diff --git a/service_test.go b/service_test.go index 30692af6b..735386237 100644 --- a/service_test.go +++ b/service_test.go @@ -43,7 +43,7 @@ func TestDefaultService(t *testing.T) { _, ofgaClient, cfg, err := jimmtest.SetupTestOFGAClient(c.Name()) c.Assert(err, qt.IsNil) - + os.Setenv("INSECURE_SECRET_STORAGE", "enable") svc, err := jimm.NewService(context.Background(), jimm.Params{ OpenFGAParams: jimm.OpenFGAParams{ Scheme: cfg.ApiScheme, @@ -62,6 +62,23 @@ func TestDefaultService(t *testing.T) { c.Check(resp.StatusCode, qt.Equals, http.StatusOK) } +func TestServiceFailsToStartWithoutSecretStore(t *testing.T) { + c := qt.New(t) + + _, ofgaClient, cfg, err := jimmtest.SetupTestOFGAClient(c.Name()) + c.Assert(err, qt.IsNil) + _, err = jimm.NewService(context.Background(), jimm.Params{ + OpenFGAParams: jimm.OpenFGAParams{ + Scheme: cfg.ApiScheme, + Host: cfg.ApiHost, + Store: cfg.StoreId, + Token: cfg.Credentials.Config.ApiToken, + AuthModel: ofgaClient.AuthModelId, + }, + }) + c.Assert(err, qt.ErrorMatches, "no credential store setup") +} + func TestAuthenticator(t *testing.T) { c := qt.New(t) @@ -80,6 +97,7 @@ func TestAuthenticator(t *testing.T) { }, } candid := startCandid(c, &p) + os.Setenv("INSECURE_SECRET_STORAGE", "enable") svc, err := jimm.NewService(context.Background(), p) c.Assert(err, qt.IsNil) @@ -187,6 +205,27 @@ func TestVault(t *testing.T) { }) } +func TestPostgresSecretStore(t *testing.T) { + c := qt.New(t) + + _, ofgaClient, cfg, err := jimmtest.SetupTestOFGAClient(c.Name()) + c.Assert(err, qt.IsNil) + + p := jimm.Params{ + ControllerUUID: "6acf4fd8-32d6-49ea-b4eb-dcb9d1590c11", + OpenFGAParams: jimm.OpenFGAParams{ + Scheme: cfg.ApiScheme, + Host: cfg.ApiHost, + Store: cfg.StoreId, + Token: cfg.Credentials.Config.ApiToken, + AuthModel: ofgaClient.AuthModelId, + }, + } + os.Setenv("INSECURE_SECRET_STORAGE", "enable") + _, err = jimm.NewService(context.Background(), p) + c.Assert(err, qt.IsNil) +} + func TestOpenFGA(t *testing.T) { c := qt.New(t)