forked from telia-oss/aws-env
-
Notifications
You must be signed in to change notification settings - Fork 0
/
environment_test.go
148 lines (141 loc) · 3.86 KB
/
environment_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
package environment_test
import (
"encoding/base64"
"os"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/aws/aws-sdk-go/service/secretsmanager"
"github.com/aws/aws-sdk-go/service/ssm"
"github.com/golang/mock/gomock"
environment "github.com/telia-oss/aws-env"
"github.com/telia-oss/aws-env/mocks"
)
func TestMain(t *testing.T) {
tests := []struct {
description string
envKey string
envValue string
secretMap map[string]string
expect string
json bool
callsSM bool
smOutput *secretsmanager.GetSecretValueOutput
callsSSM bool
ssmOutput *ssm.GetParameterOutput
callsKMS bool
kmsOutput *kms.DecryptOutput
}{
{
description: "does not have sideffects for the regular environment",
envKey: "TEST",
envValue: "somevalue",
expect: "somevalue",
},
{
description: "allows empty strings as secrets",
envKey: "TEST",
envValue: "sm://<secret-path>",
expect: "",
callsSM: true,
smOutput: &secretsmanager.GetSecretValueOutput{
SecretString: aws.String(""),
},
},
{
description: "picks up sm secrets",
envKey: "TEST",
envValue: "sm://<secret-path>",
expect: "secret",
callsSM: true,
smOutput: &secretsmanager.GetSecretValueOutput{
SecretString: aws.String("secret"),
},
},
{
description: "picks up ssm secrets",
envKey: "TEST",
envValue: "ssm://<parameter-path>",
expect: "secret",
callsSSM: true,
ssmOutput: &ssm.GetParameterOutput{
Parameter: &ssm.Parameter{
Value: aws.String("secret"),
},
},
},
{
description: "picks up kms secrets",
envKey: "TEST",
envValue: "kms://" + base64.StdEncoding.EncodeToString([]byte("<encrypted>")),
expect: "secret",
callsKMS: true,
kmsOutput: &kms.DecryptOutput{
Plaintext: []byte("secret"),
},
},
{
description: "test multi key-value secret within json",
envKey: "TEST",
envValue: "sm://<secret-path>",
expect: "sm://<secret-path>",
secretMap: map[string]string{
"user": "test",
"password": "secret",
},
json: true,
callsSM: true,
smOutput: &secretsmanager.GetSecretValueOutput{
SecretString: aws.String("{\"user\": \"test\",\"password\": \"secret\"}"),
},
},
}
for _, tc := range tests {
t.Run(tc.description, func(t *testing.T) {
ctrl := gomock.NewController(t)
defer ctrl.Finish()
sm := mocks.NewMockSMClient(ctrl)
if tc.callsSM {
sm.EXPECT().GetSecretValue(gomock.Any()).Times(1).Return(tc.smOutput, nil)
}
ssm := mocks.NewMockSSMClient(ctrl)
if tc.callsSSM {
ssm.EXPECT().GetParameter(gomock.Any()).Times(1).Return(tc.ssmOutput, nil)
}
kms := mocks.NewMockKMSClient(ctrl)
if tc.callsKMS {
kms.EXPECT().Decrypt(gomock.Any()).Times(1).Return(tc.kmsOutput, nil)
}
// Set environment
old := os.Getenv(tc.envKey)
if err := os.Setenv(tc.envKey, tc.envValue); err != nil {
t.Fatalf("failed to set environment variable: %s", err)
}
// Set the old value before exiting
defer func() {
if err := os.Setenv(tc.envKey, old); err != nil {
t.Fatalf("failed to set environment variable: %s", err)
}
}()
// Run tests
env := environment.NewTestManager(sm, ssm, kms)
if err := env.Populate(); err != nil {
t.Fatalf("unexpected error: %s", err)
}
if tc.json != true {
if got, want := os.Getenv(tc.envKey), tc.expect; got != want {
t.Errorf("\ngot: %s\nwanted: %s", got, want)
}
} else {
if got, want := os.Getenv(tc.envKey), tc.expect; got != want {
t.Errorf("\ngot: %s\nwanted: %s", got, want)
}
for secretKey, secretValue := range tc.secretMap {
if got, want := os.Getenv(secretKey), secretValue; got != want {
t.Errorf("\ngot: %s\nwanted: %s", got, want)
}
}
}
})
}
}