(t *testing.T)
| 414 | } |
| 415 | |
| 416 | func TestExternalTokenEncryption(t *testing.T) { |
| 417 | t.Parallel() |
| 418 | |
| 419 | t.Run("Enabled", func(t *testing.T) { |
| 420 | t.Parallel() |
| 421 | |
| 422 | ctx := testutil.Context(t, testutil.WaitShort) |
| 423 | db, ps := dbtestutil.NewDB(t) |
| 424 | ciphers, err := dbcrypt.NewCiphers(bytes.Repeat([]byte("a"), 32)) |
| 425 | require.NoError(t, err) |
| 426 | client, _ := coderdenttest.New(t, &coderdenttest.Options{ |
| 427 | EntitlementsUpdateInterval: 25 * time.Millisecond, |
| 428 | ExternalTokenEncryption: ciphers, |
| 429 | LicenseOptions: &coderdenttest.LicenseOptions{ |
| 430 | Features: license.Features{ |
| 431 | codersdk.FeatureExternalTokenEncryption: 1, |
| 432 | }, |
| 433 | }, |
| 434 | Options: &coderdtest.Options{ |
| 435 | Database: db, |
| 436 | Pubsub: ps, |
| 437 | }, |
| 438 | }) |
| 439 | keys, err := db.GetDBCryptKeys(ctx) |
| 440 | require.NoError(t, err) |
| 441 | require.Len(t, keys, 1) |
| 442 | require.Equal(t, ciphers[0].HexDigest(), keys[0].ActiveKeyDigest.String) |
| 443 | |
| 444 | require.Eventually(t, func() bool { |
| 445 | entitlements, err := client.Entitlements(context.Background()) |
| 446 | assert.NoError(t, err) |
| 447 | feature := entitlements.Features[codersdk.FeatureExternalTokenEncryption] |
| 448 | entitled := feature.Entitlement == codersdk.EntitlementEntitled |
| 449 | var warningExists bool |
| 450 | for _, warning := range entitlements.Warnings { |
| 451 | if strings.Contains(warning, codersdk.FeatureExternalTokenEncryption.Humanize()) { |
| 452 | warningExists = true |
| 453 | break |
| 454 | } |
| 455 | } |
| 456 | t.Logf("feature: %+v, warnings: %+v, errors: %+v", feature, entitlements.Warnings, entitlements.Errors) |
| 457 | return feature.Enabled && entitled && !warningExists |
| 458 | }, testutil.WaitShort, testutil.IntervalFast) |
| 459 | }) |
| 460 | |
| 461 | t.Run("Disabled", func(t *testing.T) { |
| 462 | t.Parallel() |
| 463 | |
| 464 | ctx := testutil.Context(t, testutil.WaitShort) |
| 465 | db, ps := dbtestutil.NewDB(t) |
| 466 | ciphers, err := dbcrypt.NewCiphers() |
| 467 | require.NoError(t, err) |
| 468 | client, _ := coderdenttest.New(t, &coderdenttest.Options{ |
| 469 | DontAddLicense: true, |
| 470 | EntitlementsUpdateInterval: 25 * time.Millisecond, |
| 471 | ExternalTokenEncryption: ciphers, |
| 472 | Options: &coderdtest.Options{ |
| 473 | Database: db, |
nothing calls this directly
no test coverage detected