Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

add build tags to disable kms providers

Browse Source
This commit is contained in:
Nicola Murino
2020-12-02 09:44:18 +01:00
parent 87b51a6fd5
commit a67276ccc2
13 changed files with 132 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
httpd/httpd_test.go
View File

@@ -1400,10 +1400,10 @@ func TestSecretObjectCompatibility(t *testing.T) {
localAsJSON, err := json.Marshal(s)
assert.NoError(t, err)
for _, provider := range []string{kms.SecretStatusRedacted} {
for _, secretStatus := range []string{kms.SecretStatusSecretBox} {
kmsConfig := config.GetKMSConfig()
assert.Empty(t, kmsConfig.Secrets.MasterKeyPath)
if provider == kms.SecretStatusVaultTransit {
if secretStatus == kms.SecretStatusVaultTransit {
os.Setenv("VAULT_SERVER_URL", "http://127.0.0.1:8200")
os.Setenv("VAULT_SERVER_TOKEN", "s.9lYGq83MbgG5KR5kfebXVyhJ")
kmsConfig.Secrets.URL = "hashivault://mykey"
@@ -1420,7 +1420,7 @@ func TestSecretObjectCompatibility(t *testing.T) {
err = secretClone.Decrypt()
assert.NoError(t, err)
assert.Equal(t, testPayload, secretClone.GetPayload())
if provider == kms.SecretStatusVaultTransit {
if secretStatus == kms.SecretStatusVaultTransit {
// decrypt the local secret now that the provider is vault
secretLocal := kms.NewEmptySecret()
err = json.Unmarshal(localAsJSON, secretLocal)
@@ -1448,7 +1448,7 @@ func TestSecretObjectCompatibility(t *testing.T) {
MasterKeyPath: masterKeyPath,
},
}
if provider == kms.SecretStatusVaultTransit {
if secretStatus == kms.SecretStatusVaultTransit {
config.Secrets.URL = "hashivault://mykey"
}
err = config.Initialize()
@@ -1468,7 +1468,7 @@ func TestSecretObjectCompatibility(t *testing.T) {
err = secret.Decrypt()
assert.NoError(t, err)
assert.Equal(t, testPayload, secret.GetPayload())
if provider == kms.SecretStatusVaultTransit {
if secretStatus == kms.SecretStatusVaultTransit {
// decrypt the local secret encryped without a master key now that
// the provider is vault and a master key is set.
// The provider will not change, the master key will be used
@@ -1491,7 +1491,7 @@ func TestSecretObjectCompatibility(t *testing.T) {
assert.NoError(t, err)
err = os.Remove(masterKeyPath)
assert.NoError(t, err)
if provider == kms.SecretStatusVaultTransit {
if secretStatus == kms.SecretStatusVaultTransit {
os.Unsetenv("VAULT_SERVER_URL")
os.Unsetenv("VAULT_SERVER_TOKEN")
}