empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9af01e53e9
fleet/orbit/pkg/keystore/keystore_windows_test.go
Victor Lyuboslavsky ab4c505f4b
Enroll secret in macOS keychain and Windows Credential Manager (#16068) 
#13832

For macOS hosts, fleetd now stores and retrieves enroll secret from
macOS keychain.
- this feature must use the official signed and notarized version of
fleetd
- for contributors, this feature can disabled with either:
  - fleetctl package flag: --disable-keystore
  - fleetd runtime flag: --disable-keystore

This feature does not cover the MDM usecase where enroll secret is
stored in the MDM profile. This usecase will hopefully be worked on next
sprint with the MDM team.

For Windows hosts, fleetd now stores and retrieves enroll secret from
Windows Credential Manager.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2024-01-16 06:51:37 -06:00

75 lines
1.4 KiB
Go
Raw Blame History

//go:build windows
package keystore
import (
"github.com/danieljoos/wincred"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"strings"
"testing"
)
func TestExists(t *testing.T) {
t.Parallel()
assert.True(t, Supported())
}
func TestName(t *testing.T) {
t.Parallel()
assert.True(t, strings.Contains(Name(), "Credential Manager"))
}
func TestSecret(t *testing.T) {
t.Parallel()
// Use a different service name for testing
origService := service
service = "com.fleetdm.fleetd.enroll.secret.test"
deleteSecret := func() {
mu.Lock()
defer mu.Unlock()
cred, err := wincred.GetGenericCredential(service)
if err != nil {
return
}
_ = cred.Delete()
}
t.Cleanup(
func() {
deleteSecret()
service = origService
},
)
// Make sure the secret doesn't exist
deleteSecret()
// Get secret -- should be empty
result, err := GetSecret()
require.NoError(t, err)
assert.Equal(t, "", result)
// Add empty secret
assert.Error(t, AddSecret(""))
// Add secret
secret := "testSecret"
require.NoError(t, AddSecret(secret))
result, err = GetSecret()
require.NoError(t, err)
assert.Equal(t, secret, result)
// Update empty secret
assert.Error(t, UpdateSecret(""))
// Update secret
secret = "updatedSecret"
require.NoError(t, UpdateSecret(secret))
result, err = GetSecret()
require.NoError(t, err)
assert.Equal(t, secret, result)
}
Reference in New Issue View Git Blame Copy Permalink