bf9395e022
CI / results (push) Blocked by required conditions
CI / license-header (push) Has been skipped
CI / e2e-dry-run (push) Has been skipped
CI / e2e-live (push) Waiting to run
CI / fast-gate (push) Failing after 0s
Test PR Label Logic / test-pr-labels (push) Failing after 1s
Skill Format Check / check-format (push) Failing after 2s
CI / security (push) Failing after 5s
CI / unit-test (push) Has been skipped
CI / lint (push) Has been skipped
CI / script-test (push) Has been skipped
CI / deterministic-gate (push) Has been skipped
CI / coverage (push) Has been skipped
CI / deadcode (push) Waiting to run
60 lines
2.0 KiB
Go
60 lines
2.0 KiB
Go
// Copyright (c) 2026 Lark Technologies Pte. Ltd.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package core
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestValidateSecretKeyMatch_KeychainMatches(t *testing.T) {
|
|
secret := SecretInput{Ref: &SecretRef{Source: "keychain", ID: "appsecret:cli_abc123"}}
|
|
if err := ValidateSecretKeyMatch("cli_abc123", secret); err != nil {
|
|
t.Errorf("expected no error, got: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestValidateSecretKeyMatch_KeychainMismatch(t *testing.T) {
|
|
secret := SecretInput{Ref: &SecretRef{Source: "keychain", ID: "appsecret:cli_old_app"}}
|
|
err := ValidateSecretKeyMatch("cli_new_app", secret)
|
|
if err == nil {
|
|
t.Fatal("expected error for mismatched appId and keychain key")
|
|
}
|
|
// Verify the error message contains useful context
|
|
msg := err.Error()
|
|
for _, want := range []string{"cli_old_app", "cli_new_app", "appsecret:cli_new_app", "config init"} {
|
|
if !strings.Contains(msg, want) {
|
|
t.Errorf("error message missing %q: %s", want, msg)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestValidateSecretKeyMatch_PlainSecret_Skipped(t *testing.T) {
|
|
secret := PlainSecret("some-secret")
|
|
if err := ValidateSecretKeyMatch("cli_abc123", secret); err != nil {
|
|
t.Errorf("plain secret should be skipped, got: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestValidateSecretKeyMatch_FileRef_Skipped(t *testing.T) {
|
|
secret := SecretInput{Ref: &SecretRef{Source: "file", ID: "/tmp/secret.txt"}}
|
|
if err := ValidateSecretKeyMatch("cli_abc123", secret); err != nil {
|
|
t.Errorf("file ref should be skipped, got: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestValidateSecretKeyMatch_ZeroValue_Skipped(t *testing.T) {
|
|
if err := ValidateSecretKeyMatch("cli_abc123", SecretInput{}); err != nil {
|
|
t.Errorf("zero SecretInput should be skipped, got: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestValidateSecretKeyMatch_EmptyAppId_Mismatch(t *testing.T) {
|
|
secret := SecretInput{Ref: &SecretRef{Source: "keychain", ID: "appsecret:cli_abc123"}}
|
|
err := ValidateSecretKeyMatch("", secret)
|
|
if err == nil {
|
|
t.Fatal("expected error when appId is empty but keychain key references a real app")
|
|
}
|
|
}
|