git.stella-ops.org/src/Scanner/__Tests/StellaOps.Scanner.Surface.Secrets.Tests/FileSurfaceSecretProviderTests.cs

using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using System.IO;
using System.Text.Json;
using StellaOps.Scanner.Surface.Secrets;
using StellaOps.Scanner.Surface.Secrets.Providers;

namespace StellaOps.Scanner.Surface.Secrets.Tests;

public sealed class FileSurfaceSecretProviderTests
{
    [Fact]
    public async Task GetAsync_ReturnsSecret_FromJson()
    {
        var rootDirectory = Directory.CreateTempSubdirectory();
        var root = rootDirectory.FullName;
        var request = new SurfaceSecretRequest("tenant", "component", "registry");
        var path = Path.Combine(root, request.Tenant, request.Component, request.SecretType);
        Directory.CreateDirectory(path);
        var payloadPath = Path.Combine(path, "default.json");
        await File.WriteAllTextAsync(payloadPath, JsonSerializer.Serialize(new
        {
            Payload = Convert.ToBase64String(new byte[] { 10, 20, 30 }),
            Metadata = new Dictionary<string, string> { ["username"] = "demo" }
        }));

        try
        {
            var provider = new FileSurfaceSecretProvider(root);
            var handle = await provider.GetAsync(request);
            try
            {
                Assert.Equal(new byte[] { 10, 20, 30 }, handle.AsBytes().ToArray());
                Assert.Equal("demo", handle.Metadata["username"]);
            }
            finally
            {
                handle.Dispose();
            }
        }
        finally
        {
            rootDirectory.Delete(true);
        }
    }
}