|
| 1 | +package common |
| 2 | + |
| 3 | +import ( |
| 4 | + "testing" |
| 5 | + |
| 6 | + "github.com/stretchr/testify/assert" |
| 7 | + "github.com/stretchr/testify/require" |
| 8 | +) |
| 9 | + |
| 10 | +func TestValidateSecretsAuthFlow(t *testing.T) { |
| 11 | + tests := []struct { |
| 12 | + name string |
| 13 | + flow string |
| 14 | + env string |
| 15 | + wantErr bool |
| 16 | + errMsg string |
| 17 | + }{ |
| 18 | + {"owner-key-signing in production", SecretsAuthOwnerKeySigning, "PRODUCTION", false, ""}, |
| 19 | + {"owner-key-signing in staging", SecretsAuthOwnerKeySigning, "STAGING", false, ""}, |
| 20 | + {"owner-key-signing in dev", SecretsAuthOwnerKeySigning, "DEVELOPMENT", false, ""}, |
| 21 | + {"owner-key-signing empty env defaults safe", SecretsAuthOwnerKeySigning, "", false, ""}, |
| 22 | + {"browser in staging", SecretsAuthBrowser, "STAGING", false, ""}, |
| 23 | + {"browser in dev", SecretsAuthBrowser, "DEVELOPMENT", false, ""}, |
| 24 | + {"browser in production blocked", SecretsAuthBrowser, "PRODUCTION", true, "not yet available in production"}, |
| 25 | + {"browser in production lowercase", SecretsAuthBrowser, "production", true, "not yet available in production"}, |
| 26 | + {"browser empty env treated as production", SecretsAuthBrowser, "", true, "not yet available in production"}, |
| 27 | + {"unknown value rejected", "magic", "STAGING", true, "unknown --secrets-auth value"}, |
| 28 | + } |
| 29 | + |
| 30 | + for _, tt := range tests { |
| 31 | + t.Run(tt.name, func(t *testing.T) { |
| 32 | + err := ValidateSecretsAuthFlow(tt.flow, tt.env) |
| 33 | + if tt.wantErr { |
| 34 | + require.Error(t, err) |
| 35 | + if tt.errMsg != "" { |
| 36 | + require.Contains(t, err.Error(), tt.errMsg) |
| 37 | + } |
| 38 | + } else { |
| 39 | + require.NoError(t, err) |
| 40 | + } |
| 41 | + }) |
| 42 | + } |
| 43 | +} |
| 44 | + |
| 45 | +func TestIsBrowserFlow(t *testing.T) { |
| 46 | + assert.False(t, IsBrowserFlow(SecretsAuthOwnerKeySigning), "owner-key-signing should not be browser flow") |
| 47 | + assert.True(t, IsBrowserFlow(SecretsAuthBrowser), "browser should be browser flow") |
| 48 | + assert.False(t, IsBrowserFlow("unknown"), "unknown should not be browser flow") |
| 49 | +} |
0 commit comments