diff --git a/pkg/server/plugin/keymanager/awskms/awskms_test.go b/pkg/server/plugin/keymanager/awskms/awskms_test.go index 8002de0c3..3d73eaaea 100644 --- a/pkg/server/plugin/keymanager/awskms/awskms_test.go +++ b/pkg/server/plugin/keymanager/awskms/awskms_test.go @@ -126,7 +126,7 @@ type pluginTest struct { clockHook *clock.Mock } -func setupTest(t *testing.T, trustDomain string, pluginConfig string) *pluginTest { +func setupTest(t *testing.T) *pluginTest { log, logHook := test.NewNullLogger() log.Level = logrus.DebugLevel @@ -138,12 +138,7 @@ func setupTest(t *testing.T, trustDomain string, pluginConfig string) *pluginTes func(aws.Config) (stsClient, error) { return fakeSTSClient, nil }, ) km := new(keymanager.V1) - plugintest.Load(t, builtin(p), km, plugintest.CoreConfig(catalog.CoreConfig{ - TrustDomain: spiffeid.RequireTrustDomainFromString(trustDomain), - }), - plugintest.Configure(pluginConfig), - plugintest.Log(log)) - + plugintest.Load(t, builtin(p), km, plugintest.Log(log)) p.hooks.clk = c return &pluginTest{ @@ -159,7 +154,6 @@ func TestConfigure(t *testing.T) { for _, tt := range []struct { name string trustDomain string - pluginConf string err string code codes.Code configureRequest *configv1.ConfigureRequest @@ -171,7 +165,6 @@ func TestConfigure(t *testing.T) { { name: "pass with keys", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), fakeEntries: []fakeKeyEntry{ { @@ -221,37 +214,31 @@ func TestConfigure(t *testing.T) { { name: "pass without keys", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), }, { name: "pass with key identifier file", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithVars("", "secret_access_key", "region", KeyIdentifierFile, getKeyIdentifierFile(t), ""), }, { name: "pass with key identifier value", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithVars("", "secret_access_key", "region", KeyIdentifierValue, "server-id", ""), }, { name: "missing access key id", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithVars("", "secret_access_key", "region", KeyIdentifierFile, getKeyIdentifierFile(t), ""), }, { name: "missing secret access key", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithVars("access_key", "", "region", KeyIdentifierFile, getKeyIdentifierFile(t), ""), }, { name: "missing region", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithVars("access_key_id", "secret_access_key", "", KeyIdentifierFile, getKeyIdentifierFile(t), ""), err: "configuration is missing a region", code: codes.InvalidArgument, @@ -259,7 +246,6 @@ func TestConfigure(t *testing.T) { { name: "missing key identifier file and key identifier value", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithVars("access_key_id", "secret_access_key", "region", KeyIdentifierFile, "", ""), err: "configuration requires a key identifier file or a key identifier value", code: codes.InvalidArgument, @@ -267,7 +253,6 @@ func TestConfigure(t *testing.T) { { name: "both key identifier file and key identifier value", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithString(`{"access_key_id":"access_key_id","secret_access_key":"secret_access_key","region":"region","key_identifier_file":"key_identifier_file","key_identifier_value":"key_identifier_value","key_policy_file":""}`), err: "configuration can't have a key identifier file and a key identifier value at the same time", code: codes.InvalidArgument, @@ -275,7 +260,6 @@ func TestConfigure(t *testing.T) { { name: "key identifier value invalid character", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithString(`{"access_key_id":"access_key_id","secret_access_key":"secret_access_key","region":"region","key_identifier_value":"@key_identifier_value@","key_policy_file":""}`), err: "Key identifier must contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-)", code: codes.InvalidArgument, @@ -283,7 +267,6 @@ func TestConfigure(t *testing.T) { { name: "key identifier value too long", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithString(`{"access_key_id":"access_key_id","secret_access_key":"secret_access_key","region":"region","key_identifier_value":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA","key_policy_file":""}`), err: "Key identifier must not be longer than 256 characters", code: codes.InvalidArgument, @@ -291,7 +274,6 @@ func TestConfigure(t *testing.T) { { name: "key identifier value starts with illegal alias", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithString(`{"access_key_id":"access_key_id","secret_access_key":"secret_access_key","region":"region","key_identifier_value":"alias/aws/key_identifier_value","key_policy_file":""}`), err: "Key identifier must not start with alias/aws/", code: codes.InvalidArgument, @@ -299,7 +281,6 @@ func TestConfigure(t *testing.T) { { name: "custom policy file does not exists", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithVars("access_key", "secret_access_key", "region", KeyIdentifierFile, getEmptyKeyIdentifierFile(t), "non-existent-file.json"), err: fmt.Sprintf("failed to read file configured in 'key_policy_file': open non-existent-file.json: %s", spiretest.FileNotFound()), code: codes.Internal, @@ -307,19 +288,16 @@ func TestConfigure(t *testing.T) { { name: "use custom policy file", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithVars("access_key", "secret_access_key", "region", KeyIdentifierFile, getEmptyKeyIdentifierFile(t), getCustomPolicyFile(t)), }, { name: "new server id file path", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithVars("access_key_id", "secret_access_key", "region", KeyIdentifierFile, getEmptyKeyIdentifierFile(t), ""), }, { name: "decode error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithString("{ malformed json }"), err: "unable to decode configuration: 1:11: illegal char", code: codes.InvalidArgument, @@ -327,7 +305,6 @@ func TestConfigure(t *testing.T) { { name: "list aliases error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "failed to fetch aliases: fake list aliases error", code: codes.Internal, configureRequest: configureRequestWithDefaults(t), @@ -336,7 +313,6 @@ func TestConfigure(t *testing.T) { { name: "describe key error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "failed to describe key: describe key error", code: codes.Internal, configureRequest: configureRequestWithDefaults(t), @@ -354,7 +330,6 @@ func TestConfigure(t *testing.T) { { name: "unsupported key error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "unsupported key spec: unsupported key spec", code: codes.Internal, configureRequest: configureRequestWithDefaults(t), @@ -371,7 +346,6 @@ func TestConfigure(t *testing.T) { { name: "get public key error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "failed to fetch aliases: failed to get public key: get public key error", code: codes.Internal, configureRequest: configureRequestWithDefaults(t), @@ -390,7 +364,6 @@ func TestConfigure(t *testing.T) { { name: "disabled key", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "failed to fetch aliases: found disabled SPIRE key: \"arn:aws:kms:region:1234:key/abcd-fghi\", alias: \"arn:aws:kms:region:1234:alias/SPIRE_SERVER/test_example_org/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/spireKeyID\"", code: codes.FailedPrecondition, configureRequest: configureRequestWithDefaults(t), @@ -408,7 +381,7 @@ func TestConfigure(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { // setup - ts := setupTest(t, tt.trustDomain, tt.pluginConf) + ts := setupTest(t) ts.fakeKMSClient.setEntries(tt.fakeEntries) ts.fakeKMSClient.setListAliasesErr(tt.listAliasesErr) ts.fakeKMSClient.setDescribeKeyErr(tt.describeKeyErr) @@ -431,7 +404,6 @@ func TestGenerateKey(t *testing.T) { for _, tt := range []struct { name string trustDomain string - pluginConf string err string code codes.Code logs []spiretest.LogEntry @@ -452,7 +424,6 @@ func TestGenerateKey(t *testing.T) { { name: "success: non existing key", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_EC_P256, @@ -461,7 +432,6 @@ func TestGenerateKey(t *testing.T) { { name: "success: non existing key with special characters", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: "bundle-acme-foo.bar+rsa", KeyType: keymanagerv1.KeyType_EC_P256, @@ -470,7 +440,6 @@ func TestGenerateKey(t *testing.T) { { name: "success: non existing key with default SPIRE policy and assumed role", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_EC_P256, @@ -483,7 +452,6 @@ func TestGenerateKey(t *testing.T) { { name: "success: non existing key with custom policy", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_EC_P256, @@ -496,7 +464,6 @@ func TestGenerateKey(t *testing.T) { { name: "success: replace old key", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_EC_P256, @@ -525,7 +492,6 @@ func TestGenerateKey(t *testing.T) { { name: "success: replace old key with special characters", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: "bundle-acme-foo.bar+rsa", KeyType: keymanagerv1.KeyType_EC_P256, @@ -554,7 +520,6 @@ func TestGenerateKey(t *testing.T) { { name: "success: EC 384", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_EC_P384, @@ -563,7 +528,6 @@ func TestGenerateKey(t *testing.T) { { name: "success: RSA 2048", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_RSA_2048, @@ -572,7 +536,6 @@ func TestGenerateKey(t *testing.T) { { name: "success: RSA 4096", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_RSA_4096, @@ -581,7 +544,6 @@ func TestGenerateKey(t *testing.T) { { name: "missing key id", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: "", KeyType: keymanagerv1.KeyType_EC_P256, @@ -592,7 +554,6 @@ func TestGenerateKey(t *testing.T) { { name: "missing key type", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_UNSPECIFIED_KEY_TYPE, @@ -603,7 +564,6 @@ func TestGenerateKey(t *testing.T) { { name: "create key error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "failed to create key: something went wrong", code: codes.Internal, createKeyErr: "something went wrong", @@ -615,7 +575,6 @@ func TestGenerateKey(t *testing.T) { { name: "create alias error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "failed to create alias: something went wrong", code: codes.Internal, createAliasErr: "something went wrong", @@ -627,7 +586,6 @@ func TestGenerateKey(t *testing.T) { { name: "update alias error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "failed to update alias: something went wrong", code: codes.Internal, updateAliasErr: "something went wrong", @@ -648,7 +606,6 @@ func TestGenerateKey(t *testing.T) { { name: "get public key error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "failed to get public key: public key error", code: codes.Internal, getPublicKeyErr: "public key error", @@ -660,7 +617,6 @@ func TestGenerateKey(t *testing.T) { { name: "schedule delete not found error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_EC_P256, @@ -690,7 +646,6 @@ func TestGenerateKey(t *testing.T) { { name: "invalid arn error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_EC_P256, @@ -720,7 +675,6 @@ func TestGenerateKey(t *testing.T) { { name: "invalid key state error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_EC_P256, @@ -750,7 +704,6 @@ func TestGenerateKey(t *testing.T) { { name: "schedule key deletion error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", scheduleKeyDeletionErr: errors.New("schedule key deletion error"), request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, @@ -787,7 +740,6 @@ func TestGenerateKey(t *testing.T) { { name: "fail to get caller identity", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_EC_P256, @@ -800,7 +752,6 @@ func TestGenerateKey(t *testing.T) { { name: "incomplete ARN", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_EC_P256, @@ -817,7 +768,6 @@ func TestGenerateKey(t *testing.T) { { name: "missing role in ARN", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.GenerateKeyRequest{ KeyId: spireKeyID, KeyType: keymanagerv1.KeyType_EC_P256, @@ -835,7 +785,7 @@ func TestGenerateKey(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { // setup - ts := setupTest(t, tt.trustDomain, tt.pluginConf) + ts := setupTest(t) ts.fakeKMSClient.setEntries(tt.fakeEntries) ts.fakeKMSClient.setCreateKeyErr(tt.createKeyErr) ts.fakeKMSClient.setCreateAliasesErr(tt.createAliasErr) @@ -899,7 +849,6 @@ func TestSignData(t *testing.T) { for _, tt := range []struct { name string trustDomain string - pluginConf string request *keymanagerv1.SignDataRequest generateKeyRequest *keymanagerv1.GenerateKeyRequest err string @@ -909,7 +858,6 @@ func TestSignData(t *testing.T) { { name: "pass EC SHA256", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum256[:], @@ -925,7 +873,6 @@ func TestSignData(t *testing.T) { { name: "pass EC SHA384", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum384[:], @@ -941,7 +888,6 @@ func TestSignData(t *testing.T) { { name: "pass RSA 2048 SHA 256", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum256[:], @@ -957,7 +903,6 @@ func TestSignData(t *testing.T) { { name: "pass RSA 2048 SHA 384", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum384[:], @@ -973,7 +918,6 @@ func TestSignData(t *testing.T) { { name: "pass RSA 2048 SHA 512", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum512[:], @@ -989,7 +933,6 @@ func TestSignData(t *testing.T) { { name: "pass RSA PSS 2048 SHA 256", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum256[:], @@ -1008,7 +951,6 @@ func TestSignData(t *testing.T) { { name: "pass RSA PSS 2048 SHA 384", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum384[:], @@ -1027,7 +969,6 @@ func TestSignData(t *testing.T) { { name: "pass RSA PSS 2048 SHA 512", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum512[:], @@ -1046,7 +987,6 @@ func TestSignData(t *testing.T) { { name: "pass RSA 4096 SHA 256", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum256[:], @@ -1062,7 +1002,6 @@ func TestSignData(t *testing.T) { { name: "pass RSA PSS 4096 SHA 256", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum256[:], @@ -1081,7 +1020,6 @@ func TestSignData(t *testing.T) { { name: "missing key id", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: "", Data: sum256[:], @@ -1095,7 +1033,6 @@ func TestSignData(t *testing.T) { { name: "missing key signer opts", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum256[:], @@ -1106,7 +1043,6 @@ func TestSignData(t *testing.T) { { name: "missing hash algorithm", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum256[:], @@ -1124,7 +1060,6 @@ func TestSignData(t *testing.T) { { name: "unsupported combination", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum512[:], @@ -1142,7 +1077,6 @@ func TestSignData(t *testing.T) { { name: "non existing key", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: "does_not_exists", Data: sum256[:], @@ -1156,7 +1090,6 @@ func TestSignData(t *testing.T) { { name: "pss options nil", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", request: &keymanagerv1.SignDataRequest{ KeyId: spireKeyID, Data: sum256[:], @@ -1174,7 +1107,6 @@ func TestSignData(t *testing.T) { { name: "sign error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "failed to sign: sign error", code: codes.Internal, signDataError: "sign error", @@ -1194,7 +1126,7 @@ func TestSignData(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { // setup - ts := setupTest(t, tt.trustDomain, tt.pluginConf) + ts := setupTest(t) ts.fakeKMSClient.setSignDataErr(tt.signDataError) _, err := ts.plugin.Configure(ctx, configureRequestWithDefaults(t)) require.NoError(t, err) @@ -1218,7 +1150,6 @@ func TestGetPublicKey(t *testing.T) { for _, tt := range []struct { name string trustDomain string - pluginConf string err string code codes.Code fakeEntries []fakeKeyEntry @@ -1228,7 +1159,6 @@ func TestGetPublicKey(t *testing.T) { { name: "existing key", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", keyID: spireKeyID, fakeEntries: []fakeKeyEntry{ { @@ -1243,7 +1173,6 @@ func TestGetPublicKey(t *testing.T) { { name: "existing key with special characters", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", keyID: "bundle-acme-foo.bar+rsa", fakeEntries: []fakeKeyEntry{ { @@ -1258,7 +1187,6 @@ func TestGetPublicKey(t *testing.T) { { name: "non existing key", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "key \"spireKeyID\" not found", code: codes.NotFound, keyID: spireKeyID, @@ -1266,7 +1194,6 @@ func TestGetPublicKey(t *testing.T) { { name: "missing key id", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", err: "key id is required", code: codes.InvalidArgument, }, @@ -1274,7 +1201,7 @@ func TestGetPublicKey(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { // setup - ts := setupTest(t, tt.trustDomain, tt.pluginConf) + ts := setupTest(t) ts.fakeKMSClient.setEntries(tt.fakeEntries) _, err := ts.plugin.Configure(ctx, configureRequestWithDefaults(t)) @@ -1298,14 +1225,12 @@ func TestGetPublicKeys(t *testing.T) { for _, tt := range []struct { name string trustDomain string - pluginConf string err string fakeEntries []fakeKeyEntry }{ { name: "existing key", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", fakeEntries: []fakeKeyEntry{ { AliasName: aws.String(aliasName), @@ -1319,13 +1244,12 @@ func TestGetPublicKeys(t *testing.T) { { name: "non existing keys", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", }, } { tt := tt t.Run(tt.name, func(t *testing.T) { // setup - ts := setupTest(t, tt.trustDomain, tt.pluginConf) + ts := setupTest(t) ts.fakeKMSClient.setEntries(tt.fakeEntries) _, err := ts.plugin.Configure(ctx, configureRequestWithDefaults(t)) require.NoError(t, err) @@ -1350,7 +1274,6 @@ func TestRefreshAliases(t *testing.T) { for _, tt := range []struct { name string trustDomain string - pluginConf string configureRequest *configv1.ConfigureRequest err string fakeEntries []fakeKeyEntry @@ -1360,7 +1283,6 @@ func TestRefreshAliases(t *testing.T) { { name: "refresh aliases error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), err: "update failure", updateAliasErr: "update failure", @@ -1379,7 +1301,6 @@ func TestRefreshAliases(t *testing.T) { { name: "refresh aliases succeeds", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), fakeEntries: []fakeKeyEntry{ { @@ -1503,7 +1424,7 @@ func TestRefreshAliases(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { // setup - ts := setupTest(t, tt.trustDomain, tt.pluginConf) + ts := setupTest(t) ts.fakeKMSClient.setEntries(tt.fakeEntries) ts.fakeKMSClient.setUpdateAliasErr(tt.updateAliasErr) refreshAliasesSignal := make(chan error) @@ -1554,7 +1475,6 @@ func TestDisposeAliases(t *testing.T) { for _, tt := range []struct { name string trustDomain string - pluginConf string configureRequest *configv1.ConfigureRequest err string fakeEntries []fakeKeyEntry @@ -1566,7 +1486,6 @@ func TestDisposeAliases(t *testing.T) { { name: "dispose aliases succeeds", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), fakeEntries: []fakeKeyEntry{ @@ -1687,7 +1606,6 @@ func TestDisposeAliases(t *testing.T) { { name: "list aliases error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), err: "list aliases failure", listAliasesErr: "list aliases failure", @@ -1706,7 +1624,6 @@ func TestDisposeAliases(t *testing.T) { { name: "describe key error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), err: "describe key failure", describeKeyErr: "describe key failure", @@ -1725,7 +1642,6 @@ func TestDisposeAliases(t *testing.T) { { name: "delete alias error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), err: "delete alias failure", deleteAliasErr: "delete alias failure", @@ -1745,7 +1661,7 @@ func TestDisposeAliases(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { // setup - ts := setupTest(t, tt.trustDomain, tt.pluginConf) + ts := setupTest(t) ts.fakeKMSClient.setEntries(tt.fakeEntries) // this is so dispose keys blocks on init and allows to test dispose aliases isolated ts.plugin.hooks.disposeKeysSignal = make(chan error) @@ -1805,7 +1721,6 @@ func TestDisposeKeys(t *testing.T) { for _, tt := range []struct { name string trustDomain string - pluginConf string configureRequest *configv1.ConfigureRequest err string fakeEntries []fakeKeyEntry @@ -1817,7 +1732,6 @@ func TestDisposeKeys(t *testing.T) { { name: "dispose keys succeeds", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), fakeEntries: []fakeKeyEntry{ @@ -2034,7 +1948,6 @@ func TestDisposeKeys(t *testing.T) { { name: "list keys error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), err: "list keys failure", listKeysErr: "list keys failure", @@ -2054,7 +1967,6 @@ func TestDisposeKeys(t *testing.T) { { name: "list aliases error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), err: "list aliases failure", listAliasesErr: "list aliases failure", @@ -2074,7 +1986,6 @@ func TestDisposeKeys(t *testing.T) { { name: "describe key error", trustDomain: "example.org", - pluginConf: "region = \"us-fake-1\", key_identifier_value = \"fake\"", configureRequest: configureRequestWithDefaults(t), err: "describe key failure", describeKeyErr: "describe key failure", @@ -2095,7 +2006,7 @@ func TestDisposeKeys(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { // setup - ts := setupTest(t, tt.trustDomain, tt.pluginConf) + ts := setupTest(t) ts.fakeKMSClient.setEntries(tt.fakeEntries) // this is so dispose aliases blocks on init and allows to test dispose keys isolated