Add SSH credentials tests

coveooss · Jul 30, 2019 · 95f4a6f · 95f4a6f
1 parent c3d9111
commit 95f4a6f
Show file tree

Hide file tree

Showing 7 changed files with 242 additions and 51 deletions.
diff --git a/Makefile b/Makefile
@@ -1,3 +1,7 @@
+fmt:
+	@echo "==> Fixing source code with gofmt..."
+	gofmt -s -w ./$(PKG_NAME)
+
 mockgen:
 	go get github.com/golang/mock/gomock
 	go install github.com/golang/mock/mockgen

diff --git a/credentials/credentials_ssh.go b/credentials/credentials_ssh.go
@@ -30,7 +30,7 @@ func (cred *SSHCredentials) ToString(showSensitive bool) string {
 	if cred.Username == "" {
 		username = "<empty>"
 	}
-	if cred.Passphrase == "" {
+	if passphrase == "" {
 		passphrase = "<empty>"
 	}
 	return fmt.Sprintf("%s - %s:%s", cred.BaseToString(), username, passphrase)

diff --git a/credentials/credentials_ssh_test.go b/credentials/credentials_ssh_test.go
@@ -0,0 +1,33 @@
+package credentials
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSSHCredentialsToString(t *testing.T) {
+	cred := NewSSHCredentials()
+	cred.ID = "test"
+	cred.Username = "key"
+	cred.Passphrase = "secret"
+	assert.Equal(t, "test -> Type: SSH - key:********", cred.ToString(false))
+	assert.Equal(t, "test -> Type: SSH - key:secret", cred.ToString(true))
+
+	// Empty creds
+	cred = NewSSHCredentials()
+	cred.ID = "test"
+	assert.Equal(t, "test -> Type: SSH - <empty>:********", cred.ToString(false))
+	assert.Equal(t, "test -> Type: SSH - <empty>:<empty>", cred.ToString(true))
+}
+
+func TestSSHCredentialsValidation(t *testing.T) {
+	cred := NewSSHCredentials()
+	cred.ID = "test"
+	cred.Username = "key"
+	cred.Passphrase = "secret"
+	assert.Error(t, cred.Validate())
+
+	cred.PrivateKey = "private"
+	assert.Nil(t, cred.Validate())
+}
diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go
@@ -46,6 +46,20 @@ func TestShouldSyncCredentials(t *testing.T) {
 			},
 			expected: true,
 		},
+		{
+			name: "Bad filter (not string or list), ignored",
+			creds: &Base{
+				TargetTags: targetTagsMatcher{
+					DontMatch: map[string]interface{}{
+						"MyTag": 123,
+					},
+				},
+			},
+			targetTags: map[string]string{
+				"MyTag": "123",
+			},
+			expected: true,
+		},
 		{
 			name: "Match",
 			creds: &Base{TargetTags: targetTagsMatcher{
@@ -175,3 +189,69 @@ func TestGetDescriptionOrID(t *testing.T) {
 	assert.Equal(t, "other", cred.GetDescriptionOrID())
 	assert.Equal(t, "test -> Type: aType, Description: other", cred.BaseToString())
 }
+
+func TestBaseValidateCredentials(t *testing.T) {
+	t.Parallel()
+
+	credWithoutType := &Base{
+		ID: "test",
+	}
+	assert.EqualError(t, credWithoutType.BaseValidate(), "Credentials (test) has no type. This is probably a bug in the software")
+
+	credWithoutID := &Base{
+		CredType:    "test",
+		Description: "test2",
+	}
+	assert.EqualError(t, credWithoutID.BaseValidate(), "Credentials ( -> Type: test, Description: test2) has no defined ID")
+}
+
+func TestParseCredentials(t *testing.T) {
+	t.Parallel()
+
+	cases := []struct {
+		name     string
+		credMaps []map[string]interface{}
+		result   []Credentials
+		wantErr  bool
+	}{
+		{
+			name: "Invalid type",
+			credMaps: []map[string]interface{}{
+				{
+					"id":          "stuff",
+					"type":        "bad",
+					"description": "test-desc",
+					"secret":      "my secret",
+				},
+			},
+			result:  nil,
+			wantErr: true,
+		},
+		{
+			name: "Invalid type (not a string)",
+			credMaps: []map[string]interface{}{
+				{
+					"id":          "stuff",
+					"type":        1234,
+					"description": "test-desc",
+					"secret":      "my secret",
+				},
+			},
+			result:  nil,
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range cases {
+		t.Run(tt.name, func(t *testing.T) {
+			gottenCreds, err := ParseCredentials(tt.credMaps)
+
+			if tt.wantErr {
+				assert.Error(t, err)
+			} else {
+				assert.Nil(t, err)
+			}
+			assert.Equal(t, tt.result, gottenCreds)
+		})
+	}
+}
diff --git a/credentials/fixtures_test.go b/credentials/fixtures_test.go
@@ -0,0 +1,118 @@
+package credentials
+
+const (
+	testCredentialsAsMap = `{
+	"test": {
+		"type": "secret",
+		"description": "test-desc",
+		"secret": "my secret"
+	},
+	"test2": {
+		"type": "usernamepassword",
+		"description": "test2-desc",
+		"username": "my",
+		"password": "secret"
+	}
+}`
+	testCredentialsAsList = `[
+	{
+		"id": "test",
+		"type": "secret",
+		"description": "test-desc",
+		"secret": "my secret"
+	},
+	{
+		"id": "test2",
+		"type": "usernamepassword",
+		"description": "test2-desc",
+		"username": "my",
+		"password": "secret"
+	}
+]`
+	testSSHCredentialsString = `test:
+  type: ssh
+  description: test description
+  username: user
+  passphrase: pass
+  private_key: |
+    -----BEGIN RSA PRIVATE KEY-----
+    MIIEowIBAAKCAQEAvpnaPKLIKdvx98KW68lz8pGaRRcYersNGqPjpifMVjjE8LuC
+    oXgPU0HePnNTUjpShBnynKCvrtWhN+haKbSp+QWXSxiTrW99HBfAl1MDQyWcukoE
+    b9Cw6INctVUN4iRvkn9T8E6q174RbcnwA/7yTc7p1NCvw+6B/aAN9l1G2pQXgRdY
+    C/+G6o1IZEHtWhqzE97nY5QKNuUVD0V09dc5CDYBaKjqetwwv6DFk/GRdOSEd/6b
+    W+20z0qSHpa3YNW6qSp+x5pyYmDrzRIR03os6DauZkChSRyc/Whvurx6o85D6qpz
+    ywo8xwNaLZHxTQPgcIA5su9ZIytv9LH2E+lSwwIDAQABAoIBAFml8cD9a5pMqlW3
+    f9btTQz1sRL4Fvp7CmHSXhvjsjeHwhHckEe0ObkWTRsgkTsm1XLu5W8IITnhn0+1
+    iNr+78eB+rRGngdAXh8diOdkEy+8/Cee8tFI3jyutKdRlxMbwiKsouVviumoq3fx
+    OGQYwQ0Z2l/PvCwy/Y82ffq3ysC5gAJsbBYsCrg14bQo44ulrELe4SDWs5HCjKYb
+    EI2b8cOMucqZSOtxg9niLN/je2bo/I2HGSawibgcOdBms8k6TvsSrZMr3kJ5O6J+
+    77LGwKH37brVgbVYvbq6nWPL0xLG7dUv+7LWEo5qQaPy6aXb/zbckqLqu6/EjOVe
+    ydG5JQECgYEA9kKfTZD/WEVAreA0dzfeJRu8vlnwoagL7cJaoDxqXos4mcr5mPDT
+    kbWgFkLFFH/AyUnPBlK6BcJp1XK67B13ETUa3i9Q5t1WuZEobiKKBLFm9DDQJt43
+    uKZWJxBKFGSvFrYPtGZst719mZVcPct2CzPjEgN3Hlpt6fyw3eOrnoECgYEAxiOu
+    jwXCOmuGaB7+OW2tR0PGEzbvVlEGdkAJ6TC/HoKM1A8r2u4hLTEJJCrLLTfw++4I
+    ddHE2dLeR4Q7O58SfLphwgPmLDezN7WRLGr7Vyfuv7VmaHjGuC3Gv9agnhWDlA2Q
+    gBG9/R9oVfL0Dc7CgJgLeUtItCYC31bGT3yhV0MCgYEA4k3DG4L+RN4PXDpHvK9I
+    pA1jXAJHEifeHnaW1d3vWkbSkvJmgVf+9U5VeV+OwRHN1qzPZV4suRI6M/8lK8rA
+    Gr4UnM4aqK4K/qkY4G05LKrik9Ev2CgqSLQDRA7CJQ+Jn3Nb50qg6hFnFPafN+J7		
+    7juWln08wFYV4Atpdd+9XQECgYBxizkZFL+9IqkfOcONvWAzGo+Dq1N0L3J4iTIk
+    w56CKWXyj88d4qB4eUU3yJ4uB4S9miaW/eLEwKZIbWpUPFAn0db7i6h3ZmP5ZL8Q
+    qS3nQCb9DULmU2/tU641eRUKAmIoka1g9sndKAZuWo+o6fdkIb1RgObk9XNn8R4r
+    psv+aQKBgB+CIcExR30vycv5bnZN9EFlIXNKaeMJUrYCXcRQNvrnUIUBvAO8+jAe
+    CdLygS5RtgOLZib0IVErqWsP3EI1ACGuLts0vQ9GFLQGaN1SaMS40C9kvns1mlDu
+    LhIhYpJ8UsCVt5snWo2N+M+6ANh5tpWdQnEK6zILh4tRbuzaiHgb
+    -----END RSA PRIVATE KEY-----`
+)
+
+var testSSHCredentials = func() (creds *SSHCredentials) {
+	creds = NewSSHCredentials()
+	creds.ID = "test"
+	creds.Description = "test description"
+	creds.Username = "user"
+	creds.Passphrase = "pass"
+	creds.PrivateKey = `-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvpnaPKLIKdvx98KW68lz8pGaRRcYersNGqPjpifMVjjE8LuC
+oXgPU0HePnNTUjpShBnynKCvrtWhN+haKbSp+QWXSxiTrW99HBfAl1MDQyWcukoE
+b9Cw6INctVUN4iRvkn9T8E6q174RbcnwA/7yTc7p1NCvw+6B/aAN9l1G2pQXgRdY
+C/+G6o1IZEHtWhqzE97nY5QKNuUVD0V09dc5CDYBaKjqetwwv6DFk/GRdOSEd/6b
+W+20z0qSHpa3YNW6qSp+x5pyYmDrzRIR03os6DauZkChSRyc/Whvurx6o85D6qpz
+ywo8xwNaLZHxTQPgcIA5su9ZIytv9LH2E+lSwwIDAQABAoIBAFml8cD9a5pMqlW3
+f9btTQz1sRL4Fvp7CmHSXhvjsjeHwhHckEe0ObkWTRsgkTsm1XLu5W8IITnhn0+1
+iNr+78eB+rRGngdAXh8diOdkEy+8/Cee8tFI3jyutKdRlxMbwiKsouVviumoq3fx
+OGQYwQ0Z2l/PvCwy/Y82ffq3ysC5gAJsbBYsCrg14bQo44ulrELe4SDWs5HCjKYb
+EI2b8cOMucqZSOtxg9niLN/je2bo/I2HGSawibgcOdBms8k6TvsSrZMr3kJ5O6J+
+77LGwKH37brVgbVYvbq6nWPL0xLG7dUv+7LWEo5qQaPy6aXb/zbckqLqu6/EjOVe
+ydG5JQECgYEA9kKfTZD/WEVAreA0dzfeJRu8vlnwoagL7cJaoDxqXos4mcr5mPDT
+kbWgFkLFFH/AyUnPBlK6BcJp1XK67B13ETUa3i9Q5t1WuZEobiKKBLFm9DDQJt43
+uKZWJxBKFGSvFrYPtGZst719mZVcPct2CzPjEgN3Hlpt6fyw3eOrnoECgYEAxiOu
+jwXCOmuGaB7+OW2tR0PGEzbvVlEGdkAJ6TC/HoKM1A8r2u4hLTEJJCrLLTfw++4I
+ddHE2dLeR4Q7O58SfLphwgPmLDezN7WRLGr7Vyfuv7VmaHjGuC3Gv9agnhWDlA2Q
+gBG9/R9oVfL0Dc7CgJgLeUtItCYC31bGT3yhV0MCgYEA4k3DG4L+RN4PXDpHvK9I
+pA1jXAJHEifeHnaW1d3vWkbSkvJmgVf+9U5VeV+OwRHN1qzPZV4suRI6M/8lK8rA
+Gr4UnM4aqK4K/qkY4G05LKrik9Ev2CgqSLQDRA7CJQ+Jn3Nb50qg6hFnFPafN+J7		
+7juWln08wFYV4Atpdd+9XQECgYBxizkZFL+9IqkfOcONvWAzGo+Dq1N0L3J4iTIk
+w56CKWXyj88d4qB4eUU3yJ4uB4S9miaW/eLEwKZIbWpUPFAn0db7i6h3ZmP5ZL8Q
+qS3nQCb9DULmU2/tU641eRUKAmIoka1g9sndKAZuWo+o6fdkIb1RgObk9XNn8R4r
+psv+aQKBgB+CIcExR30vycv5bnZN9EFlIXNKaeMJUrYCXcRQNvrnUIUBvAO8+jAe
+CdLygS5RtgOLZib0IVErqWsP3EI1ACGuLts0vQ9GFLQGaN1SaMS40C9kvns1mlDu
+LhIhYpJ8UsCVt5snWo2N+M+6ANh5tpWdQnEK6zILh4tRbuzaiHgb
+-----END RSA PRIVATE KEY-----`
+	return
+}()
+var testCredentials = []Credentials{
+	func() (creds *SecretTextCredentials) {
+		creds = NewSecretText()
+		creds.ID = "test"
+		creds.Secret = "my secret"
+		creds.Description = "test-desc"
+		return
+	}(),
+	func() (creds *UsernamePasswordCredentials) {
+		creds = NewUsernamePassword()
+		creds.ID = "test2"
+		creds.Username = "my"
+		creds.Password = "secret"
+		creds.Description = "test2-desc"
+		return
+	}(),
+}
diff --git a/credentials/helper_test.go b/credentials/helper_test.go
diff --git a/credentials/sources_test.go b/credentials/sources_test.go
@@ -69,6 +69,12 @@ func TestGetCredentialsFromBytes(t *testing.T) {
 			result:  testCredentials[0:1],
 			wantErr: false,
 		},
+		{
+			name:    "SSH Creds",
+			bytes:   []byte(testSSHCredentialsString),
+			result:  []Credentials{testSSHCredentials},
+			wantErr: false,
+		},
 		{
 			name: "Cred without ID",
 			bytes: []byte(`{