1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Bundle\FrameworkBundle\Tests\Command;
use PHPUnit\Framework\TestCase;
use Symfony\Bundle\FrameworkBundle\Command\SecretsEncryptFromLocalCommand;
use Symfony\Bundle\FrameworkBundle\Secrets\AbstractVault;
use Symfony\Bundle\FrameworkBundle\Secrets\SodiumVault;
use Symfony\Component\Console\Tester\CommandTester;
use Symfony\Component\Filesystem\Filesystem;
#[\PHPUnit\Framework\Attributes\RequiresPhpExtension('sodium')]
class SecretsEncryptFromLocalCommandTest extends TestCase
{
private string $vaultDir;
private string $localVaultDir;
private Filesystem $fs;
protected function setUp(): void
{
$this->vaultDir = sys_get_temp_dir().'/sf_secrets/vault_'.uniqid();
$this->localVaultDir = sys_get_temp_dir().'/sf_secrets/local_'.uniqid();
$this->fs = new Filesystem();
$this->fs->remove([$this->vaultDir, $this->localVaultDir]);
}
protected function tearDown(): void
{
$this->fs->remove([$this->vaultDir, $this->localVaultDir]);
}
public function testFailsWhenLocalVaultIsDisabled()
{
$vault = $this->createMock(AbstractVault::class);
$command = new SecretsEncryptFromLocalCommand($vault, null);
$tester = new CommandTester($command);
$this->assertSame(1, $tester->execute([]));
$this->assertStringContainsString('The local vault is disabled.', $tester->getDisplay());
}
public function testEncryptsLocalOverrides()
{
$vault = new SodiumVault($this->vaultDir);
$vault->generateKeys();
$localVault = new SodiumVault($this->localVaultDir);
$localVault->generateKeys();
$vault->seal('MY_SECRET', 'prod-value');
$localVault->seal('MY_SECRET', 'local-value');
$command = new SecretsEncryptFromLocalCommand($vault, $localVault);
$tester = new CommandTester($command);
$exitCode = $tester->execute([]);
$this->assertSame(0, $exitCode);
$revealed = $vault->reveal('MY_SECRET');
$this->assertSame('local-value', $revealed);
}
public function testDoesNotSealIfSameValue()
{
$vault = new SodiumVault($this->vaultDir);
$vault->generateKeys();
$localVault = new SodiumVault($this->localVaultDir);
$localVault->generateKeys();
$vault->seal('SHARED_SECRET', 'same-value');
$localVault->seal('SHARED_SECRET', 'same-value');
$command = new SecretsEncryptFromLocalCommand($vault, $localVault);
$tester = new CommandTester($command);
$exitCode = $tester->execute([]);
$this->assertSame(0, $exitCode);
$revealed = $vault->reveal('SHARED_SECRET');
$this->assertSame('same-value', $revealed);
}
public function testFailsIfLocalSecretIsMissing()
{
$vault = new SodiumVault($this->vaultDir);
$vault->generateKeys();
$localVault = new SodiumVault($this->localVaultDir);
$localVault->generateKeys();
$vault->seal('MISSING_IN_LOCAL', 'prod-only');
$command = new SecretsEncryptFromLocalCommand($vault, $localVault);
$tester = new CommandTester($command);
$this->assertSame(1, $tester->execute([]));
$this->assertStringContainsString('Secret "MISSING_IN_LOCAL" not found', $tester->getDisplay());
}
}
|
