refactor, unit test

enso-org · Jan 15, 2024 · 604ec34 · 604ec34
1 parent 4a20ac2
commit 604ec34
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 6 deletions.
diff --git a/distribution/lib/Standard/Base/0.0.0-dev/src/Data/Enso_Cloud/Enso_Secret.enso b/distribution/lib/Standard/Base/0.0.0-dev/src/Data/Enso_Cloud/Enso_Secret.enso
@@ -119,11 +119,14 @@ type Derived_Secret_Value
        Converts to a plain text value, if the value contains no secrets.
        If the value contains secrets, it raises an error.
     to_plain_text : Text ! Enso_Secret_Error
-    to_plain_text self = case self of
-        Derived_Secret_Value.Plain_Text text -> text
-        Derived_Secret_Value.Secret_Value _ -> Error.throw Enso_Secret_Error.Access_Denied
-        Derived_Secret_Value.Concat left right -> left.to_plain_text + right.to_plain_text
-        Derived_Secret_Value.Base_64_Encode value -> Base_64.encode_text value.to_plain_text
+    to_plain_text self =
+        java_repr = Utils.as_hideable_value self
+        if java_repr.containsSecrets then Error.throw Enso_Secret_Error.Access_Denied else
+            java_repr.safeResolve
+
+    ## PRIVATE
+    to_text : Text
+    to_text self = Utils.as_hideable_value self . render
 
     ## PRIVATE
        If this value does not contains any secrets, it will be simplified to a

diff --git a/test/Tests/src/Network/Enso_Cloud/Secrets_Spec.enso b/test/Tests/src/Network/Enso_Cloud/Secrets_Spec.enso
@@ -1,5 +1,7 @@
 from Standard.Base import all
 import Standard.Base.Data.Base_64.Base_64
+import Standard.Base.Data.Enso_Cloud.Enso_Secret.Derived_Secret_Value
+import Standard.Base.Data.Enso_Cloud.Enso_Secret.Enso_Secret_Error
 import Standard.Base.Errors.Illegal_Argument.Illegal_Argument
 import Standard.Base.Errors.Illegal_State.Illegal_State
 import Standard.Base.Network.HTTP.Request.Request
@@ -81,9 +83,35 @@ spec setup:Cloud_Tests_Setup = setup.with_prepared_environment <|
                     response_json = response.decode_as_json
                     response_json.at "headers" . at "Authorization" . should_equal expected
 
-        Test.specify "does not allow secrets in HTTP headers" pending=setup.httpbin_pending <|
+        Test.specify "should allow to derive values from secrets" <|
             secret1 = Enso_Secret.create "my_test_secret-9" "Something"
             secret1.should_succeed
+            Panic.with_finalizer secret1.delete <| with_retries <|
+                x = Derived_Secret_Value.from "X"
+                y = Derived_Secret_Value.from "Y"
+                v1 = x + y
+                v2 = x + (Derived_Secret_Value.from secret1)
+
+                v1.simplify . should_equal "XY"
+                # Cannot simplify if it contains secrets
+                v2.simplify . should_equal v2
+                v2.to_plain_text . should_fail_with Enso_Secret_Error
+
+                v1.to_text . should_equal "XY"
+                v2.to_text . should_equal "X__SECRET__"
+
+                b1 = Derived_Secret_Value.Base_64_Encode v1
+                b2 = Derived_Secret_Value.Base_64_Encode v2
+
+                b1.simplify . should_equal "WFk="
+                b2.simplify . should_equal b2
+
+                b1.to_text . should_equal "WFk="
+                b2.to_text . should_equal "base64(X__SECRET__)"
+
+        Test.specify "does not allow secrets in HTTP headers" pending=setup.httpbin_pending <|
+            secret1 = Enso_Secret.create "my_test_secret-10" "Something"
+            secret1.should_succeed
             Panic.with_finalizer secret1.delete <| with_retries <|
                 uri = setup.httpbin_uri / "get"
                 r1 = uri.fetch headers=[Header.new "X-My-Secret" secret1]