MCPcopy
hub / github.com/getsops/sops / TestMasterKey_Decrypt

Function TestMasterKey_Decrypt

kms/keysource_test.go:306–350  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

304}
305
306func TestMasterKey_Decrypt(t *testing.T) {
307 t.Run("decrypt", func(t *testing.T) {
308 key := createTestMasterKey(testKMSARN)
309 kmsClient, err := createTestKMSClient(key)
310 assert.NoError(t, err)
311
312 dataKey := []byte("it's always DNS")
313 out, err := kmsClient.Encrypt(context.TODO(), &kms.EncryptInput{
314 Plaintext: dataKey, KeyId: &key.Arn, EncryptionContext: stringPointerToStringMap(key.EncryptionContext),
315 })
316 assert.NoError(t, err)
317
318 key.EncryptedKey = base64.StdEncoding.EncodeToString(out.CiphertextBlob)
319 got, err := key.Decrypt()
320 assert.NoError(t, err)
321 assert.Equal(t, dataKey, got)
322 })
323
324 t.Run("data key error", func(t *testing.T) {
325 key := createTestMasterKey(testKMSARN)
326 key.EncryptedKey = "invalid"
327 got, err := key.Decrypt()
328 assert.Error(t, err)
329 assert.ErrorContains(t, err, "error base64-decoding encrypted data key")
330 assert.Nil(t, got)
331 })
332
333 t.Run("decrypt error", func(t *testing.T) {
334 // Valid ARN but invalid for test server.
335 key := createTestMasterKey(dummyARN)
336 key.EncryptedKey = base64.StdEncoding.EncodeToString([]byte("invalid"))
337 got, err := key.Decrypt()
338 assert.Error(t, err)
339 assert.ErrorContains(t, err, "failed to decrypt sops data key with AWS KMS")
340 assert.Nil(t, got)
341 })
342
343 t.Run("config error", func(t *testing.T) {
344 key := createTestMasterKey("arn:gcp:kms:antartica-north-2::key/45e6-aca6-a5b005693a48")
345 got, err := key.Decrypt()
346 assert.Error(t, err)
347 assert.ErrorContains(t, err, "no valid ARN found")
348 assert.Nil(t, got)
349 })
350}
351
352func TestMasterKey_EncryptDecrypt_RoundTrip(t *testing.T) {
353 dataKey := []byte("the wheels on the bus go round and round")

Callers

nothing calls this directly

Calls 6

createTestMasterKeyFunction · 0.85
createTestKMSClientFunction · 0.85
stringPointerToStringMapFunction · 0.85
EncryptMethod · 0.65
DecryptMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected