(t *testing.T)
| 732 | } |
| 733 | |
| 734 | func TestCreationRuleNativeKeyLists(t *testing.T) { |
| 735 | var sampleConfigWithNativeKeyLists = []byte(` |
| 736 | creation_rules: |
| 737 | - path_regex: native_list* |
| 738 | pgp: |
| 739 | - "85D77543B3D624B63CEA9E6DBC17301B491B3F21" # name@email.com |
| 740 | - "FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4" # server_XYZ |
| 741 | kms: |
| 742 | - "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012" |
| 743 | age: |
| 744 | - "age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p" |
| 745 | gcp_kms: |
| 746 | - "projects/test-project/locations/global/keyRings/test-ring/cryptoKeys/test-key" |
| 747 | hc_vault_transit_uri: |
| 748 | - "https://vault.example.com:8200/v1/transit/keys/key1" |
| 749 | `) |
| 750 | conf, err := parseCreationRuleForFile(parseConfigFile(sampleConfigWithNativeKeyLists, t), "/conf/path", "native_list_test", nil) |
| 751 | assert.Nil(t, err) |
| 752 | if conf == nil { |
| 753 | t.Fatal("Expected configuration but got nil") |
| 754 | } |
| 755 | |
| 756 | assert.True(t, len(conf.KeyGroups) == 1) |
| 757 | assert.True(t, len(conf.KeyGroups[0]) == 6) |
| 758 | |
| 759 | keyTypeCounts := make(map[string]int) |
| 760 | for _, key := range conf.KeyGroups[0] { |
| 761 | keyTypeCounts[key.TypeToIdentifier()]++ |
| 762 | } |
| 763 | |
| 764 | assert.Equal(t, 2, keyTypeCounts["pgp"]) |
| 765 | assert.Equal(t, 1, keyTypeCounts["kms"]) |
| 766 | assert.Equal(t, 1, keyTypeCounts["age"]) |
| 767 | assert.Equal(t, 1, keyTypeCounts["gcp_kms"]) |
| 768 | assert.Equal(t, 1, keyTypeCounts["hc_vault"]) |
| 769 | } |
| 770 | |
| 771 | // Test configurations with multiple destinations should fail |
| 772 | var sampleConfigWithS3GCSConflict = []byte(` |
nothing calls this directly
no test coverage detected