mirror of
https://github.com/symfony/framework-bundle.git
synced 2026-03-24 09:22:12 +01:00
112 lines
3.5 KiB
PHP
112 lines
3.5 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of the Symfony package.
|
|
*
|
|
* (c) Fabien Potencier <fabien@symfony.com>
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Symfony\Bundle\FrameworkBundle\Tests\Command;
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
use Symfony\Bundle\FrameworkBundle\Command\SecretsEncryptFromLocalCommand;
|
|
use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
|
|
use Symfony\Bundle\FrameworkBundle\Secrets\SodiumVault;
|
|
use Symfony\Component\Console\Tester\CommandTester;
|
|
use Symfony\Component\Filesystem\Filesystem;
|
|
|
|
/**
|
|
* @requires extension sodium
|
|
*/
|
|
class SecretsEncryptFromLocalCommandTest extends TestCase
|
|
{
|
|
private string $vaultDir;
|
|
private string $localVaultDir;
|
|
private Filesystem $fs;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
$this->vaultDir = sys_get_temp_dir().'/sf_secrets/vault_'.uniqid();
|
|
$this->localVaultDir = sys_get_temp_dir().'/sf_secrets/local_'.uniqid();
|
|
$this->fs = new Filesystem();
|
|
$this->fs->remove([$this->vaultDir, $this->localVaultDir]);
|
|
}
|
|
|
|
protected function tearDown(): void
|
|
{
|
|
$this->fs->remove([$this->vaultDir, $this->localVaultDir]);
|
|
}
|
|
|
|
public function testFailsWhenLocalVaultIsDisabled()
|
|
{
|
|
$vault = $this->createMock(AbstractVault::class);
|
|
$command = new SecretsEncryptFromLocalCommand($vault, null);
|
|
$tester = new CommandTester($command);
|
|
|
|
$this->assertSame(1, $tester->execute([]));
|
|
$this->assertStringContainsString('The local vault is disabled.', $tester->getDisplay());
|
|
}
|
|
|
|
public function testEncryptsLocalOverrides()
|
|
{
|
|
$vault = new SodiumVault($this->vaultDir);
|
|
$vault->generateKeys();
|
|
|
|
$localVault = new SodiumVault($this->localVaultDir);
|
|
$localVault->generateKeys();
|
|
|
|
$vault->seal('MY_SECRET', 'prod-value');
|
|
$localVault->seal('MY_SECRET', 'local-value');
|
|
|
|
$command = new SecretsEncryptFromLocalCommand($vault, $localVault);
|
|
$tester = new CommandTester($command);
|
|
|
|
$exitCode = $tester->execute([]);
|
|
$this->assertSame(0, $exitCode);
|
|
|
|
$revealed = $vault->reveal('MY_SECRET');
|
|
$this->assertSame('local-value', $revealed);
|
|
}
|
|
|
|
public function testDoesNotSealIfSameValue()
|
|
{
|
|
$vault = new SodiumVault($this->vaultDir);
|
|
$vault->generateKeys();
|
|
|
|
$localVault = new SodiumVault($this->localVaultDir);
|
|
$localVault->generateKeys();
|
|
|
|
$vault->seal('SHARED_SECRET', 'same-value');
|
|
$localVault->seal('SHARED_SECRET', 'same-value');
|
|
|
|
$command = new SecretsEncryptFromLocalCommand($vault, $localVault);
|
|
$tester = new CommandTester($command);
|
|
|
|
$exitCode = $tester->execute([]);
|
|
$this->assertSame(0, $exitCode);
|
|
|
|
$revealed = $vault->reveal('SHARED_SECRET');
|
|
$this->assertSame('same-value', $revealed);
|
|
}
|
|
|
|
public function testFailsIfLocalSecretIsMissing()
|
|
{
|
|
$vault = new SodiumVault($this->vaultDir);
|
|
$vault->generateKeys();
|
|
|
|
$localVault = new SodiumVault($this->localVaultDir);
|
|
$localVault->generateKeys();
|
|
|
|
$vault->seal('MISSING_IN_LOCAL', 'prod-only');
|
|
|
|
$command = new SecretsEncryptFromLocalCommand($vault, $localVault);
|
|
$tester = new CommandTester($command);
|
|
|
|
$this->assertSame(1, $tester->execute([]));
|
|
$this->assertStringContainsString('Secret "MISSING_IN_LOCAL" not found', $tester->getDisplay());
|
|
}
|
|
}
|