Add SDK parity and Go CLI release readiness
This commit is contained in:
Codex
1280
cmd/attesto/main.go
Normal file
1280
cmd/attesto/main.go
Normal file
File diff suppressed because it is too large
Load Diff
122
cmd/attesto/main_test.go
Normal file
122
cmd/attesto/main_test.go
Normal file
@@ -0,0 +1,122 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
)
|
||||
|
||||
const cliTestAPIKey = "atto_test_0123456789abcdef0123456789abcdef"
|
||||
|
||||
func TestVersionJSON(t *testing.T) {
|
||||
var stdout, stderr bytes.Buffer
|
||||
code := run([]string{"--json", "version"}, &stdout, &stderr, testEnv(t, nil))
|
||||
if code != 0 {
|
||||
t.Fatalf("exit=%d stderr=%s", code, stderr.String())
|
||||
}
|
||||
var out map[string]any
|
||||
if err := json.Unmarshal(stdout.Bytes(), &out); err != nil {
|
||||
t.Fatalf("json: %v", err)
|
||||
}
|
||||
if out["name"] != "attesto" || out["version"] == "" {
|
||||
t.Fatalf("unexpected version output: %s", stdout.String())
|
||||
}
|
||||
}
|
||||
|
||||
func TestReceiptsVerifyOfflineGoldenVector(t *testing.T) {
|
||||
vector := loadVector(t)
|
||||
dir := t.TempDir()
|
||||
receiptFile := filepath.Join(dir, "receipt.json")
|
||||
rawReceipt, _ := json.Marshal(vector["receipt"])
|
||||
if err := os.WriteFile(receiptFile, rawReceipt, 0o600); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
publicKey := vector["signing"].(map[string]any)["public_key_hex"].(string)
|
||||
var stdout, stderr bytes.Buffer
|
||||
code := run([]string{"--json", "receipts", "verify", "--file", receiptFile, "--public-key-hex", publicKey}, &stdout, &stderr, testEnv(t, nil))
|
||||
if code != 0 {
|
||||
t.Fatalf("exit=%d stderr=%s", code, stderr.String())
|
||||
}
|
||||
var out map[string]any
|
||||
if err := json.Unmarshal(stdout.Bytes(), &out); err != nil {
|
||||
t.Fatalf("json: %v", err)
|
||||
}
|
||||
if out["ok"] != true {
|
||||
t.Fatalf("receipt did not verify: %s", stdout.String())
|
||||
}
|
||||
}
|
||||
|
||||
func TestConfigSetRedactsSecrets(t *testing.T) {
|
||||
dir := t.TempDir()
|
||||
config := filepath.Join(dir, "config.json")
|
||||
env := testEnv(t, map[string]string{
|
||||
"ATTESTO_CONFIG": config,
|
||||
"ATT_API_KEY": cliTestAPIKey,
|
||||
"ATT_TOKEN": "tenant-token-secret",
|
||||
})
|
||||
var stdout, stderr bytes.Buffer
|
||||
code := run([]string{"--json", "config", "set", "--api-key-env", "ATT_API_KEY", "--token-env", "ATT_TOKEN"}, &stdout, &stderr, env)
|
||||
if code != 0 {
|
||||
t.Fatalf("exit=%d stderr=%s", code, stderr.String())
|
||||
}
|
||||
if strings.Contains(stdout.String(), cliTestAPIKey) || strings.Contains(stdout.String(), "tenant-token-secret") {
|
||||
t.Fatalf("secret leaked in output: %s", stdout.String())
|
||||
}
|
||||
raw, err := os.ReadFile(config)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if !strings.Contains(string(raw), cliTestAPIKey) {
|
||||
t.Fatalf("config did not persist api key")
|
||||
}
|
||||
}
|
||||
|
||||
func TestStreamsCreateCallsAPI(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path != "/v2/streams" || r.Method != http.MethodPost {
|
||||
t.Fatalf("unexpected request: %s %s", r.Method, r.URL.Path)
|
||||
}
|
||||
if r.Header.Get("Authorization") != "Bearer "+cliTestAPIKey {
|
||||
t.Fatalf("missing auth")
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
_, _ = w.Write([]byte(`{"streamId":"str_cli","systemId":"sys_cli","useCase":"audit","policyId":"policy","status":"active","lastSeqNo":0,"created":true}`))
|
||||
}))
|
||||
defer server.Close()
|
||||
var stdout, stderr bytes.Buffer
|
||||
code := run([]string{"--json", "--base-url", server.URL, "--api-key-env", "ATT_API_KEY", "streams", "create", "--use-case", "audit", "--policy-id", "policy"}, &stdout, &stderr, testEnv(t, map[string]string{"ATT_API_KEY": cliTestAPIKey}))
|
||||
if code != 0 {
|
||||
t.Fatalf("exit=%d stderr=%s", code, stderr.String())
|
||||
}
|
||||
if !strings.Contains(stdout.String(), "str_cli") {
|
||||
t.Fatalf("unexpected stdout: %s", stdout.String())
|
||||
}
|
||||
}
|
||||
|
||||
func loadVector(t *testing.T) map[string]any {
|
||||
t.Helper()
|
||||
raw, err := os.ReadFile(filepath.Join("..", "..", "..", "..", "golden-vectors", "proofstream-v0.1-alpha", "one-stream-two-events.json"))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
var out map[string]any
|
||||
if err := json.Unmarshal(raw, &out); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
func testEnv(t *testing.T, values map[string]string) func(string) string {
|
||||
t.Helper()
|
||||
return func(key string) string {
|
||||
if value, ok := values[key]; ok {
|
||||
return value
|
||||
}
|
||||
return ""
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user