(t *testing.T)
| 186 | } |
| 187 | |
| 188 | func TestMasterKey_Encrypt(t *testing.T) { |
| 189 | if testSkipDocker { |
| 190 | return |
| 191 | } |
| 192 | |
| 193 | key := NewMasterKey(testVaultAddress, testEnginePath, "encrypt") |
| 194 | (Token(testVaultToken)).ApplyToMasterKey(key) |
| 195 | assert.NoError(t, createVaultKey(key)) |
| 196 | |
| 197 | dataKey := []byte("the majority of your brain is fat") |
| 198 | assert.NoError(t, key.Encrypt(dataKey)) |
| 199 | assert.NotEmpty(t, key.EncryptedKey) |
| 200 | |
| 201 | client, err := vaultClient(key.VaultAddress, key.token, nil) |
| 202 | assert.NoError(t, err) |
| 203 | |
| 204 | payload := decryptPayload(key.EncryptedKey) |
| 205 | secret, err := client.Logical().Write(key.decryptPath(), payload) |
| 206 | assert.NoError(t, err) |
| 207 | |
| 208 | decryptedData, err := dataKeyFromSecret(secret) |
| 209 | assert.NoError(t, err) |
| 210 | assert.Equal(t, dataKey, decryptedData) |
| 211 | |
| 212 | key.EnginePath = "invalid" |
| 213 | assert.Error(t, key.Encrypt(dataKey)) |
| 214 | |
| 215 | key.EnginePath = testEnginePath |
| 216 | key.token = "" |
| 217 | assert.Error(t, key.Encrypt(dataKey)) |
| 218 | } |
| 219 | |
| 220 | func TestMasterKey_EncryptIfNeeded(t *testing.T) { |
| 221 | if testSkipDocker { |
nothing calls this directly
no test coverage detected