(t *testing.T)
| 206 | } |
| 207 | |
| 208 | func TestMasterKey_EncryptIfNeeded(t *testing.T) { |
| 209 | key, err := NewMasterKey(testKeyID1) |
| 210 | assert.NoError(t, err) |
| 211 | |
| 212 | // Key without encrypted data should attempt encryption |
| 213 | // (will fail without credentials, but that's expected) |
| 214 | err = key.EncryptIfNeeded([]byte("test-data")) |
| 215 | // We expect an error because we don't have real credentials |
| 216 | assert.Error(t, err) |
| 217 | |
| 218 | // Key with encrypted data should not attempt encryption |
| 219 | key.EncryptedKey = "already-encrypted" |
| 220 | err = key.EncryptIfNeeded([]byte("test-data")) |
| 221 | assert.NoError(t, err) |
| 222 | assert.Equal(t, "already-encrypted", key.EncryptedKey) |
| 223 | } |
| 224 | |
| 225 | func TestCredentials_ApplyToMasterKey(t *testing.T) { |
| 226 | basicCred := auth.NewBasicCredentialsBuilder(). |
nothing calls this directly
no test coverage detected