From 0ff12432aeaa5dbddd0770472a0d2a1a5d7318b9 Mon Sep 17 00:00:00 2001
From: Andrea Luzzardi <aluzzardi@gmail.com>
Date: Tue, 25 May 2021 13:27:51 -0700
Subject: [PATCH] add encryption tests

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
---
 dagger/environment_test.go     |  2 +-
 dagger/state/workspace_test.go | 54 ++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/dagger/environment_test.go b/dagger/environment_test.go
index cb200b8d..06fccdd1 100644
--- a/dagger/environment_test.go
+++ b/dagger/environment_test.go
@@ -19,5 +19,5 @@ func TestLocalDirs(t *testing.T) {
 	localdirs := environment.LocalDirs()
 	require.Len(t, localdirs, 2)
 	require.Contains(t, localdirs, "/")
-	require.Contains(t, localdirs, "/tmp/source")
+	require.Contains(t, localdirs, "/tmp/source/plan")
 }
diff --git a/dagger/state/workspace_test.go b/dagger/state/workspace_test.go
index a474f36a..9b7b6afd 100644
--- a/dagger/state/workspace_test.go
+++ b/dagger/state/workspace_test.go
@@ -3,9 +3,12 @@ package state
 import (
 	"context"
 	"os"
+	"path"
+	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/require"
+	"gopkg.in/yaml.v3"
 )
 
 func TestWorkspace(t *testing.T) {
@@ -53,3 +56,54 @@ func TestWorkspace(t *testing.T) {
 	require.NoError(t, err)
 	require.Contains(t, env.Inputs, "foo")
 }
+
+func TestEncryption(t *testing.T) {
+	ctx := context.TODO()
+
+	readManifest := func(st *State) *State {
+		data, err := os.ReadFile(path.Join(st.Path, manifestFile))
+		require.NoError(t, err)
+		m := State{}
+		require.NoError(t, yaml.Unmarshal(data, &m))
+		return &m
+	}
+
+	root, err := os.MkdirTemp(os.TempDir(), "dagger-*")
+	require.NoError(t, err)
+	workspace, err := Init(ctx, root)
+	require.NoError(t, err)
+
+	_, err = workspace.Create(ctx, "test")
+	require.NoError(t, err)
+
+	// Set a plaintext input, make sure it is not encrypted
+	st, err := workspace.Get(ctx, "test")
+	require.NoError(t, err)
+	require.NoError(t, st.SetInput("plain", TextInput("plain")))
+	require.NoError(t, workspace.Save(ctx, st))
+	o := readManifest(st)
+	require.Contains(t, o.Inputs, "plain")
+	require.Equal(t, "plain", string(*o.Inputs["plain"].Text))
+
+	// Set a secret input, make sure it's encrypted
+	st, err = workspace.Get(ctx, "test")
+	require.NoError(t, err)
+	require.NoError(t, st.SetInput("secret", SecretInput("secret")))
+	require.NoError(t, workspace.Save(ctx, st))
+	o = readManifest(st)
+	require.Contains(t, o.Inputs, "secret")
+	secretValue := string(*o.Inputs["secret"].Secret)
+	require.NotEqual(t, "secret", secretValue)
+	require.True(t, strings.HasPrefix(secretValue, "ENC["))
+
+	// Change another input, make sure our secret didn't change
+	st, err = workspace.Get(ctx, "test")
+	require.NoError(t, err)
+	require.NoError(t, st.SetInput("plain", TextInput("different")))
+	require.NoError(t, workspace.Save(ctx, st))
+	o = readManifest(st)
+	require.Contains(t, o.Inputs, "plain")
+	require.Equal(t, "different", string(*o.Inputs["plain"].Text))
+	require.Contains(t, o.Inputs, "secret")
+	require.Equal(t, secretValue, string(*o.Inputs["secret"].Secret))
+}