MCPcopy
hub / github.com/getsops/sops / TestMasterKey_Encrypt

Function TestMasterKey_Encrypt

kms/keysource_test.go:243–281  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

241}
242
243func TestMasterKey_Encrypt(t *testing.T) {
244 t.Run("encrypt", func(t *testing.T) {
245 key := createTestMasterKey(testKMSARN)
246 dataKey := []byte("UFO sightings")
247 assert.NoError(t, key.Encrypt(dataKey))
248 assert.NotEmpty(t, key.EncryptedKey)
249
250 kmsClient, err := createTestKMSClient(key)
251 assert.NoError(t, err)
252
253 k, err := base64.StdEncoding.DecodeString(key.EncryptedKey)
254 assert.NoError(t, err)
255
256 input := &kms.DecryptInput{
257 CiphertextBlob: k,
258 EncryptionContext: stringPointerToStringMap(key.EncryptionContext),
259 }
260 decrypted, err := kmsClient.Decrypt(context.TODO(), input)
261 assert.NoError(t, err)
262 assert.Equal(t, dataKey, decrypted.Plaintext)
263 })
264
265 t.Run("encrypt error", func(t *testing.T) {
266 // Valid ARN but invalid for test server.
267 key := createTestMasterKey(dummyARN)
268 err := key.Encrypt([]byte("UFO sightings"))
269 assert.Error(t, err)
270 assert.ErrorContains(t, err, "failed to encrypt sops data key with AWS KMS")
271 assert.Empty(t, key.EncryptedKey)
272 })
273
274 t.Run("config error", func(t *testing.T) {
275 key := createTestMasterKey("arn:gcp:kms:antartica-north-2::key/45e6-aca6-a5b005693a48")
276 err := key.Encrypt([]byte(""))
277 assert.Error(t, err)
278 assert.ErrorContains(t, err, "no valid ARN found")
279 assert.Empty(t, key.EncryptedKey)
280 })
281}
282
283func TestMasterKey_EncryptIfNeeded(t *testing.T) {
284 key := createTestMasterKey(testKMSARN)

Callers

nothing calls this directly

Calls 6

createTestMasterKeyFunction · 0.85
createTestKMSClientFunction · 0.85
stringPointerToStringMapFunction · 0.85
EncryptMethod · 0.65
DecryptMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected