Update tests for larger search space

client.go

@@ -63,8 +63,14 @@ const (
 	SecretValueDataKey              = "secretValue"
 )
 
+const (
+	FileSecretType       = "File"
+	CredentialSecretType = "Credential"
+	ClientSecretType     = "Client"
+)
+
 var (
-	SecretTypes = []string{"Client", "Credential", "File"}
+	SecretTypes = []string{ClientSecretType, CredentialSecretType, FileSecretType}
 )
 
 type akCacheKey struct {
@@ -1465,7 +1471,7 @@ func (c *ToznySDKV3) CreateSecret(ctx context.Context, secret CreateSecretOption
 		"version":     timestamp,
 	}
 	var createdRecord *pdsClient.Record
-	if secret.SecretType == "File" {
+	if secret.SecretType == FileSecretType {
 		createdRecord, err = c.WriteFile(ctx, recordType, plain, secret.FileName)
 		if err != nil {
 			return nil, err
@@ -1728,13 +1734,13 @@ func ValidateSecret(secret CreateSecretOptions) error {
 	if !matched {
 		return errors.New("Secret name must contain 1-50 alphanumeric characters, -, or _")
 	}
-	if secret.SecretValue == "" && secret.SecretType == "Credential" {
+	if secret.SecretValue == "" && secret.SecretType == CredentialSecretType {
 		return errors.New("Value cannot be empty")
 	}
-	if secret.SecretType == "File" && strings.TrimSpace(secret.SecretName) == "" {
+	if secret.SecretType == FileSecretType && strings.TrimSpace(secret.SecretName) == "" {
 		return errors.New("File name cannot be empty")
 	}
-	if secret.SecretType == "Client" {
+	if secret.SecretType == ClientSecretType {
 		err := VerifyRawClientCredentials(secret.SecretValue)
 		if err != nil {
 			return err
@@ -1862,43 +1868,52 @@ func (c *ToznySDKV3) ListSecrets(ctx context.Context, options ListSecretsOptions
 		listRequest := storageClient.ListGroupRecordsRequest{
 			GroupID: group.GroupID,
 		}
-		listGroupRecords, err := c.StorageClient.GetSharedWithGroup(ctx, listRequest)
-		if err != nil {
-			return nil, err
-		}
-		// Add records shared with this group to the list of secrets the user can view.
-		for _, record := range listGroupRecords.ResultList {
-			// If this record has already been found and added to the list, skip it
-			_, exists := sharedSecretIDs[record.Metadata.RecordID]
-			if exists {
-				continue
-			}
-			var shared string
-			if group.MemberCount > 1 {
-				shared = "Yes"
-			} else {
-				shared = "No"
-			}
-			// find the username for secret writer if it's someone else
-			searchParams := identityClient.SearchRealmIdentitiesRequest{
-				RealmName:         options.RealmName,
-				IdentityClientIDs: []uuid.UUID{uuid.MustParse(record.Metadata.WriterID)},
-			}
-			identities, err := c.E3dbIdentityClient.SearchRealmIdentities(ctx, searchParams)
+		for {
+			listGroupRecords, err := c.StorageClient.GetSharedWithGroup(ctx, listRequest)
 			if err != nil {
 				return nil, err
 			}
-			username := identities.SearchedIdentitiesInformation[0].RealmUsername
-			record.Metadata.Plain[SecretWriterUsernameMetadataKey] = username
-			record.Metadata.Plain[SecretSharedMetadataKey] = shared
-			// Decrypt the record & add to the list of secrets
-			recordDecrypted, err := c.DecryptTextSecret(ctx, &record)
-			if err != nil {
-				return nil, err
+			// Add records shared with this group to the list of secrets the user can view.
+			for _, record := range listGroupRecords.ResultList {
+				// If this record has already been found and added to the list, skip it
+				_, exists := sharedSecretIDs[record.Metadata.RecordID]
+				if exists {
+					continue
+				}
+				var shared string
+				if group.MemberCount > 1 {
+					shared = "Yes"
+				} else {
+					shared = "No"
+				}
+				// find the username for secret writer if it's someone else
+				searchParams := identityClient.SearchRealmIdentitiesRequest{
+					RealmName:         options.RealmName,
+					IdentityClientIDs: []uuid.UUID{uuid.MustParse(record.Metadata.WriterID)},
+				}
+				identities, err := c.E3dbIdentityClient.SearchRealmIdentities(ctx, searchParams)
+				if err != nil {
+					return nil, err
+				}
+				username := identities.SearchedIdentitiesInformation[0].RealmUsername
+				record.Metadata.Plain[SecretWriterUsernameMetadataKey] = username
+				record.Metadata.Plain[SecretSharedMetadataKey] = shared
+				// Decrypt the record & add to the list of secrets
+				recordDecrypted, err := c.DecryptTextSecret(ctx, &record)
+				if err != nil {
+					return nil, err
+				}
+				secretDecrypted := c.MakeSecretResponse(recordDecrypted, group.GroupID.String(), username)
+				sharedSecretList = append(sharedSecretList, *secretDecrypted)
+				sharedSecretIDs[record.Metadata.RecordID] = true
 			}
-			secretDecrypted := c.MakeSecretResponse(recordDecrypted, group.GroupID.String(), username)
-			sharedSecretList = append(sharedSecretList, *secretDecrypted)
-			sharedSecretIDs[record.Metadata.RecordID] = true
+
+			if listGroupRecords.NextToken == "" {
+				break
+			} else {
+				listRequest.NextToken = listGroupRecords.NextToken
+			}
+
 		}
 	}
 	sharedSecrets.List = sharedSecretList
@@ -1908,6 +1923,7 @@ func (c *ToznySDKV3) ListSecrets(ctx context.Context, options ListSecretsOptions
 
 type ViewSecretOptions struct {
 	SecretID string
+	MaxSecrets int
 }
 
 // ViewSecret returns the decrypted secret with secretID
@@ -1921,21 +1937,35 @@ func (c *ToznySDKV3) ViewSecret(ctx context.Context, options ViewSecretOptions)
 	}
 	var secret *pdsClient.ListedRecord
 	var groupID string
+	var nextToken string
 	for _, group := range groupList.Groups {
 		listRequest := storageClient.ListGroupRecordsRequest{
 			GroupID: group.GroupID,
+			NextToken: nextToken,
+			Max: options.MaxSecrets,
 		}
-		listGroupRecords, err := c.StorageClient.GetSharedWithGroup(ctx, listRequest)
-		if err != nil {
-			return nil, err
-		}
-		for _, record := range listGroupRecords.ResultList {
-			if record.Metadata.RecordID == options.SecretID {
-				secret = &record
-				groupID = group.GroupID.String()
+		for {
+			listGroupRecords, err := c.StorageClient.GetSharedWithGroup(ctx, listRequest)
+			if err != nil {
+				return nil, err
+			}
+			for _, record := range listGroupRecords.ResultList {
+				if record.Metadata.RecordID == options.SecretID {
+					secret = &record
+					groupID = group.GroupID.String()
+					break
+				}
+			}
+			if listGroupRecords.NextToken == "" {
+				break
+			} else {
+				listRequest.NextToken = listGroupRecords.NextToken
 			}
 		}
 	}
+	if secret == nil {
+		return nil, fmt.Errorf("the requested secret could not be found: %s", options.SecretID)
+	}
 	recordDecrypted, err := c.DecryptTextSecret(ctx, secret)
 	if err != nil {
 		return nil, err
@@ -1980,7 +2010,7 @@ func (c *ToznySDKV3) MakeSecretResponse(secretRecord *pdsClient.Record, groupID
 		OwnerUsername: ownerUsername,
 		// RealmName: c.RealmName,
 	}
-	if secret.SecretType == "File" {
+	if secret.SecretType == FileSecretType {
 		secret.FileName = secretRecord.Metadata.Plain[SecretFilenameMetadataKey]
 	} else {
 		secret.SecretValue = secretRecord.Data[SecretValueDataKey]

secrets_test.go

@@ -33,7 +33,7 @@ func TestCreateAndListSecrets(t *testing.T) {
 	}
 	secretReq := CreateSecretOptions{
 		SecretName:  fmt.Sprintf("client-%s", uuid.New().String()),
-		SecretType:  "Credential",
+		SecretType:  CredentialSecretType,
 		SecretValue: uuid.New().String(),
 		Description: "a credential test",
 		RealmName:   realmName,
@@ -52,7 +52,7 @@ func TestCreateAndListSecrets(t *testing.T) {
 	}`
 	secretReq2 := CreateSecretOptions{
 		SecretName:  fmt.Sprintf("cred-%s", uuid.New().String()),
-		SecretType:  "Client",
+		SecretType:  ClientSecretType,
 		SecretValue: validClient,
 		Description: "a client cred test",
 		RealmName:   realmName,
@@ -115,7 +115,7 @@ func TestInvalidCredSecretFails(t *testing.T) {
 	}`
 	secretReq := CreateSecretOptions{
 		SecretName:  fmt.Sprintf("cred-%s", uuid.New().String()),
-		SecretType:  "Client",
+		SecretType:  ClientSecretType,
 		SecretValue: invalidClient,
 		Description: "a client cred test",
 		RealmName:   realmName,
@@ -137,7 +137,7 @@ func TestInvalidCredSecretFails(t *testing.T) {
 	}`
 	secretReq = CreateSecretOptions{
 		SecretName:  fmt.Sprintf("cred-%s", uuid.New().String()),
-		SecretType:  "Client",
+		SecretType:  ClientSecretType,
 		SecretValue: invalidClient,
 		Description: "a client cred test",
 		RealmName:   realmName,
@@ -162,7 +162,7 @@ func TestCreateAndViewSecretSucceeds(t *testing.T) {
 	}
 	secretReq := CreateSecretOptions{
 		SecretName:  fmt.Sprintf("client-%s", uuid.New().String()),
-		SecretType:  "Credential",
+		SecretType:  CredentialSecretType,
 		SecretValue: uuid.New().String(),
 		Description: "a credential test",
 		RealmName:   realmName,
@@ -212,7 +212,7 @@ func TestCreateAndViewFileSecretSucceeds(t *testing.T) {
 	}
 	secretReq := CreateSecretOptions{
 		SecretName:  fmt.Sprintf("client-%s", uuid.New().String()),
-		SecretType:  "File",
+		SecretType:  FileSecretType,
 		SecretValue: "",
 		Description: "a file test",
 		FileName:    plaintextFileName,