Fix issue 991: Add more tests to azure/keyvault.ts (#300)

* Fix issue 991: Add more tests to azure/keyvault.ts

* fix lint issue

Author: dennisseah

src/commands/project/create-variable-group.test.ts

@@ -1,7 +1,6 @@
 import fs from "fs";
 import yaml from "js-yaml";
 import mockFs from "mock-fs";
-import os from "os";
 import path from "path";
 import uuid from "uuid/v4";
 import { readYaml, write } from "../../config";
@@ -12,6 +11,7 @@ import {
 } from "../../lib/bedrockYaml";
 import { PROJECT_PIPELINE_FILENAME } from "../../lib/constants";
 import { IAzureDevOpsOpts } from "../../lib/git";
+import { createTempDir } from "../../lib/ioUtil";
 import * as pipelineVariableGroup from "../../lib/pipelines/variableGroup";
 import {
   disableVerboseLogging,
@@ -189,9 +189,7 @@ describe("setVariableGroupInBedrockFile", () => {
 
   test("Should fail adding a variable group name when no bedrock file exists", async () => {
     // Create random directory to initialize
-    const randomTmpDir = path.join(os.tmpdir(), uuid());
-    fs.mkdirSync(randomTmpDir);
-
+    const randomTmpDir = createTempDir();
     let noFileError: Error | undefined;
 
     try {
@@ -265,9 +263,7 @@ describe("updateLifeCyclePipeline", () => {
 
   test("Should fail adding a variable group name when no pipeline yaml file exists", async () => {
     // Create random directory to initialize
-    const randomTmpDir = path.join(os.tmpdir(), uuid());
-    fs.mkdirSync(randomTmpDir);
-
+    const randomTmpDir = createTempDir();
     let noFileError: Error | undefined;
 
     try {
@@ -280,8 +276,7 @@ describe("updateLifeCyclePipeline", () => {
 
   test("Should pass adding variable groups when bedrock file exists with empty variableGroups", async () => {
     // Create random directory to initialize
-    const randomTmpDir = path.join(os.tmpdir(), uuid());
-    fs.mkdirSync(randomTmpDir);
+    const randomTmpDir = createTempDir();
     const writeSpy = jest.spyOn(fs, "writeFileSync");
 
     const defaultBedrockFileObject = createTestBedrockYaml(
@@ -311,8 +306,7 @@ describe("updateLifeCyclePipeline", () => {
 
   test("Should pass adding variable groups when bedrock file exists with one variableGroup", async () => {
     // Create random directory to initialize
-    const randomTmpDir = path.join(os.tmpdir(), uuid());
-    fs.mkdirSync(randomTmpDir);
+    const randomTmpDir = createTempDir();
     logger.info(`random dir: ${randomTmpDir})`);
 
     const defaultBedrockFileObject = createTestBedrockYaml(

src/lib/azure/keyvault.test.ts

@@ -1,15 +1,53 @@
+import {
+  GetSecretOptions,
+  KeyVaultSecret,
+  SecretClient,
+  SetSecretOptions
+} from "@azure/keyvault-secrets";
 import uuid from "uuid/v4";
 import {
   disableVerboseLogging,
   enableVerboseLogging,
   logger
 } from "../../logger";
 import { getSecret, setSecret } from "./keyvault";
+import * as keyvault from "./keyvault";
 
 const keyVaultName = uuid();
-const secretName = uuid();
+const mockedName = uuid();
 const secretValue = uuid();
 
+jest.spyOn(keyvault, "getClient").mockReturnValue(
+  Promise.resolve({
+    getSecret: async (
+      secretName: string,
+      options?: GetSecretOptions
+    ): Promise<KeyVaultSecret> => {
+      return {
+        name: "test",
+        properties: {
+          name: "test",
+          vaultUrl: "http://test.com"
+        },
+        value: "secretValue"
+      };
+    },
+    setSecret: async (
+      secretName: string,
+      value: string,
+      options?: SetSecretOptions
+    ): Promise<KeyVaultSecret> => {
+      return {
+        name: "test",
+        properties: {
+          name: "test",
+          vaultUrl: "http://test.com"
+        }
+      };
+    }
+  } as SecretClient)
+);
+
 beforeAll(() => {
   enableVerboseLogging();
 });
@@ -20,41 +58,88 @@ afterAll(() => {
 
 describe("set secret", () => {
   test("should fail when all arguments are not specified", async () => {
-    let error: Error | undefined;
+    await expect(setSecret("", "", "")).rejects.toThrow();
+  });
+  test("should create storage account", async () => {
     try {
-      await setSecret("", "", "");
-    } catch (err) {
-      error = err;
+      await setSecret(keyVaultName, mockedName, secretValue);
+    } catch (_) {
+      expect(true).toBe(false);
     }
-    expect(error).toBeDefined();
   });
-
-  test("should create storage account", async () => {
+  test("negative test", async () => {
+    jest.spyOn(keyvault, "getClient").mockReturnValueOnce(
+      Promise.resolve({
+        setSecret: async (
+          secretName: string,
+          value: string,
+          options?: SetSecretOptions
+        ): Promise<KeyVaultSecret> => {
+          throw new Error("fake error");
+        }
+      } as SecretClient)
+    );
     try {
-      await setSecret(keyVaultName, secretName, secretValue);
-    } catch (err) {
-      logger.error(err);
+      await setSecret(keyVaultName, mockedName, secretValue);
+      expect(true).toBe(false);
+    } catch (e) {
+      expect(e).toBeDefined();
     }
   });
 });
 
 describe("get secret", () => {
   test("should fail getting storage account key when arguments are not specified", async () => {
-    let error: Error | undefined;
+    await expect(getSecret("", "")).rejects.toThrow();
+  });
+  it("should get storage account key", async () => {
+    try {
+      const val = await getSecret(keyVaultName, mockedName);
+      expect(val).toBe("secretValue");
+    } catch (err) {
+      expect(true).toBe(false);
+    }
+  });
+  it("negative test: secret not found", async () => {
+    jest.spyOn(keyvault, "getClient").mockReturnValueOnce(
+      Promise.resolve({
+        getSecret: async (
+          secretName: string,
+          options?: GetSecretOptions
+        ): Promise<KeyVaultSecret> => {
+          throw {
+            code: "SecretNotFound",
+            statusCode: 404
+          };
+        }
+      } as SecretClient)
+    );
     try {
-      await getSecret("", "");
+      const val = await getSecret(keyVaultName, mockedName);
+      expect(val).toBe(undefined);
     } catch (err) {
-      error = err;
+      expect(true).toBe(false);
     }
-    expect(error).toBeDefined();
   });
-  test("should get storage account key", async () => {
-    let latestValue: string | undefined;
+  it("negative test: other errors", async () => {
+    jest.spyOn(keyvault, "getClient").mockReturnValueOnce(
+      Promise.resolve({
+        getSecret: async (
+          secretName: string,
+          options?: GetSecretOptions
+        ): Promise<KeyVaultSecret> => {
+          throw {
+            code: "something else",
+            statusCode: 400
+          };
+        }
+      } as SecretClient)
+    );
     try {
-      latestValue = await getSecret(keyVaultName, secretName);
+      const val = await getSecret(keyVaultName, mockedName);
+      expect(true).toBe(false);
     } catch (err) {
-      logger.error(err);
+      expect(err).toBeDefined();
     }
-    expect(latestValue).toBeUndefined();
   });
 });

src/lib/azure/keyvault.ts

@@ -3,53 +3,58 @@ import { logger } from "../../logger";
 import { IAzureAccessOpts } from "../../types";
 import { getCredentials } from "./azurecredentials";
 
-/**
- * Create or update the secret `secretName` with value `secretValue` in Azure Key Vault `keyVaultName`
- *
- * @param keyVaultName The Azure key vault name
- * @param secretName Name of the secret
- * @param secretValue Value of the secret
- * @param opts optionally override spk config with Azure subscription access options
- *
- */
-export const setSecret = async (
+export const validateValues = (
   keyVaultName: string,
   secretName: string,
-  secretValue: string,
-  opts: IAzureAccessOpts = {}
+  secretValue?: string
 ) => {
-  // validate input
   const errors: string[] = [];
-
   if (!keyVaultName) {
     errors.push(`Invalid keyVaultName`);
   }
-
   if (!secretName) {
     errors.push(`Invalid secretName`);
   }
-
-  if (!secretValue) {
+  if (secretValue !== undefined && !secretValue) {
     errors.push(`Invalid secretValue`);
   }
-
   if (errors.length !== 0) {
     throw new Error(`\n${errors.join("\n")}`);
   }
+};
 
+export const getClient = async (
+  keyVaultName: string,
+  opts: IAzureAccessOpts
+) => {
   const url = `https://${keyVaultName}.vault.azure.net`;
-  const message = `secret ${secretName} with a value ${secretValue} in key vault ${keyVaultName}`;
+  const credentials = await getCredentials(opts);
+  return new SecretClient(url, credentials!);
+};
+
+/**
+ * Create or update the secret `secretName` with value `secretValue` in Azure Key Vault `keyVaultName`
+ *
+ * @param keyVaultName The Azure key vault name
+ * @param secretName Name of the secret
+ * @param secretValue Value of the secret
+ * @param opts optionally override spk config with Azure subscription access options
+ *
+ */
+export const setSecret = async (
+  keyVaultName: string,
+  secretName: string,
+  secretValue: string,
+  opts: IAzureAccessOpts = {}
+) => {
+  validateValues(keyVaultName, secretName, secretValue);
   const messageWithNoValue = `secret ${secretName} in key vault ${keyVaultName}`;
-  try {
-    const credentials = await getCredentials(opts);
-    const client = new SecretClient(url, credentials!);
 
-    // Create a secret
+  try {
+    const client = await getClient(keyVaultName, opts);
     logger.debug(`Setting ${messageWithNoValue}`);
-    logger.verbose(`Setting ${message}`);
-    const result = await client.setSecret(secretName, secretValue);
+    await client.setSecret(secretName, secretValue);
     logger.debug(`Setting ${messageWithNoValue} is complete`);
-    logger.verbose(`Set ${message} complete`);
   } catch (err) {
     logger.error(`Unable to set ${messageWithNoValue}. \n ${err}`);
     throw err;
@@ -69,32 +74,14 @@ export const getSecret = async (
   secretName: string,
   opts: IAzureAccessOpts = {}
 ): Promise<string | undefined> => {
-  // validate input
-  const errors: string[] = [];
-
-  if (!keyVaultName) {
-    errors.push(`Invalid keyVaultName`);
-  }
-
-  if (!secretName) {
-    errors.push(`Invalid secretName`);
-  }
+  validateValues(keyVaultName, secretName);
 
-  if (errors.length !== 0) {
-    throw new Error(`\n${errors.join("\n")}`);
-  }
-
-  const url = `https://${keyVaultName}.vault.azure.net`;
   const message = `secret ${secretName} from key vault ${keyVaultName}`;
   try {
-    const credentials = await getCredentials(opts);
-    const client = new SecretClient(url, credentials!);
-
-    // Get the secret
+    const client = await getClient(keyVaultName, opts);
     logger.debug(`Getting ${message}`);
     const latestSecret = await client.getSecret(secretName);
     logger.debug(`Got ${message}`);
-    logger.verbose(`Found ${message} and the value is ${latestSecret.value}`);
     return latestSecret.value;
   } catch (err) {
     if (err.code === "SecretNotFound" && err.statusCode === 404) {