Google Git
Sign in
fuchsia / third_party / tink / HEAD / . / cc / integration / gcpkms / gcp_kms_client_test.cc
blob: c8400f4c3a6f65a98a64ccc2fd2ea08a303c4711 [file] [log] [blame]
// Copyright 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/integration/gcpkms/gcp_kms_client.h"
#include <cstdlib>
#include <string>
#include <vector>
#include "gtest/gtest.h"
#include "absl/status/status.h"
#include "absl/strings/str_cat.h"
#include "tink/kms_clients.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
#include "tink/util/test_matchers.h"
#include "tink/util/test_util.h"
using ::crypto::tink::test::IsOk;
using ::crypto::tink::test::StatusIs;
namespace crypto {
namespace tink {
namespace integration {
namespace gcpkms {
namespace {
using crypto::tink::integration::gcpkms::GcpKmsClient;
TEST(GcpKmsClientTest, ClientNotBoundToAKey) {
std::string gcp_key1 = "gcp-kms://projects/someProject/.../cryptoKeys/key1";
std::string gcp_key2 = "gcp-kms://projects/otherProject/.../cryptoKeys/key2";
std::string non_gcp_key = "aws-kms://arn:aws:kms:us-west-2:acc:other/key3";
std::string creds_file =
std::string(getenv("TEST_SRCDIR")) + "/tink_cc_gcpkms/testdata/gcp/credential.json";
auto client_result = GcpKmsClient::New("", creds_file);
EXPECT_TRUE(client_result.ok()) << client_result.status();
auto client = std::move(client_result.value());
EXPECT_TRUE(client->DoesSupport(gcp_key1));
EXPECT_TRUE(client->DoesSupport(gcp_key2));
EXPECT_FALSE(client->DoesSupport(non_gcp_key));
}
TEST(GcpKmsClientTest, ClientBoundToASpecificKey) {
std::string gcp_key1 = "gcp-kms://projects/someProject/.../cryptoKeys/key1";
std::string gcp_key2 = "gcp-kms://projects/otherProject/.../cryptoKeys/key2";
std::string non_gcp_key = "aws-kms://arn:aws:kms:us-west-2:acc:other/key3";
std::string creds_file =
std::string(getenv("TEST_SRCDIR")) + "/tink_cc_gcpkms/testdata/gcp/credential.json";
auto client_result = GcpKmsClient::New(gcp_key1, creds_file);
EXPECT_TRUE(client_result.ok()) << client_result.status();
auto client = std::move(client_result.value());
EXPECT_TRUE(client->DoesSupport(gcp_key1));
EXPECT_FALSE(client->DoesSupport(gcp_key2));
EXPECT_FALSE(client->DoesSupport(non_gcp_key));
}
TEST(GcpKmsClientTest, ClientCreationAndRegistry) {
std::string gcp_key1 = "gcp-kms://projects/someProject/.../cryptoKeys/key1";
std::string creds_file =
absl::StrCat(getenv("TEST_SRCDIR"), "/tink_cc_gcpkms/testdata/gcp/credential.json");
auto client_result = GcpKmsClient::RegisterNewClient(gcp_key1, creds_file);
EXPECT_THAT(client_result, IsOk());
auto registry_result = KmsClients::Get(gcp_key1);
EXPECT_THAT(registry_result, IsOk());
}
TEST(GcpKmsClientTest, ClientCreationInvalidRegistry) {
std::string non_gcp_key = "aws-kms://arn:aws:kms:us-west-2:acc:other/key3";
std::string creds_file =
std::string(getenv("TEST_SRCDIR")) + "/tink_cc_gcpkms/testdata/gcp/credential.json";
auto client_result = GcpKmsClient::RegisterNewClient(non_gcp_key, creds_file);
EXPECT_THAT(client_result, StatusIs(absl::StatusCode::kInvalidArgument));
}
} // namespace
} // namespace gcpkms
} // namespace integration
} // namespace tink
} // namespace crypto