add encryption tests
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
This commit is contained in:
Andrea Luzzardi
parent
1e37a0862c
commit
0ff12432ae
@ -19,5 +19,5 @@ func TestLocalDirs(t *testing.T) {
|
|||||||
localdirs := environment.LocalDirs()
|
localdirs := environment.LocalDirs()
|
||||||
require.Len(t, localdirs, 2)
|
require.Len(t, localdirs, 2)
|
||||||
require.Contains(t, localdirs, "/")
|
require.Contains(t, localdirs, "/")
|
||||||
require.Contains(t, localdirs, "/tmp/source")
|
require.Contains(t, localdirs, "/tmp/source/plan")
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,9 +3,12 @@ package state
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"os"
|
"os"
|
||||||
|
"path"
|
||||||
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
"gopkg.in/yaml.v3"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestWorkspace(t *testing.T) {
|
func TestWorkspace(t *testing.T) {
|
||||||
@ -53,3 +56,54 @@ func TestWorkspace(t *testing.T) {
|
|||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Contains(t, env.Inputs, "foo")
|
require.Contains(t, env.Inputs, "foo")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestEncryption(t *testing.T) {
|
||||||
|
ctx := context.TODO()
|
||||||
|
|
||||||
|
readManifest := func(st *State) *State {
|
||||||
|
data, err := os.ReadFile(path.Join(st.Path, manifestFile))
|
||||||
|
require.NoError(t, err)
|
||||||
|
m := State{}
|
||||||
|
require.NoError(t, yaml.Unmarshal(data, &m))
|
||||||
|
return &m
|
||||||
|
}
|
||||||
|
|
||||||
|
root, err := os.MkdirTemp(os.TempDir(), "dagger-*")
|
||||||
|
require.NoError(t, err)
|
||||||
|
workspace, err := Init(ctx, root)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
_, err = workspace.Create(ctx, "test")
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
// Set a plaintext input, make sure it is not encrypted
|
||||||
|
st, err := workspace.Get(ctx, "test")
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.NoError(t, st.SetInput("plain", TextInput("plain")))
|
||||||
|
require.NoError(t, workspace.Save(ctx, st))
|
||||||
|
o := readManifest(st)
|
||||||
|
require.Contains(t, o.Inputs, "plain")
|
||||||
|
require.Equal(t, "plain", string(*o.Inputs["plain"].Text))
|
||||||
|
|
||||||
|
// Set a secret input, make sure it's encrypted
|
||||||
|
st, err = workspace.Get(ctx, "test")
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.NoError(t, st.SetInput("secret", SecretInput("secret")))
|
||||||
|
require.NoError(t, workspace.Save(ctx, st))
|
||||||
|
o = readManifest(st)
|
||||||
|
require.Contains(t, o.Inputs, "secret")
|
||||||
|
secretValue := string(*o.Inputs["secret"].Secret)
|
||||||
|
require.NotEqual(t, "secret", secretValue)
|
||||||
|
require.True(t, strings.HasPrefix(secretValue, "ENC["))
|
||||||
|
|
||||||
|
// Change another input, make sure our secret didn't change
|
||||||
|
st, err = workspace.Get(ctx, "test")
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.NoError(t, st.SetInput("plain", TextInput("different")))
|
||||||
|
require.NoError(t, workspace.Save(ctx, st))
|
||||||
|
o = readManifest(st)
|
||||||
|
require.Contains(t, o.Inputs, "plain")
|
||||||
|
require.Equal(t, "different", string(*o.Inputs["plain"].Text))
|
||||||
|
require.Contains(t, o.Inputs, "secret")
|
||||||
|
require.Equal(t, secretValue, string(*o.Inputs["secret"].Secret))
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user