2024-12-13 14:38:58 +00:00
|
|
|
package secrets_test
|
2023-05-26 12:46:08 +00:00
|
|
|
|
|
|
|
import (
|
2023-07-05 15:30:54 +00:00
|
|
|
"context"
|
|
|
|
"encoding/base64"
|
|
|
|
"fmt"
|
2023-05-26 12:46:08 +00:00
|
|
|
"testing"
|
|
|
|
|
2023-07-05 15:30:54 +00:00
|
|
|
"github.com/databricks/cli/internal/acc"
|
2024-12-12 16:48:51 +00:00
|
|
|
"github.com/databricks/cli/internal/testcli"
|
2024-12-12 12:35:38 +00:00
|
|
|
"github.com/databricks/cli/internal/testutil"
|
2023-07-05 15:30:54 +00:00
|
|
|
"github.com/databricks/databricks-sdk-go/service/workspace"
|
2023-05-26 12:46:08 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
2023-07-05 15:30:54 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2023-05-26 12:46:08 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestSecretsCreateScopeErrWhenNoArguments(t *testing.T) {
|
2024-12-16 11:34:37 +00:00
|
|
|
ctx := context.Background()
|
|
|
|
_, _, err := testcli.RequireErrorRun(t, ctx, "secrets", "create-scope")
|
2024-03-12 14:12:34 +00:00
|
|
|
assert.Contains(t, err.Error(), "accepts 1 arg(s), received 0")
|
2023-05-26 12:46:08 +00:00
|
|
|
}
|
2023-07-05 15:30:54 +00:00
|
|
|
|
|
|
|
func temporarySecretScope(ctx context.Context, t *acc.WorkspaceT) string {
|
2024-12-12 12:35:38 +00:00
|
|
|
scope := testutil.RandomName("cli-acc-")
|
2023-07-05 15:30:54 +00:00
|
|
|
err := t.W.Secrets.CreateScope(ctx, workspace.CreateScope{
|
|
|
|
Scope: scope,
|
|
|
|
})
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
// Delete the scope after the test.
|
|
|
|
t.Cleanup(func() {
|
|
|
|
err := t.W.Secrets.DeleteScopeByScope(ctx, scope)
|
|
|
|
require.NoError(t, err)
|
|
|
|
})
|
|
|
|
|
|
|
|
return scope
|
|
|
|
}
|
|
|
|
|
|
|
|
func assertSecretStringValue(t *acc.WorkspaceT, scope, key, expected string) {
|
|
|
|
out, err := t.RunPython(fmt.Sprintf(`
|
|
|
|
import base64
|
|
|
|
value = dbutils.secrets.get(scope="%s", key="%s")
|
|
|
|
encoded_value = base64.b64encode(value.encode('utf-8'))
|
|
|
|
print(encoded_value.decode('utf-8'))
|
|
|
|
`, scope, key))
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
decoded, err := base64.StdEncoding.DecodeString(out)
|
|
|
|
require.NoError(t, err)
|
|
|
|
assert.Equal(t, expected, string(decoded))
|
|
|
|
}
|
|
|
|
|
|
|
|
func assertSecretBytesValue(t *acc.WorkspaceT, scope, key string, expected []byte) {
|
|
|
|
out, err := t.RunPython(fmt.Sprintf(`
|
|
|
|
import base64
|
|
|
|
value = dbutils.secrets.getBytes(scope="%s", key="%s")
|
|
|
|
encoded_value = base64.b64encode(value)
|
|
|
|
print(encoded_value.decode('utf-8'))
|
|
|
|
`, scope, key))
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
decoded, err := base64.StdEncoding.DecodeString(out)
|
|
|
|
require.NoError(t, err)
|
|
|
|
assert.Equal(t, expected, decoded)
|
|
|
|
}
|
|
|
|
|
2024-12-13 14:47:50 +00:00
|
|
|
func TestSecretsPutSecretStringValue(tt *testing.T) {
|
2023-07-05 15:30:54 +00:00
|
|
|
ctx, t := acc.WorkspaceTest(tt)
|
|
|
|
scope := temporarySecretScope(ctx, t)
|
|
|
|
key := "test-key"
|
|
|
|
value := "test-value\nwith-newlines\n"
|
|
|
|
|
2024-12-16 11:34:37 +00:00
|
|
|
stdout, stderr := testcli.RequireSuccessfulRun(t, ctx, "secrets", "put-secret", scope, key, "--string-value", value)
|
2023-07-05 15:30:54 +00:00
|
|
|
assert.Empty(t, stdout)
|
|
|
|
assert.Empty(t, stderr)
|
|
|
|
|
|
|
|
assertSecretStringValue(t, scope, key, value)
|
|
|
|
assertSecretBytesValue(t, scope, key, []byte(value))
|
|
|
|
}
|
|
|
|
|
2024-12-13 14:47:50 +00:00
|
|
|
func TestSecretsPutSecretBytesValue(tt *testing.T) {
|
2023-07-05 15:30:54 +00:00
|
|
|
ctx, t := acc.WorkspaceTest(tt)
|
|
|
|
scope := temporarySecretScope(ctx, t)
|
|
|
|
key := "test-key"
|
|
|
|
value := []byte{0x00, 0x01, 0x02, 0x03}
|
|
|
|
|
2024-12-16 11:34:37 +00:00
|
|
|
stdout, stderr := testcli.RequireSuccessfulRun(t, ctx, "secrets", "put-secret", scope, key, "--bytes-value", string(value))
|
2023-07-05 15:30:54 +00:00
|
|
|
assert.Empty(t, stdout)
|
|
|
|
assert.Empty(t, stderr)
|
|
|
|
|
|
|
|
// Note: this value cannot be represented as Python string,
|
|
|
|
// so we only check equality through the dbutils.secrets.getBytes API.
|
|
|
|
assertSecretBytesValue(t, scope, key, value)
|
|
|
|
}
|