'unlock keys' renamed to 'unlockers'

2025-05-30 07:29:02 -07:00
parent 0bf8e71b52
commit f59ee4d2d6
25 changed files with 1115 additions and 1103 deletions
--- a/internal/secret/pgpunlock_test.go
+++ b/internal/secret/pgpunlock_test.go
@@ -123,7 +123,7 @@ func runGPGWithPassphrase(gnupgHome, passphrase string, args []string, input io.
 	return stdout.Bytes(), nil
 }

-func TestPGPUnlockKeyWithRealFS(t *testing.T) {
+func TestPGPUnlockerWithRealFS(t *testing.T) {
 	// Skip tests if gpg is not available
 	if _, err := exec.LookPath("gpg"); err != nil {
 		t.Skip("GPG not available, skipping PGP unlock key tests")
@@ -258,7 +258,7 @@ Passphrase: ` + testPassphrase + `
 	vaultName := "test-vault"

 	// Test creation of a PGP unlock key through a vault
-	t.Run("CreatePGPUnlockKey", func(t *testing.T) {
+	t.Run("CreatePGPUnlocker", func(t *testing.T) {
 		// Set a limited test timeout to avoid hanging
 		timer := time.AfterFunc(30*time.Second, func() {
 			t.Fatalf("Test timed out after 30 seconds")
@@ -298,50 +298,50 @@ Passphrase: ` + testPassphrase + `
 		// Unlock the vault
 		vlt.Unlock(ltIdentity)

-		// Create a passphrase unlock key first (to have current unlock key)
-		passKey, err := vlt.CreatePassphraseKey("test-passphrase")
+		// Create a passphrase unlocker first (to have current unlocker)
+		passUnlocker, err := vlt.CreatePassphraseUnlocker("test-passphrase")
 		if err != nil {
-			t.Fatalf("Failed to create passphrase key: %v", err)
+			t.Fatalf("Failed to create passphrase unlocker: %v", err)
 		}

-		// Verify passphrase key was created
-		if passKey == nil {
-			t.Fatal("Passphrase key is nil")
+		// Verify passphrase unlocker was created
+		if passUnlocker == nil {
+			t.Fatal("Passphrase unlocker is nil")
 		}

 		// Now create a PGP unlock key (this will use our custom GPGEncryptFunc)
-		pgpKey, err := secret.CreatePGPUnlockKey(fs, stateDir, keyID)
+		pgpUnlocker, err := secret.CreatePGPUnlocker(fs, stateDir, keyID)
 		if err != nil {
 			t.Fatalf("Failed to create PGP unlock key: %v", err)
 		}

 		// Verify the PGP unlock key was created
-		if pgpKey == nil {
+		if pgpUnlocker == nil {
 			t.Fatal("PGP unlock key is nil")
 		}

 		// Check if the key has the correct type
-		if pgpKey.GetType() != "pgp" {
-			t.Errorf("Expected PGP unlock key type 'pgp', got '%s'", pgpKey.GetType())
+		if pgpUnlocker.GetType() != "pgp" {
+			t.Errorf("Expected PGP unlock key type 'pgp', got '%s'", pgpUnlocker.GetType())
 		}

 		// Check if the key ID includes the GPG key ID
-		if !strings.Contains(pgpKey.GetID(), keyID) {
-			t.Errorf("PGP unlock key ID '%s' does not contain GPG key ID '%s'", pgpKey.GetID(), keyID)
+		if !strings.Contains(pgpUnlocker.GetID(), keyID) {
+			t.Errorf("PGP unlock key ID '%s' does not contain GPG key ID '%s'", pgpUnlocker.GetID(), keyID)
 		}

 		// Check if the key directory exists
-		keyDir := pgpKey.GetDirectory()
-		keyExists, err := afero.DirExists(fs, keyDir)
+		unlockerDir := pgpUnlocker.GetDirectory()
+		keyExists, err := afero.DirExists(fs, unlockerDir)
 		if err != nil {
 			t.Fatalf("Failed to check if PGP key directory exists: %v", err)
 		}
 		if !keyExists {
-			t.Errorf("PGP unlock key directory does not exist: %s", keyDir)
+			t.Errorf("PGP unlock key directory does not exist: %s", unlockerDir)
 		}

 		// Check if required files exist
-		pubKeyPath := filepath.Join(keyDir, "pub.age")
+		pubKeyPath := filepath.Join(unlockerDir, "pub.age")
 		pubKeyExists, err := afero.Exists(fs, pubKeyPath)
 		if err != nil {
 			t.Fatalf("Failed to check if public key file exists: %v", err)
@@ -350,7 +350,7 @@ Passphrase: ` + testPassphrase + `
 			t.Errorf("PGP unlock key public key file does not exist: %s", pubKeyPath)
 		}

-		privKeyPath := filepath.Join(keyDir, "priv.age.gpg")
+		privKeyPath := filepath.Join(unlockerDir, "priv.age.gpg")
 		privKeyExists, err := afero.Exists(fs, privKeyPath)
 		if err != nil {
 			t.Fatalf("Failed to check if private key file exists: %v", err)
@@ -359,7 +359,7 @@ Passphrase: ` + testPassphrase + `
 			t.Errorf("PGP unlock key private key file does not exist: %s", privKeyPath)
 		}

-		metadataPath := filepath.Join(keyDir, "unlock-metadata.json")
+		metadataPath := filepath.Join(unlockerDir, "unlocker-metadata.json")
 		metadataExists, err := afero.Exists(fs, metadataPath)
 		if err != nil {
 			t.Fatalf("Failed to check if metadata file exists: %v", err)
@@ -368,7 +368,7 @@ Passphrase: ` + testPassphrase + `
 			t.Errorf("PGP unlock key metadata file does not exist: %s", metadataPath)
 		}

-		longtermPath := filepath.Join(keyDir, "longterm.age")
+		longtermPath := filepath.Join(unlockerDir, "longterm.age")
 		longtermExists, err := afero.Exists(fs, longtermPath)
 		if err != nil {
 			t.Fatalf("Failed to check if longterm key file exists: %v", err)
@@ -405,37 +405,37 @@ Passphrase: ` + testPassphrase + `
 	})

 	// Set up key directory for individual tests
-	keyDir := filepath.Join(tempDir, "unlock-key")
-	if err := os.MkdirAll(keyDir, secret.DirPerms); err != nil {
-		t.Fatalf("Failed to create key directory: %v", err)
+	unlockerDir := filepath.Join(tempDir, "unlocker")
+	if err := os.MkdirAll(unlockerDir, secret.DirPerms); err != nil {
+		t.Fatalf("Failed to create unlocker directory: %v", err)
 	}

 	// Set up test metadata
-	metadata := secret.UnlockKeyMetadata{
+	metadata := secret.UnlockerMetadata{
 		ID:        fmt.Sprintf("%s-pgp", keyID),
 		Type:      "pgp",
 		CreatedAt: time.Now(),
 		Flags:     []string{"gpg", "encrypted"},
 	}

-	// Create a PGP unlock key for the remaining tests
-	unlockKey := secret.NewPGPUnlockKey(fs, keyDir, metadata)
+	// Create a PGP unlocker for the remaining tests
+	unlocker := secret.NewPGPUnlocker(fs, unlockerDir, metadata)

 	// Test getting GPG key ID
 	t.Run("GetGPGKeyID", func(t *testing.T) {
 		// Create PGP metadata with GPG key ID
-		type PGPUnlockKeyMetadata struct {
-			secret.UnlockKeyMetadata
+		type PGPUnlockerMetadata struct {
+			secret.UnlockerMetadata
 			GPGKeyID string `json:"gpg_key_id"`
 		}

-		pgpMetadata := PGPUnlockKeyMetadata{
-			UnlockKeyMetadata: metadata,
-			GPGKeyID:          keyID,
+		pgpMetadata := PGPUnlockerMetadata{
+			UnlockerMetadata: metadata,
+			GPGKeyID:         keyID,
 		}

 		// Write metadata file
-		metadataPath := filepath.Join(keyDir, "unlock-metadata.json")
+		metadataPath := filepath.Join(unlockerDir, "unlocker-metadata.json")
 		metadataBytes, err := json.MarshalIndent(pgpMetadata, "", "  ")
 		if err != nil {
 			t.Fatalf("Failed to marshal metadata: %v", err)
@@ -445,7 +445,7 @@ Passphrase: ` + testPassphrase + `
 		}

 		// Get GPG key ID
-		retrievedKeyID, err := unlockKey.GetGPGKeyID()
+		retrievedKeyID, err := unlocker.GetGPGKeyID()
 		if err != nil {
 			t.Fatalf("Failed to get GPG key ID: %v", err)
 		}
@@ -456,7 +456,7 @@ Passphrase: ` + testPassphrase + `
 		}
 	})

-	// Test getting identity from PGP unlock key
+	// Test getting identity from PGP unlocker
 	t.Run("GetIdentity", func(t *testing.T) {
 		// Generate an age identity for testing
 		ageIdentity, err := age.GenerateX25519Identity()
@@ -465,7 +465,7 @@ Passphrase: ` + testPassphrase + `
 		}

 		// Write the public key
-		pubKeyPath := filepath.Join(keyDir, "pub.age")
+		pubKeyPath := filepath.Join(unlockerDir, "pub.age")
 		if err := afero.WriteFile(fs, pubKeyPath, []byte(ageIdentity.Recipient().String()), secret.FilePerms); err != nil {
 			t.Fatalf("Failed to write public key: %v", err)
 		}
@@ -478,13 +478,13 @@ Passphrase: ` + testPassphrase + `
 		}

 		// Write the encrypted data to a file
-		encryptedPath := filepath.Join(keyDir, "priv.age.gpg")
+		encryptedPath := filepath.Join(unlockerDir, "priv.age.gpg")
 		if err := afero.WriteFile(fs, encryptedPath, encryptedOutput, secret.FilePerms); err != nil {
 			t.Fatalf("Failed to write encrypted private key: %v", err)
 		}

 		// Now try to get the identity - this will use our custom GPGDecryptFunc
-		identity, err := unlockKey.GetIdentity()
+		identity, err := unlocker.GetIdentity()
 		if err != nil {
 			t.Fatalf("Failed to get identity: %v", err)
 		}
@@ -497,30 +497,30 @@ Passphrase: ` + testPassphrase + `
 		}
 	})

-	// Test removing the unlock key
-	t.Run("RemoveUnlockKey", func(t *testing.T) {
-		// Ensure key directory exists before removal
-		keyExists, err := afero.DirExists(fs, keyDir)
+	// Test removing the unlocker
+	t.Run("RemoveUnlocker", func(t *testing.T) {
+		// Ensure unlocker directory exists before removal
+		keyExists, err := afero.DirExists(fs, unlockerDir)
 		if err != nil {
-			t.Fatalf("Failed to check if key directory exists: %v", err)
+			t.Fatalf("Failed to check if unlocker directory exists: %v", err)
 		}
 		if !keyExists {
-			t.Fatalf("Key directory does not exist: %s", keyDir)
+			t.Fatalf("Unlocker directory does not exist: %s", unlockerDir)
 		}

-		// Remove unlock key
-		err = unlockKey.Remove()
+		// Remove unlocker
+		err = unlocker.Remove()
 		if err != nil {
-			t.Fatalf("Failed to remove unlock key: %v", err)
+			t.Fatalf("Failed to remove unlocker: %v", err)
 		}

 		// Verify directory is gone
-		keyExists, err = afero.DirExists(fs, keyDir)
+		keyExists, err = afero.DirExists(fs, unlockerDir)
 		if err != nil {
-			t.Fatalf("Failed to check if key directory exists: %v", err)
+			t.Fatalf("Failed to check if unlocker directory exists: %v", err)
 		}
 		if keyExists {
-			t.Errorf("Key directory still exists after removal: %s", keyDir)
+			t.Errorf("Unlocker directory still exists after removal: %s", unlockerDir)
 		}
 	})
 }