sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix integration tests: correct vault derivation index and debug test failures

Browse Source
This commit is contained in:
Jeffrey Paul
2025-06-09 04:54:45 -07:00
parent e036d280c0
commit 02be4b2a55
21 changed files with 2461 additions and 1191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/secret/metadata.go
View File

@@ -10,8 +10,7 @@ type VaultMetadata struct {
CreatedAt time.Time `json:"createdAt"`
Description string `json:"description,omitempty"`
DerivationIndex uint32 `json:"derivation_index"`
LongTermKeyHash string `json:"long_term_key_hash"` // Double SHA256 hash of derived long-term private key
MnemonicHash string `json:"mnemonic_hash"` // Double SHA256 hash of mnemonic for index tracking
PublicKeyHash string `json:"public_key_hash,omitempty"` // Double SHA256 hash of the long-term public key
}
// UnlockerMetadata contains information about an unlocker

34
internal/secret/version_test.go
View File

@@ -1,3 +1,37 @@
// Version Support Test Suite Documentation
//
// This file contains core unit tests for version functionality:
//
// - TestGenerateVersionName: Tests version name generation with date and serial format
// - TestGenerateVersionNameMaxSerial: Tests the 999 versions per day limit
// - TestNewSecretVersion: Tests secret version object creation
// - TestSecretVersionSave: Tests saving a version with encryption
// - TestSecretVersionLoadMetadata: Tests loading and decrypting version metadata
// - TestSecretVersionGetValue: Tests retrieving and decrypting version values
// - TestListVersions: Tests listing versions in reverse chronological order
// - TestGetCurrentVersion: Tests retrieving the current version via symlink
// - TestSetCurrentVersion: Tests updating the current version symlink
// - TestVersionMetadataTimestamps: Tests timestamp pointer consistency
//
// Key Test Scenarios:
// - Version Creation: First version gets notBefore = epoch + 1 second
// - Subsequent versions update previous version's notAfter timestamp
// - New version's notBefore equals previous version's notAfter
// - Version names follow YYYYMMDD.NNN format
// - Maximum 999 versions per day enforced
//
// Version Retrieval:
// - Get current version via symlink
// - Get specific version by name
// - Empty version parameter returns current
// - Non-existent versions return appropriate errors
//
// Data Integrity:
// - Each version has independent encryption keys
// - Metadata encryption protects version history
// - Long-term key required for all operations
// - Concurrent reads handled safely
package secret
import (