mirror of
https://github.com/opentofu/opentofu.git
synced 2025-02-20 11:48:24 -06:00
01a6bd7592
* Add a new data provider to decrypt AWS KMS secrets * Address feedback * Rename aws_kms_secrets to aws_kms_secret * Add more examples to the documentation
97 lines
2.6 KiB
Go
97 lines
2.6 KiB
Go
package aws
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
"github.com/aws/aws-sdk-go/service/kms"
|
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
)
|
|
|
|
func TestAccAWSKmsSecretDataSource_basic(t *testing.T) {
|
|
// Run a resource test to setup our KMS key
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
Steps: []resource.TestStep{
|
|
{
|
|
Config: testAccCheckAwsKmsSecretDataSourceKey,
|
|
Check: func(s *terraform.State) error {
|
|
encryptedPayload, err := testAccCheckAwsKmsSecretDataSourceCheckKeySetup(s)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// We run the actual test on our data source nested in the
|
|
// Check function of the KMS key so we can access the
|
|
// encrypted output, above, and so that the key will be
|
|
// deleted at the end of the test
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
Steps: []resource.TestStep{
|
|
{
|
|
Config: fmt.Sprintf(testAccCheckAwsKmsSecretDataSourceSecret, encryptedPayload),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
resource.TestCheckResourceAttr("data.aws_kms_secret.testing", "secret_name", "PAYLOAD"),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
|
|
return nil
|
|
},
|
|
},
|
|
},
|
|
})
|
|
|
|
}
|
|
|
|
func testAccCheckAwsKmsSecretDataSourceCheckKeySetup(s *terraform.State) (string, error) {
|
|
rs, ok := s.RootModule().Resources["aws_kms_key.terraform_data_source_testing"]
|
|
if !ok {
|
|
return "", fmt.Errorf("Failed to setup a KMS key for data source testing!")
|
|
}
|
|
|
|
// Now that the key is setup encrypt a string using it
|
|
// XXX TODO: Set up and test with grants
|
|
params := &kms.EncryptInput{
|
|
KeyId: aws.String(rs.Primary.Attributes["arn"]),
|
|
Plaintext: []byte("PAYLOAD"),
|
|
EncryptionContext: map[string]*string{
|
|
"name": aws.String("value"),
|
|
},
|
|
}
|
|
|
|
kmsconn := testAccProvider.Meta().(*AWSClient).kmsconn
|
|
resp, err := kmsconn.Encrypt(params)
|
|
if err != nil {
|
|
return "", fmt.Errorf("Failed encrypting string with KMS for data source testing: %s", err)
|
|
}
|
|
|
|
return base64.StdEncoding.EncodeToString(resp.CiphertextBlob), nil
|
|
}
|
|
|
|
const testAccCheckAwsKmsSecretDataSourceKey = `
|
|
resource "aws_kms_key" "terraform_data_source_testing" {
|
|
description = "Testing the Terraform AWS KMS Secret data_source"
|
|
}
|
|
`
|
|
|
|
const testAccCheckAwsKmsSecretDataSourceSecret = `
|
|
data "aws_kms_secret" "testing" {
|
|
secret {
|
|
name = "secret_name"
|
|
payload = "%s"
|
|
|
|
context {
|
|
name = "value"
|
|
}
|
|
}
|
|
}
|
|
`
|