TestUserSecretsSoftDeleteTrigger verifies that a user's secrets are deleted when the user is soft-deleted.
(t *testing.T)
| 8248 | // TestUserSecretsSoftDeleteTrigger verifies that a user's secrets |
| 8249 | // are deleted when the user is soft-deleted. |
| 8250 | func TestUserSecretsSoftDeleteTrigger(t *testing.T) { |
| 8251 | t.Parallel() |
| 8252 | |
| 8253 | db, _ := dbtestutil.NewDB(t) |
| 8254 | ctx := testutil.Context(t, testutil.WaitMedium) |
| 8255 | |
| 8256 | // userA will be soft-deleted. |
| 8257 | userA := dbgen.User(t, db, database.User{}) |
| 8258 | secretA1 := dbgen.UserSecret(t, db, database.UserSecret{ |
| 8259 | UserID: userA.ID, |
| 8260 | Name: "secret-a-1", |
| 8261 | Value: "value-a-1", |
| 8262 | EnvName: "SECRET_A_1", |
| 8263 | FilePath: "/secrets/a/1", |
| 8264 | }) |
| 8265 | secretA2 := dbgen.UserSecret(t, db, database.UserSecret{ |
| 8266 | UserID: userA.ID, |
| 8267 | Name: "secret-a-2", |
| 8268 | Value: "value-a-2", |
| 8269 | EnvName: "SECRET_A_2", |
| 8270 | FilePath: "/secrets/a/2", |
| 8271 | }) |
| 8272 | |
| 8273 | // Sanity-check the existing trigger behavior. An API key for |
| 8274 | // userA should also be wiped on soft-delete. |
| 8275 | _, _ = dbgen.APIKey(t, db, database.APIKey{UserID: userA.ID}) |
| 8276 | |
| 8277 | userB := dbgen.User(t, db, database.User{}) |
| 8278 | secretB := dbgen.UserSecret(t, db, database.UserSecret{ |
| 8279 | UserID: userB.ID, |
| 8280 | Name: "secret-b", |
| 8281 | Value: "value-b", |
| 8282 | EnvName: "SECRET_B", |
| 8283 | FilePath: "/secrets/b", |
| 8284 | }) |
| 8285 | |
| 8286 | require.NoError(t, db.UpdateUserDeletedByID(ctx, userA.ID)) |
| 8287 | |
| 8288 | // userA's secrets are removed after soft-deletion. |
| 8289 | _, err := db.GetUserSecretByID(ctx, secretA1.ID) |
| 8290 | require.ErrorIs(t, err, sql.ErrNoRows) |
| 8291 | _, err = db.GetUserSecretByID(ctx, secretA2.ID) |
| 8292 | require.ErrorIs(t, err, sql.ErrNoRows) |
| 8293 | |
| 8294 | // userA's API key is also removed. |
| 8295 | apiKeysA, err := db.GetAPIKeysByUserID(ctx, database.GetAPIKeysByUserIDParams{ |
| 8296 | UserID: userA.ID, |
| 8297 | LoginType: userA.LoginType, |
| 8298 | }) |
| 8299 | require.NoError(t, err) |
| 8300 | require.Empty(t, apiKeysA) |
| 8301 | |
| 8302 | // userB's secret is unaffected. |
| 8303 | got, err := db.GetUserSecretByID(ctx, secretB.ID) |
| 8304 | require.NoError(t, err) |
| 8305 | require.Equal(t, secretB.ID, got.ID) |
| 8306 | |
| 8307 | // Trying to insert a new secret for the soft-deleted userA must fail. |
nothing calls this directly
no test coverage detected