From 0ae8046905bd52b7927113078468c8259cdd9a37 Mon Sep 17 00:00:00 2001
From: Donal McBreen <donal@37signals.com>
Date: Thu, 22 Aug 2024 13:49:28 +0100
Subject: [PATCH] Add secret tests

---
 test/secrets/one_password_adapter_test.rb | 62 +++++++++++++++++++++++
 test/secrets_test.rb                      | 30 +++++++++++
 2 files changed, 92 insertions(+)
 create mode 100644 test/secrets/one_password_adapter_test.rb
 create mode 100644 test/secrets_test.rb

diff --git a/test/secrets/one_password_adapter_test.rb b/test/secrets/one_password_adapter_test.rb
new file mode 100644
index 00000000..41b6fe17
--- /dev/null
+++ b/test/secrets/one_password_adapter_test.rb
@@ -0,0 +1,62 @@
+require "test_helper"
+
+class SecretsOnePasswordAdapterTest < ActiveSupport::TestCase
+  test "login" do
+    `true` # Ensure $? is 0
+    Object.any_instance.stubs(:`).with("op signin --account \"myaccount\" --force --raw").returns("Logged in")
+
+    assert_equal "Logged in", run_command("login")
+  end
+
+  test "fetch" do
+    `true` # Ensure $? is 0
+    Object.any_instance.stubs(:`).with("op read op://vault/item/section/foo --account \"myaccount\"").returns("bar")
+
+    assert_equal "bar", run_command("fetch", "op://vault/item/section/foo")
+  end
+
+  test "fetch_all" do
+    `true` # Ensure $? is 0
+    Object.any_instance.stubs(:`)
+      .with("op item get item --vault \"vault\" --fields \"label=section.SECRET1,label=section.SECRET2\" --format \"json\" --account \"myaccount\"")
+      .returns(<<~JSON)
+        [
+          {
+            "id": "aaaaaaaaaaaaaaaaaaaaaaaaaa",
+            "section": {
+              "id": "cccccccccccccccccccccccccc",
+              "label": "section"
+            },
+            "type": "CONCEALED",
+            "label": "SECRET1",
+            "value": "VALUE1",
+            "reference": "op://vault/item/section/SECRET1"
+          },
+          {
+            "id": "bbbbbbbbbbbbbbbbbbbbbbbbbb",
+            "section": {
+              "id": "dddddddddddddddddddddddddd",
+              "label": "section"
+            },
+            "type": "CONCEALED",
+            "label": "SECRET2",
+            "value": "VALUE2",
+            "reference": "op://vault/item/section/SECRET2"
+          }
+        ]
+      JSON
+
+    assert_equal "bar", run_command("fetch_all", "op://vault/item/section/SECRET1", "op://vault/item/section/SECRET2")
+  end
+
+  private
+    def run_command(*command)
+      stdouted do
+        Kamal::Cli::Secrets.start \
+          [ *command,
+            "-c", "test/fixtures/deploy_with_accessories.yml",
+            "--adapter", "1password",
+            "--adapter-options", "account:myaccount" ]
+      end
+    end
+end
diff --git a/test/secrets_test.rb b/test/secrets_test.rb
new file mode 100644
index 00000000..5909b0e1
--- /dev/null
+++ b/test/secrets_test.rb
@@ -0,0 +1,30 @@
+require "test_helper"
+
+class SecretsTest < ActiveSupport::TestCase
+  test "fetch" do
+    with_test_secrets("secrets" => "SECRET=ABC") do
+      assert_equal "ABC", Kamal::Secrets.new["SECRET"]
+    end
+  end
+
+  test "command interpolation" do
+    with_test_secrets("secrets" => "SECRET=$(echo ABC)") do
+      assert_equal "ABC", Kamal::Secrets.new["SECRET"]
+    end
+  end
+
+  test "variable references" do
+    with_test_secrets("secrets" => "SECRET1=ABC\nSECRET2=${SECRET1}DEF") do
+      assert_equal "ABC", Kamal::Secrets.new["SECRET1"]
+      assert_equal "ABCDEF", Kamal::Secrets.new["SECRET2"]
+    end
+  end
+
+  test "destinations" do
+    with_test_secrets("secrets.dest" => "SECRET=DEF", "secrets" => "SECRET=ABC") do
+      assert_equal "ABC", Kamal::Secrets.new["SECRET"]
+      assert_equal "DEF", Kamal::Secrets.new(destination: "dest")["SECRET"]
+      assert_equal "ABC", Kamal::Secrets.new(destination: "nodest")["SECRET"]
+    end
+  end
+end