using System.Collections.Generic; using System.Text; using StellaOps.Scanner.Surface.Secrets; using Xunit; namespace StellaOps.Scanner.Surface.Secrets.Tests; public sealed class CasAccessSecretParserTests { [Fact] public void ParseCasAccessSecret_WithRustFsPayload_ReturnsExpectedValues() { const string json = """ { "driver": "rustfs", "endpoint": "https://surface.test.local", "region": "us-gov-west-1", "bucket": "stellaops-surface", "rootPrefix": "scanner", "apiKey": "secret-api-key", "apiKeyHeader": "X-Api-Key", "allowInsecureTls": true, "headers": { "X-Surface-Tenant": "tenant-a" } } """; using var handle = SurfaceSecretHandle.FromBytes(Encoding.UTF8.GetBytes(json)); var secret = SurfaceSecretParser.ParseCasAccessSecret(handle); Assert.Equal("rustfs", secret.Driver); Assert.Equal("https://surface.test.local", secret.Endpoint); Assert.Equal("us-gov-west-1", secret.Region); Assert.Equal("stellaops-surface", secret.Bucket); Assert.Equal("scanner", secret.RootPrefix); Assert.Equal("secret-api-key", secret.ApiKey); Assert.Equal("X-Api-Key", secret.ApiKeyHeader); Assert.True(secret.AllowInsecureTls); Assert.Single(secret.Headers); Assert.Equal("tenant-a", secret.Headers["X-Surface-Tenant"]); } [Fact] public void ParseCasAccessSecret_UsesMetadataFallback_WhenFieldsMissing() { const string json = @"{ ""driver"": ""s3"" }"; var metadata = new Dictionary(StringComparer.OrdinalIgnoreCase) { ["endpoint"] = "https://s3.test.local", ["accessKeyId"] = "AKIA123", ["secretAccessKey"] = "s3-secret", ["header:X-Custom"] = "value" }; using var handle = SurfaceSecretHandle.FromBytes(Encoding.UTF8.GetBytes(json), metadata); var secret = SurfaceSecretParser.ParseCasAccessSecret(handle); Assert.Equal("s3", secret.Driver); Assert.Equal("https://s3.test.local", secret.Endpoint); Assert.Equal("AKIA123", secret.AccessKeyId); Assert.Equal("s3-secret", secret.SecretAccessKey); Assert.Equal("value", secret.Headers["X-Custom"]); } }