MCPcopy Index your code
hub / github.com/coder/coder / TestServerDBCrypt

Function TestServerDBCrypt

enterprise/cli/server_dbcrypt_test.go:29–217  ·  view source on GitHub ↗

TestServerDBCrypt tests end-to-end encryption, decryption, and deletion of encrypted user data. nolint: paralleltest // use of t.Setenv

(t *testing.T)

Source from the content-addressed store, hash-verified

27//
28// nolint: paralleltest // use of t.Setenv
29func TestServerDBCrypt(t *testing.T) {
30 ctx, cancel := context.WithCancel(context.Background())
31 t.Cleanup(cancel)
32
33 // Setup a postgres database.
34 connectionURL, err := dbtestutil.Open(t)
35 require.NoError(t, err)
36 t.Cleanup(func() { dbtestutil.DumpOnFailure(t, connectionURL) })
37
38 sqlDB, err := sql.Open("postgres", connectionURL)
39 require.NoError(t, err)
40 t.Cleanup(func() {
41 _ = sqlDB.Close()
42 })
43 db := database.New(sqlDB)
44
45 // Populate the database with some unencrypted data.
46 t.Log("Generating unencrypted data")
47 users := genData(t, db)
48
49 // Setup an initial cipher A
50 keyA := testutil.MustRandString(t, 32)
51 cipherA, err := dbcrypt.NewCiphers([]byte(keyA))
52 require.NoError(t, err)
53
54 // Create an encrypted database
55 cryptdb, err := dbcrypt.New(ctx, db, cipherA...)
56 require.NoError(t, err)
57
58 // Populate the database with some encrypted data using cipher A.
59 t.Log("Generating data encrypted with cipher A")
60 newUsers := genData(t, cryptdb)
61
62 // Validate that newly created users were encrypted with cipher A
63 for _, usr := range newUsers {
64 requireEncryptedWithCipher(ctx, t, db, cipherA[0], usr.ID)
65 }
66 users = append(users, newUsers...)
67
68 // Encrypt all the data with the initial cipher.
69 t.Log("Encrypting all data with cipher A")
70 inv, _ := newCLI(t, "server", "dbcrypt", "rotate",
71 "--postgres-url", connectionURL,
72 "--new-key", base64.StdEncoding.EncodeToString([]byte(keyA)),
73 "--yes",
74 )
75 pty := ptytest.New(t)
76 inv.Stdout = pty.Output()
77 err = inv.Run()
78 require.NoError(t, err)
79 require.NoError(t, pty.Close())
80
81 // Validate that all existing data has been encrypted with cipher A.
82 for _, usr := range users {
83 requireEncryptedWithCipher(ctx, t, db, cipherA[0], usr.ID)
84 }
85
86 // Re-encrypt all existing data with a new cipher.

Callers

nothing calls this directly

Calls 15

OpenFunction · 0.92
DumpOnFailureFunction · 0.92
NewFunction · 0.92
MustRandStringFunction · 0.92
NewCiphersFunction · 0.92
NewFunction · 0.92
NewFunction · 0.92
genDataFunction · 0.85
newCLIFunction · 0.85
LogMethod · 0.80
AsMethod · 0.80

Tested by

no test coverage detected