package clustersecrets import ( "context" "database/sql/driver" "testing" "time" "github.com/DATA-DOG/go-sqlmock" "github.com/stretchr/testify/require" configType "edge-infra.dev/pkg/edge/api/types" "edge-infra.dev/pkg/edge/api/bsl/types" "edge-infra.dev/pkg/edge/api/graph/model" "edge-infra.dev/pkg/edge/api/middleware" ) var ( mockClusterEdgeID = "b1659eaf-0c7a-466e-8a24-de08118b71c7" mockClusterEdgeID1 = "d2f8e022-0a4e-4ca9-8e31-feefdd21fd33" mockLeaseID = "0d2395ec-4a07-4cdd-813d-08e8f754bd0a" // #nosec G101 mockLeaseID1 = "7bb9f433-62bf-48c9-a7d0-a01cd3fe992b" // #nosec G101 fetchClusterSecretLeaseColumns = []string{"cluster_secret_lease_edge_id", "lease_expiration", "lease_owners_username"} testuser = "testuser" secretTypes = []string{"breakglass"} fetchLeaseSecretTypes = []string{"secret_type"} ) func TestFetchLease(t *testing.T) { db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual)) require.NoError(t, err) defer db.Close() config := &configType.Config{ EdgeOptInSecurityCompliance: true, EdgeMaxLeaseValidityPeriod: "48h", } ctx := middleware.NewContext(context.Background(), &types.AuthUser{ Username: testuser, }) user := middleware.ForContext(ctx) expirationTime := time.Now().UTC().Add(48 * time.Hour).Format(time.RFC3339) mockFetchLeaseQuery(mock, expirationTime, user.Username, mockLeaseID, mockClusterEdgeID) mockFetchSecretLeaseTypesQuery(mock, mockLeaseID, mockClusterEdgeID) clusterSecretService := NewClusterSecretService(db, nil, config) lease, err := clusterSecretService.FetchLease(ctx, mockClusterEdgeID) require.NoError(t, err) require.Equal(t, testuser, lease.Owner) require.Equal(t, expirationTime, lease.ExpiresAt) require.Equal(t, secretTypes, lease.SecretTypes) require.NoError(t, mock.ExpectationsWereMet()) } func mockFetchLeaseQuery(mock sqlmock.Sqlmock, leaseExpiration string, username string, leaseID string, clusterEdgeID string) { rows := mock.NewRows(fetchClusterSecretLeaseColumns).AddRow(leaseID, leaseExpiration, username) mock.ExpectQuery(FetchLeaseQuery).WithArgs(clusterEdgeID).WillReturnRows(rows) } func mockFetchSecretLeaseTypesQuery(mock sqlmock.Sqlmock, leaseID string, clusterEdgeID string) { rows := mock.NewRows(fetchLeaseSecretTypes).AddRow(model.ClusterSecretTypeBreakglass) mock.ExpectQuery(FetchLeaseSecretTypesQuery).WithArgs(clusterEdgeID, leaseID).WillReturnRows(rows) } func TestObtainLease(t *testing.T) { db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual)) require.NoError(t, err) defer db.Close() config := &configType.Config{ EdgeOptInSecurityCompliance: true, EdgeMaxLeaseValidityPeriod: "48h", } ctx := middleware.NewContext(context.Background(), &types.AuthUser{ Username: testuser, }) user := middleware.ForContext(ctx) mockFetchLeaseQuery(mock, time.Now().UTC().Add(-time.Hour*48).Format(time.RFC3339), user.Username, mockLeaseID1, mockClusterEdgeID1) mockFetchSecretLeaseTypesQuery(mock, mockLeaseID1, mockClusterEdgeID1) mockObtainLeaseQuery(mock, time.Now().UTC().Add(time.Hour*48).Format(time.RFC3339), user.Username, mockClusterEdgeID1, sqlmock.NewResult(1, 1)) clusterSecretService := NewClusterSecretService(db, nil, config) newLease, err := clusterSecretService.ObtainLease(ctx, mockClusterEdgeID1) require.True(t, newLease) require.NoError(t, err) require.NoError(t, mock.ExpectationsWereMet()) } func mockObtainLeaseQuery(mock sqlmock.Sqlmock, expirationTime string, username string, clusterEdgeID string, result driver.Result) { args := []driver.Value{ expirationTime, username, time.Now().UTC().Format(time.RFC3339), clusterEdgeID, } mock.ExpectExec(ObtainLeaseQuery).WithArgs(args...).WillReturnResult(result) } func TestReleaseLease(t *testing.T) { db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual)) require.NoError(t, err) defer db.Close() config := &configType.Config{ EdgeOptInSecurityCompliance: true, EdgeMaxLeaseValidityPeriod: "48h", } ctx := middleware.NewContext(context.Background(), &types.AuthUser{ Username: testuser, }) user := middleware.ForContext(ctx) mockExpireLeaseQuery(mock, sqlmock.NewResult(1, 1)) clusterSecretService := NewClusterSecretService(db, nil, config) err = clusterSecretService.RevokeLease(ctx, mockClusterEdgeID, user.Username) require.NoError(t, err) require.NoError(t, mock.ExpectationsWereMet()) } func mockExpireLeaseQuery(mock sqlmock.Sqlmock, result driver.Result) { args := []driver.Value{ time.Now().UTC().Format(time.RFC3339), time.Now().UTC().Format(time.RFC3339), mockClusterEdgeID, testuser, } mock.ExpectExec(ExpireLeaseQuery).WithArgs(args...).WillReturnResult(result) } func TestRevokeLease(t *testing.T) { db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual)) require.NoError(t, err) defer db.Close() config := &configType.Config{ EdgeOptInSecurityCompliance: true, EdgeMaxLeaseValidityPeriod: "48h", } ctx := middleware.NewContext(context.Background(), &types.AuthUser{ Username: "admin", }) mockExpireLeaseQuery(mock, sqlmock.NewResult(1, 1)) clusterSecretService := NewClusterSecretService(db, nil, config) err = clusterSecretService.RevokeLease(ctx, mockClusterEdgeID, testuser) require.NoError(t, err) require.NoError(t, mock.ExpectationsWereMet()) } func TestRemoveUserFromLease(t *testing.T) { db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual)) require.NoError(t, err) defer db.Close() config := &configType.Config{ EdgeOptInSecurityCompliance: true, EdgeMaxLeaseValidityPeriod: "48h", } ctx := middleware.NewContext(context.Background(), &types.AuthUser{ Username: "admin", }) mockRemoveUserFromQuery(mock, sqlmock.NewResult(1, 1)) clusterSecretService := NewClusterSecretService(db, nil, config) err = clusterSecretService.RemoveUserFromLease(ctx, mockClusterEdgeID) require.NoError(t, err) require.NoError(t, mock.ExpectationsWereMet()) } func mockRemoveUserFromQuery(mock sqlmock.Sqlmock, result driver.Result) { args := []driver.Value{ time.Now().UTC().Format(time.RFC3339), mockClusterEdgeID, } mock.ExpectExec(RemoveUserFromLeaseQuery).WithArgs(args...).WillReturnResult(result) } func TestCreateLease(t *testing.T) { db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual)) require.NoError(t, err) defer db.Close() config := &configType.Config{ EdgeOptInSecurityCompliance: true, EdgeMaxLeaseValidityPeriod: "48h", } ctx := middleware.NewContext(context.Background(), &types.AuthUser{ Username: "admin", }) mockCreateLeaseQuery(mock, sqlmock.NewResult(1, 1)) clusterSecretService := NewClusterSecretService(db, nil, config) _, err = clusterSecretService.CreateLease(ctx, mockClusterEdgeID) require.NoError(t, err) require.NoError(t, mock.ExpectationsWereMet()) } func mockCreateLeaseQuery(mock sqlmock.Sqlmock, result driver.Result) { args := []driver.Value{ sqlmock.AnyArg(), mockClusterEdgeID, time.Now().UTC().Format(time.RFC3339), time.Now().UTC().Format(time.RFC3339), time.Now().UTC().Format(time.RFC3339), } mock.ExpectExec(CreateClusterSecretLeaseQuery).WithArgs(args...).WillReturnResult(result) } func TestFetchLeaseID(t *testing.T) { db, mock, err := sqlmock.New(sqlmock.QueryMatcherOption(sqlmock.QueryMatcherEqual)) require.NoError(t, err) defer db.Close() config := &configType.Config{ EdgeOptInSecurityCompliance: true, EdgeMaxLeaseValidityPeriod: "48h", } ctx := middleware.NewContext(context.Background(), &types.AuthUser{ Username: "admin", }) mockFetchLeaseIDQuery(mock, mockLeaseID, mockClusterEdgeID) clusterSecretService := NewClusterSecretService(db, nil, config) leaseID, err := clusterSecretService.FetchLeaseID(ctx, mockClusterEdgeID) require.NoError(t, err) require.Equal(t, leaseID, mockLeaseID) require.NoError(t, mock.ExpectationsWereMet()) } func mockFetchLeaseIDQuery(mock sqlmock.Sqlmock, leaseID string, clusterEdgeID string) { rows := mock.NewRows([]string{"cluster_secret_lease_edge_id"}).AddRow(leaseID) mock.ExpectQuery(FetchLeaseIDQuery).WithArgs(clusterEdgeID).WillReturnRows(rows) }