MCPcopy
hub / github.com/getsops/sops / TestKeyGroupsForFileWithExternalEncryptionContext

Function TestKeyGroupsForFileWithExternalEncryptionContext

config/config_test.go:898–921  ·  view source on GitHub ↗

TestKeyGroupsForFileWithExternalEncryptionContext tests that when kmsEncryptionContext is passed to parseCreationRuleForFile, the resulting KMS keys have the encryption context set. This is a regression test for https://github.com/getsops/sops/issues/1972

(t *testing.T)

Source from the content-addressed store, hash-verified

896// is passed to parseCreationRuleForFile, the resulting KMS keys have the encryption context set.
897// This is a regression test for https://github.com/getsops/sops/issues/1972
898func TestKeyGroupsForFileWithExternalEncryptionContext(t *testing.T) {
899 // Config with flat KMS format (not key_groups) - this is where external context applies
900 var sampleConfigWithFlatKMS = []byte(`
901creation_rules:
902 - path_regex: ""
903 kms: "arn:aws:kms:us-west-2:123456789012:key/12345678-1234-1234-1234-123456789012"
904`)
905
906 // External encryption context passed via --encryption-context flag
907 appName := "myapp"
908 kmsEncryptionContext := map[string]*string{
909 "AppName": &appName,
910 }
911
912 conf, err := parseCreationRuleForFile(parseConfigFile(sampleConfigWithFlatKMS, t), "/conf/path", "secrets.yaml", kmsEncryptionContext)
913 assert.Nil(t, err)
914 assert.NotNil(t, conf)
915 assert.Equal(t, 1, len(conf.KeyGroups))
916 assert.Equal(t, 1, len(conf.KeyGroups[0]))
917
918 // The KMS key should have the encryption context applied
919 // Format: ARN|context where context is "AppName:myapp"
920 assert.Equal(t, "arn:aws:kms:us-west-2:123456789012:key/12345678-1234-1234-1234-123456789012|AppName:myapp", conf.KeyGroups[0][0].ToString())
921}

Callers

nothing calls this directly

Calls 3

parseCreationRuleForFileFunction · 0.85
parseConfigFileFunction · 0.85
ToStringMethod · 0.65

Tested by

no test coverage detected