Skip to content

Commit cf49a6d

Browse files
BenehikoBenehiko
committed
test: keychain upsert
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
1 parent 87814e7 commit cf49a6d

2 files changed

Lines changed: 120 additions & 0 deletions

File tree

store/keychain/keychain_test.go

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -366,6 +366,52 @@ func TestKeychain(t *testing.T) {
366366
require.ErrorContains(t, err, "i am failing on purpose")
367367
})
368368

369+
t.Run("upsert inserts when credential does not exist", func(t *testing.T) {
370+
ks := setupKeychain(t, nil)
371+
id := store.MustParseID("com.test.test/test/upsert-insert")
372+
creds := &mocks.MockCredential{
373+
Username: "alice",
374+
Password: "alice-password",
375+
}
376+
t.Cleanup(func() {
377+
require.NoError(t, ks.Delete(context.Background(), id))
378+
})
379+
require.NoError(t, ks.Upsert(t.Context(), id, creds))
380+
381+
secret, err := ks.Get(t.Context(), id)
382+
require.NoError(t, err)
383+
actual := secret.(*mocks.MockCredential)
384+
actual.Attributes = nil
385+
assert.Equal(t, creds.Username, actual.Username)
386+
assert.Equal(t, creds.Password, actual.Password)
387+
})
388+
389+
t.Run("upsert overwrites an existing credential", func(t *testing.T) {
390+
ks := setupKeychain(t, nil)
391+
id := store.MustParseID("com.test.test/test/upsert-overwrite")
392+
original := &mocks.MockCredential{
393+
Username: "bob",
394+
Password: "original-password",
395+
}
396+
t.Cleanup(func() {
397+
require.NoError(t, ks.Delete(context.Background(), id))
398+
})
399+
require.NoError(t, ks.Save(t.Context(), id, original))
400+
401+
updated := &mocks.MockCredential{
402+
Username: "bob",
403+
Password: "updated-password",
404+
}
405+
require.NoError(t, ks.Upsert(t.Context(), id, updated))
406+
407+
secret, err := ks.Get(t.Context(), id)
408+
require.NoError(t, err)
409+
actual := secret.(*mocks.MockCredential)
410+
actual.Attributes = nil
411+
assert.Equal(t, updated.Username, actual.Username)
412+
assert.Equal(t, updated.Password, actual.Password)
413+
})
414+
369415
t.Run("set metadata error on getAllMetadata", func(t *testing.T) {
370416
kc := setupKeychain(t, func(_ context.Context, _ store.ID) store.Secret {
371417
return &mustUnmarshalError{}

store/posixage/store_test.go

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -656,6 +656,80 @@ func TestPOSIXAge(t *testing.T) {
656656
assert.Equal(t, secret, storeSecret)
657657
})
658658

659+
t.Run("upsert inserts when credential does not exist", func(t *testing.T) {
660+
root, err := os.OpenRoot(t.TempDir())
661+
require.NoError(t, err)
662+
t.Cleanup(func() {
663+
assert.NoError(t, root.Close())
664+
})
665+
666+
masterKey := uuid.NewString()
667+
s, err := New(root,
668+
func(_ context.Context, _ store.ID) *mocks.MockCredential {
669+
return &mocks.MockCredential{}
670+
},
671+
WithLogger(&testLogger{t}),
672+
WithEncryptionCallbackFunc[EncryptionPassword](func(_ context.Context) ([]byte, error) {
673+
return []byte(masterKey), nil
674+
}),
675+
WithDecryptionCallbackFunc[DecryptionPassword](func(_ context.Context) ([]byte, error) {
676+
return []byte(masterKey), nil
677+
}),
678+
)
679+
require.NoError(t, err)
680+
681+
secret := &mocks.MockCredential{
682+
Username: uuid.NewString(),
683+
Password: uuid.NewString(),
684+
}
685+
id := secrets.MustParseID("test/something/" + uuid.NewString())
686+
require.NoError(t, s.Upsert(t.Context(), id, secret))
687+
688+
storeSecret, err := s.Get(t.Context(), id)
689+
require.NoError(t, err)
690+
assert.EqualValues(t, secret, storeSecret)
691+
})
692+
693+
t.Run("upsert overwrites an existing credential", func(t *testing.T) {
694+
root, err := os.OpenRoot(t.TempDir())
695+
require.NoError(t, err)
696+
t.Cleanup(func() {
697+
assert.NoError(t, root.Close())
698+
})
699+
700+
masterKey := uuid.NewString()
701+
s, err := New(root,
702+
func(_ context.Context, _ store.ID) *mocks.MockCredential {
703+
return &mocks.MockCredential{}
704+
},
705+
WithLogger(&testLogger{t}),
706+
WithEncryptionCallbackFunc[EncryptionPassword](func(_ context.Context) ([]byte, error) {
707+
return []byte(masterKey), nil
708+
}),
709+
WithDecryptionCallbackFunc[DecryptionPassword](func(_ context.Context) ([]byte, error) {
710+
return []byte(masterKey), nil
711+
}),
712+
)
713+
require.NoError(t, err)
714+
715+
original := &mocks.MockCredential{
716+
Username: uuid.NewString(),
717+
Password: uuid.NewString(),
718+
}
719+
id := secrets.MustParseID("test/something/" + uuid.NewString())
720+
require.NoError(t, s.Save(t.Context(), id, original))
721+
722+
updated := &mocks.MockCredential{
723+
Username: uuid.NewString(),
724+
Password: uuid.NewString(),
725+
}
726+
require.NoError(t, s.Upsert(t.Context(), id, updated))
727+
728+
storeSecret, err := s.Get(t.Context(), id)
729+
require.NoError(t, err)
730+
assert.EqualValues(t, updated, storeSecret)
731+
})
732+
659733
t.Run("an error on encryption callbackFunc is propagated on save", func(t *testing.T) {
660734
root, err := os.OpenRoot(t.TempDir())
661735
require.NoError(t, err)

0 commit comments

Comments
 (0)