From 604ec34fb221d70e7f1ca3e2e46834aac7685a36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Wa=C5=9Bko?= Date: Sat, 13 Jan 2024 17:46:17 +0100 Subject: [PATCH] refactor, unit test --- .../src/Data/Enso_Cloud/Enso_Secret.enso | 13 ++++---- .../src/Network/Enso_Cloud/Secrets_Spec.enso | 30 ++++++++++++++++++- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/distribution/lib/Standard/Base/0.0.0-dev/src/Data/Enso_Cloud/Enso_Secret.enso b/distribution/lib/Standard/Base/0.0.0-dev/src/Data/Enso_Cloud/Enso_Secret.enso index 4c4ffca41ba2..cc85129d39e1 100644 --- a/distribution/lib/Standard/Base/0.0.0-dev/src/Data/Enso_Cloud/Enso_Secret.enso +++ b/distribution/lib/Standard/Base/0.0.0-dev/src/Data/Enso_Cloud/Enso_Secret.enso @@ -119,11 +119,14 @@ type Derived_Secret_Value Converts to a plain text value, if the value contains no secrets. If the value contains secrets, it raises an error. to_plain_text : Text ! Enso_Secret_Error - to_plain_text self = case self of - Derived_Secret_Value.Plain_Text text -> text - Derived_Secret_Value.Secret_Value _ -> Error.throw Enso_Secret_Error.Access_Denied - Derived_Secret_Value.Concat left right -> left.to_plain_text + right.to_plain_text - Derived_Secret_Value.Base_64_Encode value -> Base_64.encode_text value.to_plain_text + to_plain_text self = + java_repr = Utils.as_hideable_value self + if java_repr.containsSecrets then Error.throw Enso_Secret_Error.Access_Denied else + java_repr.safeResolve + + ## PRIVATE + to_text : Text + to_text self = Utils.as_hideable_value self . render ## PRIVATE If this value does not contains any secrets, it will be simplified to a diff --git a/test/Tests/src/Network/Enso_Cloud/Secrets_Spec.enso b/test/Tests/src/Network/Enso_Cloud/Secrets_Spec.enso index e6902063aae2..c53d08ef68a3 100644 --- a/test/Tests/src/Network/Enso_Cloud/Secrets_Spec.enso +++ b/test/Tests/src/Network/Enso_Cloud/Secrets_Spec.enso @@ -1,5 +1,7 @@ from Standard.Base import all import Standard.Base.Data.Base_64.Base_64 +import Standard.Base.Data.Enso_Cloud.Enso_Secret.Derived_Secret_Value +import Standard.Base.Data.Enso_Cloud.Enso_Secret.Enso_Secret_Error import Standard.Base.Errors.Illegal_Argument.Illegal_Argument import Standard.Base.Errors.Illegal_State.Illegal_State import Standard.Base.Network.HTTP.Request.Request @@ -81,9 +83,35 @@ spec setup:Cloud_Tests_Setup = setup.with_prepared_environment <| response_json = response.decode_as_json response_json.at "headers" . at "Authorization" . should_equal expected - Test.specify "does not allow secrets in HTTP headers" pending=setup.httpbin_pending <| + Test.specify "should allow to derive values from secrets" <| secret1 = Enso_Secret.create "my_test_secret-9" "Something" secret1.should_succeed + Panic.with_finalizer secret1.delete <| with_retries <| + x = Derived_Secret_Value.from "X" + y = Derived_Secret_Value.from "Y" + v1 = x + y + v2 = x + (Derived_Secret_Value.from secret1) + + v1.simplify . should_equal "XY" + # Cannot simplify if it contains secrets + v2.simplify . should_equal v2 + v2.to_plain_text . should_fail_with Enso_Secret_Error + + v1.to_text . should_equal "XY" + v2.to_text . should_equal "X__SECRET__" + + b1 = Derived_Secret_Value.Base_64_Encode v1 + b2 = Derived_Secret_Value.Base_64_Encode v2 + + b1.simplify . should_equal "WFk=" + b2.simplify . should_equal b2 + + b1.to_text . should_equal "WFk=" + b2.to_text . should_equal "base64(X__SECRET__)" + + Test.specify "does not allow secrets in HTTP headers" pending=setup.httpbin_pending <| + secret1 = Enso_Secret.create "my_test_secret-10" "Something" + secret1.should_succeed Panic.with_finalizer secret1.delete <| with_retries <| uri = setup.httpbin_uri / "get" r1 = uri.fetch headers=[Header.new "X-My-Secret" secret1]