(t *testing.T)
| 878 | } |
| 879 | |
| 880 | func TestDestinationValidationSingleVaultDestination(t *testing.T) { |
| 881 | validVaultConfig := []byte(` |
| 882 | destination_rules: |
| 883 | - path_regex: '^test/.*' |
| 884 | vault_path: 'secret/sops' |
| 885 | vault_address: 'https://vault.example.com' |
| 886 | recreation_rule: |
| 887 | kms: 'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012' |
| 888 | `) |
| 889 | conf, err := parseDestinationRuleForFile(parseConfigFile(validVaultConfig, t), "test/secrets.yaml", nil) |
| 890 | assert.Nil(t, err) |
| 891 | assert.NotNil(t, conf.Destination) |
| 892 | assert.Contains(t, conf.Destination.Path("secrets.yaml"), "https://vault.example.com/v1/secret/data/secret/sops/secrets.yaml") |
| 893 | } |
| 894 | |
| 895 | // TestKeyGroupsForFileWithExternalEncryptionContext tests that when kmsEncryptionContext |
| 896 | // is passed to parseCreationRuleForFile, the resulting KMS keys have the encryption context set. |
nothing calls this directly
no test coverage detected