-
Notifications
You must be signed in to change notification settings - Fork 58
/
secrets_test.go
115 lines (98 loc) · 2.95 KB
/
secrets_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package aperture
import (
"bytes"
"context"
"crypto/sha256"
"net/url"
"os"
"testing"
"time"
"github.com/lightninglabs/aperture/l402"
"github.com/lightninglabs/aperture/mint"
clientv3 "go.etcd.io/etcd/client/v3"
"go.etcd.io/etcd/server/v3/embed"
)
// etcdSetup is a helper that instantiates a new etcd cluster along with a
// client connection to it. A cleanup closure is also returned to free any
// allocated resources required by etcd.
func etcdSetup(t *testing.T) (*clientv3.Client, func()) {
t.Helper()
tempDir, err := os.MkdirTemp("", "etcd")
if err != nil {
t.Fatalf("unable to create temp dir: %v", err)
}
cfg := embed.NewConfig()
cfg.Dir = tempDir
cfg.Logger = "zap"
cfg.LCUrls = []url.URL{{Host: "127.0.0.1:9125"}}
cfg.LPUrls = []url.URL{{Host: "127.0.0.1:9126"}}
etcd, err := embed.StartEtcd(cfg)
if err != nil {
os.RemoveAll(tempDir)
t.Fatalf("unable to start etcd: %v", err)
}
select {
case <-etcd.Server.ReadyNotify():
case <-time.After(5 * time.Second):
os.RemoveAll(tempDir)
etcd.Server.Stop() // trigger a shutdown
t.Fatal("server took too long to start")
}
client, err := clientv3.New(clientv3.Config{
Endpoints: []string{cfg.LCUrls[0].Host},
DialTimeout: 5 * time.Second,
})
if err != nil {
t.Fatalf("unable to connect to etcd: %v", err)
}
return client, func() {
etcd.Close()
os.RemoveAll(tempDir)
}
}
// assertSecretExists is a helper to determine if a secret for the given
// identifier exists in the store. If it exists, its value is compared against
// the expected secret.
func assertSecretExists(t *testing.T, store *secretStore, id [sha256.Size]byte,
expSecret *[l402.SecretSize]byte) {
t.Helper()
exists := expSecret != nil
secret, err := store.GetSecret(context.Background(), id)
switch {
case exists && err != nil:
t.Fatalf("unable to retrieve secret: %v", err)
case !exists && err != mint.ErrSecretNotFound:
t.Fatalf("expected error ErrSecretNotFound, got \"%v\"", err)
case exists:
if secret != *expSecret {
t.Fatalf("expected secret %x, got %x", expSecret, secret)
}
default:
return
}
}
// TestSecretStore ensures the different operations of the secretStore behave as
// expected.
func TestSecretStore(t *testing.T) {
etcdClient, serverCleanup := etcdSetup(t)
defer etcdClient.Close()
defer serverCleanup()
ctx := context.Background()
store := newSecretStore(etcdClient)
// Create a test ID and ensure a secret doesn't exist for it yet as we
// haven't created one.
var id [sha256.Size]byte
copy(id[:], bytes.Repeat([]byte("A"), 32))
assertSecretExists(t, store, id, nil)
// Create one and ensure we can retrieve it at a later point.
secret, err := store.NewSecret(ctx, id)
if err != nil {
t.Fatalf("unable to generate new secret: %v", err)
}
assertSecretExists(t, store, id, &secret)
// Once revoked, it should no longer exist.
if err := store.RevokeSecret(ctx, id); err != nil {
t.Fatalf("unable to revoke secret: %v", err)
}
assertSecretExists(t, store, id, nil)
}