fakes

package
v0.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2026 License: MIT Imports: 22 Imported by: 0

Documentation

Overview

Package fakes provides test doubles for dsops provider interfaces.

This package contains fake implementations of external client interfaces that allow unit testing of providers without real service dependencies. Fakes are manually implemented (not generated) to provide precise control over test behavior.

Usage: 

fake := &fakes.FakeKeychainClient{
    Secrets: map[string]map[string][]byte{
        "myapp": {"api-key": []byte("secret123")},
    },
    Available: true,
}
provider := keychain.NewWithClient(fake)
// Test provider methods...

Package fakes provides test doubles for dsops testing.

Package fakes provides manual fake implementations for testing.

Fakes are test doubles that have working implementations but take shortcuts compared to production code. They are more realistic than mocks but simpler than real implementations, making them ideal for testing.

Package fakes provides test doubles for dsops testing.

Index

Constants

This section is empty.

Variables

View Source 
var ErrFakeAkeylessSecretNotFound = &fakeAkeylessError{code: "itemNotFound", message: "secret not found"}

ErrFakeAkeylessSecretNotFound is returned when a secret doesn't exist

View Source 
var ErrFakeAkeylessUnauthorized = &fakeAkeylessError{code: "unauthorized", message: "authentication failed"}

ErrFakeAkeylessUnauthorized is returned for auth failures

View Source 
var ErrFakeInfisicalSecretNotFound = &fakeInfisicalError{code: 404, message: "secret not found"}

ErrFakeInfisicalSecretNotFound is returned when a secret doesn't exist

View Source 
var ErrFakeInfisicalUnauthorized = &fakeInfisicalError{code: 401, message: "unauthorized"}

ErrFakeInfisicalUnauthorized is returned for auth failures

View Source 
var ErrFakeKeychainAccessDenied = &fakeKeychainError{code: "accessDenied"}

ErrFakeKeychainAccessDenied is returned when keychain access is denied

View Source 
var ErrFakeKeychainItemNotFound = &fakeKeychainError{code: "itemNotFound"}

ErrFakeKeychainItemNotFound is returned when a keychain item doesn't exist

Functions

func AzureForbiddenError 

func AzureForbiddenError(message string) error

AzureForbiddenError creates a mock Azure forbidden error

func AzureNotFoundError 

func AzureNotFoundError(secretName string) error

AzureNotFoundError creates a mock Azure not found error

func AzureThrottledError 

func AzureThrottledError() error

AzureThrottledError creates a mock Azure throttled error

func AzureUnauthorizedError 

func AzureUnauthorizedError(message string) error

AzureUnauthorizedError creates a mock Azure unauthorized error

func GCPInvalidArgumentError 

func GCPInvalidArgumentError(message string) error

GCPInvalidArgumentError creates a mock GCP invalid argument error

func GCPNotFoundError 

func GCPNotFoundError(resourceName string) error

GCPNotFoundError creates a mock GCP not found error

func GCPPermissionDeniedError 

func GCPPermissionDeniedError(message string) error

GCPPermissionDeniedError creates a mock GCP permission denied error

func GCPResourceExhaustedError 

func GCPResourceExhaustedError() error

GCPResourceExhaustedError creates a mock GCP resource exhausted (throttled) error

func GCPUnauthenticatedError 

func GCPUnauthenticatedError(message string) error

GCPUnauthenticatedError creates a mock GCP unauthenticated error

Types

type AzureKeyVaultAPI 

type AzureKeyVaultAPI interface {
	GetSecret(ctx context.Context, name string, version string, options *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error)
}

AzureKeyVaultAPI defines the interface for Azure Key Vault operations This matches the subset of methods used by AzureKeyVaultProvider

type AzureSecretData 

type AzureSecretData struct {
	Value       *string
	ID          *string
	Attributes  *azsecrets.SecretAttributes
	Tags        map[string]*string
	ContentType *string
	// Version-specific data
	Versions map[string]*AzureSecretVersion
}

AzureSecretData holds the data for a mock Azure Key Vault secret

type AzureSecretVersion 

type AzureSecretVersion struct {
	Value      *string
	Attributes *azsecrets.SecretAttributes
}

AzureSecretVersion holds version-specific data for a secret

type FakeAkeylessClient added in v0.2.4 

type FakeAkeylessClient struct {
	// Token is the token returned by Authenticate
	Token string

	// TokenTTL is the TTL returned by Authenticate
	TokenTTL time.Duration

	// Secrets is a map of path to secret data
	Secrets map[string]*contracts.AkeylessSecret

	// Metadata is a map of path to metadata
	Metadata map[string]*contracts.AkeylessMetadata

	// AuthErr is returned by Authenticate if set
	AuthErr error

	// GetErr is returned by GetSecret if set (overrides Secrets lookup)
	GetErr error

	// DescribeErr is returned by DescribeItem if set
	DescribeErr error

	// ListErr is returned by ListItems if set
	ListErr error

	// AuthCallCount tracks how many times Authenticate was called
	AuthCallCount int

	// GetCallCount tracks how many times GetSecret was called
	GetCallCount int
}

FakeAkeylessClient is a test double for contracts.AkeylessClient

func NewFakeAkeylessClient added in v0.2.4 

func NewFakeAkeylessClient() *FakeAkeylessClient

NewFakeAkeylessClient creates a new fake Akeyless client with defaults

func (*FakeAkeylessClient) Authenticate added in v0.2.4 

func (f *FakeAkeylessClient) Authenticate(ctx context.Context) (string, time.Duration, error)

Authenticate obtains an access token

func (*FakeAkeylessClient) DescribeItem added in v0.2.4 

func (f *FakeAkeylessClient) DescribeItem(ctx context.Context, token, path string) (*contracts.AkeylessMetadata, error)

DescribeItem gets metadata about a secret

func (*FakeAkeylessClient) GetSecret added in v0.2.4 

func (f *FakeAkeylessClient) GetSecret(ctx context.Context, token, path string, version *int) (*contracts.AkeylessSecret, error)

GetSecret retrieves a secret by path

func (*FakeAkeylessClient) ListItems added in v0.2.4 

func (f *FakeAkeylessClient) ListItems(ctx context.Context, token, path string) ([]string, error)

ListItems lists secrets at a path

func (*FakeAkeylessClient) SetSecret added in v0.2.4 

func (f *FakeAkeylessClient) SetSecret(path, value string)

SetSecret adds a secret to the fake Akeyless

type FakeAzureKeyVaultClient 

type FakeAzureKeyVaultClient struct {
	// Secrets maps secret names to their data
	Secrets map[string]*AzureSecretData
	// Errors maps secret names to errors to return
	Errors map[string]error
	// GetSecretFunc allows custom behavior for GetSecret
	GetSecretFunc func(ctx context.Context, name string, version string) (azsecrets.GetSecretResponse, error)
	// ListSecretsFunc allows custom behavior for listing secrets
	ListSecretsFunc func(ctx context.Context) ([]azsecrets.SecretProperties, error)
}

FakeAzureKeyVaultClient is a mock implementation of AzureKeyVaultAPI

func NewFakeAzureKeyVaultClient 

func NewFakeAzureKeyVaultClient() *FakeAzureKeyVaultClient

NewFakeAzureKeyVaultClient creates a new mock Azure Key Vault client

func (*FakeAzureKeyVaultClient) AddError 

func (f *FakeAzureKeyVaultClient) AddError(name string, err error)

AddError configures the mock to return an error for a specific secret

func (*FakeAzureKeyVaultClient) AddSecret 

func (f *FakeAzureKeyVaultClient) AddSecret(name string, data *AzureSecretData)

AddSecret adds a secret to the mock client

func (*FakeAzureKeyVaultClient) AddSecretString 

func (f *FakeAzureKeyVaultClient) AddSecretString(name, value string)

AddSecretString adds a string secret to the mock client

func (*FakeAzureKeyVaultClient) AddSecretWithTags 

func (f *FakeAzureKeyVaultClient) AddSecretWithTags(name, value string, tags map[string]*string)

AddSecretWithTags adds a secret with tags

func (*FakeAzureKeyVaultClient) AddSecretWithVersion 

func (f *FakeAzureKeyVaultClient) AddSecretWithVersion(name, value, version string)

AddSecretWithVersion adds a secret with a specific version

func (*FakeAzureKeyVaultClient) GetSecret 

func (f *FakeAzureKeyVaultClient) GetSecret(ctx context.Context, name string, version string, options *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error)

GetSecret mocks the GetSecret operation

type FakeAzureKeyVaultPager 

type FakeAzureKeyVaultPager struct {
	// contains filtered or unexported fields
}

FakeAzureKeyVaultPager is a simplified mock pager for testing

func NewFakeAzureKeyVaultPager 

func NewFakeAzureKeyVaultPager(secrets []azsecrets.SecretProperties, err error) *FakeAzureKeyVaultPager

NewFakeAzureKeyVaultPager creates a new mock pager

func (*FakeAzureKeyVaultPager) More 

func (p *FakeAzureKeyVaultPager) More() bool

More returns true if there are more pages

func (*FakeAzureKeyVaultPager) NextPage 

func (p *FakeAzureKeyVaultPager) NextPage(ctx context.Context) (azsecrets.ListSecretPropertiesResponse, error)

NextPage simulates getting the next page of results

type FakeDsopsDataRepository 

type FakeDsopsDataRepository struct {
	*dsopsdata.Repository
}

FakeDsopsDataRepository creates a mock dsops-data repository for testing. This provides pre-configured service definitions without needing real data files.

func NewFakeDsopsDataRepository 

func NewFakeDsopsDataRepository() *FakeDsopsDataRepository

NewFakeDsopsDataRepository creates a new fake repository with empty maps.

func PrePopulatedFakeDsopsDataRepository 

func PrePopulatedFakeDsopsDataRepository() *FakeDsopsDataRepository

PrePopulated creates a repository with standard service types and policies.

func (*FakeDsopsDataRepository) AddPrincipal 

func (f *FakeDsopsDataRepository) AddPrincipal(p *dsopsdata.Principal)

AddPrincipal adds a principal to the repository.

func (*FakeDsopsDataRepository) AddRotationPolicy 

func (f *FakeDsopsDataRepository) AddRotationPolicy(rp *dsopsdata.RotationPolicy)

AddRotationPolicy adds a rotation policy to the repository.

func (*FakeDsopsDataRepository) AddServiceInstance 

func (f *FakeDsopsDataRepository) AddServiceInstance(si *dsopsdata.ServiceInstance)

AddServiceInstance adds a service instance to the repository.

func (*FakeDsopsDataRepository) AddServiceType 

func (f *FakeDsopsDataRepository) AddServiceType(st *dsopsdata.ServiceType)

AddServiceType adds a service type to the repository.

func (*FakeDsopsDataRepository) Clear 

func (f *FakeDsopsDataRepository) Clear()

Clear resets the repository to empty state.

func (*FakeDsopsDataRepository) WithApplicationPrincipal 

func (f *FakeDsopsDataRepository) WithApplicationPrincipal(name string) *FakeDsopsDataRepository

WithApplicationPrincipal adds a sample application principal.

func (*FakeDsopsDataRepository) WithGitHubServiceType 

func (f *FakeDsopsDataRepository) WithGitHubServiceType() *FakeDsopsDataRepository

WithGitHubServiceType adds a pre-configured GitHub service type.

func (*FakeDsopsDataRepository) WithPostgreSQLServiceType 

func (f *FakeDsopsDataRepository) WithPostgreSQLServiceType() *FakeDsopsDataRepository

WithPostgreSQLServiceType adds a pre-configured PostgreSQL service type.

func (*FakeDsopsDataRepository) WithServiceInstance 

func (f *FakeDsopsDataRepository) WithServiceInstance(serviceType, id, endpoint string) *FakeDsopsDataRepository

WithServiceInstance adds a sample service instance.

func (*FakeDsopsDataRepository) WithStandardRotationPolicy 

func (f *FakeDsopsDataRepository) WithStandardRotationPolicy() *FakeDsopsDataRepository

WithStandardRotationPolicy adds a standard rotation policy.

func (*FakeDsopsDataRepository) WithStripeServiceType 

func (f *FakeDsopsDataRepository) WithStripeServiceType() *FakeDsopsDataRepository

WithStripeServiceType adds a pre-configured Stripe API service type.

type FakeGCPSecretManagerClient 

type FakeGCPSecretManagerClient struct {
	// Secrets maps full resource names (projects/X/secrets/Y) to their data
	Secrets map[string]*GCPSecretData
	// Versions maps version resource names (projects/X/secrets/Y/versions/Z) to their data
	Versions map[string]*GCPSecretVersionData
	// Errors maps resource names to errors to return
	Errors map[string]error
	// AccessSecretVersionFunc allows custom behavior for AccessSecretVersion
	AccessSecretVersionFunc func(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest) (*secretmanagerpb.AccessSecretVersionResponse, error)
	// GetSecretFunc allows custom behavior for GetSecret
	GetSecretFunc func(ctx context.Context, req *secretmanagerpb.GetSecretRequest) (*secretmanagerpb.Secret, error)
	// ListSecretsFunc allows custom behavior for ListSecrets
	ListSecretsFunc func(ctx context.Context, req *secretmanagerpb.ListSecretsRequest) SecretIterator
	// AddSecretVersionFunc allows custom behavior for AddSecretVersion
	AddSecretVersionFunc func(ctx context.Context, req *secretmanagerpb.AddSecretVersionRequest) (*secretmanagerpb.SecretVersion, error)
	// DisableSecretVersionFunc allows custom behavior for DisableSecretVersion
	DisableSecretVersionFunc func(ctx context.Context, req *secretmanagerpb.DisableSecretVersionRequest) (*secretmanagerpb.SecretVersion, error)
}

FakeGCPSecretManagerClient is a mock implementation of GCPSecretManagerAPI

func NewFakeGCPSecretManagerClient 

func NewFakeGCPSecretManagerClient() *FakeGCPSecretManagerClient

NewFakeGCPSecretManagerClient creates a new mock GCP Secret Manager client

func (*FakeGCPSecretManagerClient) AccessSecretVersion 

func (f *FakeGCPSecretManagerClient) AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest) (*secretmanagerpb.AccessSecretVersionResponse, error)

AccessSecretVersion mocks the AccessSecretVersion operation

func (*FakeGCPSecretManagerClient) AddError 

func (f *FakeGCPSecretManagerClient) AddError(resourceName string, err error)

AddError configures the mock to return an error for a specific resource

func (*FakeGCPSecretManagerClient) AddMockSecretVersion 

func (f *FakeGCPSecretManagerClient) AddMockSecretVersion(projectID, secretName, version string, value []byte)

AddMockSecretVersion adds a secret version to the mock client (helper method for setup)

func (*FakeGCPSecretManagerClient) AddSecret 

func (f *FakeGCPSecretManagerClient) AddSecret(projectID, secretName string, data *GCPSecretData)

AddSecret adds a secret to the mock client

func (*FakeGCPSecretManagerClient) AddSecretString 

func (f *FakeGCPSecretManagerClient) AddSecretString(projectID, secretName, value string)

AddSecretString adds a string secret with latest version to the mock client

func (*FakeGCPSecretManagerClient) AddSecretVersion 

func (f *FakeGCPSecretManagerClient) AddSecretVersion(ctx context.Context, req *secretmanagerpb.AddSecretVersionRequest) (*secretmanagerpb.SecretVersion, error)

AddSecretVersion mocks the AddSecretVersion operation

func (*FakeGCPSecretManagerClient) AddSecretWithLabels 

func (f *FakeGCPSecretManagerClient) AddSecretWithLabels(projectID, secretName string, labels map[string]string)

AddSecretWithLabels adds a secret with labels

func (*FakeGCPSecretManagerClient) DisableSecretVersion 

func (f *FakeGCPSecretManagerClient) DisableSecretVersion(ctx context.Context, req *secretmanagerpb.DisableSecretVersionRequest) (*secretmanagerpb.SecretVersion, error)

DisableSecretVersion mocks the DisableSecretVersion operation

func (*FakeGCPSecretManagerClient) GetSecret 

func (f *FakeGCPSecretManagerClient) GetSecret(ctx context.Context, req *secretmanagerpb.GetSecretRequest) (*secretmanagerpb.Secret, error)

GetSecret mocks the GetSecret operation

func (*FakeGCPSecretManagerClient) ListSecrets 

func (f *FakeGCPSecretManagerClient) ListSecrets(ctx context.Context, req *secretmanagerpb.ListSecretsRequest) SecretIterator

ListSecrets mocks the ListSecrets operation

type FakeInfisicalClient added in v0.2.4 

type FakeInfisicalClient struct {
	// Token is the token returned by Authenticate
	Token string

	// TokenTTL is the TTL returned by Authenticate
	TokenTTL time.Duration

	// Secrets is a map of secret name to secret data
	Secrets map[string]*contracts.InfisicalSecret

	// AuthErr is returned by Authenticate if set
	AuthErr error

	// GetErr is returned by GetSecret if set (overrides Secrets lookup)
	GetErr error

	// ListErr is returned by ListSecrets if set
	ListErr error

	// AuthCallCount tracks how many times Authenticate was called
	AuthCallCount int

	// GetCallCount tracks how many times GetSecret was called
	GetCallCount int
}

FakeInfisicalClient is a test double for contracts.InfisicalClient

func NewFakeInfisicalClient added in v0.2.4 

func NewFakeInfisicalClient() *FakeInfisicalClient

NewFakeInfisicalClient creates a new fake Infisical client with defaults

func (*FakeInfisicalClient) Authenticate added in v0.2.4 

func (f *FakeInfisicalClient) Authenticate(ctx context.Context) (string, time.Duration, error)

Authenticate obtains an access token

func (*FakeInfisicalClient) GetSecret added in v0.2.4 

func (f *FakeInfisicalClient) GetSecret(ctx context.Context, token, secretName string, version *int) (*contracts.InfisicalSecret, error)

GetSecret retrieves a single secret by name

func (*FakeInfisicalClient) ListSecrets added in v0.2.4 

func (f *FakeInfisicalClient) ListSecrets(ctx context.Context, token string) ([]string, error)

ListSecrets lists all secrets

func (*FakeInfisicalClient) SetSecret added in v0.2.4 

func (f *FakeInfisicalClient) SetSecret(name, value string)

SetSecret adds a secret to the fake Infisical

type FakeKeychainClient added in v0.2.4 

type FakeKeychainClient struct {
	// Secrets is a map of service -> account -> value
	Secrets map[string]map[string][]byte

	// Available controls whether the keychain reports as available
	Available bool

	// Headless controls whether the environment is reported as headless
	Headless bool

	// ValidateErr is returned by Validate() if set
	ValidateErr error

	// QueryErr is returned by Query() if set (overrides Secrets lookup)
	QueryErr error
}

FakeKeychainClient is a test double for contracts.KeychainClient

func NewFakeKeychainClient added in v0.2.4 

func NewFakeKeychainClient() *FakeKeychainClient

NewFakeKeychainClient creates a new fake keychain client with defaults

func (*FakeKeychainClient) IsAvailable added in v0.2.4 

func (f *FakeKeychainClient) IsAvailable() bool

IsAvailable returns whether keychain is available

func (*FakeKeychainClient) IsHeadless added in v0.2.4 

func (f *FakeKeychainClient) IsHeadless() bool

IsHeadless returns whether running in headless environment

func (*FakeKeychainClient) Query added in v0.2.4 

func (f *FakeKeychainClient) Query(service, account string) ([]byte, error)

Query retrieves a secret from the fake keychain

func (*FakeKeychainClient) SetSecret added in v0.2.4 

func (f *FakeKeychainClient) SetSecret(service, account string, value []byte)

SetSecret adds a secret to the fake keychain

func (*FakeKeychainClient) Validate added in v0.2.4 

func (f *FakeKeychainClient) Validate() error

Validate checks if the keychain is accessible

type FakeProvider 

type FakeProvider struct {
	// contains filtered or unexported fields
}

FakeProvider is a manual fake implementation of provider.Provider interface.

It provides a predictable, configurable fake provider for unit testing without requiring real provider services or Docker containers. The fake stores secrets in memory and can be configured to return specific values or errors.

Example usage: 

fake := fakes.NewFakeProvider("test").
    WithSecret("db/password", provider.SecretValue{Value: "secret123"}).
    WithError("api/key", errors.New("connection failed"))

// Use in tests
secret, err := fake.Resolve(ctx, provider.Reference{Key: "db/password"})

func NewFakeProvider 

func NewFakeProvider(name string) *FakeProvider

NewFakeProvider creates a new FakeProvider with the given name.

The provider starts with empty secrets and default capabilities. Use builder methods to configure secrets, metadata, and behavior.

func (*FakeProvider) Capabilities 

func (f *FakeProvider) Capabilities() provider.Capabilities

Capabilities returns the provider's supported features.

Returns the configured capabilities. Use WithCapability to customize.

func (*FakeProvider) Describe 

func (f *FakeProvider) Describe(ctx context.Context, ref provider.Reference) (provider.Metadata, error)

Describe returns metadata about a secret without retrieving its value.

Returns the configured metadata for the key, or empty metadata with Exists=false if the secret doesn't exist.

func (*FakeProvider) GetCallCount 

func (f *FakeProvider) GetCallCount(method string) int

GetCallCount returns the number of times a method was called.

Useful for verifying that certain operations occurred in tests. Method names: "Resolve", "Describe", "Capabilities", "Validate".

func (*FakeProvider) Name 

func (f *FakeProvider) Name() string

Name returns the provider's unique identifier.

func (*FakeProvider) ResetCallCount 

func (f *FakeProvider) ResetCallCount()

ResetCallCount resets all method call counters to zero.

Useful when sharing a fake provider across multiple test cases and needing fresh call counts for each case.

func (*FakeProvider) Resolve 

func (f *FakeProvider) Resolve(ctx context.Context, ref provider.Reference) (provider.SecretValue, error)

Resolve retrieves a secret value from the fake provider.

Returns the configured secret value for the key, or an error if one was configured with WithError(). Increments the call count for tracking in tests.

func (*FakeProvider) String 

func (f *FakeProvider) String() string

String returns a string representation of the fake provider.

func (*FakeProvider) Validate 

func (f *FakeProvider) Validate(ctx context.Context) error

Validate checks if the provider is properly configured.

The fake provider always validates successfully unless explicitly configured to fail with WithError("_validate", err).

func (*FakeProvider) WithCapability 

func (f *FakeProvider) WithCapability(cap string, supported bool) *FakeProvider

WithCapability sets a specific capability flag.

Fluent API for configuring provider capabilities. Use this to test behavior when certain features are supported or not supported.

func (*FakeProvider) WithDelay 

func (f *FakeProvider) WithDelay(d time.Duration) *FakeProvider

WithDelay adds artificial latency to Resolve calls.

Fluent API for simulating network latency in tests. Useful for testing timeout handling and concurrent access patterns.

func (*FakeProvider) WithError 

func (f *FakeProvider) WithError(key string, err error) *FakeProvider

WithError configures the fake to return an error for a specific key.

Fluent API for simulating error conditions. When Resolve is called with this key, the configured error will be returned instead of a secret.

func (*FakeProvider) WithMetadata 

func (f *FakeProvider) WithMetadata(key string, meta provider.Metadata) *FakeProvider

WithMetadata adds metadata for a secret.

Fluent API for configuring secret metadata. This is used by the Describe method to return secret information without the value.

func (*FakeProvider) WithSecret 

func (f *FakeProvider) WithSecret(key string, value provider.SecretValue) *FakeProvider

WithSecret adds a secret to the fake provider.

Fluent API for configuring test data. The secret will be returned when Resolve is called with a matching key.

type FakeRotationEngine 

type FakeRotationEngine struct {

	// Registered strategies
	Strategies map[string]rotation.SecretValueRotator

	// Mock behaviors
	RotateFunc           func(ctx context.Context, req rotation.RotationRequest) (*rotation.RotationResult, error)
	BatchRotateFunc      func(ctx context.Context, reqs []rotation.RotationRequest) ([]rotation.RotationResult, error)
	GetHistoryFunc       func(ctx context.Context, secret rotation.SecretInfo, limit int) ([]rotation.RotationResult, error)
	ScheduleRotationFunc func(ctx context.Context, req rotation.RotationRequest, when time.Time) error

	// Recorded calls
	RotateCalls      []rotation.RotationRequest
	BatchRotateCalls [][]rotation.RotationRequest
	GetHistoryCalls  []historyCall
	ScheduleCalls    []scheduleCall
	// contains filtered or unexported fields
}

FakeRotationEngine provides a mock implementation of RotationEngine.

func NewFakeRotationEngine 

func NewFakeRotationEngine() *FakeRotationEngine

NewFakeRotationEngine creates a new fake rotation engine.

func (*FakeRotationEngine) BatchRotate 

func (f *FakeRotationEngine) BatchRotate(ctx context.Context, requests []rotation.RotationRequest) ([]rotation.RotationResult, error)

BatchRotate performs multiple rotation operations.

func (*FakeRotationEngine) GetRotationHistory 

func (f *FakeRotationEngine) GetRotationHistory(ctx context.Context, secret rotation.SecretInfo, limit int) ([]rotation.RotationResult, error)

GetRotationHistory returns rotation history.

func (*FakeRotationEngine) GetStrategy 

func (f *FakeRotationEngine) GetStrategy(name string) (rotation.SecretValueRotator, error)

GetStrategy returns a registered strategy by name.

func (*FakeRotationEngine) ListStrategies 

func (f *FakeRotationEngine) ListStrategies() []string

ListStrategies returns all registered strategy names.

func (*FakeRotationEngine) RegisterStrategy 

func (f *FakeRotationEngine) RegisterStrategy(strategy rotation.SecretValueRotator) error

RegisterStrategy registers a rotation strategy.

func (*FakeRotationEngine) Reset 

func (f *FakeRotationEngine) Reset()

Reset clears all recorded calls and strategies.

func (*FakeRotationEngine) Rotate 

func (f *FakeRotationEngine) Rotate(ctx context.Context, request rotation.RotationRequest) (*rotation.RotationResult, error)

Rotate performs a rotation operation.

func (*FakeRotationEngine) ScheduleRotation 

func (f *FakeRotationEngine) ScheduleRotation(ctx context.Context, request rotation.RotationRequest, when time.Time) error

ScheduleRotation schedules a future rotation.

type FakeRotationStorage 

type FakeRotationStorage struct {

	// Storage maps
	RotationHistory map[string][]rotation.RotationResult // key -> results
	RotationStatus  map[string]*rotation.RotationStatusInfo

	// Counters
	SaveCount   int
	LoadCount   int
	DeleteCount int
	// contains filtered or unexported fields
}

FakeRotationStorage provides in-memory storage for rotation state.

func NewFakeRotationStorage 

func NewFakeRotationStorage() *FakeRotationStorage

NewFakeRotationStorage creates a new fake rotation storage.

func (*FakeRotationStorage) DeleteHistory 

func (f *FakeRotationStorage) DeleteHistory(secret rotation.SecretInfo) error

DeleteHistory removes rotation history for a secret.

func (*FakeRotationStorage) GetHistory 

func (f *FakeRotationStorage) GetHistory(secret rotation.SecretInfo, limit int) ([]rotation.RotationResult, error)

GetHistory retrieves rotation history for a secret.

func (*FakeRotationStorage) GetStatus 

func (f *FakeRotationStorage) GetStatus(secret rotation.SecretInfo) (*rotation.RotationStatusInfo, error)

GetStatus retrieves rotation status for a secret.

func (*FakeRotationStorage) Reset 

func (f *FakeRotationStorage) Reset()

Reset clears all storage.

func (*FakeRotationStorage) SaveResult 

func (f *FakeRotationStorage) SaveResult(secret rotation.SecretInfo, result rotation.RotationResult) error

SaveResult stores a rotation result.

type FakeSSMClient 

type FakeSSMClient struct {
	// Parameters maps parameter names to their data
	Parameters map[string]*ParameterData
	// Errors maps parameter names to errors to return
	Errors map[string]error
	// GetParameterFunc allows custom behavior for GetParameter
	GetParameterFunc func(ctx context.Context, params *ssm.GetParameterInput) (*ssm.GetParameterOutput, error)
	// DescribeParametersFunc allows custom behavior for DescribeParameters
	DescribeParametersFunc func(ctx context.Context, params *ssm.DescribeParametersInput) (*ssm.DescribeParametersOutput, error)
}

FakeSSMClient is a mock implementation of SSMAPI

func NewFakeSSMClient 

func NewFakeSSMClient() *FakeSSMClient

NewFakeSSMClient creates a new mock SSM client

func (*FakeSSMClient) AddError 

func (f *FakeSSMClient) AddError(name string, err error)

AddError configures the mock to return an error for a specific parameter

func (*FakeSSMClient) AddParameter 

func (f *FakeSSMClient) AddParameter(name string, data *ParameterData)

AddParameter adds a parameter to the mock client

func (*FakeSSMClient) AddSecureStringParameter 

func (f *FakeSSMClient) AddSecureStringParameter(name, value string)

AddSecureStringParameter adds a SecureString parameter to the mock client

func (*FakeSSMClient) AddStringParameter 

func (f *FakeSSMClient) AddStringParameter(name, value string)

AddStringParameter adds a String parameter to the mock client

func (*FakeSSMClient) DescribeParameters 

func (f *FakeSSMClient) DescribeParameters(ctx context.Context, params *ssm.DescribeParametersInput, optFns ...func(*ssm.Options)) (*ssm.DescribeParametersOutput, error)

DescribeParameters mocks the DescribeParameters operation

func (*FakeSSMClient) GetParameter 

func (f *FakeSSMClient) GetParameter(ctx context.Context, params *ssm.GetParameterInput, optFns ...func(*ssm.Options)) (*ssm.GetParameterOutput, error)

GetParameter mocks the GetParameter operation

type FakeSchemaAwareRotator 

type FakeSchemaAwareRotator struct {
	FakeSecretValueRotator
	Repository *dsopsdata.Repository
}

FakeSchemaAwareRotator provides a mock implementation that uses dsops-data schemas.

func NewFakeSchemaAwareRotator 

func NewFakeSchemaAwareRotator(name string) *FakeSchemaAwareRotator

NewFakeSchemaAwareRotator creates a new schema-aware rotator.

func (*FakeSchemaAwareRotator) SetRepository 

func (f *FakeSchemaAwareRotator) SetRepository(repository *dsopsdata.Repository)

SetRepository sets the dsops-data repository.

type FakeSecretIterator 

type FakeSecretIterator struct {
	// contains filtered or unexported fields
}

FakeSecretIterator is a mock implementation of SecretIterator

func NewFakeSecretIterator 

func NewFakeSecretIterator(secrets []*secretmanagerpb.Secret, err error) *FakeSecretIterator

NewFakeSecretIterator creates a new fake secret iterator

func (*FakeSecretIterator) Next 

func (it *FakeSecretIterator) Next() (*secretmanagerpb.Secret, error)

Next returns the next secret in the iteration

type FakeSecretValueRotator 

type FakeSecretValueRotator struct {

	// Configuration
	StrategyName     string
	SupportedTypes   []rotation.SecretType
	SupportsAllTypes bool

	// Mock behaviors
	RotateFunc   func(ctx context.Context, req rotation.RotationRequest) (*rotation.RotationResult, error)
	VerifyFunc   func(ctx context.Context, req rotation.VerificationRequest) error
	RollbackFunc func(ctx context.Context, req rotation.RollbackRequest) error
	StatusFunc   func(ctx context.Context, secret rotation.SecretInfo) (*rotation.RotationStatusInfo, error)

	// Recorded calls for verification
	RotateCalls   []rotation.RotationRequest
	VerifyCalls   []rotation.VerificationRequest
	RollbackCalls []rotation.RollbackRequest
	StatusCalls   []rotation.SecretInfo
	// contains filtered or unexported fields
}

FakeSecretValueRotator provides a mock implementation of SecretValueRotator for testing.

func NewFakeSecretValueRotator 

func NewFakeSecretValueRotator(name string) *FakeSecretValueRotator

NewFakeSecretValueRotator creates a new fake rotator with default behaviors.

func (*FakeSecretValueRotator) GetStatus 

func (f *FakeSecretValueRotator) GetStatus(ctx context.Context, secret rotation.SecretInfo) (*rotation.RotationStatusInfo, error)

GetStatus returns the rotation status.

func (*FakeSecretValueRotator) Name 

func (f *FakeSecretValueRotator) Name() string

Name returns the strategy name.

func (*FakeSecretValueRotator) Reset 

func (f *FakeSecretValueRotator) Reset()

Reset clears all recorded calls.

func (*FakeSecretValueRotator) Rollback 

func (f *FakeSecretValueRotator) Rollback(ctx context.Context, request rotation.RollbackRequest) error

Rollback reverts to the previous secret.

func (*FakeSecretValueRotator) Rotate 

func (f *FakeSecretValueRotator) Rotate(ctx context.Context, request rotation.RotationRequest) (*rotation.RotationResult, error)

Rotate performs the rotation operation.

func (*FakeSecretValueRotator) SupportsSecret 

func (f *FakeSecretValueRotator) SupportsSecret(_ context.Context, secret rotation.SecretInfo) bool

SupportsSecret checks if the rotator supports the given secret type.

func (*FakeSecretValueRotator) Verify 

func (f *FakeSecretValueRotator) Verify(ctx context.Context, request rotation.VerificationRequest) error

Verify checks the new secret.

type FakeSecretsManagerClient 

type FakeSecretsManagerClient struct {
	// Secrets maps secret names to their data
	Secrets map[string]*SecretData
	// Errors maps secret names to errors to return
	Errors map[string]error
	// GetSecretValueFunc allows custom behavior for GetSecretValue
	GetSecretValueFunc func(ctx context.Context, params *secretsmanager.GetSecretValueInput) (*secretsmanager.GetSecretValueOutput, error)
	// DescribeSecretFunc allows custom behavior for DescribeSecret
	DescribeSecretFunc func(ctx context.Context, params *secretsmanager.DescribeSecretInput) (*secretsmanager.DescribeSecretOutput, error)
	// ListSecretsFunc allows custom behavior for ListSecrets
	ListSecretsFunc func(ctx context.Context, params *secretsmanager.ListSecretsInput) (*secretsmanager.ListSecretsOutput, error)
	// UpdateSecretFunc allows custom behavior for UpdateSecret
	UpdateSecretFunc func(ctx context.Context, params *secretsmanager.UpdateSecretInput) (*secretsmanager.UpdateSecretOutput, error)
	// UpdateSecretVersionStageFunc allows custom behavior for UpdateSecretVersionStage
	UpdateSecretVersionStageFunc func(ctx context.Context, params *secretsmanager.UpdateSecretVersionStageInput) (*secretsmanager.UpdateSecretVersionStageOutput, error)
}

FakeSecretsManagerClient is a mock implementation of SecretsManagerAPI

func NewFakeSecretsManagerClient 

func NewFakeSecretsManagerClient() *FakeSecretsManagerClient

NewFakeSecretsManagerClient creates a new mock Secrets Manager client

func (*FakeSecretsManagerClient) AddError 

func (f *FakeSecretsManagerClient) AddError(name string, err error)

AddError configures the mock to return an error for a specific secret

func (*FakeSecretsManagerClient) AddSecret 

func (f *FakeSecretsManagerClient) AddSecret(name string, data *SecretData)

AddSecret adds a secret to the mock client

func (*FakeSecretsManagerClient) AddSecretBinary 

func (f *FakeSecretsManagerClient) AddSecretBinary(name string, value []byte)

AddSecretBinary adds a binary secret to the mock client

func (*FakeSecretsManagerClient) AddSecretString 

func (f *FakeSecretsManagerClient) AddSecretString(name, value string)

AddSecretString adds a string secret to the mock client

func (*FakeSecretsManagerClient) DescribeSecret 

func (f *FakeSecretsManagerClient) DescribeSecret(ctx context.Context, params *secretsmanager.DescribeSecretInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.DescribeSecretOutput, error)

DescribeSecret mocks the DescribeSecret operation

func (*FakeSecretsManagerClient) GetSecretValue 

func (f *FakeSecretsManagerClient) GetSecretValue(ctx context.Context, params *secretsmanager.GetSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)

GetSecretValue mocks the GetSecretValue operation

func (*FakeSecretsManagerClient) ListSecrets 

func (f *FakeSecretsManagerClient) ListSecrets(ctx context.Context, params *secretsmanager.ListSecretsInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.ListSecretsOutput, error)

ListSecrets mocks the ListSecrets operation

func (*FakeSecretsManagerClient) UpdateSecret 

func (f *FakeSecretsManagerClient) UpdateSecret(ctx context.Context, params *secretsmanager.UpdateSecretInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.UpdateSecretOutput, error)

UpdateSecret mocks the UpdateSecret operation

func (*FakeSecretsManagerClient) UpdateSecretVersionStage 

func (f *FakeSecretsManagerClient) UpdateSecretVersionStage(ctx context.Context, params *secretsmanager.UpdateSecretVersionStageInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.UpdateSecretVersionStageOutput, error)

UpdateSecretVersionStage mocks the UpdateSecretVersionStage operation

type FakeTwoSecretRotator 

type FakeTwoSecretRotator struct {
	FakeSecretValueRotator

	// Mock behaviors for two-secret operations
	CreateSecondaryFunc  func(ctx context.Context, req rotation.SecondarySecretRequest) (*rotation.SecretReference, error)
	PromoteSecondaryFunc func(ctx context.Context, req rotation.PromoteRequest) error
	DeprecatePrimaryFunc func(ctx context.Context, req rotation.DeprecateRequest) error

	// Recorded calls
	CreateSecondaryCalls  []rotation.SecondarySecretRequest
	PromoteSecondaryCalls []rotation.PromoteRequest
	DeprecatePrimaryCalls []rotation.DeprecateRequest
}

FakeTwoSecretRotator provides a mock implementation of TwoSecretRotator.

func NewFakeTwoSecretRotator 

func NewFakeTwoSecretRotator(name string) *FakeTwoSecretRotator

NewFakeTwoSecretRotator creates a new fake two-secret rotator.

func (*FakeTwoSecretRotator) CreateSecondarySecret 

func (f *FakeTwoSecretRotator) CreateSecondarySecret(ctx context.Context, request rotation.SecondarySecretRequest) (*rotation.SecretReference, error)

CreateSecondarySecret creates a secondary secret.

func (*FakeTwoSecretRotator) DeprecatePrimarySecret 

func (f *FakeTwoSecretRotator) DeprecatePrimarySecret(ctx context.Context, request rotation.DeprecateRequest) error

DeprecatePrimarySecret deprecates the old primary.

func (*FakeTwoSecretRotator) PromoteSecondarySecret 

func (f *FakeTwoSecretRotator) PromoteSecondarySecret(ctx context.Context, request rotation.PromoteRequest) error

PromoteSecondarySecret promotes the secondary to primary.

func (*FakeTwoSecretRotator) Reset 

func (f *FakeTwoSecretRotator) Reset()

Reset clears all recorded calls including two-secret operations.

type GCPSecretData 

type GCPSecretData struct {
	Name        string
	CreateTime  *timestamppb.Timestamp
	Labels      map[string]string
	Topics      []*secretmanagerpb.Topic
	Replication *secretmanagerpb.Replication
}

GCPSecretData holds the data for a mock GCP secret

type GCPSecretManagerAPI 

type GCPSecretManagerAPI interface {
	AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest) (*secretmanagerpb.AccessSecretVersionResponse, error)
	GetSecret(ctx context.Context, req *secretmanagerpb.GetSecretRequest) (*secretmanagerpb.Secret, error)
	ListSecrets(ctx context.Context, req *secretmanagerpb.ListSecretsRequest) SecretIterator
	AddSecretVersion(ctx context.Context, req *secretmanagerpb.AddSecretVersionRequest) (*secretmanagerpb.SecretVersion, error)
	DisableSecretVersion(ctx context.Context, req *secretmanagerpb.DisableSecretVersionRequest) (*secretmanagerpb.SecretVersion, error)
}

GCPSecretManagerAPI defines the interface for GCP Secret Manager operations This matches the subset of methods used by GCPSecretManagerProvider

type GCPSecretVersionData 

type GCPSecretVersionData struct {
	Name        string
	State       secretmanagerpb.SecretVersion_State
	CreateTime  *timestamppb.Timestamp
	DestroyTime *timestamppb.Timestamp
	Data        []byte
}

GCPSecretVersionData holds version-specific data for a GCP secret

type ParameterData 

type ParameterData struct {
	Name             *string
	Type             ssmtypes.ParameterType
	Value            *string
	Version          int64
	LastModifiedDate *time.Time
	ARN              *string
	DataType         *string
	Tier             ssmtypes.ParameterTier
}

ParameterData holds the data for a mock SSM parameter

type SSMAPI 

type SSMAPI interface {
	GetParameter(ctx context.Context, params *ssm.GetParameterInput, optFns ...func(*ssm.Options)) (*ssm.GetParameterOutput, error)
	DescribeParameters(ctx context.Context, params *ssm.DescribeParametersInput, optFns ...func(*ssm.Options)) (*ssm.DescribeParametersOutput, error)
}

SSMAPI defines the interface for AWS SSM Parameter Store operations This matches the subset of methods used by AWSSSMProvider

type SecretData 

type SecretData struct {
	SecretString       *string
	SecretBinary       []byte
	VersionId          *string
	VersionStages      []string
	CreatedDate        *time.Time
	Description        *string
	KmsKeyId           *string
	RotationEnabled    *bool
	RotationLambdaARN  *string
	RotationRules      *types.RotationRulesType
	LastChangedDate    *time.Time
	VersionIdsToStages map[string][]string
	ReplicationStatus  []types.ReplicationStatusType
}

SecretData holds the data for a mock secret

type SecretIterator 

type SecretIterator interface {
	Next() (*secretmanagerpb.Secret, error)
}

SecretIterator defines the interface for iterating over secrets

type SecretsManagerAPI 

type SecretsManagerAPI interface {
	GetSecretValue(ctx context.Context, params *secretsmanager.GetSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)
	DescribeSecret(ctx context.Context, params *secretsmanager.DescribeSecretInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.DescribeSecretOutput, error)
	ListSecrets(ctx context.Context, params *secretsmanager.ListSecretsInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.ListSecretsOutput, error)
	UpdateSecret(ctx context.Context, params *secretsmanager.UpdateSecretInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.UpdateSecretOutput, error)
	UpdateSecretVersionStage(ctx context.Context, params *secretsmanager.UpdateSecretVersionStageInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.UpdateSecretVersionStageOutput, error)
}

SecretsManagerAPI defines the interface for AWS Secrets Manager operations This matches the subset of methods used by AWSSecretsManagerProvider

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.