git-secret/tests/test_hide.bats

306 lines
7.6 KiB
Plaintext
Raw Normal View History

2016-02-21 13:26:17 +00:00
#!/usr/bin/env bats
load _test_base
2018-07-14 19:23:17 +00:00
FILE_TO_HIDE="$TEST_DEFAULT_FILENAME"
2016-02-21 13:26:17 +00:00
FILE_CONTENTS="hidden content юникод"
function setup {
install_fixture_key "$TEST_DEFAULT_USER"
set_state_initial
2016-02-21 13:26:17 +00:00
set_state_git
set_state_secret_init
set_state_secret_tell "$TEST_DEFAULT_USER"
set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS"
}
function teardown {
rm "$FILE_TO_HIDE"
2021-05-03 16:21:33 +00:00
uninstall_fixture_key "$TEST_DEFAULT_USER"
2016-02-21 13:26:17 +00:00
unset_current_state
}
@test "run 'hide' normally" {
run git secret hide
2021-05-03 11:43:02 +00:00
# echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# Command must execute normally:
2016-02-21 13:26:17 +00:00
[ "$status" -eq 0 ]
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
2021-05-03 16:21:33 +00:00
# New file must be created:
[ -f "$(_get_encrypted_filename "$FILE_TO_HIDE")" ]
}
2021-05-03 11:43:02 +00:00
@test "run 'hide' with extra filename" {
run git secret hide extra_filename
[ "$status" -ne 0 ]
}
2021-05-03 11:43:02 +00:00
@test "run 'hide' with bad arg" {
run git secret hide -Z
[ "$status" -ne 0 ]
}
2021-05-03 11:43:02 +00:00
@test "run 'hide' normally with SECRETS_VERBOSE=1" {
2021-05-03 11:43:02 +00:00
SECRETS_VERBOSE=1 run git secret hide
2021-05-03 11:43:02 +00:00
# Command must execute normally.
[ "$status" -eq 0 ]
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
}
2021-05-03 11:43:02 +00:00
2018-08-18 14:09:58 +00:00
@test "run 'hide' with '-P'" {
# attempt to alter permissions on input file
chmod o-rwx "$FILE_TO_HIDE"
run git secret hide -P
2021-05-03 11:43:02 +00:00
# echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# Command must execute normally:
[ "$status" -eq 0 ]
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
# New files should be created:
2021-05-03 16:21:33 +00:00
local encrypted_file
encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
[ -f "$encrypted_file" ]
2019-08-30 17:17:53 +00:00
## permissions should match.
local secret_perm
2021-05-03 11:43:02 +00:00
local file_perm
file_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$FILE_TO_HIDE")
secret_perm=$($SECRETS_OCTAL_PERMS_COMMAND "$encrypted_file")
2021-05-03 11:43:02 +00:00
# echo "# '$BATS_TEST_DESCRIPTION': $secret_perm, file_perm: $file_perm" >&3
[ "$secret_perm" = "$file_perm" ]
}
2021-05-03 11:43:02 +00:00
@test "run 'hide' from inside subdirectory" {
if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then
# See #334 for more about this
skip "this test is skipped while 'git commit'"
fi
2018-07-12 13:46:49 +00:00
# Preparations:
local root_dir='test_sub_dir'
mkdir -p "$root_dir"
local second_file="$root_dir/second_file.txt"
local second_content="some content"
set_state_secret_add "$second_file" "$second_content"
# Verify that the second file is there:
[ -f "$second_file" ]
# cd into the subdir
cd "$root_dir"
# Now it should hide 2 files:
run git secret hide
2018-07-12 13:46:49 +00:00
[ "$status" -eq 0 ]
# cd back and clean up
2018-07-12 13:46:49 +00:00
cd ".."
rm -rf "$root_dir"
2018-07-12 13:46:49 +00:00
}
2021-05-03 11:43:02 +00:00
@test "run 'hide' with missing file" {
# Preparations:
2018-07-14 19:23:17 +00:00
local second_file="$TEST_SECOND_FILENAME"
local second_content="some content"
set_state_secret_add "$second_file" "$second_content"
# now remove the second file to cause failure
rm -f "$second_file"
# Now it should return an error because one file can't be found
run git secret hide
[ "$status" -ne 0 ]
[ "$output" != "git-secret: done. 2 of 2 files are hidden." ]
}
@test "run 'hide' with multiple files" {
# Preparations:
2018-07-14 19:23:17 +00:00
local second_file="$TEST_SECOND_FILENAME"
local second_content="some content"
set_state_secret_add "$second_file" "$second_content"
# Now it should hide 2 files:
run git secret hide
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
[ "$status" -eq 0 ]
[[ "$output" == *"git-secret: done. 2 of 2 files are hidden."* ]]
# Cleaning up:
rm "$second_file"
2016-02-21 13:26:17 +00:00
}
@test "run 'hide' with '-m'" {
run git secret hide -m
# Command must execute normally:
[ "$status" -eq 0 ]
2021-05-03 11:43:02 +00:00
# git secret hide -m: uses temp file so cleaning should take place,
# but we only show tmp file cleanup in VERBOSE mode
[ "${lines[0]}" = "git-secret: done. 1 of 1 files are hidden." ]
# New files should be created:
2021-05-03 16:21:33 +00:00
[ -f "$(_get_encrypted_filename "$FILE_TO_HIDE")" ]
}
@test "run 'hide' with '-m' twice" {
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
run git secret hide -m
2021-05-03 11:43:02 +00:00
# echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# Command must execute normally:
[ "$status" -eq 0 ]
2021-05-03 11:43:02 +00:00
# git secret hide -m: uses temp file so cleaning should take place,
# but we only show tmp file cleanup in VERBOSE mode
[[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]]
# back path mappings
cp "${path_mappings}" "${path_mappings}.bak"
# run hide again
run git secret hide -m
# compare
[ "$status" -eq 0 ]
[[ "${#lines[@]}" -eq 1 ]]
2021-05-03 11:43:02 +00:00
# output says 0 of 1 files are hidden because checksum didn't change
# and we didn't need to hide it again.
[[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]]
# no changes should occur to path_mappings files
cmp -s "${path_mappings}" "${path_mappings}.bak"
# New files should be created:
2021-05-03 16:21:33 +00:00
[ -f "$(_get_encrypted_filename "$FILE_TO_HIDE")" ]
}
@test "run 'hide' without then with '-m'" {
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
run git secret hide
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
# Command must execute normally:
[ "$status" -eq 0 ]
2021-05-03 11:43:02 +00:00
# git secret hide -m: uses temp file so cleaning should take place,
# but we only show tmp file cleanup in VERBOSE mode
[[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]]
# back path mappings
cp "${path_mappings}" "${path_mappings}.bak"
# run hide again
run git secret hide -m
# compare
[ "$status" -eq 0 ]
[[ "${#lines[@]}" -eq 1 ]]
2021-05-03 11:43:02 +00:00
# output says 0 of 1 files are hidden because checksum didn't change
# and we didn't need to hide it again.
[[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]]
# no changes should occur to path_mappings files
cmp -s "${path_mappings}" "${path_mappings}.bak"
# New files should be created:
2021-05-03 16:21:33 +00:00
[ -f "$(_get_encrypted_filename "$FILE_TO_HIDE")" ]
}
@test "run 'hide' with '-c' and '-v'" {
# Preparations:
2021-05-03 16:21:33 +00:00
local encrypted_filename
encrypted_filename=$(_get_encrypted_filename "$FILE_TO_HIDE")
set_state_secret_hide # so it would be data to clean
run git secret hide -v -c
2016-02-21 13:26:17 +00:00
[ "$status" -eq 0 ]
# File should be still there (it is not deletion):
[ -f "$FILE_TO_HIDE" ]
# Output should be verbose:
[[ "$output" == *"cleaning"* ]]
[[ "$output" == *"$encrypted_filename"* ]]
}
@test "run 'hide' with '-d'" {
run git secret hide -d
[ "$status" -eq 0 ]
# File must be removed:
[ ! -f "$FILE_TO_HIDE" ]
2016-02-21 13:26:17 +00:00
}
@test "run 'hide' with '-d' and '-v'" {
run git secret hide -v -d
[ "$status" -eq 0 ]
# File must be removed:
[ ! -f "$FILE_TO_HIDE" ]
# It should be verbose:
[[ "$output" == *"removing unencrypted files"* ]]
[[ "$output" == *"$FILE_TO_HIDE"* ]]
}
2016-02-21 13:26:17 +00:00
@test "run 'hide' with '-d' and '-v' and files in subdirectories" {
# Preparations:
local root_dir='test_sub_dir'
mkdir -p "$root_dir"
2018-07-14 19:23:17 +00:00
local second_file="$root_dir/$TEST_SECOND_FILENAME"
local second_content="some content"
set_state_secret_add "$second_file" "$second_content"
# Verify that the second file is there:
[ -f "$second_file" ]
# Now it should hide 2 files:
run git secret hide -v -d
[ "$status" -eq 0 ]
# File must be removed:
[ ! -f "$FILE_TO_HIDE" ]
[ ! -f "$second_file" ]
# It should be verbose:
[[ "$output" == *"removing unencrypted files"* ]]
[[ "$output" == *"$FILE_TO_HIDE"* ]]
[[ "$output" == *"$second_file"* ]]
rm -rf "$root_dir"
}
@test "run 'hide' with multiple users" {
install_fixture_key "$TEST_SECOND_USER"
set_state_secret_tell "$TEST_SECOND_USER"
2016-02-21 13:26:17 +00:00
run git secret hide
2016-02-21 13:26:17 +00:00
[ "$status" -eq 0 ]
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
2016-02-21 13:26:17 +00:00
}