(t *testing.T)
| 241 | } |
| 242 | |
| 243 | func TestMasterKey_Decrypt(t *testing.T) { |
| 244 | if testSkipDocker { |
| 245 | return |
| 246 | } |
| 247 | |
| 248 | key := NewMasterKey(testVaultAddress, testEnginePath, "decrypt") |
| 249 | (Token(testVaultToken)).ApplyToMasterKey(key) |
| 250 | assert.NoError(t, createVaultKey(key)) |
| 251 | |
| 252 | client, err := vaultClient(key.VaultAddress, key.token, nil) |
| 253 | assert.NoError(t, err) |
| 254 | |
| 255 | dataKey := []byte("the heart of a shrimp is located in its head") |
| 256 | secret, err := client.Logical().Write(key.encryptPath(), encryptPayload(dataKey)) |
| 257 | assert.NoError(t, err) |
| 258 | |
| 259 | encryptedKey, err := encryptedKeyFromSecret(secret) |
| 260 | assert.NoError(t, err) |
| 261 | |
| 262 | key.EncryptedKey = encryptedKey |
| 263 | got, err := key.Decrypt() |
| 264 | assert.NoError(t, err) |
| 265 | assert.Equal(t, dataKey, got) |
| 266 | |
| 267 | key.EnginePath = "invalid" |
| 268 | assert.Error(t, key.Encrypt(dataKey)) |
| 269 | |
| 270 | key.EnginePath = testEnginePath |
| 271 | key.token = "" |
| 272 | assert.Error(t, key.Encrypt(dataKey)) |
| 273 | } |
| 274 | |
| 275 | func TestMasterKey_EncryptDecrypt_RoundTrip(t *testing.T) { |
| 276 | if testSkipDocker { |
nothing calls this directly
no test coverage detected