Merge branch 'basecamp:main' into feat-add-aws-secrets-manager-adapter

test/secrets/bitwarden_adapter_test.rb

@@ -2,6 +2,8 @@ require "test_helper"
 
 class BitwardenAdapterTest < SecretAdapterTestCase
   test "fetch" do
+    stub_ticks.with("bw --version 2> /dev/null")
+
     stub_unlocked
     stub_ticks.with("bw sync").returns("")
     stub_mypassword
@@ -14,6 +16,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
   end
 
   test "fetch with no login" do
+    stub_ticks.with("bw --version 2> /dev/null")
+
     stub_unlocked
     stub_ticks.with("bw sync").returns("")
     stub_noteitem
@@ -25,6 +29,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
   end
 
   test "fetch with from" do
+    stub_ticks.with("bw --version 2> /dev/null")
+
     stub_unlocked
     stub_ticks.with("bw sync").returns("")
     stub_myitem
@@ -38,7 +44,26 @@ class BitwardenAdapterTest < SecretAdapterTestCase
     assert_equal expected_json, json
   end
 
+  test "fetch all with from" do
+    stub_ticks.with("bw --version 2> /dev/null")
+
+    stub_unlocked
+    stub_ticks.with("bw sync").returns("")
+    stub_noteitem_with_fields
+
+    json = JSON.parse(shellunescape(run_command("fetch", "mynotefields")))
+
+    expected_json = {
+      "mynotefields/field1"=>"secret1", "mynotefields/field2"=>"blam", "mynotefields/field3"=>"fewgrwjgk",
+      "mynotefields/field4"=>"auto"
+    }
+
+    assert_equal expected_json, json
+  end
+
   test "fetch with multiple items" do
+    stub_ticks.with("bw --version 2> /dev/null")
+
     stub_unlocked
 
     stub_ticks.with("bw sync").returns("")
@@ -80,6 +105,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
   end
 
   test "fetch unauthenticated" do
+    stub_ticks.with("bw --version 2> /dev/null")
+
     stub_ticks
       .with("bw status")
       .returns(
@@ -101,6 +128,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
   end
 
   test "fetch locked" do
+    stub_ticks.with("bw --version 2> /dev/null")
+
     stub_ticks
       .with("bw status")
       .returns(
@@ -126,6 +155,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
   end
 
   test "fetch locked with session" do
+    stub_ticks.with("bw --version 2> /dev/null")
+
     stub_ticks
       .with("bw status")
       .returns(
@@ -150,6 +181,15 @@ class BitwardenAdapterTest < SecretAdapterTestCase
     assert_equal expected_json, json
   end
 
+  test "fetch without CLI installed" do
+    stub_ticks_with("bw --version 2> /dev/null", succeed: false)
+
+    error = assert_raises RuntimeError do
+      JSON.parse(shellunescape(run_command("fetch", "mynote")))
+    end
+    assert_equal "Bitwarden CLI is not installed", error.message
+  end
+
   private
     def run_command(*command)
       stdouted do
@@ -214,7 +254,37 @@ class BitwardenAdapterTest < SecretAdapterTestCase
             "collectionIds":[]
           }
         JSON
-  end
+      end
+
+      def stub_noteitem_with_fields(session: nil)
+      stub_ticks
+        .with("#{"BW_SESSION=#{session} " if session}bw get item mynotefields")
+        .returns(<<~JSON)
+            {
+              "passwordHistory":null,
+              "revisionDate":"2024-09-28T09:07:27.461Z",
+              "creationDate":"2024-09-28T09:07:00.740Z",
+              "deletedDate":null,
+              "object":"item",
+              "id":"aaaaaaaa-cccc-eeee-0000-222222222222",
+              "organizationId":null,
+              "folderId":null,
+              "type":2,
+              "reprompt":0,
+              "name":"noteitem",
+              "notes":"NOTES",
+              "favorite":false,
+              "fields":[
+                {"name":"field1","value":"secret1","type":1,"linkedId":null},
+                {"name":"field2","value":"blam","type":1,"linkedId":null},
+                {"name":"field3","value":"fewgrwjgk","type":1,"linkedId":null},
+                {"name":"field4","value":"auto","type":1,"linkedId":null}
+              ],
+              "secureNote":{"type":0},
+              "collectionIds":[]
+            }
+          JSON
+      end
 
     def stub_myitem
       stub_ticks
@@ -237,7 +307,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
             "fields":[
               {"name":"field1","value":"secret1","type":1,"linkedId":null},
               {"name":"field2","value":"blam","type":1,"linkedId":null},
-              {"name":"field3","value":"fewgrwjgk","type":1,"linkedId":null}
+              {"name":"field3","value":"fewgrwjgk","type":1,"linkedId":null},
+              {"name":"field4","value":"auto","type":1,"linkedId":null}
             ],
             "login":{"fido2Credentials":[],"uris":[],"username":null,"password":null,"totp":null,"passwordRevisionDate":null},"collectionIds":[]
           }

test/secrets/last_pass_adapter_test.rb

@@ -6,6 +6,7 @@ class LastPassAdapterTest < SecretAdapterTestCase
   end
 
   test "fetch" do
+    stub_ticks.with("lpass --version 2> /dev/null")
     stub_ticks.with("lpass status --color never").returns("Logged in as email@example.com.")
 
     stub_ticks
@@ -63,6 +64,7 @@ class LastPassAdapterTest < SecretAdapterTestCase
   end
 
   test "fetch with from" do
+    stub_ticks.with("lpass --version 2> /dev/null")
     stub_ticks.with("lpass status --color never").returns("Logged in as email@example.com.")
 
     stub_ticks
@@ -107,6 +109,8 @@ class LastPassAdapterTest < SecretAdapterTestCase
   end
 
   test "fetch with signin" do
+    stub_ticks.with("lpass --version 2> /dev/null")
+
     stub_ticks_with("lpass status --color never", succeed: false).returns("Not logged in.")
     stub_ticks_with("lpass login email@example.com", succeed: true).returns("")
     stub_ticks.with("lpass show SECRET1 --json").returns(single_item_json)
@@ -120,6 +124,15 @@ class LastPassAdapterTest < SecretAdapterTestCase
     assert_equal expected_json, json
   end
 
+  test "fetch without CLI installed" do
+    stub_ticks_with("lpass --version 2> /dev/null", succeed: false)
+
+    error = assert_raises RuntimeError do
+      JSON.parse(shellunescape(run_command("fetch", "SECRET1", "FOLDER1/FSECRET1", "FOLDER1/FSECRET2")))
+    end
+    assert_equal "LastPass CLI is not installed", error.message
+  end
+
   private
     def run_command(*command)
       stdouted do

test/secrets/one_password_adapter_test.rb

@@ -2,6 +2,7 @@ require "test_helper"
 
 class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
   test "fetch" do
+    stub_ticks.with("op --version 2> /dev/null")
     stub_ticks.with("op account get --account myaccount 2> /dev/null")
 
     stub_ticks
@@ -56,6 +57,7 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
   end
 
   test "fetch with multiple items" do
+    stub_ticks.with("op --version 2> /dev/null")
     stub_ticks.with("op account get --account myaccount 2> /dev/null")
 
     stub_ticks
@@ -115,6 +117,8 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
   end
 
   test "fetch with signin, no session" do
+    stub_ticks.with("op --version 2> /dev/null")
+
     stub_ticks_with("op account get --account myaccount 2> /dev/null", succeed: false)
     stub_ticks_with("op signin --account \"myaccount\" --force --raw", succeed: true).returns("")
 
@@ -132,6 +136,8 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
   end
 
   test "fetch with signin and session" do
+    stub_ticks.with("op --version 2> /dev/null")
+
     stub_ticks_with("op account get --account myaccount 2> /dev/null", succeed: false)
     stub_ticks_with("op signin --account \"myaccount\" --force --raw", succeed: true).returns("1234567890")
 
@@ -148,6 +154,15 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
     assert_equal expected_json, json
   end
 
+  test "fetch without CLI installed" do
+    stub_ticks_with("op --version 2> /dev/null", succeed: false)
+
+    error = assert_raises RuntimeError do
+      JSON.parse(shellunescape(run_command("fetch", "--from", "op://myvault/myitem", "section/SECRET1", "section/SECRET2", "section2/SECRET3")))
+    end
+    assert_equal "1Password CLI is not installed", error.message
+  end
+
   private
     def run_command(*command)
       stdouted do