@@ -155,6 +155,90 @@ func TestKeychain(t *testing.T) {
155155 assert .EqualValues (t , expected , actual )
156156 })
157157
158+ t .Run ("filter credentials" , func (t * testing.T ) {
159+ ks := setupKeychain (t , nil )
160+ moreCreds := map [string ]* mocks.MockCredential {
161+ "com.test.test/test/bob" : {
162+ Username : "bob" ,
163+ Password : "bob-password" ,
164+ Attributes : map [string ]string {
165+ "role" : "admin" ,
166+ "favcolor" : "green" ,
167+ },
168+ },
169+ "com.test.test/test/jeff" : {
170+ Username : "jeff" ,
171+ Password : "jeff-password" ,
172+ },
173+ "com.test.test/test/pete" : {
174+ Username : "pete" ,
175+ Password : "pete-password" ,
176+ Attributes : map [string ]string {
177+ "role" : "maintainer" ,
178+ "favcolor" : "green" ,
179+ },
180+ },
181+ "com.test.test2/test2/bob" : {
182+ Username : "bob" ,
183+ Password : "bob-password" ,
184+ Attributes : map [string ]string {
185+ "role" : "admin" ,
186+ "favcolor" : "green" ,
187+ },
188+ },
189+ }
190+ for id , anotherCred := range moreCreds {
191+ require .NoError (t , ks .Save (t .Context (), store .MustParseID (id ), anotherCred ))
192+ }
193+
194+ t .Cleanup (func () {
195+ for id := range moreCreds {
196+ assert .NoError (t , ks .Delete (t .Context (), store .MustParseID (id )))
197+ }
198+ })
199+
200+ t .Run ("can use recursive pattern" , func (t * testing.T ) {
201+ actual , err := ks .Filter (t .Context (), store .MustParsePattern ("com.test.test/**" ))
202+ require .NoError (t , err )
203+ assert .Len (t , actual , 3 )
204+ })
205+
206+ t .Run ("can use subset pattern" , func (t * testing.T ) {
207+ actual , err := ks .Filter (t .Context (), store .MustParsePattern ("com.test.test/test/*" ))
208+ require .NoError (t , err )
209+ assert .Len (t , actual , 3 )
210+ })
211+
212+ t .Run ("can use serviceName only in pattern" , func (t * testing.T ) {
213+ actual , err := ks .Filter (t .Context (), store .MustParsePattern ("*/test/*" ))
214+ require .NoError (t , err )
215+ assert .Len (t , actual , 3 )
216+ })
217+
218+ t .Run ("can match on only username in pattern" , func (t * testing.T ) {
219+ result , err := ks .Filter (t .Context (), store .MustParsePattern ("**/bob" ))
220+ require .NoError (t , err )
221+ assert .Len (t , result , 2 )
222+ actual := make (map [string ]* mocks.MockCredential )
223+ for k , v := range result {
224+ actual [k ] = v .(* mocks.MockCredential )
225+ }
226+ assert .Len (t , actual , 2 )
227+ expected := make (map [string ]* mocks.MockCredential )
228+ expected ["com.test.test/test/bob" ] = moreCreds ["com.test.test/test/bob" ]
229+ expected ["com.test.test2/test2/bob" ] = moreCreds ["com.test.test2/test2/bob" ]
230+ assert .EqualValues (t , expected , actual )
231+ })
232+
233+ t .Run ("exact id match should still return exactly one secret" , func (t * testing.T ) {
234+ actual , err := ks .Filter (t .Context (), store .MustParsePattern ("com.test.test/test/pete" ))
235+ require .NoError (t , err )
236+ assert .Len (t , actual , 1 )
237+ _ , ok := actual ["com.test.test/test/pete" ]
238+ assert .True (t , ok )
239+ })
240+ })
241+
158242 t .Run ("delete credential" , func (t * testing.T ) {
159243 ks := setupKeychain (t , nil )
160244 id := store .MustParseID ("com.test.test/test/bob" )
@@ -210,11 +294,46 @@ func TestKeychain(t *testing.T) {
210294 })
211295}
212296
297+ func TestSafelySetID (t * testing.T ) {
298+ t .Run ("can set id in attributes" , func (t * testing.T ) {
299+ attributes := map [string ]string {
300+ "color" : "blue" ,
301+ "game" : "elden ring" ,
302+ "id" : "avoid clash" ,
303+ "x_already-prefixed" : "prefixed" ,
304+ }
305+ safelySetID (store .MustParseID ("username" ), attributes )
306+ assert .EqualValues (t , map [string ]string {
307+ "color" : "blue" ,
308+ "game" : "elden ring" ,
309+ "x_already-prefixed" : "prefixed" ,
310+ "x_id" : "avoid clash" ,
311+ secretIDKey : "username" ,
312+ }, attributes )
313+ })
314+ t .Run ("can clean id from attributes" , func (t * testing.T ) {
315+ attributes := map [string ]string {
316+ "x_color" : "blue" ,
317+ "x_game" : "elden ring" ,
318+ "x_already-prefixed" : "prefixed" ,
319+ "x_id" : "avoid clash" ,
320+ secretIDKey : "username" ,
321+ }
322+ safelyCleanMetadata (attributes )
323+ assert .EqualValues (t , map [string ]string {
324+ "color" : "blue" ,
325+ "game" : "elden ring" ,
326+ "already-prefixed" : "prefixed" ,
327+ "id" : "avoid clash" ,
328+ }, attributes )
329+ })
330+ }
331+
213332func TestSafelySetMetadata (t * testing.T ) {
214- kc := & keychainStore [ * mocks. MockCredential ]{
215- serviceGroup : "com.test.test" ,
216- serviceName : "test" ,
217- }
333+ var (
334+ serviceGroup = "com.test.test"
335+ serviceName = "test"
336+ )
218337
219338 t .Run ("avoid clashing by adding prefix" , func (t * testing.T ) {
220339 attributes := map [string ]string {
@@ -223,13 +342,12 @@ func TestSafelySetMetadata(t *testing.T) {
223342 "id" : "avoid clash" ,
224343 "x_already-prefixed" : "prefixed" ,
225344 }
226- kc . safelySetMetadata ("username" , attributes )
345+ safelySetMetadata (serviceGroup , serviceName , attributes )
227346 assert .EqualValues (t , map [string ]string {
228347 "x_color" : "blue" ,
229348 "x_game" : "elden ring" ,
230349 "x_id" : "avoid clash" ,
231350 "x_x_already-prefixed" : "prefixed" ,
232- secretIDKey : "username" ,
233351 serviceGroupKey : "com.test.test" ,
234352 serviceNameKey : "test" ,
235353 }, attributes )
@@ -239,7 +357,7 @@ func TestSafelySetMetadata(t *testing.T) {
239357 attributes := map [string ]string {
240358 "" : "something" ,
241359 }
242- kc . safelySetMetadata ("" , attributes )
360+ safelySetMetadata (serviceGroup , serviceName , attributes )
243361 assert .EqualValues (t , map [string ]string {
244362 "x_" : "something" ,
245363 serviceGroupKey : "com.test.test" ,
@@ -249,17 +367,16 @@ func TestSafelySetMetadata(t *testing.T) {
249367
250368 t .Run ("empty map will get internal data added" , func (t * testing.T ) {
251369 attributes := map [string ]string {}
252- kc . safelySetMetadata ("username" , attributes )
370+ safelySetMetadata (serviceGroup , serviceName , attributes )
253371 assert .EqualValues (t , map [string ]string {
254- secretIDKey : "username" ,
255372 serviceGroupKey : "com.test.test" ,
256373 serviceNameKey : "test" ,
257374 }, attributes )
258375 })
259376
260377 t .Run ("empty id parameter won't add the id attribute" , func (t * testing.T ) {
261378 attributes := map [string ]string {}
262- kc . safelySetMetadata ("" , attributes )
379+ safelySetMetadata (serviceGroup , serviceName , attributes )
263380 assert .EqualValues (t , map [string ]string {
264381 serviceGroupKey : "com.test.test" ,
265382 serviceNameKey : "test" ,
@@ -268,10 +385,6 @@ func TestSafelySetMetadata(t *testing.T) {
268385}
269386
270387func TestSafelyCleanMetadata (t * testing.T ) {
271- kc := & keychainStore [* mocks.MockCredential ]{
272- serviceGroup : "com.test.test" ,
273- serviceName : "test" ,
274- }
275388 t .Run ("can remove prefix and internal metadata" , func (t * testing.T ) {
276389 attributes := map [string ]string {
277390 "x_color" : "blue" ,
@@ -282,17 +395,18 @@ func TestSafelyCleanMetadata(t *testing.T) {
282395 serviceGroupKey : "com.test.test" ,
283396 serviceNameKey : "test" ,
284397 }
285- kc . safelyCleanMetadata (attributes )
398+ safelyCleanMetadata (attributes )
286399 assert .EqualValues (t , map [string ]string {
287400 "color" : "blue" ,
288401 "game" : "elden ring" ,
289402 "x_already-prefixed" : "prefixed" ,
290403 "id" : "avoid clash" ,
291404 }, attributes )
292405 })
406+
293407 t .Run ("empty map won't cause any panics" , func (t * testing.T ) {
294408 attributes := make (map [string ]string )
295- kc . safelyCleanMetadata (attributes )
409+ safelyCleanMetadata (attributes )
296410 assert .Empty (t , attributes )
297411 })
298412
@@ -302,7 +416,7 @@ func TestSafelyCleanMetadata(t *testing.T) {
302416 serviceGroupKey : "com.test.test" ,
303417 serviceNameKey : "test" ,
304418 }
305- kc . safelyCleanMetadata (attributes )
419+ safelyCleanMetadata (attributes )
306420 assert .Empty (t , attributes )
307421 })
308422
@@ -316,43 +430,9 @@ func TestSafelyCleanMetadata(t *testing.T) {
316430 // have prefixed key's with 'x_'
317431 "xdg:scheme" : "org.freedesktop.Secret.Generic" ,
318432 }
319- kc . safelyCleanMetadata (attributes )
433+ safelyCleanMetadata (attributes )
320434 assert .EqualValues (t , map [string ]string {
321435 "something" : "something" ,
322436 }, attributes )
323437 })
324438}
325-
326- func TestInternalMetadata (t * testing.T ) {
327- kc := & keychainStore [* mocks.MockCredential ]{
328- serviceGroup : "com.test.test" ,
329- serviceName : "test" ,
330- }
331-
332- t .Run ("metadata can safely be set and cleaned afterwards" , func (t * testing.T ) {
333- attributes := map [string ]string {
334- "color" : "blue" ,
335- "game" : "elden ring" ,
336- "id" : "avoid clash" ,
337- "x_already-prefixed" : "prefixed" ,
338- }
339- kc .safelySetMetadata ("username" , attributes )
340- assert .EqualValues (t , map [string ]string {
341- "x_color" : "blue" ,
342- "x_game" : "elden ring" ,
343- "x_id" : "avoid clash" ,
344- "x_x_already-prefixed" : "prefixed" ,
345- secretIDKey : "username" ,
346- serviceGroupKey : "com.test.test" ,
347- serviceNameKey : "test" ,
348- }, attributes )
349-
350- kc .safelyCleanMetadata (attributes )
351- assert .EqualValues (t , map [string ]string {
352- "color" : "blue" ,
353- "game" : "elden ring" ,
354- "x_already-prefixed" : "prefixed" ,
355- "id" : "avoid clash" ,
356- }, attributes )
357- })
358- }
0 commit comments