go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers-sdk/v1/inventory/manager/credentials_query_test.go

go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers-sdk/v1/inventory/manager/credentials_query_test.go (about)

     1  // Copyright (c) Mondoo, Inc.
     2  // SPDX-License-Identifier: BUSL-1.1
     3  
     4  package manager_test
     5  
     6  import (
     7  	"testing"
     8  
     9  	"github.com/stretchr/testify/assert"
    10  	"github.com/stretchr/testify/require"
    11  	"go.mondoo.com/cnquery/llx"
    12  	"go.mondoo.com/cnquery/providers-sdk/v1/inventory"
    13  	"go.mondoo.com/cnquery/providers-sdk/v1/inventory/manager"
    14  	"go.mondoo.com/cnquery/providers-sdk/v1/testutils"
    15  	"go.mondoo.com/cnquery/providers-sdk/v1/vault"
    16  )
    17  
    18  var runtime llx.Runtime
    19  
    20  func init() {
    21  	runtime = testutils.LinuxMock()
    22  }
    23  
    24  func TestSecretKeySimple(t *testing.T) {
    25  	query := `{ type: 'ssh_agent' }`
    26  	runner, err := manager.NewCredentialQueryRunner(query, runtime)
    27  	require.NoError(t, err)
    28  	cred, err := runner.Run(&inventory.Asset{})
    29  	require.NoError(t, err)
    30  	assert.Equal(t, vault.CredentialType_ssh_agent, cred.Type)
    31  }
    32  
    33  func TestSecretKeyIfReturn(t *testing.T) {
    34  	query := `
    35  		if (props.labels['key'] == 'value') {
    36  			return {type: 'password', secret_id: 'theonekey'}
    37  		}
    38  		return {type: 'private_key', secret_id: 'otherkey'}
    39  	`
    40  
    41  	runner, err := manager.NewCredentialQueryRunner(query, runtime)
    42  	require.NoError(t, err)
    43  
    44  	cred, err := runner.Run(&inventory.Asset{
    45  		Labels: map[string]string{
    46  			"key": "value",
    47  		},
    48  	})
    49  	require.NoError(t, err)
    50  
    51  	assert.Equal(t, vault.CredentialType_password, cred.Type)
    52  	assert.Equal(t, "theonekey", cred.SecretId)
    53  }
    54  
    55  func TestSecretKeyIfConditionalReturn(t *testing.T) {
    56  	query := `
    57  		if (props.labels['Name'] == 'ssh') { 
    58  	       return { user: 'ec2-user', type: 'private_key', secret_id: 'arn:aws:secretsmanager:us-east-2:172746783610:secret:vj/secret-lHvP9r'}
    59          }
    60          return { secret_id: '' }"
    61  	`
    62  
    63  	runner, err := manager.NewCredentialQueryRunner(query, runtime)
    64  	require.NoError(t, err)
    65  
    66  	// check with provided label
    67  	cred, err := runner.Run(&inventory.Asset{
    68  		Labels: map[string]string{
    69  			"Name": "ssh",
    70  		},
    71  	})
    72  	require.NoError(t, err)
    73  	assert.Equal(t, vault.CredentialType_private_key, cred.Type)
    74  	assert.Equal(t, "arn:aws:secretsmanager:us-east-2:172746783610:secret:vj/secret-lHvP9r", cred.SecretId)
    75  
    76  	// check without a label
    77  	cred, err = runner.Run(&inventory.Asset{
    78  		Labels: map[string]string{},
    79  	})
    80  	require.NoError(t, err)
    81  	assert.Equal(t, vault.CredentialType_undefined, cred.Type)
    82  	assert.Equal(t, "", cred.SecretId)
    83  }