key: "test", 187 Value: secret.MustPack("value"), 188 }, 189 }, 190 }, 191 }, 192 }, 193 }, 194 transformerMap: map[string]value.Transformer{ 195 "test": &mockedTransformer{ 196 err: fmt.Errorf("test"), 197 }, 198 }, 199 }, 200 wantErr: true, 201 }, 202 // --------------------------------------------------------------------- 203 { 204 name: "valid", 205 args: args{ 206 b: &bundlev1.Bundle{ 207 Packages: []*bundlev1.Package{ 208 { 209 Name: "test/app/encrypted", 210 Annotations: map[string]string{ 211 packageEncryptionAnnotation: "test", 212 }, 213 Secrets: &bundlev1.SecretChain{ 214 Data: []*bundlev1.KV{ 215 { 216 Key: "test", 217 Value: secret.MustPack("value"), 218 }, 219 }, 220 }, 221 }, 222 }, 223 }, 224 transformerMap: map[string]value.Transformer{ 225 "test": &mockedTransformer{}, 226 }, 227 }, 228 wantErr: false, 229 }, 230 { 231 name: "no key alias found with skip", 232 args: args{ 233 b: &bundlev1.Bundle{ 234 Packages: []*bundlev1.Package{ 235 { 236 Name: "test/app/encrypted", 237 Annotations: map[string]string{ 238 packageEncryptionAnnotation: "test", 239 }, 240 Secrets: &bundlev1.SecretChain{ 241 Data: []*bundlev1.KV{ 242 { 243 Key: "test", 244 Value: secret.MustPack("value"), 245 }, 246 }, 247 }, 248 }, 249 }, 250 }, 251 transformerMap: map[string]value.Transformer{ 252 "invalid": &mockedTransformer{}, 253 }, 254 skipUnresolved: true, 255 }, 256 wantErr: false, 257 }, 258 } 259 for _, tt := range tests { 260 t.Run(tt.name, func(t *testing.T) { 261 if err := PartialLock(tt.args.ctx, tt.args.b, tt.args.transformerMap, tt.args.skipUnresolved); (err != nil) != tt.wantErr { 262 t.Errorf("PartialLock() error = %v, wantErr %v", err, tt.wantErr) 263 } 264 }) 265 } 266 }