MCPcopy Index your code
hub / github.com/coder/coder / TestNew

Function TestNew

enterprise/dbcrypt/dbcrypt_internal_test.go:558–739  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

556}
557
558func TestNew(t *testing.T) {
559 t.Parallel()
560
561 t.Run("OK", func(t *testing.T) {
562 t.Parallel()
563 // Given: a cipher is loaded
564 cipher := initCipher(t)
565 ctx, cancel := context.WithCancel(context.Background())
566 t.Cleanup(cancel)
567 rawDB, _ := dbtestutil.NewDB(t)
568
569 // Before: no keys should be present
570 keys, err := rawDB.GetDBCryptKeys(ctx)
571 require.NoError(t, err, "no error should be returned")
572 require.Empty(t, keys, "no keys should be present")
573
574 // When: we init the crypt db
575 _, err = New(ctx, rawDB, cipher)
576 require.NoError(t, err)
577
578 // Then: a new key is inserted
579 keys, err = rawDB.GetDBCryptKeys(ctx)
580 require.NoError(t, err)
581 require.Len(t, keys, 1, "one key should be present")
582 require.Equal(t, cipher.HexDigest(), keys[0].ActiveKeyDigest.String, "key digest mismatch")
583 require.Empty(t, keys[0].RevokedKeyDigest.String, "key should not be revoked")
584 requireEncryptedEquals(t, cipher, keys[0].Test, "coder")
585 })
586
587 t.Run("MissingKey", func(t *testing.T) {
588 t.Parallel()
589
590 // Given: there exist two valid encryption keys
591 cipher1 := initCipher(t)
592 cipher2 := initCipher(t)
593 ctx, cancel := context.WithCancel(context.Background())
594 t.Cleanup(cancel)
595 rawDB, _ := dbtestutil.NewDB(t)
596
597 // Given: key 1 is already present in the database
598 err := rawDB.InsertDBCryptKey(ctx, database.InsertDBCryptKeyParams{
599 Number: 1,
600 ActiveKeyDigest: cipher1.HexDigest(),
601 Test: fakeBase64RandomData(t, 32),
602 })
603 require.NoError(t, err, "no error should be returned")
604 keys, err := rawDB.GetDBCryptKeys(ctx)
605 require.NoError(t, err, "no error should be returned")
606 require.Len(t, keys, 1, "one key should be present")
607
608 // When: we init the crypt db with no keys
609 _, err = New(ctx, rawDB)
610 // Then: we error because we don't know how to decrypt the existing key
611 require.Error(t, err, "expected an error")
612 var derr *DecryptFailedError
613 require.ErrorAs(t, err, &derr, "expected a decrypt error")
614
615 // When: we init the crypt db with key 2

Callers

nothing calls this directly

Calls 15

EXPECTMethod · 0.95
NewDBFunction · 0.92
NewMockStoreFunction · 0.92
initCipherFunction · 0.85
fakeBase64RandomDataFunction · 0.85
expectInTxFunction · 0.85
NewFunction · 0.70
requireEncryptedEqualsFunction · 0.70
RunMethod · 0.65
CleanupMethod · 0.65
GetDBCryptKeysMethod · 0.65
HexDigestMethod · 0.65

Tested by

no test coverage detected