From 880d43fbe539c3a31918dcc14a4c595f20b4bafc Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Wed, 28 Aug 2024 13:58:32 -0600 Subject: [PATCH 01/54] renamed flexion to ca-phl and uncommented out code Co-authored-by: James Herr Co-authored-by: jcrichlake <145698165+jcrichlake@users.noreply.github.com> --- docker-compose.yml | 8 ++++---- operations/template/app.tf | 8 ++++---- src/senders/report_stream_sender.go | 4 ++-- src/senders/report_stream_sender_test.go | 16 ++++++++-------- src/sftp/handler.go | 12 +++++------- 5 files changed, 23 insertions(+), 25 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 226ba028..440f08b9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,8 +7,8 @@ services: ENV: local # Uncomment the line below to call local report stream. Otherwise we'll use a mock response # REPORT_STREAM_URL_PREFIX: http://host.docker.internal:7071 - FLEXION_PRIVATE_KEY_NAME: trusted-intermediary-private-key-local.pem #pragma: allowlist secret - FLEXION_CLIENT_NAME: flexion.simulated-hospital + CA_PHL_PRIVATE_KEY_NAME: trusted-intermediary-private-key-local.pem #pragma: allowlist secret + CA_PHL_CLIENT_NAME: flexion.simulated-hospital QUEUE_MAX_DELIVERY_ATTEMPTS: 5 POLLING_TRIGGER_QUEUE_NAME: polling-trigger-queue volumes: @@ -96,9 +96,9 @@ services: environment: SFTP_USERS: ti_user:ti_password:::files volumes: -# - ./mock_credentials/sftp-public-key-local:/home/ti_user/.ssh/keys/id_rsa.pub:ro # uncomment me when CA uses our public key for authentication + - ./mock_credentials/sftp-public-key-local:/home/ti_user/.ssh/keys/id_rsa.pub:ro # uncomment me when CA uses our public key for authentication - ./mock_credentials/sftp-server-private-key-local:/etc/ssh/ssh_host_rsa_key -# - ./localdata/sftp_server_require_password_and_publickey.sh:/etc/sftp.d/sftp_server_require_password_and_publickey.sh # uncomment me when CA uses our public key for authentication + - ./localdata/sftp_server_require_password_and_publickey.sh:/etc/sftp.d/sftp_server_require_password_and_publickey.sh # uncomment me when CA uses our public key for authentication - ./localdata/data/sftp:/home/ti_user/files ports: - "2223:22" diff --git a/operations/template/app.tf b/operations/template/app.tf index f8f85a39..d908f25a 100644 --- a/operations/template/app.tf +++ b/operations/template/app.tf @@ -121,15 +121,15 @@ resource "azurerm_linux_web_app" "sftp" { ENV = var.environment AZURE_STORAGE_CONNECTION_STRING = azurerm_storage_account.storage.primary_blob_connection_string REPORT_STREAM_URL_PREFIX = "https://${local.rs_domain_prefix}prime.cdc.gov" - FLEXION_PRIVATE_KEY_NAME = azurerm_key_vault_secret.mock_public_health_lab_private_key.name + CA_PHL_PRIVATE_KEY_NAME = azurerm_key_vault_secret.mock_public_health_lab_private_key.name AZURE_KEY_VAULT_URI = azurerm_key_vault.key_storage.vault_uri - FLEXION_CLIENT_NAME = "flexion.simulated-lab" + CA_PHL_CLIENT_NAME = "flexion.simulated-lab" QUEUE_MAX_DELIVERY_ATTEMPTS = azurerm_eventgrid_system_topic_event_subscription.topic_sub.retry_policy.0.max_delivery_attempts # making the Azure container <-> queue retry count be in sync with the queue <-> application retry count.. } sticky_settings { - app_setting_names = ["AZURE_STORAGE_CONNECTION_STRING", "REPORT_STREAM_URL_PREFIX", "FLEXION_PRIVATE_KEY_NAME", - "AZURE_KEY_VAULT_URI", "FLEXION_CLIENT_NAME", "QUEUE_MAX_DELIVERY_ATTEMPTS"] + app_setting_names = ["AZURE_STORAGE_CONNECTION_STRING", "REPORT_STREAM_URL_PREFIX", "CA_PHL_PRIVATE_KEY_NAME", + "AZURE_KEY_VAULT_URI", "CA_PHL_CLIENT_NAME", "QUEUE_MAX_DELIVERY_ATTEMPTS"] } identity { diff --git a/src/senders/report_stream_sender.go b/src/senders/report_stream_sender.go index e8a08721..f740df7b 100644 --- a/src/senders/report_stream_sender.go +++ b/src/senders/report_stream_sender.go @@ -33,8 +33,8 @@ func NewSender() (Sender, error) { return Sender{ baseUrl: os.Getenv("REPORT_STREAM_URL_PREFIX"), - privateKeyName: os.Getenv("FLEXION_PRIVATE_KEY_NAME"), - clientName: os.Getenv("FLEXION_CLIENT_NAME"), + privateKeyName: os.Getenv("CA_PHL_PRIVATE_KEY_NAME"), + clientName: os.Getenv("CA_PHL_CLIENT_NAME"), credentialGetter: credentialGetter, }, nil } diff --git a/src/senders/report_stream_sender_test.go b/src/senders/report_stream_sender_test.go index c84618b6..ac1613cd 100644 --- a/src/senders/report_stream_sender_test.go +++ b/src/senders/report_stream_sender_test.go @@ -22,15 +22,15 @@ type SenderTestSuite struct { func (suite *SenderTestSuite) SetupTest() { os.Setenv("ENV", "local") os.Setenv("REPORT_STREAM_URL_PREFIX", "rs.com") - os.Setenv("FLEXION_PRIVATE_KEY_NAME", "key") - os.Setenv("FLEXION_CLIENT_NAME", "client") + os.Setenv("CA_PHL_PRIVATE_KEY_NAME", "key") + os.Setenv("CA_PHL_CLIENT_NAME", "client") } func (suite *SenderTestSuite) TearDownTest() { os.Unsetenv("ENV") os.Unsetenv("REPORT_STREAM_URL_PREFIX") - os.Unsetenv("FLEXION_PRIVATE_KEY_NAME") - os.Unsetenv("FLEXION_CLIENT_NAME") + os.Unsetenv("CA_PHL_PRIVATE_KEY_NAME") + os.Unsetenv("CA_PHL_CLIENT_NAME") } func (suite *SenderTestSuite) Test_NewSender_VariablesAreSet_ReturnsSender() { @@ -39,8 +39,8 @@ func (suite *SenderTestSuite) Test_NewSender_VariablesAreSet_ReturnsSender() { assert.NoError(suite.T(), err) assert.Equal(suite.T(), os.Getenv("REPORT_STREAM_URL_PREFIX"), sender.baseUrl) - assert.Equal(suite.T(), os.Getenv("FLEXION_PRIVATE_KEY_NAME"), sender.privateKeyName) - assert.Equal(suite.T(), os.Getenv("FLEXION_CLIENT_NAME"), sender.clientName) + assert.Equal(suite.T(), os.Getenv("CA_PHL_PRIVATE_KEY_NAME"), sender.privateKeyName) + assert.Equal(suite.T(), os.Getenv("CA_PHL_CLIENT_NAME"), sender.clientName) } func (suite *SenderTestSuite) Test_NewSender_EnvIsEmpty_ReturnsSenderWithLocalCredentials() { @@ -49,8 +49,8 @@ func (suite *SenderTestSuite) Test_NewSender_EnvIsEmpty_ReturnsSenderWithLocalCr assert.NoError(suite.T(), err) assert.Equal(suite.T(), os.Getenv("REPORT_STREAM_URL_PREFIX"), sender.baseUrl) - assert.Equal(suite.T(), os.Getenv("FLEXION_PRIVATE_KEY_NAME"), sender.privateKeyName) - assert.Equal(suite.T(), os.Getenv("FLEXION_CLIENT_NAME"), sender.clientName) + assert.Equal(suite.T(), os.Getenv("CA_PHL_PRIVATE_KEY_NAME"), sender.privateKeyName) + assert.Equal(suite.T(), os.Getenv("CA_PHL_CLIENT_NAME"), sender.clientName) } func (suite *SenderTestSuite) Test_GenerateJWT_ReturnsJWT() { diff --git a/src/sftp/handler.go b/src/sftp/handler.go index a85a90d5..29111ecf 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -26,11 +26,10 @@ type SftpHandler struct { func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, error) { // In the future, we'll pass in info about what customer we're using (and thus what URL/key/password to use) - // TODO uncomment code when partner is setup to receive key - //pem, err := getPublicKeysForSshClient(credentialGetter) - //if err != nil { - // return nil, err - //} + pem, err := getPublicKeysForSshClient(credentialGetter) + if err != nil { + return nil, err + } serverKeySecret := "sftp-server-public-key-" + utils.EnvironmentName() // pragma: allowlist secret serverKey, err := credentialGetter.GetSecret(serverKeySecret) @@ -59,11 +58,10 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } - // TODO uncomment code when partner is setup to receive key config := &ssh.ClientConfig{ User: sftpUser, Auth: []ssh.AuthMethod{ - //ssh.PublicKeys(pem), + ssh.PublicKeys(pem), ssh.Password(sftpPassword), }, HostKeyCallback: hostKeyCallback, From 3959616045d216c33341aff5a71f0ccc5725e4f5 Mon Sep 17 00:00:00 2001 From: James Herr Date: Wed, 28 Aug 2024 16:28:02 -0500 Subject: [PATCH 02/54] Added import path to docker compose Co-Authored-By: Sylvie <38440028+somesylvie@users.noreply.github.com> --- README.md | 4 ++-- docker-compose.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 39aedc77..a8d41d4c 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ match your newly-created file ```json { "topic": "/subscriptions/52203171-a2ed-4f6c-b5cf-9b368c43f15b/resourceGroups/csels-rsti-internal-moderate-rg/providers/Microsoft.Storage/storageAccounts/cdcrssftpinternal", - "subject": "/blobServices/default/containers/sftp/blobs/order_message.hl7", + "subject": "/blobServices/default/containers/sftp/blobs/import/order_message.hl7", "eventType": "Microsoft.Storage.BlobCreated", "id": "dac45448-001e-0031-7649-b8ad2c06c977", "data": { @@ -92,7 +92,7 @@ match your newly-created file "contentType": "application/octet-stream", "contentLength": 1122, "blobType": "BlockBlob", - "url": "https://cdcrssftpinternal.blob.core.windows.net/sftp/order_message.hl7", + "url": "http://127.0.0.1:12000/devstoreaccount1/sftp/import/order_message.hl7", "sequencer": "00000000000000000000000000024DA1000000000006ab03", "storageDiagnostics": { "batchId": "6677b768-3006-0093-0049-b89735000000" diff --git a/docker-compose.yml b/docker-compose.yml index 440f08b9..93bc9d88 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -31,7 +31,7 @@ services: sftp-Azurite: image: mcr.microsoft.com/azure-storage/azurite # uncomment the line below to skip x-ms-version checks - # command: azurite --skipApiVersionCheck --blobHost 0.0.0.0 --queueHost 0.0.0.0 + command: azurite --skipApiVersionCheck --blobHost 0.0.0.0 --queueHost 0.0.0.0 volumes: # map to Azurite data objects to the build directory - ./localdata/data/azurite:/data @@ -51,7 +51,7 @@ services: - -c - | az storage container create -n sftp - az storage blob upload --overwrite --account-name devstoreaccount1 --container-name sftp --name order_message.hl7 --file mock_data/order_message.hl7 + az storage blob upload --overwrite --account-name devstoreaccount1 --container-name sftp --name import/order_message.hl7 --file mock_data/order_message.hl7 az storage queue create -n message-import-queue az storage queue create -n message-import-dead-letter-queue az storage queue create -n polling-trigger-queue From 86dc1e9ba89a2ba1ec62339884db3322084b0e89 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Fri, 30 Aug 2024 10:14:28 -0600 Subject: [PATCH 03/54] fixed tests for handler newsftphandler Co-authored-by: James Herr Date: Fri, 30 Aug 2024 10:28:18 -0600 Subject: [PATCH 04/54] fixed terraform formatting and removed unused variable in test Co-authored-by: James Herr --- operations/template/app.tf | 4 ++-- src/sftp/handler_test.go | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/operations/template/app.tf b/operations/template/app.tf index d908f25a..a6ef1688 100644 --- a/operations/template/app.tf +++ b/operations/template/app.tf @@ -121,9 +121,9 @@ resource "azurerm_linux_web_app" "sftp" { ENV = var.environment AZURE_STORAGE_CONNECTION_STRING = azurerm_storage_account.storage.primary_blob_connection_string REPORT_STREAM_URL_PREFIX = "https://${local.rs_domain_prefix}prime.cdc.gov" - CA_PHL_PRIVATE_KEY_NAME = azurerm_key_vault_secret.mock_public_health_lab_private_key.name + CA_PHL_PRIVATE_KEY_NAME = azurerm_key_vault_secret.mock_public_health_lab_private_key.name AZURE_KEY_VAULT_URI = azurerm_key_vault.key_storage.vault_uri - CA_PHL_CLIENT_NAME = "flexion.simulated-lab" + CA_PHL_CLIENT_NAME = "flexion.simulated-lab" QUEUE_MAX_DELIVERY_ATTEMPTS = azurerm_eventgrid_system_topic_event_subscription.topic_sub.retry_policy.0.max_delivery_attempts # making the Azure container <-> queue retry count be in sync with the queue <-> application retry count.. } diff --git a/src/sftp/handler_test.go b/src/sftp/handler_test.go index 80d09bd4..c4fa6388 100644 --- a/src/sftp/handler_test.go +++ b/src/sftp/handler_test.go @@ -20,7 +20,6 @@ import ( const serverKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDg90HXaJnI1KtfJp8MWHxAwC00PvQCZKm4FRRdPGhEMepXIeLdjOtZV6LdePMT3WUmNkd6vaJ4EEmFUtH9lKLidALL9blOJF1iZKXK81JBJsds8axz5cqAau6aclgc9B1z2tAa+JtaSqN7uXvfPsrmsVss4jcOxX+thAhz7U6chN6ahabgIPqHBEjwvPlVNNbSqv0Q0eS4WaEEo/39tiXn5DYpPRC6DjuZ3m5s3VIgHznTv2Ufp3kcLcfEDZFwjm5XRWLNNvM5h3aW1vmr4lgBwuEzPV7CYIdIyDxe9V7YYcGfO+uu/VrDpY1wSmcD3lzHLLTbi5WWOurwiMsWIVRZfa/rmzuoTYknd5iJoiTyIWmR7L0FLfzPlDYJZmAWSdLZrZaUdD8SDIoKMSEV/5/ZzcI0wuoknis+zpyFqT0jfOy7E4GtG8pEQf7JGXaiExNd9TKxbRmaxp3Yv4WgPBThY39Va7EMUC/s0hX2Ah8pIWZG4Lze4x7Z4dElCOHDgnsl3Akc399jnIDfUY4bVn+rfBJntx9mBRaNnV1GqRodbSkHK5dTcZEmRslhuhsQVO2CxrlkPhFEe0XXpA3llO9YIkf4sCZDUbRFKPJiHyDhfrf2/HzkLndODdFaAnICYd51zOI1SgP3aFx60bZ2nPSoLs9DsR1LLIpz4uoiy5hCHw== sschuresko@flexion-mac-J40DPF4YQR" const publicKey = "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" const password = "ti_password" -const serverAddress = "host.docker.internal:2223" const user = "ti_user" func Test_NewSFTPHandler_UnableToGetSshClientPublicKey_ReturnsError(t *testing.T) { From 98213c502f7210457c40df78d0f8bfd6256cd552 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Fri, 30 Aug 2024 10:33:21 -0600 Subject: [PATCH 05/54] add ignore comment Co-authored-by: James Herr --- src/sftp/handler_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sftp/handler_test.go b/src/sftp/handler_test.go index c4fa6388..8bb6724f 100644 --- a/src/sftp/handler_test.go +++ b/src/sftp/handler_test.go @@ -18,7 +18,7 @@ import ( ) const serverKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDg90HXaJnI1KtfJp8MWHxAwC00PvQCZKm4FRRdPGhEMepXIeLdjOtZV6LdePMT3WUmNkd6vaJ4EEmFUtH9lKLidALL9blOJF1iZKXK81JBJsds8axz5cqAau6aclgc9B1z2tAa+JtaSqN7uXvfPsrmsVss4jcOxX+thAhz7U6chN6ahabgIPqHBEjwvPlVNNbSqv0Q0eS4WaEEo/39tiXn5DYpPRC6DjuZ3m5s3VIgHznTv2Ufp3kcLcfEDZFwjm5XRWLNNvM5h3aW1vmr4lgBwuEzPV7CYIdIyDxe9V7YYcGfO+uu/VrDpY1wSmcD3lzHLLTbi5WWOurwiMsWIVRZfa/rmzuoTYknd5iJoiTyIWmR7L0FLfzPlDYJZmAWSdLZrZaUdD8SDIoKMSEV/5/ZzcI0wuoknis+zpyFqT0jfOy7E4GtG8pEQf7JGXaiExNd9TKxbRmaxp3Yv4WgPBThY39Va7EMUC/s0hX2Ah8pIWZG4Lze4x7Z4dElCOHDgnsl3Akc399jnIDfUY4bVn+rfBJntx9mBRaNnV1GqRodbSkHK5dTcZEmRslhuhsQVO2CxrlkPhFEe0XXpA3llO9YIkf4sCZDUbRFKPJiHyDhfrf2/HzkLndODdFaAnICYd51zOI1SgP3aFx60bZ2nPSoLs9DsR1LLIpz4uoiy5hCHw== sschuresko@flexion-mac-J40DPF4YQR" -const publicKey = "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" +const publicKey = "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret const password = "ti_password" const user = "ti_user" From 07e5d5a8936071e123730634c97c8be5e93ec359 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Fri, 30 Aug 2024 10:36:54 -0600 Subject: [PATCH 06/54] add space to comment Co-authored-by: James Herr --- src/sftp/handler_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sftp/handler_test.go b/src/sftp/handler_test.go index 8bb6724f..47f68304 100644 --- a/src/sftp/handler_test.go +++ b/src/sftp/handler_test.go @@ -18,7 +18,7 @@ import ( ) const serverKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDg90HXaJnI1KtfJp8MWHxAwC00PvQCZKm4FRRdPGhEMepXIeLdjOtZV6LdePMT3WUmNkd6vaJ4EEmFUtH9lKLidALL9blOJF1iZKXK81JBJsds8axz5cqAau6aclgc9B1z2tAa+JtaSqN7uXvfPsrmsVss4jcOxX+thAhz7U6chN6ahabgIPqHBEjwvPlVNNbSqv0Q0eS4WaEEo/39tiXn5DYpPRC6DjuZ3m5s3VIgHznTv2Ufp3kcLcfEDZFwjm5XRWLNNvM5h3aW1vmr4lgBwuEzPV7CYIdIyDxe9V7YYcGfO+uu/VrDpY1wSmcD3lzHLLTbi5WWOurwiMsWIVRZfa/rmzuoTYknd5iJoiTyIWmR7L0FLfzPlDYJZmAWSdLZrZaUdD8SDIoKMSEV/5/ZzcI0wuoknis+zpyFqT0jfOy7E4GtG8pEQf7JGXaiExNd9TKxbRmaxp3Yv4WgPBThY39Va7EMUC/s0hX2Ah8pIWZG4Lze4x7Z4dElCOHDgnsl3Akc399jnIDfUY4bVn+rfBJntx9mBRaNnV1GqRodbSkHK5dTcZEmRslhuhsQVO2CxrlkPhFEe0XXpA3llO9YIkf4sCZDUbRFKPJiHyDhfrf2/HzkLndODdFaAnICYd51zOI1SgP3aFx60bZ2nPSoLs9DsR1LLIpz4uoiy5hCHw== sschuresko@flexion-mac-J40DPF4YQR" -const publicKey = "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret +const publicKey = "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret const password = "ti_password" const user = "ti_user" From a5a53f68055af79c89117ea58d83138ef80be547 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Fri, 30 Aug 2024 10:48:49 -0600 Subject: [PATCH 07/54] removed constant and added variable in each test Co-authored-by: James Herr --- src/sftp/handler_test.go | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/src/sftp/handler_test.go b/src/sftp/handler_test.go index 47f68304..c8a367f6 100644 --- a/src/sftp/handler_test.go +++ b/src/sftp/handler_test.go @@ -18,7 +18,6 @@ import ( ) const serverKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDg90HXaJnI1KtfJp8MWHxAwC00PvQCZKm4FRRdPGhEMepXIeLdjOtZV6LdePMT3WUmNkd6vaJ4EEmFUtH9lKLidALL9blOJF1iZKXK81JBJsds8axz5cqAau6aclgc9B1z2tAa+JtaSqN7uXvfPsrmsVss4jcOxX+thAhz7U6chN6ahabgIPqHBEjwvPlVNNbSqv0Q0eS4WaEEo/39tiXn5DYpPRC6DjuZ3m5s3VIgHznTv2Ufp3kcLcfEDZFwjm5XRWLNNvM5h3aW1vmr4lgBwuEzPV7CYIdIyDxe9V7YYcGfO+uu/VrDpY1wSmcD3lzHLLTbi5WWOurwiMsWIVRZfa/rmzuoTYknd5iJoiTyIWmR7L0FLfzPlDYJZmAWSdLZrZaUdD8SDIoKMSEV/5/ZzcI0wuoknis+zpyFqT0jfOy7E4GtG8pEQf7JGXaiExNd9TKxbRmaxp3Yv4WgPBThY39Va7EMUC/s0hX2Ah8pIWZG4Lze4x7Z4dElCOHDgnsl3Akc399jnIDfUY4bVn+rfBJntx9mBRaNnV1GqRodbSkHK5dTcZEmRslhuhsQVO2CxrlkPhFEe0XXpA3llO9YIkf4sCZDUbRFKPJiHyDhfrf2/HzkLndODdFaAnICYd51zOI1SgP3aFx60bZ2nPSoLs9DsR1LLIpz4uoiy5hCHw== sschuresko@flexion-mac-J40DPF4YQR" -const publicKey = "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret const password = "ti_password" const user = "ti_user" @@ -40,8 +39,10 @@ func Test_NewSFTPHandler_UnableToGetSFTPServerPublicKeyNameSecret_ReturnsError(t buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) + secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret + mockCredentialGetter := new(mocks.MockCredentialGetter) - mockCredentialGetter.On("GetSecret", mock.Anything).Return(publicKey, nil).Once() + mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return("", errors.New("error")) sftpHandler, err := NewSftpHandler(mockCredentialGetter) @@ -55,9 +56,11 @@ func Test_NewSFTPHandler_UnableToGetSSHClientHostKeyCallback_ReturnsError(t *tes buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) + secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret + mockCredentialGetter := new(mocks.MockCredentialGetter) - mockCredentialGetter.On("GetSecret", mock.Anything).Return(publicKey, nil) + mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil) sftpHandler, err := NewSftpHandler(mockCredentialGetter) @@ -71,9 +74,11 @@ func Test_NewSFTPHandler_UnableToGetSFTPUserNameSecret_ReturnsError(t *testing.T buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) + secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret + mockCredentialGetter := new(mocks.MockCredentialGetter) - mockCredentialGetter.On("GetSecret", mock.Anything).Return(publicKey, nil).Once() + mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(serverKey, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return("", errors.New("error")) @@ -88,9 +93,12 @@ func Test_NewSFTPHandler_UnableToGetSFTPUserNameSecret_ReturnsError(t *testing.T func Test_NewSFTPHandler_UnableToGetSFTPPasswordName_ReturnsError(t *testing.T) { buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) + + secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret + mockCredentialGetter := new(mocks.MockCredentialGetter) - mockCredentialGetter.On("GetSecret", mock.Anything).Return(publicKey, nil).Once() + mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(serverKey, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(user, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return("", errors.New("error")) @@ -106,9 +114,11 @@ func Test_NewSFTPHandler_UnableToGetSFTPServerAddressName_ReturnsError(t *testin buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) + secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret + mockCredentialGetter := new(mocks.MockCredentialGetter) - mockCredentialGetter.On("GetSecret", mock.Anything).Return(publicKey, nil).Once() + mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(serverKey, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(user, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(password, nil).Once() @@ -125,9 +135,11 @@ func Test_NewSFTPHandler_UnableToDialIntoTCP_ReturnsError(t *testing.T) { buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) + secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret + mockCredentialGetter := new(mocks.MockCredentialGetter) - mockCredentialGetter.On("GetSecret", mock.Anything).Return(publicKey, nil).Once() + mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(serverKey, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(user, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(password, nil).Once() From e076da84127d75390aeb723930fe796cc6d89cc7 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Fri, 30 Aug 2024 10:53:50 -0600 Subject: [PATCH 08/54] insanity check Co-authored-by: James Herr --- src/sftp/handler_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/sftp/handler_test.go b/src/sftp/handler_test.go index c8a367f6..d17f0782 100644 --- a/src/sftp/handler_test.go +++ b/src/sftp/handler_test.go @@ -39,7 +39,7 @@ func Test_NewSFTPHandler_UnableToGetSFTPServerPublicKeyNameSecret_ReturnsError(t buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret + secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() @@ -56,7 +56,7 @@ func Test_NewSFTPHandler_UnableToGetSSHClientHostKeyCallback_ReturnsError(t *tes buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret + secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret mockCredentialGetter := new(mocks.MockCredentialGetter) @@ -74,7 +74,7 @@ func Test_NewSFTPHandler_UnableToGetSFTPUserNameSecret_ReturnsError(t *testing.T buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret + secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret mockCredentialGetter := new(mocks.MockCredentialGetter) @@ -94,7 +94,7 @@ func Test_NewSFTPHandler_UnableToGetSFTPPasswordName_ReturnsError(t *testing.T) buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret + secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret mockCredentialGetter := new(mocks.MockCredentialGetter) @@ -114,7 +114,7 @@ func Test_NewSFTPHandler_UnableToGetSFTPServerAddressName_ReturnsError(t *testin buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret + secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret mockCredentialGetter := new(mocks.MockCredentialGetter) From c5392e0cc73fc426e2dfb38df2ccbd6077c58aa5 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Tue, 3 Sep 2024 13:08:43 -0600 Subject: [PATCH 09/54] renamed sftp anf flexion specific resources in terraform and code to ca-phl Co-authored-by: saquino0827 Co-authored-by: James Herr Co-authored-by: Sylvie --- operations/template/app.tf | 2 +- operations/template/key.tf | 41 +++++++++++++++++++---------- src/senders/report_stream_sender.go | 5 +++- src/sftp/handler.go | 12 ++++----- src/zip/zip.go | 2 +- 5 files changed, 39 insertions(+), 23 deletions(-) diff --git a/operations/template/app.tf b/operations/template/app.tf index a6ef1688..c2389f1c 100644 --- a/operations/template/app.tf +++ b/operations/template/app.tf @@ -35,7 +35,7 @@ resource "azurerm_user_assigned_identity" "key_vault_identity" { resource_group_name = data.azurerm_resource_group.group.name location = data.azurerm_resource_group.group.location - name = "sftp-key-vault-identity-${var.environment}" + name = "ca-phl-sftp-key-vault-identity-${var.environment}" lifecycle { ignore_changes = [ diff --git a/operations/template/key.tf b/operations/template/key.tf index 2053f406..448250fb 100644 --- a/operations/template/key.tf +++ b/operations/template/key.tf @@ -76,8 +76,9 @@ resource "azurerm_key_vault_secret" "mock_public_health_lab_private_key" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "ca_dph_zip_password" { - name = "ca-dph-zip-password-${var.environment}" +# TODO: rename in code after resource name is decided +resource "azurerm_key_vault_secret" "ca_phl_private_key" { + name = "ca-phl-private-key-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id @@ -88,8 +89,8 @@ resource "azurerm_key_vault_secret" "ca_dph_zip_password" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "sftp_starting_directory" { - name = "sftp-starting-directory-${var.environment}" +resource "azurerm_key_vault_secret" "ca_phl_zip_password" { + name = "ca-phl-zip-password-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id @@ -100,8 +101,8 @@ resource "azurerm_key_vault_secret" "sftp_starting_directory" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "sftp_user" { - name = "sftp-user-${var.environment}" +resource "azurerm_key_vault_secret" "ca_phl_sftp_starting_directory" { + name = "ca-phl-sftp-starting-directory-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id @@ -112,8 +113,8 @@ resource "azurerm_key_vault_secret" "sftp_user" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "sftp_password" { - name = "sftp-password-${var.environment}" +resource "azurerm_key_vault_secret" "ca_phl_sftp_user" { + name = "ca-phl-sftp-user-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id @@ -124,8 +125,20 @@ resource "azurerm_key_vault_secret" "sftp_password" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "sftp_key" { - name = "sftp-key-${var.environment}" +resource "azurerm_key_vault_secret" "ca_phl_sftp_password" { + name = "ca-phl-sftp-password-${var.environment}" + value = "dogcow" + + key_vault_id = azurerm_key_vault.key_storage.id + + lifecycle { + ignore_changes = [value] + } + depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret +} +# TODO - Do we rename this too +resource "azurerm_key_vault_secret" "ca_phl_sftp_key" { + name = "ca-phl-sftp-key-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id @@ -136,8 +149,8 @@ resource "azurerm_key_vault_secret" "sftp_key" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "sftp_server_address" { - name = "sftp-server-address-${var.environment}" +resource "azurerm_key_vault_secret" "ca_phl_sftp_server_address" { + name = "ca-phl-sftp-server-address-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id @@ -148,8 +161,8 @@ resource "azurerm_key_vault_secret" "sftp_server_address" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "sftp_server_public_key" { - name = "sftp-server-public-key-${var.environment}" +resource "azurerm_key_vault_secret" "ca_phl_sftp_server_public_key" { + name = "ca-phl-sftp-server-public-key-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id diff --git a/src/senders/report_stream_sender.go b/src/senders/report_stream_sender.go index f740df7b..bcb9e2fc 100644 --- a/src/senders/report_stream_sender.go +++ b/src/senders/report_stream_sender.go @@ -31,9 +31,12 @@ func NewSender() (Sender, error) { return Sender{}, err } + privateKeySecret := "ca-phl-private-key-" + utils.EnvironmentName() // pragma: allowlist secret + privateKey, err := credentialGetter.GetSecret(privateKeySecret) + return Sender{ baseUrl: os.Getenv("REPORT_STREAM_URL_PREFIX"), - privateKeyName: os.Getenv("CA_PHL_PRIVATE_KEY_NAME"), + privateKeyName: privateKey, clientName: os.Getenv("CA_PHL_CLIENT_NAME"), credentialGetter: credentialGetter, }, nil diff --git a/src/sftp/handler.go b/src/sftp/handler.go index 02e9d66f..0e91ecf6 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -32,7 +32,7 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } - serverKeySecret := "sftp-server-public-key-" + utils.EnvironmentName() // pragma: allowlist secret + serverKeySecret := "ca-phl-sftp-server-public-key-" + utils.EnvironmentName() // pragma: allowlist secret serverKey, err := credentialGetter.GetSecret(serverKeySecret) if err != nil { slog.Error("Unable to get server key secret", slog.String("KeyName", serverKeySecret), slog.Any(utils.ErrorKey, err)) @@ -45,14 +45,14 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } - sftpUserNameSecret := "sftp-user-" + utils.EnvironmentName() // pragma: allowlist secret + sftpUserNameSecret := "ca-phl-sftp-user-" + utils.EnvironmentName() // pragma: allowlist secret sftpUser, err := credentialGetter.GetSecret(sftpUserNameSecret) if err != nil { slog.Error("Unable to get SFTP username secret", slog.String("KeyName", sftpUserNameSecret), slog.Any(utils.ErrorKey, err)) return nil, err } - sftpPasswordSecret := "sftp-password-" + utils.EnvironmentName() // pragma: allowlist secret + sftpPasswordSecret := "ca-phl-sftp-password-" + utils.EnvironmentName() // pragma: allowlist secret sftpPassword, err := credentialGetter.GetSecret(sftpPasswordSecret) if err != nil { slog.Error("Unable to get SFTP password secret", slog.String("KeyName", sftpPasswordSecret), slog.Any(utils.ErrorKey, err)) @@ -68,7 +68,7 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er HostKeyCallback: hostKeyCallback, } - sftpServerAddressSecret := "sftp-server-address-" + utils.EnvironmentName() // pragma: allowlist secret + sftpServerAddressSecret := "ca-phl-sftp-server-address-" + utils.EnvironmentName() // pragma: allowlist secret sftpServerAddress, err := credentialGetter.GetSecret(sftpServerAddressSecret) if err != nil { slog.Error("Unable to get SFTP server address secret", slog.String("KeyName", sftpServerAddressSecret), slog.Any(utils.ErrorKey, err)) @@ -122,7 +122,7 @@ func getSshClientHostKeyCallback(serverKey string) (ssh.HostKeyCallback, error) func getPublicKeysForSshClient(credentialGetter secrets.CredentialGetter) (ssh.Signer, error) { - userAuthenticationKeySecret := "sftp-key-" + utils.EnvironmentName() // pragma: allowlist secret + userAuthenticationKeySecret := "ca-phl-sftp-key-" + utils.EnvironmentName() // pragma: allowlist secret key, err := credentialGetter.GetSecret(userAuthenticationKeySecret) if err != nil { @@ -156,7 +156,7 @@ func (receiver *SftpHandler) Close() { } func (receiver *SftpHandler) CopyFiles() { - sftpStartingDirectorySecret := "sftp-starting-directory-" + utils.EnvironmentName() // pragma: allowlist secret + sftpStartingDirectorySecret := "ca-phl-sftp-starting-directory-" + utils.EnvironmentName() // pragma: allowlist secret sftpStartingDirectory, err := receiver.credentialGetter.GetSecret(sftpStartingDirectorySecret) if err != nil { slog.Error("Unable to get SFTP starting directory secret", slog.String("KeyName", sftpStartingDirectorySecret), slog.Any(utils.ErrorKey, err)) diff --git a/src/zip/zip.go b/src/zip/zip.go index 33636b56..6bcfb961 100644 --- a/src/zip/zip.go +++ b/src/zip/zip.go @@ -55,7 +55,7 @@ func NewZipHandler() (ZipHandler, error) { func (zipHandler ZipHandler) Unzip(zipFilePath string) error { slog.Info("Preparing to unzip", slog.String("zipFilePath", zipFilePath)) - zipPasswordSecret := "ca-dph-zip-password-" + utils.EnvironmentName() // pragma: allowlist secret + zipPasswordSecret := "ca-phl-zip-password-" + utils.EnvironmentName() // pragma: allowlist secret zipPassword, err := zipHandler.credentialGetter.GetSecret(zipPasswordSecret) if err != nil { slog.Error("Unable to get zip password", slog.Any(utils.ErrorKey, err), slog.String("KeyName", zipPasswordSecret)) From 964d561b09cf0974d3a7476a1c0b285793bbfe98 Mon Sep 17 00:00:00 2001 From: James Herr Date: Tue, 3 Sep 2024 14:15:08 -0500 Subject: [PATCH 10/54] Renamed most mock files --- docker-compose.yml | 2 +- .../{sftp-server-private-key-local => ca-phl-private-key-local} | 0 mock_credentials/{sftp-key-local => ca-phl-sftp-key-local} | 0 .../{sftp-password-local => ca-phl-sftp-password-local} | 0 ...tp-server-address-local => ca-phl-sftp-server-address-local} | 0 ...ver-public-key-local => ca-phl-sftp-server-public-key-local} | 0 ...ing-directory-local => ca-phl-sftp-starting-directory-local} | 0 mock_credentials/{sftp-user-local => ca-phl-sftp-user-local} | 0 8 files changed, 1 insertion(+), 1 deletion(-) rename mock_credentials/{sftp-server-private-key-local => ca-phl-private-key-local} (100%) rename mock_credentials/{sftp-key-local => ca-phl-sftp-key-local} (100%) rename mock_credentials/{sftp-password-local => ca-phl-sftp-password-local} (100%) rename mock_credentials/{sftp-server-address-local => ca-phl-sftp-server-address-local} (100%) rename mock_credentials/{sftp-server-public-key-local => ca-phl-sftp-server-public-key-local} (100%) rename mock_credentials/{sftp-starting-directory-local => ca-phl-sftp-starting-directory-local} (100%) rename mock_credentials/{sftp-user-local => ca-phl-sftp-user-local} (100%) diff --git a/docker-compose.yml b/docker-compose.yml index 93bc9d88..41a00b42 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -97,7 +97,7 @@ services: SFTP_USERS: ti_user:ti_password:::files volumes: - ./mock_credentials/sftp-public-key-local:/home/ti_user/.ssh/keys/id_rsa.pub:ro # uncomment me when CA uses our public key for authentication - - ./mock_credentials/sftp-server-private-key-local:/etc/ssh/ssh_host_rsa_key + - ./mock_credentials/ca-phl-private-key-local:/etc/ssh/ssh_host_rsa_key - ./localdata/sftp_server_require_password_and_publickey.sh:/etc/sftp.d/sftp_server_require_password_and_publickey.sh # uncomment me when CA uses our public key for authentication - ./localdata/data/sftp:/home/ti_user/files ports: diff --git a/mock_credentials/sftp-server-private-key-local b/mock_credentials/ca-phl-private-key-local similarity index 100% rename from mock_credentials/sftp-server-private-key-local rename to mock_credentials/ca-phl-private-key-local diff --git a/mock_credentials/sftp-key-local b/mock_credentials/ca-phl-sftp-key-local similarity index 100% rename from mock_credentials/sftp-key-local rename to mock_credentials/ca-phl-sftp-key-local diff --git a/mock_credentials/sftp-password-local b/mock_credentials/ca-phl-sftp-password-local similarity index 100% rename from mock_credentials/sftp-password-local rename to mock_credentials/ca-phl-sftp-password-local diff --git a/mock_credentials/sftp-server-address-local b/mock_credentials/ca-phl-sftp-server-address-local similarity index 100% rename from mock_credentials/sftp-server-address-local rename to mock_credentials/ca-phl-sftp-server-address-local diff --git a/mock_credentials/sftp-server-public-key-local b/mock_credentials/ca-phl-sftp-server-public-key-local similarity index 100% rename from mock_credentials/sftp-server-public-key-local rename to mock_credentials/ca-phl-sftp-server-public-key-local diff --git a/mock_credentials/sftp-starting-directory-local b/mock_credentials/ca-phl-sftp-starting-directory-local similarity index 100% rename from mock_credentials/sftp-starting-directory-local rename to mock_credentials/ca-phl-sftp-starting-directory-local diff --git a/mock_credentials/sftp-user-local b/mock_credentials/ca-phl-sftp-user-local similarity index 100% rename from mock_credentials/sftp-user-local rename to mock_credentials/ca-phl-sftp-user-local From 6ed7dec4d7351a4485adfd9ddd6b5a7763553803 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Tue, 3 Sep 2024 13:33:25 -0600 Subject: [PATCH 11/54] refactored private key env to match simple secrets --- docker-compose.yml | 1 - ...iary-private-key-local.pem => ca-phl-private-key-local.pem} | 0 .../{ca-dph-zip-password-local => ca-phl-zip-password-local} | 0 operations/template/app.tf | 1 - operations/template/key.tf | 3 +-- 5 files changed, 1 insertion(+), 4 deletions(-) rename mock_credentials/{trusted-intermediary-private-key-local.pem => ca-phl-private-key-local.pem} (100%) rename mock_credentials/{ca-dph-zip-password-local => ca-phl-zip-password-local} (100%) diff --git a/docker-compose.yml b/docker-compose.yml index 41a00b42..36c2704c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,6 @@ services: ENV: local # Uncomment the line below to call local report stream. Otherwise we'll use a mock response # REPORT_STREAM_URL_PREFIX: http://host.docker.internal:7071 - CA_PHL_PRIVATE_KEY_NAME: trusted-intermediary-private-key-local.pem #pragma: allowlist secret CA_PHL_CLIENT_NAME: flexion.simulated-hospital QUEUE_MAX_DELIVERY_ATTEMPTS: 5 POLLING_TRIGGER_QUEUE_NAME: polling-trigger-queue diff --git a/mock_credentials/trusted-intermediary-private-key-local.pem b/mock_credentials/ca-phl-private-key-local.pem similarity index 100% rename from mock_credentials/trusted-intermediary-private-key-local.pem rename to mock_credentials/ca-phl-private-key-local.pem diff --git a/mock_credentials/ca-dph-zip-password-local b/mock_credentials/ca-phl-zip-password-local similarity index 100% rename from mock_credentials/ca-dph-zip-password-local rename to mock_credentials/ca-phl-zip-password-local diff --git a/operations/template/app.tf b/operations/template/app.tf index c2389f1c..f3149d7c 100644 --- a/operations/template/app.tf +++ b/operations/template/app.tf @@ -121,7 +121,6 @@ resource "azurerm_linux_web_app" "sftp" { ENV = var.environment AZURE_STORAGE_CONNECTION_STRING = azurerm_storage_account.storage.primary_blob_connection_string REPORT_STREAM_URL_PREFIX = "https://${local.rs_domain_prefix}prime.cdc.gov" - CA_PHL_PRIVATE_KEY_NAME = azurerm_key_vault_secret.mock_public_health_lab_private_key.name AZURE_KEY_VAULT_URI = azurerm_key_vault.key_storage.vault_uri CA_PHL_CLIENT_NAME = "flexion.simulated-lab" QUEUE_MAX_DELIVERY_ATTEMPTS = azurerm_eventgrid_system_topic_event_subscription.topic_sub.retry_policy.0.max_delivery_attempts # making the Azure container <-> queue retry count be in sync with the queue <-> application retry count.. diff --git a/operations/template/key.tf b/operations/template/key.tf index 448250fb..342362e2 100644 --- a/operations/template/key.tf +++ b/operations/template/key.tf @@ -76,7 +76,6 @@ resource "azurerm_key_vault_secret" "mock_public_health_lab_private_key" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -# TODO: rename in code after resource name is decided resource "azurerm_key_vault_secret" "ca_phl_private_key" { name = "ca-phl-private-key-${var.environment}" value = "dogcow" @@ -136,7 +135,7 @@ resource "azurerm_key_vault_secret" "ca_phl_sftp_password" { } depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -# TODO - Do we rename this too + resource "azurerm_key_vault_secret" "ca_phl_sftp_key" { name = "ca-phl-sftp-key-${var.environment}" value = "dogcow" From fa893b15b868e7d2452448779196c9b183a31f67 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Tue, 3 Sep 2024 14:12:06 -0600 Subject: [PATCH 12/54] trying to track down test breaking changes --- docker-compose.yml | 2 +- mock_credentials/ca-phl-private-key-local | 77 +++++++------------ mock_credentials/ca-phl-private-key-local.pem | 28 ------- .../ca-phl-sftp-server-private-key-local | 49 ++++++++++++ src/senders/report_stream_sender_test.go | 4 - 5 files changed, 78 insertions(+), 82 deletions(-) delete mode 100644 mock_credentials/ca-phl-private-key-local.pem create mode 100644 mock_credentials/ca-phl-sftp-server-private-key-local diff --git a/docker-compose.yml b/docker-compose.yml index 36c2704c..4e8d39dd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -96,7 +96,7 @@ services: SFTP_USERS: ti_user:ti_password:::files volumes: - ./mock_credentials/sftp-public-key-local:/home/ti_user/.ssh/keys/id_rsa.pub:ro # uncomment me when CA uses our public key for authentication - - ./mock_credentials/ca-phl-private-key-local:/etc/ssh/ssh_host_rsa_key + - ./mock_credentials/ca-phl-sftp-server-private-key-local:/etc/ssh/ssh_host_rsa_key - ./localdata/sftp_server_require_password_and_publickey.sh:/etc/sftp.d/sftp_server_require_password_and_publickey.sh # uncomment me when CA uses our public key for authentication - ./localdata/data/sftp:/home/ti_user/files ports: diff --git a/mock_credentials/ca-phl-private-key-local b/mock_credentials/ca-phl-private-key-local index fff48ff3..a1ecedf8 100644 --- a/mock_credentials/ca-phl-private-key-local +++ b/mock_credentials/ca-phl-private-key-local @@ -1,49 +1,28 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn -NhAAAAAwEAAQAAAgEA4PdB12iZyNSrXyafDFh8QMAtND70AmSpuBUUXTxoRDHqVyHi3Yzr -WVei3XjzE91lJjZHer2ieBBJhVLR/ZSi4nQCy/W5TiRdYmSlyvNSQSbHbPGsc+XKgGrumn -JYHPQdc9rQGvibWkqje7l73z7K5rFbLOI3DsV/rYQIc+1OnITemoWm4CD6hwRI8Lz5VTTW -0qr9ENHkuFmhBKP9/bYl5+Q2KT0Qug47md5ubN1SIB85079lH6d5HC3HxA2RcI5uV0VizT -bzOYd2ltb5q+JYAcLhMz1ewmCHSMg8XvVe2GHBnzvrrv1aw6WNcEpnA95cxyy024uVljrq -8IjLFiFUWX2v65s7qE2JJ3eYiaIk8iFpkey9BS38z5Q2CWZgFknS2a2WlHQ/EgyKCjEhFf -+f2c3CNMLqJJ4rPs6chak9I3zsuxOBrRvKREH+yRl2ohMTXfUysW0Zmsad2L+FoDwU4WN/ -VWuxDFAv7NIV9gIfKSFmRuC83uMe2eHRJQjhw4J7JdwJHN/fY5yA31GOG1Z/q3wSZ7cfZg -UWjZ1dRqkaHW0pByuXU3GRJkbJYbobEFTtgsa5ZD4RRHtF16QN5ZTvWCJH+LAmQ1G0RSjy -Yh8g4X639vx85C53Tg3RWgJyAmHedcziNUoD92hcetG2dpz0qC7PQ7EdSyyKc+LqIsuYQh -8AAAdYnxhAzJ8YQMwAAAAHc3NoLXJzYQAAAgEA4PdB12iZyNSrXyafDFh8QMAtND70AmSp -uBUUXTxoRDHqVyHi3YzrWVei3XjzE91lJjZHer2ieBBJhVLR/ZSi4nQCy/W5TiRdYmSlyv -NSQSbHbPGsc+XKgGrumnJYHPQdc9rQGvibWkqje7l73z7K5rFbLOI3DsV/rYQIc+1OnITe -moWm4CD6hwRI8Lz5VTTW0qr9ENHkuFmhBKP9/bYl5+Q2KT0Qug47md5ubN1SIB85079lH6 -d5HC3HxA2RcI5uV0VizTbzOYd2ltb5q+JYAcLhMz1ewmCHSMg8XvVe2GHBnzvrrv1aw6WN -cEpnA95cxyy024uVljrq8IjLFiFUWX2v65s7qE2JJ3eYiaIk8iFpkey9BS38z5Q2CWZgFk -nS2a2WlHQ/EgyKCjEhFf+f2c3CNMLqJJ4rPs6chak9I3zsuxOBrRvKREH+yRl2ohMTXfUy -sW0Zmsad2L+FoDwU4WN/VWuxDFAv7NIV9gIfKSFmRuC83uMe2eHRJQjhw4J7JdwJHN/fY5 -yA31GOG1Z/q3wSZ7cfZgUWjZ1dRqkaHW0pByuXU3GRJkbJYbobEFTtgsa5ZD4RRHtF16QN -5ZTvWCJH+LAmQ1G0RSjyYh8g4X639vx85C53Tg3RWgJyAmHedcziNUoD92hcetG2dpz0qC -7PQ7EdSyyKc+LqIsuYQh8AAAADAQABAAACAQCi4gOXDpJCOdE23ITN8IdObpaMPIR58x57 -PS/4bdNkhOuSWOOk2/JPRseSKY9+M4+YAjbw5LrsyYYh9Rw7yVHCOpMH0AtyS5wdsJfmAR -TuPUCpXbYqWBetsT6/LskjdZCZoLWKwbPhxSbnXx4UPqe0LnfAYK3SkSbnoDBql0iSxRVT -ti9kGhyqg2y4eWrhyZc9Azal5gL/g021SXOOLkL1ymN4qlEhFUsMFmPHiNt8jH9XFD4IlD -55K6B3EAfdAhNcNs3Znc6vOaiggFhXnlNwOwTJD8c7X560EN69NlWMwALr4vu7QI9mFsj4 -o7ZAs9BjGbh9OWx+UHxo2fKJPGqP4Y/owTU2Wsskjx/pPinICOcbrUC5tiE/tpYtji6zGj -aZ3oXhz/EZvH4iOqgWIYm7N7x6Y1JwxmlV9ZkVrA7SoJK6dYjFggQKVqF/4Je+Po4qu5kT -CdzHSDOZA9Hzr7f8yVAoRhKnuGpcGwPHy7YEzKjV0cJ10cZreJ1vvjwTlSlc3djQ6560CD -Q1JNEsPXvIKABstpC5/0A6IDZEos413aE9huNCp2CiognBz6pyGq9/gzeKMkKour4xAWU/ -HYiJ2IfM3tF9WdupGXW9AhYdTJZ/82EfIU58x+OrTWCUJYZsmy8ADkGqTFveAAYPQMifli -Vv8OJyvDr4ravG/2eRSQAAAQBVcBd21CZwoBilu4dNVlxAvHZAhlALF54ywa48V+fOQFw4 -orhRcTGZk9zenQyucoFWRD3/v3GO8bHXMdjcTrxIEIuN9Sc3aNEvOuAsBaujqqeqBPAp5t -X8GNeUWcnX9n9bHvpXwfCQVWCFuh3IMGQqju27q5StQvGGuNZAI5hpNnh4rB+ByI20uJWl -3/wWvgDZNAf2Xd/ERBalLyGmYg7nm3IZ+E/p63NLMWWrNT6EpfL7hyLUtZCpd2gpOBTYTz -OZyJsI2zcsFhJRYaIb5Ew173swQVoM6GJA0c+6Uu6k5g0ASWCLtIOT0lioEEgQV/U0UEEd -j2XWiSh/AhB2ltsHAAABAQDwalayijImFA0Hp1KfnRNSUlACcugaTiQcacuOW6dxj2sG42 -ndwJ1ZfHU9PP5hUuANQgyPHdSnp8bzXKT0bmnJOMSqmb4Ur3exuvkjZV5bwOG6uxgWW+1C -NExb/GyfnoZERD4s+Fvpj0o2iSMxWmSVasgpYRPO37mExKD0ADgZO8Zx2gJ/95y8QNtk4B -k2RLVuZjoVn+IPWbUZjCkmAc4iSqkE8ZauA9W8tJUdHrs/CWyMXtO5MdAe9KzG4EX8eSvN -Vg2ii1fLHsSz39dyCKoUxYdT6qfS7JiLnbDOJEyp68C17xqdO3/iv8QwBhQLTmL7H7V5s8 -D9kKqHaqUc/GiLAAABAQDvjIkX21h4eNh0WlRwfgdauBX7P9SxQsUVoVmqAc3XUiTg9POf -yOHVHNXKmd5TN/q7OHNujQ4UW7nwzW5sIjiBPGGeW9ntzIrImcu1nAwhIKOR/e/6ZSDUtn -QZHI8YvSLZoTXYLESidUGaULPDr8igj6EfYlsdVJ5yAlVlCT4Em9lTSgaI41w2Do6gHfR+ -luUBmcnApu8ZoTG0DUEtpM3AxtFNTzVz7jLbjhYBS1Pon5L7/2Q7c9seJSJtqVFwVc5owe -qV+T74CqZffN1XAryaUItYsoGS2TNyx8UaEA7SjEVkk1iq/lEyCATPy3CNwUPde9PSTqBA -Pc7FQ+pSLCs9AAAAIXNzY2h1cmVza29AZmxleGlvbi1tYWMtSjQwRFBGNFlRUgE= ------END OPENSSH PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDc/fdwhqQ8G84l +0Pw7l85PvPdufp9kUsQUAwR8UON/3Vgv9ZFJm4805UffLzcfEnf3Ph3KMQnCWX2x +XQ6bHf+h1hMu4HfnrDndRQYV0Fiomjxq/3h9wUkZG0LaGdPxaJ0lXx8NNOI+TINX +XpJz2rVq21EBP0z7Zy3uy7hCmSybfmLYdRjkJe0+tfXt7Nj1QVAO7k0H0+BXDFQU +7AJZfuiA2qzXX7XN3JA9kKeHb0XXveQCaIq139NerO2piDSImDVlX3cdYKues2Y1 +HuqmjQkR7kVCHqOUWt4auIB49CPKbp3V3URob0J2sKLKGcH+u+8XNIWJRlw7k5IS +gEg5dUwNAgMBAAECggEAMJlna6coghGJVdauSbq6Q93mOjX9fpYXCeGaAG7XgRyf +0rg58cqUhUjw89uRzzMED+roqTj8kPGWS0WQOzuvJpuKD3KM2/WLqiYOTwjJHpcA +t3UkPd+eYDeXDZjFe98KRBg1n3VkVdgEwFeLdJAB+pRtrY0KtHT97Hh/tqGx5iXO +BZjVAyuEb0YHF3GXV7JcTKyqwDnq5GwoPU7ykXMmHFAb5lHidUdbTRnCNrjE1uNS +kbeA8V0f51zLDgcKNQnhTX8tOkxyBT4dPhMv3Mq7dIN3lyYIXNkKUi4F6ccbOiz9 +BsTxge2pVOkRuSa95nYt/693k0J6Zp04BHF8PvatPwKBgQD4vMlZe48UCScl0yrI +bjkCVQ/SIX+fFrFYQhybxi43YazEyWclT9ZTizOfTwtInOjT2RU5OKG13VItdV/j +nOtARlwaVLDu/J4VhEukAfNNevkWhvHs80rNvgwN874HziLeqcW4YCj9OxsabBLW +BH9DDveHq1fY8w2pikRw0swwowKBgQDjcctWCs2wGhkRkXXuFMW/hR2ON9r4rV76 +Mua1BA7T9p11jQCWi91R8Pc9RJWyMJ/7KCANpfPogvMZmtlQV4k2rOGnhP21O1Wi +CfnP/+pFlMGwB7puIBVGL9pjVkqv2iceADp2f2vgq30drsHw1PYVyGRdvn3KQEwH +ACgBocZrjwKBgFWCgS3T/lIC+4RTXgfdbJfSqkew4HDOmlUfFTqwHL9JQt2750u6 +cJHz7uE7iUODPb9mh5dOUrl0xoV+LmLPVUiZZ5xdtR3Tln0LJ/3P9daTCgKmjZDJ +6tNkHDzHqHKCeRZXAvPpiu3TXfPtZ2RP03g4Mvxe+SpKFE5OjEzFCxFFAoGBAI10 +4LoKzhKQqLa8eVQxpyuOZutk4dN4QHHr5oD+nRpHb3cE0zDOnD+yVpLMbS3+AAH8 +2rKiXChoCToLjMzjJHvU2iOOGxz0YjX9bllnGRVdh3kr1U9YtOKKMJFHwfvM+jc2 +fSXl6fo5rf8gCY73ZHX3xDRpnWKEysQv3LHnI7kRAoGBAMr3WimW55bbWCynMuaZ +sLk6SPEj3GT0tZbsWF8UIWMrHAG+IuQbrg0LTKgOQ+2lZCS3b9msqJEJGCSG8Dxc +k98aCInEvbHcbT/0z581b2AusWQjstoVEFft4HTJbpctRm/fTv5dkfpAtd+yfP5G ++80B3tX9pPTt5XB8K/aIKJGd +-----END PRIVATE KEY----- diff --git a/mock_credentials/ca-phl-private-key-local.pem b/mock_credentials/ca-phl-private-key-local.pem deleted file mode 100644 index a1ecedf8..00000000 --- a/mock_credentials/ca-phl-private-key-local.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDc/fdwhqQ8G84l -0Pw7l85PvPdufp9kUsQUAwR8UON/3Vgv9ZFJm4805UffLzcfEnf3Ph3KMQnCWX2x -XQ6bHf+h1hMu4HfnrDndRQYV0Fiomjxq/3h9wUkZG0LaGdPxaJ0lXx8NNOI+TINX -XpJz2rVq21EBP0z7Zy3uy7hCmSybfmLYdRjkJe0+tfXt7Nj1QVAO7k0H0+BXDFQU -7AJZfuiA2qzXX7XN3JA9kKeHb0XXveQCaIq139NerO2piDSImDVlX3cdYKues2Y1 -HuqmjQkR7kVCHqOUWt4auIB49CPKbp3V3URob0J2sKLKGcH+u+8XNIWJRlw7k5IS -gEg5dUwNAgMBAAECggEAMJlna6coghGJVdauSbq6Q93mOjX9fpYXCeGaAG7XgRyf -0rg58cqUhUjw89uRzzMED+roqTj8kPGWS0WQOzuvJpuKD3KM2/WLqiYOTwjJHpcA -t3UkPd+eYDeXDZjFe98KRBg1n3VkVdgEwFeLdJAB+pRtrY0KtHT97Hh/tqGx5iXO -BZjVAyuEb0YHF3GXV7JcTKyqwDnq5GwoPU7ykXMmHFAb5lHidUdbTRnCNrjE1uNS -kbeA8V0f51zLDgcKNQnhTX8tOkxyBT4dPhMv3Mq7dIN3lyYIXNkKUi4F6ccbOiz9 -BsTxge2pVOkRuSa95nYt/693k0J6Zp04BHF8PvatPwKBgQD4vMlZe48UCScl0yrI -bjkCVQ/SIX+fFrFYQhybxi43YazEyWclT9ZTizOfTwtInOjT2RU5OKG13VItdV/j -nOtARlwaVLDu/J4VhEukAfNNevkWhvHs80rNvgwN874HziLeqcW4YCj9OxsabBLW -BH9DDveHq1fY8w2pikRw0swwowKBgQDjcctWCs2wGhkRkXXuFMW/hR2ON9r4rV76 -Mua1BA7T9p11jQCWi91R8Pc9RJWyMJ/7KCANpfPogvMZmtlQV4k2rOGnhP21O1Wi -CfnP/+pFlMGwB7puIBVGL9pjVkqv2iceADp2f2vgq30drsHw1PYVyGRdvn3KQEwH -ACgBocZrjwKBgFWCgS3T/lIC+4RTXgfdbJfSqkew4HDOmlUfFTqwHL9JQt2750u6 -cJHz7uE7iUODPb9mh5dOUrl0xoV+LmLPVUiZZ5xdtR3Tln0LJ/3P9daTCgKmjZDJ -6tNkHDzHqHKCeRZXAvPpiu3TXfPtZ2RP03g4Mvxe+SpKFE5OjEzFCxFFAoGBAI10 -4LoKzhKQqLa8eVQxpyuOZutk4dN4QHHr5oD+nRpHb3cE0zDOnD+yVpLMbS3+AAH8 -2rKiXChoCToLjMzjJHvU2iOOGxz0YjX9bllnGRVdh3kr1U9YtOKKMJFHwfvM+jc2 -fSXl6fo5rf8gCY73ZHX3xDRpnWKEysQv3LHnI7kRAoGBAMr3WimW55bbWCynMuaZ -sLk6SPEj3GT0tZbsWF8UIWMrHAG+IuQbrg0LTKgOQ+2lZCS3b9msqJEJGCSG8Dxc -k98aCInEvbHcbT/0z581b2AusWQjstoVEFft4HTJbpctRm/fTv5dkfpAtd+yfP5G -+80B3tX9pPTt5XB8K/aIKJGd ------END PRIVATE KEY----- diff --git a/mock_credentials/ca-phl-sftp-server-private-key-local b/mock_credentials/ca-phl-sftp-server-private-key-local new file mode 100644 index 00000000..fff48ff3 --- /dev/null +++ b/mock_credentials/ca-phl-sftp-server-private-key-local @@ -0,0 +1,49 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAgEA4PdB12iZyNSrXyafDFh8QMAtND70AmSpuBUUXTxoRDHqVyHi3Yzr +WVei3XjzE91lJjZHer2ieBBJhVLR/ZSi4nQCy/W5TiRdYmSlyvNSQSbHbPGsc+XKgGrumn +JYHPQdc9rQGvibWkqje7l73z7K5rFbLOI3DsV/rYQIc+1OnITemoWm4CD6hwRI8Lz5VTTW +0qr9ENHkuFmhBKP9/bYl5+Q2KT0Qug47md5ubN1SIB85079lH6d5HC3HxA2RcI5uV0VizT +bzOYd2ltb5q+JYAcLhMz1ewmCHSMg8XvVe2GHBnzvrrv1aw6WNcEpnA95cxyy024uVljrq +8IjLFiFUWX2v65s7qE2JJ3eYiaIk8iFpkey9BS38z5Q2CWZgFknS2a2WlHQ/EgyKCjEhFf ++f2c3CNMLqJJ4rPs6chak9I3zsuxOBrRvKREH+yRl2ohMTXfUysW0Zmsad2L+FoDwU4WN/ +VWuxDFAv7NIV9gIfKSFmRuC83uMe2eHRJQjhw4J7JdwJHN/fY5yA31GOG1Z/q3wSZ7cfZg +UWjZ1dRqkaHW0pByuXU3GRJkbJYbobEFTtgsa5ZD4RRHtF16QN5ZTvWCJH+LAmQ1G0RSjy +Yh8g4X639vx85C53Tg3RWgJyAmHedcziNUoD92hcetG2dpz0qC7PQ7EdSyyKc+LqIsuYQh +8AAAdYnxhAzJ8YQMwAAAAHc3NoLXJzYQAAAgEA4PdB12iZyNSrXyafDFh8QMAtND70AmSp +uBUUXTxoRDHqVyHi3YzrWVei3XjzE91lJjZHer2ieBBJhVLR/ZSi4nQCy/W5TiRdYmSlyv +NSQSbHbPGsc+XKgGrumnJYHPQdc9rQGvibWkqje7l73z7K5rFbLOI3DsV/rYQIc+1OnITe +moWm4CD6hwRI8Lz5VTTW0qr9ENHkuFmhBKP9/bYl5+Q2KT0Qug47md5ubN1SIB85079lH6 +d5HC3HxA2RcI5uV0VizTbzOYd2ltb5q+JYAcLhMz1ewmCHSMg8XvVe2GHBnzvrrv1aw6WN +cEpnA95cxyy024uVljrq8IjLFiFUWX2v65s7qE2JJ3eYiaIk8iFpkey9BS38z5Q2CWZgFk +nS2a2WlHQ/EgyKCjEhFf+f2c3CNMLqJJ4rPs6chak9I3zsuxOBrRvKREH+yRl2ohMTXfUy +sW0Zmsad2L+FoDwU4WN/VWuxDFAv7NIV9gIfKSFmRuC83uMe2eHRJQjhw4J7JdwJHN/fY5 +yA31GOG1Z/q3wSZ7cfZgUWjZ1dRqkaHW0pByuXU3GRJkbJYbobEFTtgsa5ZD4RRHtF16QN +5ZTvWCJH+LAmQ1G0RSjyYh8g4X639vx85C53Tg3RWgJyAmHedcziNUoD92hcetG2dpz0qC +7PQ7EdSyyKc+LqIsuYQh8AAAADAQABAAACAQCi4gOXDpJCOdE23ITN8IdObpaMPIR58x57 +PS/4bdNkhOuSWOOk2/JPRseSKY9+M4+YAjbw5LrsyYYh9Rw7yVHCOpMH0AtyS5wdsJfmAR +TuPUCpXbYqWBetsT6/LskjdZCZoLWKwbPhxSbnXx4UPqe0LnfAYK3SkSbnoDBql0iSxRVT +ti9kGhyqg2y4eWrhyZc9Azal5gL/g021SXOOLkL1ymN4qlEhFUsMFmPHiNt8jH9XFD4IlD +55K6B3EAfdAhNcNs3Znc6vOaiggFhXnlNwOwTJD8c7X560EN69NlWMwALr4vu7QI9mFsj4 +o7ZAs9BjGbh9OWx+UHxo2fKJPGqP4Y/owTU2Wsskjx/pPinICOcbrUC5tiE/tpYtji6zGj +aZ3oXhz/EZvH4iOqgWIYm7N7x6Y1JwxmlV9ZkVrA7SoJK6dYjFggQKVqF/4Je+Po4qu5kT +CdzHSDOZA9Hzr7f8yVAoRhKnuGpcGwPHy7YEzKjV0cJ10cZreJ1vvjwTlSlc3djQ6560CD +Q1JNEsPXvIKABstpC5/0A6IDZEos413aE9huNCp2CiognBz6pyGq9/gzeKMkKour4xAWU/ +HYiJ2IfM3tF9WdupGXW9AhYdTJZ/82EfIU58x+OrTWCUJYZsmy8ADkGqTFveAAYPQMifli +Vv8OJyvDr4ravG/2eRSQAAAQBVcBd21CZwoBilu4dNVlxAvHZAhlALF54ywa48V+fOQFw4 +orhRcTGZk9zenQyucoFWRD3/v3GO8bHXMdjcTrxIEIuN9Sc3aNEvOuAsBaujqqeqBPAp5t +X8GNeUWcnX9n9bHvpXwfCQVWCFuh3IMGQqju27q5StQvGGuNZAI5hpNnh4rB+ByI20uJWl +3/wWvgDZNAf2Xd/ERBalLyGmYg7nm3IZ+E/p63NLMWWrNT6EpfL7hyLUtZCpd2gpOBTYTz +OZyJsI2zcsFhJRYaIb5Ew173swQVoM6GJA0c+6Uu6k5g0ASWCLtIOT0lioEEgQV/U0UEEd +j2XWiSh/AhB2ltsHAAABAQDwalayijImFA0Hp1KfnRNSUlACcugaTiQcacuOW6dxj2sG42 +ndwJ1ZfHU9PP5hUuANQgyPHdSnp8bzXKT0bmnJOMSqmb4Ur3exuvkjZV5bwOG6uxgWW+1C +NExb/GyfnoZERD4s+Fvpj0o2iSMxWmSVasgpYRPO37mExKD0ADgZO8Zx2gJ/95y8QNtk4B +k2RLVuZjoVn+IPWbUZjCkmAc4iSqkE8ZauA9W8tJUdHrs/CWyMXtO5MdAe9KzG4EX8eSvN +Vg2ii1fLHsSz39dyCKoUxYdT6qfS7JiLnbDOJEyp68C17xqdO3/iv8QwBhQLTmL7H7V5s8 +D9kKqHaqUc/GiLAAABAQDvjIkX21h4eNh0WlRwfgdauBX7P9SxQsUVoVmqAc3XUiTg9POf +yOHVHNXKmd5TN/q7OHNujQ4UW7nwzW5sIjiBPGGeW9ntzIrImcu1nAwhIKOR/e/6ZSDUtn +QZHI8YvSLZoTXYLESidUGaULPDr8igj6EfYlsdVJ5yAlVlCT4Em9lTSgaI41w2Do6gHfR+ +luUBmcnApu8ZoTG0DUEtpM3AxtFNTzVz7jLbjhYBS1Pon5L7/2Q7c9seJSJtqVFwVc5owe +qV+T74CqZffN1XAryaUItYsoGS2TNyx8UaEA7SjEVkk1iq/lEyCATPy3CNwUPde9PSTqBA +Pc7FQ+pSLCs9AAAAIXNzY2h1cmVza29AZmxleGlvbi1tYWMtSjQwRFBGNFlRUgE= +-----END OPENSSH PRIVATE KEY----- diff --git a/src/senders/report_stream_sender_test.go b/src/senders/report_stream_sender_test.go index ac1613cd..6bd9c121 100644 --- a/src/senders/report_stream_sender_test.go +++ b/src/senders/report_stream_sender_test.go @@ -22,14 +22,12 @@ type SenderTestSuite struct { func (suite *SenderTestSuite) SetupTest() { os.Setenv("ENV", "local") os.Setenv("REPORT_STREAM_URL_PREFIX", "rs.com") - os.Setenv("CA_PHL_PRIVATE_KEY_NAME", "key") os.Setenv("CA_PHL_CLIENT_NAME", "client") } func (suite *SenderTestSuite) TearDownTest() { os.Unsetenv("ENV") os.Unsetenv("REPORT_STREAM_URL_PREFIX") - os.Unsetenv("CA_PHL_PRIVATE_KEY_NAME") os.Unsetenv("CA_PHL_CLIENT_NAME") } @@ -39,7 +37,6 @@ func (suite *SenderTestSuite) Test_NewSender_VariablesAreSet_ReturnsSender() { assert.NoError(suite.T(), err) assert.Equal(suite.T(), os.Getenv("REPORT_STREAM_URL_PREFIX"), sender.baseUrl) - assert.Equal(suite.T(), os.Getenv("CA_PHL_PRIVATE_KEY_NAME"), sender.privateKeyName) assert.Equal(suite.T(), os.Getenv("CA_PHL_CLIENT_NAME"), sender.clientName) } @@ -49,7 +46,6 @@ func (suite *SenderTestSuite) Test_NewSender_EnvIsEmpty_ReturnsSenderWithLocalCr assert.NoError(suite.T(), err) assert.Equal(suite.T(), os.Getenv("REPORT_STREAM_URL_PREFIX"), sender.baseUrl) - assert.Equal(suite.T(), os.Getenv("CA_PHL_PRIVATE_KEY_NAME"), sender.privateKeyName) assert.Equal(suite.T(), os.Getenv("CA_PHL_CLIENT_NAME"), sender.clientName) } From 8f16c92b9e4eb1b92b809f8ef2c895bba769926d Mon Sep 17 00:00:00 2001 From: James Herr Date: Wed, 4 Sep 2024 10:18:08 -0500 Subject: [PATCH 13/54] Fixed broken tests Co-Authored-By: Sylvie <38440028+somesylvie@users.noreply.github.com> Co-Authored-By: Samuel Aquino --- operations/template/app.tf | 2 +- src/senders/report_stream_sender.go | 5 ++-- src/senders/report_stream_sender_test.go | 29 ++++++++++++------------ 3 files changed, 17 insertions(+), 19 deletions(-) diff --git a/operations/template/app.tf b/operations/template/app.tf index f3149d7c..7580cd27 100644 --- a/operations/template/app.tf +++ b/operations/template/app.tf @@ -127,7 +127,7 @@ resource "azurerm_linux_web_app" "sftp" { } sticky_settings { - app_setting_names = ["AZURE_STORAGE_CONNECTION_STRING", "REPORT_STREAM_URL_PREFIX", "CA_PHL_PRIVATE_KEY_NAME", + app_setting_names = ["AZURE_STORAGE_CONNECTION_STRING", "REPORT_STREAM_URL_PREFIX", "AZURE_KEY_VAULT_URI", "CA_PHL_CLIENT_NAME", "QUEUE_MAX_DELIVERY_ATTEMPTS"] } diff --git a/src/senders/report_stream_sender.go b/src/senders/report_stream_sender.go index bcb9e2fc..40c5f3ef 100644 --- a/src/senders/report_stream_sender.go +++ b/src/senders/report_stream_sender.go @@ -31,12 +31,11 @@ func NewSender() (Sender, error) { return Sender{}, err } - privateKeySecret := "ca-phl-private-key-" + utils.EnvironmentName() // pragma: allowlist secret - privateKey, err := credentialGetter.GetSecret(privateKeySecret) + privateKeyName := "ca-phl-private-key-" + utils.EnvironmentName() // pragma: allowlist secret return Sender{ baseUrl: os.Getenv("REPORT_STREAM_URL_PREFIX"), - privateKeyName: privateKey, + privateKeyName: privateKeyName, clientName: os.Getenv("CA_PHL_CLIENT_NAME"), credentialGetter: credentialGetter, }, nil diff --git a/src/senders/report_stream_sender_test.go b/src/senders/report_stream_sender_test.go index 6bd9c121..66b92448 100644 --- a/src/senders/report_stream_sender_test.go +++ b/src/senders/report_stream_sender_test.go @@ -50,14 +50,13 @@ func (suite *SenderTestSuite) Test_NewSender_EnvIsEmpty_ReturnsSenderWithLocalCr } func (suite *SenderTestSuite) Test_GenerateJWT_ReturnsJWT() { - sender, err := NewSender() mockCredentialGetter := new(mocks.MockCredentialGetter) sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) jwt, err := sender.generateJwt() assert.NoError(suite.T(), err) @@ -71,7 +70,7 @@ func (suite *SenderTestSuite) Test_GenerateJWT_UnableToGetPrivateKey_ReturnsErro mockCredentialGetter := new(mocks.MockCredentialGetter) sender.credentialGetter = mockCredentialGetter - mockCredentialGetter.On("GetPrivateKey", "key").Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) _, err = sender.generateJwt() assert.Error(suite.T(), err) @@ -84,7 +83,7 @@ func (suite *SenderTestSuite) Test_getToken_ReturnsAccessToken() { sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -115,7 +114,7 @@ func (suite *SenderTestSuite) Test_getToken_UnableToGenerateJWT_ReturnsError() { mockCredentialGetter := new(mocks.MockCredentialGetter) sender.credentialGetter = mockCredentialGetter - mockCredentialGetter.On("GetPrivateKey", "key").Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) token, err := sender.getToken() assert.Error(suite.T(), err) @@ -130,7 +129,7 @@ func (suite *SenderTestSuite) Test_getToken_UnableToCallTokenEndpoint_ReturnsErr sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) token, err := sender.getToken() @@ -145,7 +144,7 @@ func (suite *SenderTestSuite) Test_getToken_ReportStreamResponseStatusIsInvalid_ sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -177,7 +176,7 @@ func (suite *SenderTestSuite) Test_getToken_UnableToMarshallResponseBody_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -205,7 +204,7 @@ func (suite *SenderTestSuite) Test_SendMessage_MessageSentToReportStream_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -269,7 +268,7 @@ func (suite *SenderTestSuite) Test_SendMessage_UnableToGetToken_ReturnsError() { sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, errors.New(utils.ErrorKey)) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, errors.New(utils.ErrorKey)) message, _ := os.ReadFile(filepath.Join("..", "..", "mock_data", "order_message.hl7")) @@ -287,7 +286,7 @@ func (suite *SenderTestSuite) Test_SendMessage_UnableToCallTokenEndpoint_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -326,7 +325,7 @@ func (suite *SenderTestSuite) Test_SendMessage_StatusCodeIsAbove300_ReturnsError sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -392,7 +391,7 @@ func (suite *SenderTestSuite) Test_SendMessage_StatusCodeIs400_ReturnsNonTransie sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -461,7 +460,7 @@ func (suite *SenderTestSuite) Test_SendMessage_StatusCodeIsAbove499_ReturnsError testKey, err := rsa.GenerateKey(rand.Reader, 2048) assert.NoError(suite.T(), err) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -527,7 +526,7 @@ func (suite *SenderTestSuite) Test_SendMessage_UnableToParseResponseBody_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "key").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) From 92b1922c3d9ac6e77d5ec276b1f2c17101361fc4 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Wed, 4 Sep 2024 10:01:40 -0600 Subject: [PATCH 14/54] refactored ca-phl into a const --- src/senders/report_stream_sender.go | 2 +- src/senders/report_stream_sender_test.go | 30 +++++++++++++----------- src/sftp/handler.go | 28 +++++++++++----------- src/utils/constants.go | 3 +++ src/zip/zip.go | 2 +- 5 files changed, 35 insertions(+), 30 deletions(-) diff --git a/src/senders/report_stream_sender.go b/src/senders/report_stream_sender.go index 40c5f3ef..d6cd269d 100644 --- a/src/senders/report_stream_sender.go +++ b/src/senders/report_stream_sender.go @@ -31,7 +31,7 @@ func NewSender() (Sender, error) { return Sender{}, err } - privateKeyName := "ca-phl-private-key-" + utils.EnvironmentName() // pragma: allowlist secret + privateKeyName := utils.CA_PHL + "-private-key-" + utils.EnvironmentName() // pragma: allowlist secret return Sender{ baseUrl: os.Getenv("REPORT_STREAM_URL_PREFIX"), diff --git a/src/senders/report_stream_sender_test.go b/src/senders/report_stream_sender_test.go index 66b92448..4644cbe2 100644 --- a/src/senders/report_stream_sender_test.go +++ b/src/senders/report_stream_sender_test.go @@ -15,6 +15,8 @@ import ( "testing" ) +const privateKeyName = "ca-phl-private-key-local" + type SenderTestSuite struct { suite.Suite } @@ -56,7 +58,7 @@ func (suite *SenderTestSuite) Test_GenerateJWT_ReturnsJWT() { sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) jwt, err := sender.generateJwt() assert.NoError(suite.T(), err) @@ -70,7 +72,7 @@ func (suite *SenderTestSuite) Test_GenerateJWT_UnableToGetPrivateKey_ReturnsErro mockCredentialGetter := new(mocks.MockCredentialGetter) sender.credentialGetter = mockCredentialGetter - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) _, err = sender.generateJwt() assert.Error(suite.T(), err) @@ -83,7 +85,7 @@ func (suite *SenderTestSuite) Test_getToken_ReturnsAccessToken() { sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -114,7 +116,7 @@ func (suite *SenderTestSuite) Test_getToken_UnableToGenerateJWT_ReturnsError() { mockCredentialGetter := new(mocks.MockCredentialGetter) sender.credentialGetter = mockCredentialGetter - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) token, err := sender.getToken() assert.Error(suite.T(), err) @@ -129,7 +131,7 @@ func (suite *SenderTestSuite) Test_getToken_UnableToCallTokenEndpoint_ReturnsErr sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) token, err := sender.getToken() @@ -144,7 +146,7 @@ func (suite *SenderTestSuite) Test_getToken_ReportStreamResponseStatusIsInvalid_ sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -176,7 +178,7 @@ func (suite *SenderTestSuite) Test_getToken_UnableToMarshallResponseBody_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -204,7 +206,7 @@ func (suite *SenderTestSuite) Test_SendMessage_MessageSentToReportStream_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -268,7 +270,7 @@ func (suite *SenderTestSuite) Test_SendMessage_UnableToGetToken_ReturnsError() { sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, errors.New(utils.ErrorKey)) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, errors.New(utils.ErrorKey)) message, _ := os.ReadFile(filepath.Join("..", "..", "mock_data", "order_message.hl7")) @@ -286,7 +288,7 @@ func (suite *SenderTestSuite) Test_SendMessage_UnableToCallTokenEndpoint_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -325,7 +327,7 @@ func (suite *SenderTestSuite) Test_SendMessage_StatusCodeIsAbove300_ReturnsError sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -391,7 +393,7 @@ func (suite *SenderTestSuite) Test_SendMessage_StatusCodeIs400_ReturnsNonTransie sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -460,7 +462,7 @@ func (suite *SenderTestSuite) Test_SendMessage_StatusCodeIsAbove499_ReturnsError testKey, err := rsa.GenerateKey(rand.Reader, 2048) assert.NoError(suite.T(), err) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -526,7 +528,7 @@ func (suite *SenderTestSuite) Test_SendMessage_UnableToParseResponseBody_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", "ca-phl-private-key-local").Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) diff --git a/src/sftp/handler.go b/src/sftp/handler.go index 0e91ecf6..71d98a58 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -32,10 +32,10 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } - serverKeySecret := "ca-phl-sftp-server-public-key-" + utils.EnvironmentName() // pragma: allowlist secret - serverKey, err := credentialGetter.GetSecret(serverKeySecret) + serverKeyName := utils.CA_PHL + "-sftp-server-public-key-" + utils.EnvironmentName() // pragma: allowlist secret + serverKey, err := credentialGetter.GetSecret(serverKeyName) if err != nil { - slog.Error("Unable to get server key secret", slog.String("KeyName", serverKeySecret), slog.Any(utils.ErrorKey, err)) + slog.Error("Unable to get server key secret", slog.String("KeyName", serverKeyName), slog.Any(utils.ErrorKey, err)) return nil, err } @@ -45,17 +45,17 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } - sftpUserNameSecret := "ca-phl-sftp-user-" + utils.EnvironmentName() // pragma: allowlist secret + sftpUserNameSecret := utils.CA_PHL + "-sftp-user-" + utils.EnvironmentName() // pragma: allowlist secret sftpUser, err := credentialGetter.GetSecret(sftpUserNameSecret) if err != nil { slog.Error("Unable to get SFTP username secret", slog.String("KeyName", sftpUserNameSecret), slog.Any(utils.ErrorKey, err)) return nil, err } - sftpPasswordSecret := "ca-phl-sftp-password-" + utils.EnvironmentName() // pragma: allowlist secret - sftpPassword, err := credentialGetter.GetSecret(sftpPasswordSecret) + sftpPasswordName := utils.CA_PHL + "-sftp-password-" + utils.EnvironmentName() // pragma: allowlist secret + sftpPassword, err := credentialGetter.GetSecret(sftpPasswordName) if err != nil { - slog.Error("Unable to get SFTP password secret", slog.String("KeyName", sftpPasswordSecret), slog.Any(utils.ErrorKey, err)) + slog.Error("Unable to get SFTP password secret", slog.String("KeyName", sftpPasswordName), slog.Any(utils.ErrorKey, err)) return nil, err } @@ -68,7 +68,7 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er HostKeyCallback: hostKeyCallback, } - sftpServerAddressSecret := "ca-phl-sftp-server-address-" + utils.EnvironmentName() // pragma: allowlist secret + sftpServerAddressSecret := utils.CA_PHL + "-sftp-server-address-" + utils.EnvironmentName() // pragma: allowlist secret sftpServerAddress, err := credentialGetter.GetSecret(sftpServerAddressSecret) if err != nil { slog.Error("Unable to get SFTP server address secret", slog.String("KeyName", sftpServerAddressSecret), slog.Any(utils.ErrorKey, err)) @@ -122,11 +122,11 @@ func getSshClientHostKeyCallback(serverKey string) (ssh.HostKeyCallback, error) func getPublicKeysForSshClient(credentialGetter secrets.CredentialGetter) (ssh.Signer, error) { - userAuthenticationKeySecret := "ca-phl-sftp-key-" + utils.EnvironmentName() // pragma: allowlist secret + userAuthenticationKeyName := utils.CA_PHL + "-sftp-key-" + utils.EnvironmentName() // pragma: allowlist secret - key, err := credentialGetter.GetSecret(userAuthenticationKeySecret) + key, err := credentialGetter.GetSecret(userAuthenticationKeyName) if err != nil { - slog.Error("Unable to retrieve user authentication key secret", slog.String("KeyName", userAuthenticationKeySecret), slog.Any(utils.ErrorKey, err)) + slog.Error("Unable to retrieve user authentication key secret", slog.String("KeyName", userAuthenticationKeyName), slog.Any(utils.ErrorKey, err)) return nil, err } @@ -156,10 +156,10 @@ func (receiver *SftpHandler) Close() { } func (receiver *SftpHandler) CopyFiles() { - sftpStartingDirectorySecret := "ca-phl-sftp-starting-directory-" + utils.EnvironmentName() // pragma: allowlist secret - sftpStartingDirectory, err := receiver.credentialGetter.GetSecret(sftpStartingDirectorySecret) + sftpStartingDirectoryName := utils.CA_PHL + "-sftp-starting-directory-" + utils.EnvironmentName() // pragma: allowlist secret + sftpStartingDirectory, err := receiver.credentialGetter.GetSecret(sftpStartingDirectoryName) if err != nil { - slog.Error("Unable to get SFTP starting directory secret", slog.String("KeyName", sftpStartingDirectorySecret), slog.Any(utils.ErrorKey, err)) + slog.Error("Unable to get SFTP starting directory secret", slog.String("KeyName", sftpStartingDirectoryName), slog.Any(utils.ErrorKey, err)) return } diff --git a/src/utils/constants.go b/src/utils/constants.go index 666376c7..b079cf36 100644 --- a/src/utils/constants.go +++ b/src/utils/constants.go @@ -28,3 +28,6 @@ const ErrorKey = "error" // Used in logging. // E.g. `slog.Info("Successfully copied file and removed from SFTP server", slog.Any(utils.FileNameKey, fileInfo.Name()))` const FileNameKey = "file name" + +// +const CA_PHL = "ca-phl" diff --git a/src/zip/zip.go b/src/zip/zip.go index 6bcfb961..0cecf022 100644 --- a/src/zip/zip.go +++ b/src/zip/zip.go @@ -55,7 +55,7 @@ func NewZipHandler() (ZipHandler, error) { func (zipHandler ZipHandler) Unzip(zipFilePath string) error { slog.Info("Preparing to unzip", slog.String("zipFilePath", zipFilePath)) - zipPasswordSecret := "ca-phl-zip-password-" + utils.EnvironmentName() // pragma: allowlist secret + zipPasswordSecret := utils.CA_PHL + "-zip-password-" + utils.EnvironmentName() // pragma: allowlist secret zipPassword, err := zipHandler.credentialGetter.GetSecret(zipPasswordSecret) if err != nil { slog.Error("Unable to get zip password", slog.Any(utils.ErrorKey, err), slog.String("KeyName", zipPasswordSecret)) From d1614d165e5b6413cc9be8e777124507cf66553c Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Wed, 4 Sep 2024 10:30:58 -0600 Subject: [PATCH 15/54] remove password from handshake --- operations/template/key.tf | 12 ------------ src/sftp/handler.go | 8 -------- src/sftp/handler_test.go | 23 ----------------------- 3 files changed, 43 deletions(-) diff --git a/operations/template/key.tf b/operations/template/key.tf index 342362e2..52e8b66d 100644 --- a/operations/template/key.tf +++ b/operations/template/key.tf @@ -124,18 +124,6 @@ resource "azurerm_key_vault_secret" "ca_phl_sftp_user" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "ca_phl_sftp_password" { - name = "ca-phl-sftp-password-${var.environment}" - value = "dogcow" - - key_vault_id = azurerm_key_vault.key_storage.id - - lifecycle { - ignore_changes = [value] - } - depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret -} - resource "azurerm_key_vault_secret" "ca_phl_sftp_key" { name = "ca-phl-sftp-key-${var.environment}" value = "dogcow" diff --git a/src/sftp/handler.go b/src/sftp/handler.go index 71d98a58..178cdbc9 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -52,18 +52,10 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } - sftpPasswordName := utils.CA_PHL + "-sftp-password-" + utils.EnvironmentName() // pragma: allowlist secret - sftpPassword, err := credentialGetter.GetSecret(sftpPasswordName) - if err != nil { - slog.Error("Unable to get SFTP password secret", slog.String("KeyName", sftpPasswordName), slog.Any(utils.ErrorKey, err)) - return nil, err - } - config := &ssh.ClientConfig{ User: sftpUser, Auth: []ssh.AuthMethod{ ssh.PublicKeys(pem), - ssh.Password(sftpPassword), }, HostKeyCallback: hostKeyCallback, } diff --git a/src/sftp/handler_test.go b/src/sftp/handler_test.go index d17f0782..5c84deea 100644 --- a/src/sftp/handler_test.go +++ b/src/sftp/handler_test.go @@ -18,7 +18,6 @@ import ( ) const serverKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDg90HXaJnI1KtfJp8MWHxAwC00PvQCZKm4FRRdPGhEMepXIeLdjOtZV6LdePMT3WUmNkd6vaJ4EEmFUtH9lKLidALL9blOJF1iZKXK81JBJsds8axz5cqAau6aclgc9B1z2tAa+JtaSqN7uXvfPsrmsVss4jcOxX+thAhz7U6chN6ahabgIPqHBEjwvPlVNNbSqv0Q0eS4WaEEo/39tiXn5DYpPRC6DjuZ3m5s3VIgHznTv2Ufp3kcLcfEDZFwjm5XRWLNNvM5h3aW1vmr4lgBwuEzPV7CYIdIyDxe9V7YYcGfO+uu/VrDpY1wSmcD3lzHLLTbi5WWOurwiMsWIVRZfa/rmzuoTYknd5iJoiTyIWmR7L0FLfzPlDYJZmAWSdLZrZaUdD8SDIoKMSEV/5/ZzcI0wuoknis+zpyFqT0jfOy7E4GtG8pEQf7JGXaiExNd9TKxbRmaxp3Yv4WgPBThY39Va7EMUC/s0hX2Ah8pIWZG4Lze4x7Z4dElCOHDgnsl3Akc399jnIDfUY4bVn+rfBJntx9mBRaNnV1GqRodbSkHK5dTcZEmRslhuhsQVO2CxrlkPhFEe0XXpA3llO9YIkf4sCZDUbRFKPJiHyDhfrf2/HzkLndODdFaAnICYd51zOI1SgP3aFx60bZ2nPSoLs9DsR1LLIpz4uoiy5hCHw== sschuresko@flexion-mac-J40DPF4YQR" -const password = "ti_password" const user = "ti_user" func Test_NewSFTPHandler_UnableToGetSshClientPublicKey_ReturnsError(t *testing.T) { @@ -90,26 +89,6 @@ func Test_NewSFTPHandler_UnableToGetSFTPUserNameSecret_ReturnsError(t *testing.T assert.Contains(t, buffer.String(), "Unable to get SFTP username secret") } -func Test_NewSFTPHandler_UnableToGetSFTPPasswordName_ReturnsError(t *testing.T) { - buffer, defaultLogger := utils.SetupLogger() - defer slog.SetDefault(defaultLogger) - - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret - - mockCredentialGetter := new(mocks.MockCredentialGetter) - - mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() - mockCredentialGetter.On("GetSecret", mock.Anything).Return(serverKey, nil).Once() - mockCredentialGetter.On("GetSecret", mock.Anything).Return(user, nil).Once() - mockCredentialGetter.On("GetSecret", mock.Anything).Return("", errors.New("error")) - - sftpHandler, err := NewSftpHandler(mockCredentialGetter) - - assert.Nil(t, sftpHandler) - assert.Error(t, err) - assert.Contains(t, buffer.String(), "Unable to get SFTP password secret") -} - func Test_NewSFTPHandler_UnableToGetSFTPServerAddressName_ReturnsError(t *testing.T) { buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) @@ -121,7 +100,6 @@ func Test_NewSFTPHandler_UnableToGetSFTPServerAddressName_ReturnsError(t *testin mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(serverKey, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(user, nil).Once() - mockCredentialGetter.On("GetSecret", mock.Anything).Return(password, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return("", errors.New("error")) sftpHandler, err := NewSftpHandler(mockCredentialGetter) @@ -142,7 +120,6 @@ func Test_NewSFTPHandler_UnableToDialIntoTCP_ReturnsError(t *testing.T) { mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(serverKey, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return(user, nil).Once() - mockCredentialGetter.On("GetSecret", mock.Anything).Return(password, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return("wrong-value", nil).Once() From a8bb2ccdcf0d1ed8bbbf574508b59d5b27db4598 Mon Sep 17 00:00:00 2001 From: James Herr Date: Wed, 4 Sep 2024 14:19:13 -0500 Subject: [PATCH 16/54] Updating client name Co-Authored-By: Sylvie <38440028+somesylvie@users.noreply.github.com> Co-Authored-By: Samuel Aquino Co-Authored-By: jcrichlake <145698165+jcrichlake@users.noreply.github.com> --- operations/template/app.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/template/app.tf b/operations/template/app.tf index 7580cd27..d0ff9666 100644 --- a/operations/template/app.tf +++ b/operations/template/app.tf @@ -122,7 +122,7 @@ resource "azurerm_linux_web_app" "sftp" { AZURE_STORAGE_CONNECTION_STRING = azurerm_storage_account.storage.primary_blob_connection_string REPORT_STREAM_URL_PREFIX = "https://${local.rs_domain_prefix}prime.cdc.gov" AZURE_KEY_VAULT_URI = azurerm_key_vault.key_storage.vault_uri - CA_PHL_CLIENT_NAME = "flexion.simulated-lab" + CA_PHL_CLIENT_NAME = "ca-phl.etor-nbs-results" QUEUE_MAX_DELIVERY_ATTEMPTS = azurerm_eventgrid_system_topic_event_subscription.topic_sub.retry_policy.0.max_delivery_attempts # making the Azure container <-> queue retry count be in sync with the queue <-> application retry count.. } From 6927d519d385771ea32d5a2aa1c11b27f2000968 Mon Sep 17 00:00:00 2001 From: James Herr Date: Wed, 4 Sep 2024 14:37:43 -0500 Subject: [PATCH 17/54] Updating variable names and docker compose client name Co-Authored-By: Sylvie <38440028+somesylvie@users.noreply.github.com> Co-Authored-By: Samuel Aquino Co-Authored-By: jcrichlake <145698165+jcrichlake@users.noreply.github.com> --- docker-compose.yml | 2 +- src/sftp/handler.go | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4e8d39dd..98bdb394 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: ENV: local # Uncomment the line below to call local report stream. Otherwise we'll use a mock response # REPORT_STREAM_URL_PREFIX: http://host.docker.internal:7071 - CA_PHL_CLIENT_NAME: flexion.simulated-hospital + CA_PHL_CLIENT_NAME: ca-phl.etor-nbs-result QUEUE_MAX_DELIVERY_ATTEMPTS: 5 POLLING_TRIGGER_QUEUE_NAME: polling-trigger-queue volumes: diff --git a/src/sftp/handler.go b/src/sftp/handler.go index 178cdbc9..1e1bcb83 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -45,10 +45,10 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } - sftpUserNameSecret := utils.CA_PHL + "-sftp-user-" + utils.EnvironmentName() // pragma: allowlist secret - sftpUser, err := credentialGetter.GetSecret(sftpUserNameSecret) + sftpUserName := utils.CA_PHL + "-sftp-user-" + utils.EnvironmentName() // pragma: allowlist secret + sftpUser, err := credentialGetter.GetSecret(sftpUserName) if err != nil { - slog.Error("Unable to get SFTP username secret", slog.String("KeyName", sftpUserNameSecret), slog.Any(utils.ErrorKey, err)) + slog.Error("Unable to get SFTP username secret", slog.String("KeyName", sftpUserName), slog.Any(utils.ErrorKey, err)) return nil, err } @@ -60,10 +60,10 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er HostKeyCallback: hostKeyCallback, } - sftpServerAddressSecret := utils.CA_PHL + "-sftp-server-address-" + utils.EnvironmentName() // pragma: allowlist secret - sftpServerAddress, err := credentialGetter.GetSecret(sftpServerAddressSecret) + sftpServerAddressName := utils.CA_PHL + "-sftp-server-address-" + utils.EnvironmentName() // pragma: allowlist secret + sftpServerAddress, err := credentialGetter.GetSecret(sftpServerAddressName) if err != nil { - slog.Error("Unable to get SFTP server address secret", slog.String("KeyName", sftpServerAddressSecret), slog.Any(utils.ErrorKey, err)) + slog.Error("Unable to get SFTP server address secret", slog.String("KeyName", sftpServerAddressName), slog.Any(utils.ErrorKey, err)) return nil, err } From d589685d2ecfea3e0a231e97eb4cfa1d8228a33d Mon Sep 17 00:00:00 2001 From: James Herr Date: Wed, 4 Sep 2024 14:57:15 -0500 Subject: [PATCH 18/54] Updated script to remove password requirement Co-Authored-By: Sylvie <38440028+somesylvie@users.noreply.github.com> Co-Authored-By: Samuel Aquino Co-Authored-By: jcrichlake <145698165+jcrichlake@users.noreply.github.com> --- .gitignore | 2 +- docker-compose.yml | 4 ++-- localdata/sftp_server_require_password_and_publickey.sh | 3 --- localdata/sftp_server_require_publickey.sh | 3 +++ 4 files changed, 6 insertions(+), 6 deletions(-) delete mode 100755 localdata/sftp_server_require_password_and_publickey.sh create mode 100755 localdata/sftp_server_require_publickey.sh diff --git a/.gitignore b/.gitignore index 0bce0b40..75eae505 100644 --- a/.gitignore +++ b/.gitignore @@ -33,7 +33,7 @@ terraform.tfstate* .terraform* # Local blob storage data -/localdata +/localdata/data # Items added by creating the Azure function: diff --git a/docker-compose.yml b/docker-compose.yml index 98bdb394..3be954a6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -95,9 +95,9 @@ services: environment: SFTP_USERS: ti_user:ti_password:::files volumes: - - ./mock_credentials/sftp-public-key-local:/home/ti_user/.ssh/keys/id_rsa.pub:ro # uncomment me when CA uses our public key for authentication + - ./mock_credentials/sftp-public-key-local:/home/ti_user/.ssh/keys/id_rsa.pub:ro - ./mock_credentials/ca-phl-sftp-server-private-key-local:/etc/ssh/ssh_host_rsa_key - - ./localdata/sftp_server_require_password_and_publickey.sh:/etc/sftp.d/sftp_server_require_password_and_publickey.sh # uncomment me when CA uses our public key for authentication + - ./localdata/sftp_server_require_publickey.sh:/etc/sftp.d/sftp_server_require_publickey.sh - ./localdata/data/sftp:/home/ti_user/files ports: - "2223:22" diff --git a/localdata/sftp_server_require_password_and_publickey.sh b/localdata/sftp_server_require_password_and_publickey.sh deleted file mode 100755 index 0be3a479..00000000 --- a/localdata/sftp_server_require_password_and_publickey.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -echo "AuthenticationMethods password,publickey" >> /etc/ssh/sshd_config diff --git a/localdata/sftp_server_require_publickey.sh b/localdata/sftp_server_require_publickey.sh new file mode 100755 index 00000000..ee9b7198 --- /dev/null +++ b/localdata/sftp_server_require_publickey.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +echo "AuthenticationMethods publickey" >> /etc/ssh/sshd_config From 8c14b03d29040b8257494969e4c475b8ce84eca6 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Thu, 5 Sep 2024 08:52:21 -0600 Subject: [PATCH 19/54] comment out code --- operations/template/key.tf | 22 +++++++++++----------- operations/template/storage.tf | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/operations/template/key.tf b/operations/template/key.tf index 52e8b66d..436a97fc 100644 --- a/operations/template/key.tf +++ b/operations/template/key.tf @@ -52,17 +52,17 @@ resource "azurerm_key_vault_access_policy" "allow_app_read" { ] } -resource "azurerm_key_vault_access_policy" "allow_sftp_storage_account_wrapping" { - key_vault_id = azurerm_key_vault.key_storage.id - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = azurerm_storage_account.storage.identity.0.principal_id - - key_permissions = [ - "Get", - "UnwrapKey", - "WrapKey", - ] -} +# resource "azurerm_key_vault_access_policy" "allow_sftp_storage_account_wrapping" { +# key_vault_id = azurerm_key_vault.key_storage.id +# tenant_id = data.azurerm_client_config.current.tenant_id +# object_id = azurerm_storage_account.storage.identity.0.principal_id +# +# key_permissions = [ +# "Get", +# "UnwrapKey", +# "WrapKey", +# ] +# } resource "azurerm_key_vault_secret" "mock_public_health_lab_private_key" { name = "mock-public-health-lab-private-key-${var.environment}" diff --git a/operations/template/storage.tf b/operations/template/storage.tf index 5a4e49bb..cdbc685e 100644 --- a/operations/template/storage.tf +++ b/operations/template/storage.tf @@ -31,7 +31,7 @@ resource "azurerm_storage_account_customer_managed_key" "storage_storage_account depends_on = [ azurerm_key_vault_access_policy.allow_github_deployer, - azurerm_key_vault_access_policy.allow_sftp_storage_account_wrapping +# azurerm_key_vault_access_policy.allow_sftp_storage_account_wrapping ] //wait for the permission that allows our deployer to write the secret } From 027fb5aebbd32aeb1ecc297cfa94db72bd758254 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Thu, 5 Sep 2024 08:56:10 -0600 Subject: [PATCH 20/54] linting --- operations/template/storage.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/template/storage.tf b/operations/template/storage.tf index cdbc685e..7ef379da 100644 --- a/operations/template/storage.tf +++ b/operations/template/storage.tf @@ -31,7 +31,7 @@ resource "azurerm_storage_account_customer_managed_key" "storage_storage_account depends_on = [ azurerm_key_vault_access_policy.allow_github_deployer, -# azurerm_key_vault_access_policy.allow_sftp_storage_account_wrapping +# azurerm_key_vault_access_policy.allow_sftp_storage_account_wrapping ] //wait for the permission that allows our deployer to write the secret } From 0a5078e9c0c785497350d974e3b5fa92fa5ed6bb Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Thu, 5 Sep 2024 09:23:26 -0600 Subject: [PATCH 21/54] linting --- operations/template/storage.tf | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/operations/template/storage.tf b/operations/template/storage.tf index 7ef379da..e5825980 100644 --- a/operations/template/storage.tf +++ b/operations/template/storage.tf @@ -24,16 +24,16 @@ resource "azurerm_storage_account" "storage" { } -resource "azurerm_storage_account_customer_managed_key" "storage_storage_account_customer_key" { - storage_account_id = azurerm_storage_account.storage.id - key_vault_id = azurerm_key_vault.key_storage.id - key_name = azurerm_key_vault_key.customer_managed_key.name - - depends_on = [ - azurerm_key_vault_access_policy.allow_github_deployer, -# azurerm_key_vault_access_policy.allow_sftp_storage_account_wrapping - ] //wait for the permission that allows our deployer to write the secret -} +# resource "azurerm_storage_account_customer_managed_key" "storage_storage_account_customer_key" { +# storage_account_id = azurerm_storage_account.storage.id +# key_vault_id = azurerm_key_vault.key_storage.id +# key_name = azurerm_key_vault_key.customer_managed_key.name +# +# depends_on = [ +# azurerm_key_vault_access_policy.allow_github_deployer, +# azurerm_key_vault_access_policy.allow_sftp_storage_account_wrapping +# ] //wait for the permission that allows our deployer to write the secret +# } resource "azurerm_storage_container" "sftp_container" { From 479939fd2cf79036caf25c75ae430dd8e7cde330 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Thu, 5 Sep 2024 12:20:32 -0600 Subject: [PATCH 22/54] uncomment code Co-authored-by: jcrichlake <145698165+jcrichlake@users.noreply.github.com> --- operations/template/key.tf | 22 +++++++++++----------- operations/template/storage.tf | 20 ++++++++++---------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/operations/template/key.tf b/operations/template/key.tf index 436a97fc..52e8b66d 100644 --- a/operations/template/key.tf +++ b/operations/template/key.tf @@ -52,17 +52,17 @@ resource "azurerm_key_vault_access_policy" "allow_app_read" { ] } -# resource "azurerm_key_vault_access_policy" "allow_sftp_storage_account_wrapping" { -# key_vault_id = azurerm_key_vault.key_storage.id -# tenant_id = data.azurerm_client_config.current.tenant_id -# object_id = azurerm_storage_account.storage.identity.0.principal_id -# -# key_permissions = [ -# "Get", -# "UnwrapKey", -# "WrapKey", -# ] -# } +resource "azurerm_key_vault_access_policy" "allow_sftp_storage_account_wrapping" { + key_vault_id = azurerm_key_vault.key_storage.id + tenant_id = data.azurerm_client_config.current.tenant_id + object_id = azurerm_storage_account.storage.identity.0.principal_id + + key_permissions = [ + "Get", + "UnwrapKey", + "WrapKey", + ] +} resource "azurerm_key_vault_secret" "mock_public_health_lab_private_key" { name = "mock-public-health-lab-private-key-${var.environment}" diff --git a/operations/template/storage.tf b/operations/template/storage.tf index e5825980..5a4e49bb 100644 --- a/operations/template/storage.tf +++ b/operations/template/storage.tf @@ -24,16 +24,16 @@ resource "azurerm_storage_account" "storage" { } -# resource "azurerm_storage_account_customer_managed_key" "storage_storage_account_customer_key" { -# storage_account_id = azurerm_storage_account.storage.id -# key_vault_id = azurerm_key_vault.key_storage.id -# key_name = azurerm_key_vault_key.customer_managed_key.name -# -# depends_on = [ -# azurerm_key_vault_access_policy.allow_github_deployer, -# azurerm_key_vault_access_policy.allow_sftp_storage_account_wrapping -# ] //wait for the permission that allows our deployer to write the secret -# } +resource "azurerm_storage_account_customer_managed_key" "storage_storage_account_customer_key" { + storage_account_id = azurerm_storage_account.storage.id + key_vault_id = azurerm_key_vault.key_storage.id + key_name = azurerm_key_vault_key.customer_managed_key.name + + depends_on = [ + azurerm_key_vault_access_policy.allow_github_deployer, + azurerm_key_vault_access_policy.allow_sftp_storage_account_wrapping + ] //wait for the permission that allows our deployer to write the secret +} resource "azurerm_storage_container" "sftp_container" { From 02f62685ac4f469c135e29aa517d951e50a797d4 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Thu, 5 Sep 2024 13:35:37 -0600 Subject: [PATCH 23/54] remove ca specific naming from key vault Co-authored-by: saquino0827 Co-authored-by: James Herr Co-authored-by: jcrichlake <145698165+jcrichlake@users.noreply.github.com> Co-authored-by: Sylvie --- operations/template/app.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/template/app.tf b/operations/template/app.tf index d0ff9666..4890aff4 100644 --- a/operations/template/app.tf +++ b/operations/template/app.tf @@ -35,7 +35,7 @@ resource "azurerm_user_assigned_identity" "key_vault_identity" { resource_group_name = data.azurerm_resource_group.group.name location = data.azurerm_resource_group.group.location - name = "ca-phl-sftp-key-vault-identity-${var.environment}" + name = "sftp-key-vault-identity-${var.environment}" lifecycle { ignore_changes = [ From 5626219c0d9a06f4f076c92dd24dd944db3afeb9 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Thu, 5 Sep 2024 15:31:33 -0600 Subject: [PATCH 24/54] refactored key names for consistency Co-authored-by: Sylvie --- operations/template/key.tf | 12 +++++----- src/senders/report_stream_sender.go | 6 ++--- src/senders/report_stream_sender_test.go | 30 ++++++++++++------------ src/sftp/handler.go | 8 +++---- src/sftp/handler_test.go | 2 +- 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/operations/template/key.tf b/operations/template/key.tf index 1158c1ac..63013df0 100644 --- a/operations/template/key.tf +++ b/operations/template/key.tf @@ -89,8 +89,8 @@ resource "azurerm_key_vault_secret" "mock_public_health_lab_private_key" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "ca_phl_private_key" { - name = "ca-phl-private-key-${var.environment}" +resource "azurerm_key_vault_secret" "ca_phl_reportstream_private_key" { + name = "ca-phl-reportstream-private-key-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id @@ -137,8 +137,8 @@ resource "azurerm_key_vault_secret" "ca_phl_sftp_user" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "ca_phl_sftp_key" { - name = "ca-phl-sftp-key-${var.environment}" +resource "azurerm_key_vault_secret" "ca_phl_sftp_private_key" { + name = "ca-phl-sftp-private-key-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id @@ -161,8 +161,8 @@ resource "azurerm_key_vault_secret" "ca_phl_sftp_server_address" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "ca_phl_sftp_server_public_key" { - name = "ca-phl-sftp-server-public-key-${var.environment}" +resource "azurerm_key_vault_secret" "ca_phl_sftp_public_key" { + name = "ca-phl-sftp-public-key-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id diff --git a/src/senders/report_stream_sender.go b/src/senders/report_stream_sender.go index d6cd269d..f2c5e0e9 100644 --- a/src/senders/report_stream_sender.go +++ b/src/senders/report_stream_sender.go @@ -30,12 +30,12 @@ func NewSender() (Sender, error) { slog.Error("Unable to initialize credential getter", slog.Any(utils.ErrorKey, err)) return Sender{}, err } - - privateKeyName := utils.CA_PHL + "-private-key-" + utils.EnvironmentName() // pragma: allowlist secret + // ca-phl-reportstream-private-key + reportStreamPrivateKeyName := utils.CA_PHL + "reportstream-private-key-" + utils.EnvironmentName() // pragma: allowlist secret return Sender{ baseUrl: os.Getenv("REPORT_STREAM_URL_PREFIX"), - privateKeyName: privateKeyName, + privateKeyName: reportStreamPrivateKeyName, clientName: os.Getenv("CA_PHL_CLIENT_NAME"), credentialGetter: credentialGetter, }, nil diff --git a/src/senders/report_stream_sender_test.go b/src/senders/report_stream_sender_test.go index 4644cbe2..80886d0f 100644 --- a/src/senders/report_stream_sender_test.go +++ b/src/senders/report_stream_sender_test.go @@ -15,7 +15,7 @@ import ( "testing" ) -const privateKeyName = "ca-phl-private-key-local" +const reportStreamPrivateKeyName = "ca-phl-reportstream-private-key-local" type SenderTestSuite struct { suite.Suite @@ -58,7 +58,7 @@ func (suite *SenderTestSuite) Test_GenerateJWT_ReturnsJWT() { sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, nil) jwt, err := sender.generateJwt() assert.NoError(suite.T(), err) @@ -72,7 +72,7 @@ func (suite *SenderTestSuite) Test_GenerateJWT_UnableToGetPrivateKey_ReturnsErro mockCredentialGetter := new(mocks.MockCredentialGetter) sender.credentialGetter = mockCredentialGetter - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) _, err = sender.generateJwt() assert.Error(suite.T(), err) @@ -85,7 +85,7 @@ func (suite *SenderTestSuite) Test_getToken_ReturnsAccessToken() { sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -116,7 +116,7 @@ func (suite *SenderTestSuite) Test_getToken_UnableToGenerateJWT_ReturnsError() { mockCredentialGetter := new(mocks.MockCredentialGetter) sender.credentialGetter = mockCredentialGetter - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(&rsa.PrivateKey{}, errors.New("failed to retrieve private key")) token, err := sender.getToken() assert.Error(suite.T(), err) @@ -131,7 +131,7 @@ func (suite *SenderTestSuite) Test_getToken_UnableToCallTokenEndpoint_ReturnsErr sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, nil) token, err := sender.getToken() @@ -146,7 +146,7 @@ func (suite *SenderTestSuite) Test_getToken_ReportStreamResponseStatusIsInvalid_ sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -178,7 +178,7 @@ func (suite *SenderTestSuite) Test_getToken_UnableToMarshallResponseBody_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -206,7 +206,7 @@ func (suite *SenderTestSuite) Test_SendMessage_MessageSentToReportStream_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -270,7 +270,7 @@ func (suite *SenderTestSuite) Test_SendMessage_UnableToGetToken_ReturnsError() { sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, errors.New(utils.ErrorKey)) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, errors.New(utils.ErrorKey)) message, _ := os.ReadFile(filepath.Join("..", "..", "mock_data", "order_message.hl7")) @@ -288,7 +288,7 @@ func (suite *SenderTestSuite) Test_SendMessage_UnableToCallTokenEndpoint_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -327,7 +327,7 @@ func (suite *SenderTestSuite) Test_SendMessage_StatusCodeIsAbove300_ReturnsError sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -393,7 +393,7 @@ func (suite *SenderTestSuite) Test_SendMessage_StatusCodeIs400_ReturnsNonTransie sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -462,7 +462,7 @@ func (suite *SenderTestSuite) Test_SendMessage_StatusCodeIsAbove499_ReturnsError testKey, err := rsa.GenerateKey(rand.Reader, 2048) assert.NoError(suite.T(), err) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) @@ -528,7 +528,7 @@ func (suite *SenderTestSuite) Test_SendMessage_UnableToParseResponseBody_Returns sender.credentialGetter = mockCredentialGetter testKey, err := rsa.GenerateKey(rand.Reader, 2048) - mockCredentialGetter.On("GetPrivateKey", privateKeyName).Return(testKey, nil) + mockCredentialGetter.On("GetPrivateKey", reportStreamPrivateKeyName).Return(testKey, nil) // Set up a test server for ReportStream // Response parts: Body, Status Code, Access Token (part of body), Error (part of body) diff --git a/src/sftp/handler.go b/src/sftp/handler.go index 1e1bcb83..f8809873 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -32,10 +32,10 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } - serverKeyName := utils.CA_PHL + "-sftp-server-public-key-" + utils.EnvironmentName() // pragma: allowlist secret - serverKey, err := credentialGetter.GetSecret(serverKeyName) + sftpKeyName := utils.CA_PHL + "-sftp-public-key-" + utils.EnvironmentName() // pragma: allowlist secret + serverKey, err := credentialGetter.GetSecret(sftpKeyName) if err != nil { - slog.Error("Unable to get server key secret", slog.String("KeyName", serverKeyName), slog.Any(utils.ErrorKey, err)) + slog.Error("Unable to get SFTP key secret", slog.String("KeyName", sftpKeyName), slog.Any(utils.ErrorKey, err)) return nil, err } @@ -114,7 +114,7 @@ func getSshClientHostKeyCallback(serverKey string) (ssh.HostKeyCallback, error) func getPublicKeysForSshClient(credentialGetter secrets.CredentialGetter) (ssh.Signer, error) { - userAuthenticationKeyName := utils.CA_PHL + "-sftp-key-" + utils.EnvironmentName() // pragma: allowlist secret + userAuthenticationKeyName := utils.CA_PHL + "-sftp-private-key-" + utils.EnvironmentName() // pragma: allowlist secret key, err := credentialGetter.GetSecret(userAuthenticationKeyName) if err != nil { diff --git a/src/sftp/handler_test.go b/src/sftp/handler_test.go index 5c84deea..20503632 100644 --- a/src/sftp/handler_test.go +++ b/src/sftp/handler_test.go @@ -48,7 +48,7 @@ func Test_NewSFTPHandler_UnableToGetSFTPServerPublicKeyNameSecret_ReturnsError(t assert.Nil(t, sftpHandler) assert.Error(t, err) - assert.Contains(t, buffer.String(), "Unable to get server key secret") + assert.Contains(t, buffer.String(), "Unable to get SFTP key secret") } func Test_NewSFTPHandler_UnableToGetSSHClientHostKeyCallback_ReturnsError(t *testing.T) { From 4beefc86bd6530f372d6cebd7c2f35cf96a32762 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Thu, 5 Sep 2024 15:37:21 -0600 Subject: [PATCH 25/54] added dash to reportstream key name Co-authored-by: Sylvie --- src/senders/report_stream_sender.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/senders/report_stream_sender.go b/src/senders/report_stream_sender.go index f2c5e0e9..6b041109 100644 --- a/src/senders/report_stream_sender.go +++ b/src/senders/report_stream_sender.go @@ -31,7 +31,7 @@ func NewSender() (Sender, error) { return Sender{}, err } // ca-phl-reportstream-private-key - reportStreamPrivateKeyName := utils.CA_PHL + "reportstream-private-key-" + utils.EnvironmentName() // pragma: allowlist secret + reportStreamPrivateKeyName := utils.CA_PHL + "-reportstream-private-key-" + utils.EnvironmentName() // pragma: allowlist secret return Sender{ baseUrl: os.Getenv("REPORT_STREAM_URL_PREFIX"), From 82e98e1a3a022586d7c8704308b42eb560335190 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Mon, 9 Sep 2024 11:43:10 -0600 Subject: [PATCH 26/54] Updated readme with additional cloud testing option. Co-authored-by: James Herr --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index a8d41d4c..60dfc5d2 100644 --- a/README.md +++ b/README.md @@ -120,6 +120,14 @@ In the `sftp` container, upload a file to an `import` folder. If that folder doe it by going to `Upload`, expanding `Advanced`, and putting `import` in the `Upload to folder` box! [upload_file.png](docs/upload_file.png) +or + +Log into CA SFTP and drop a file into the Output folder. +Then kick off the Azure Function in the portal. + +Credentials and URL can be found in Notion under CA Info. + + #### End-to-end Tests #### Load Testing From 4cba2000bb897b0852918d62a45eb234eda4f37f Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Mon, 9 Sep 2024 14:48:25 -0600 Subject: [PATCH 27/54] renamed mock files for consistency --- docker-compose.yml | 4 ++-- ...server-private-key-local => ca-phl-sftp-private-key-local} | 0 ...p-server-public-key-local => ca-phl-sftp-public-key-local} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename mock_credentials/{ca-phl-sftp-server-private-key-local => ca-phl-sftp-private-key-local} (100%) rename mock_credentials/{ca-phl-sftp-server-public-key-local => ca-phl-sftp-public-key-local} (100%) diff --git a/docker-compose.yml b/docker-compose.yml index 3be954a6..96723308 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -95,8 +95,8 @@ services: environment: SFTP_USERS: ti_user:ti_password:::files volumes: - - ./mock_credentials/sftp-public-key-local:/home/ti_user/.ssh/keys/id_rsa.pub:ro - - ./mock_credentials/ca-phl-sftp-server-private-key-local:/etc/ssh/ssh_host_rsa_key + - ./mock_credentials/ca-phl-sftp-public-key-local:/home/ti_user/.ssh/keys/id_rsa.pub:ro + - ./mock_credentials/ca-phl-sftp-private-key-local:/etc/ssh/ssh_host_rsa_key - ./localdata/sftp_server_require_publickey.sh:/etc/sftp.d/sftp_server_require_publickey.sh - ./localdata/data/sftp:/home/ti_user/files ports: diff --git a/mock_credentials/ca-phl-sftp-server-private-key-local b/mock_credentials/ca-phl-sftp-private-key-local similarity index 100% rename from mock_credentials/ca-phl-sftp-server-private-key-local rename to mock_credentials/ca-phl-sftp-private-key-local diff --git a/mock_credentials/ca-phl-sftp-server-public-key-local b/mock_credentials/ca-phl-sftp-public-key-local similarity index 100% rename from mock_credentials/ca-phl-sftp-server-public-key-local rename to mock_credentials/ca-phl-sftp-public-key-local From 35ccd0e9486f44e854345b75854ca9c9fd2db7b6 Mon Sep 17 00:00:00 2001 From: jcrichlake Date: Thu, 12 Sep 2024 10:12:52 -0400 Subject: [PATCH 28/54] Attempting reverting client config to password --- src/sftp/handler.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/sftp/handler.go b/src/sftp/handler.go index f8809873..8f1cf565 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -52,10 +52,18 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } + sftpPasswordSecret := "sftp-password-" + utils.EnvironmentName() // pragma: allowlist secret + sftpPassword, err := credentialGetter.GetSecret(sftpPasswordSecret) + if err != nil { + slog.Error("Unable to get SFTP password secret", slog.String("KeyName", sftpPasswordSecret), slog.Any(utils.ErrorKey, err)) + return nil, err + } + config := &ssh.ClientConfig{ User: sftpUser, Auth: []ssh.AuthMethod{ - ssh.PublicKeys(pem), + //ssh.PublicKeys(pem), + ssh.Password(sftpPassword), }, HostKeyCallback: hostKeyCallback, } From 1aeae908f2a6e176b9e680e782a589ebda8707f1 Mon Sep 17 00:00:00 2001 From: jcrichlake Date: Thu, 12 Sep 2024 11:32:18 -0400 Subject: [PATCH 29/54] Adding hostkey Algorithm --- src/sftp/handler.go | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/sftp/handler.go b/src/sftp/handler.go index 8f1cf565..f9f50ea5 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -52,18 +52,13 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } - sftpPasswordSecret := "sftp-password-" + utils.EnvironmentName() // pragma: allowlist secret - sftpPassword, err := credentialGetter.GetSecret(sftpPasswordSecret) - if err != nil { - slog.Error("Unable to get SFTP password secret", slog.String("KeyName", sftpPasswordSecret), slog.Any(utils.ErrorKey, err)) - return nil, err - } - config := &ssh.ClientConfig{ User: sftpUser, Auth: []ssh.AuthMethod{ - //ssh.PublicKeys(pem), - ssh.Password(sftpPassword), + ssh.PublicKeys(pem), + }, + HostKeyAlgorithms: []string{ + ssh.KeyAlgoDSA, }, HostKeyCallback: hostKeyCallback, } From f0247d5914ee11a87af7b410869b691eb70f2794 Mon Sep 17 00:00:00 2001 From: saquino0827 Date: Thu, 12 Sep 2024 11:27:01 -0500 Subject: [PATCH 30/54] Try using rsa-sha2-256 algorithm Co-authored-by: pluckyswan <96704946+pluckyswan@users.noreply.github.com> --- src/sftp/handler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sftp/handler.go b/src/sftp/handler.go index f9f50ea5..3564f0c0 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -58,7 +58,7 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er ssh.PublicKeys(pem), }, HostKeyAlgorithms: []string{ - ssh.KeyAlgoDSA, + ssh.KeyAlgoRSASHA256, }, HostKeyCallback: hostKeyCallback, } From 5908dfa967795c89d4d02dfc1ab4b0e8b89f901f Mon Sep 17 00:00:00 2001 From: jcrichlake Date: Thu, 12 Sep 2024 14:03:11 -0400 Subject: [PATCH 31/54] Correcting secret name Co-authored-by: pluckyswan <96704946+pluckyswan@users.noreply.github.com> Co-authored-by: saquino0827 Co-authored-by: James Herr Co-authored-by: halprin Co-authored-by: Sylvie --- src/sftp/handler.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/sftp/handler.go b/src/sftp/handler.go index 3564f0c0..ba1cd455 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -57,9 +57,6 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er Auth: []ssh.AuthMethod{ ssh.PublicKeys(pem), }, - HostKeyAlgorithms: []string{ - ssh.KeyAlgoRSASHA256, - }, HostKeyCallback: hostKeyCallback, } @@ -117,7 +114,7 @@ func getSshClientHostKeyCallback(serverKey string) (ssh.HostKeyCallback, error) func getPublicKeysForSshClient(credentialGetter secrets.CredentialGetter) (ssh.Signer, error) { - userAuthenticationKeyName := utils.CA_PHL + "-sftp-private-key-" + utils.EnvironmentName() // pragma: allowlist secret + userAuthenticationKeyName := utils.CA_PHL + "-sftp-key-" + utils.EnvironmentName() // pragma: allowlist secret key, err := credentialGetter.GetSecret(userAuthenticationKeyName) if err != nil { From c7b4c4568d44ad4287dd308cb0018501397efba8 Mon Sep 17 00:00:00 2001 From: jcrichlake Date: Thu, 12 Sep 2024 14:20:38 -0400 Subject: [PATCH 32/54] Fixing terraform name Co-authored-by: pluckyswan <96704946+pluckyswan@users.noreply.github.com> Co-authored-by: saquino0827 Co-authored-by: James Herr Co-authored-by: halprin Co-authored-by: Sylvie --- operations/template/key.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/template/key.tf b/operations/template/key.tf index 63013df0..2f6009b6 100644 --- a/operations/template/key.tf +++ b/operations/template/key.tf @@ -138,7 +138,7 @@ resource "azurerm_key_vault_secret" "ca_phl_sftp_user" { } resource "azurerm_key_vault_secret" "ca_phl_sftp_private_key" { - name = "ca-phl-sftp-private-key-${var.environment}" + name = "ca-phl-sftp-key-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id From 7ce4d238ebe16d36fac27a90f315f73f88521d63 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Thu, 12 Sep 2024 13:31:42 -0600 Subject: [PATCH 33/54] revert private key rename changes Co-authored-by: saquino0827 Co-authored-by: James Herr Co-authored-by: jcrichlake <145698165+jcrichlake@users.noreply.github.com> Co-authored-by: halprin --- operations/template/key.tf | 14 +------------- src/sftp/handler.go | 2 +- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/operations/template/key.tf b/operations/template/key.tf index 2f6009b6..5dc57a24 100644 --- a/operations/template/key.tf +++ b/operations/template/key.tf @@ -77,18 +77,6 @@ resource "azurerm_key_vault_access_policy" "allow_container_registry_wrapping" { } -resource "azurerm_key_vault_secret" "mock_public_health_lab_private_key" { - name = "mock-public-health-lab-private-key-${var.environment}" - value = "dogcow" - - key_vault_id = azurerm_key_vault.key_storage.id - - lifecycle { - ignore_changes = [value] - } - depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret -} - resource "azurerm_key_vault_secret" "ca_phl_reportstream_private_key" { name = "ca-phl-reportstream-private-key-${var.environment}" value = "dogcow" @@ -138,7 +126,7 @@ resource "azurerm_key_vault_secret" "ca_phl_sftp_user" { } resource "azurerm_key_vault_secret" "ca_phl_sftp_private_key" { - name = "ca-phl-sftp-key-${var.environment}" + name = "ca-phl-sftp-private-key-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id diff --git a/src/sftp/handler.go b/src/sftp/handler.go index ba1cd455..5cba10b1 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -114,7 +114,7 @@ func getSshClientHostKeyCallback(serverKey string) (ssh.HostKeyCallback, error) func getPublicKeysForSshClient(credentialGetter secrets.CredentialGetter) (ssh.Signer, error) { - userAuthenticationKeyName := utils.CA_PHL + "-sftp-key-" + utils.EnvironmentName() // pragma: allowlist secret + userAuthenticationKeyName := utils.CA_PHL + "-sftp-key-private-" + utils.EnvironmentName() // pragma: allowlist secret key, err := credentialGetter.GetSecret(userAuthenticationKeyName) if err != nil { From cdcd4bef28a978349eb691c290dfb900ece7ebc9 Mon Sep 17 00:00:00 2001 From: halprin Date: Thu, 12 Sep 2024 14:47:33 -0600 Subject: [PATCH 34/54] Allow GitHub to Recover --- operations/template/key.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/operations/template/key.tf b/operations/template/key.tf index 5dc57a24..8b29b479 100644 --- a/operations/template/key.tf +++ b/operations/template/key.tf @@ -27,6 +27,7 @@ resource "azurerm_key_vault_access_policy" "allow_github_deployer" { "Get", "Delete", "Purge", + "Recover", ] key_permissions = [ @@ -178,4 +179,4 @@ resource "azurerm_key_vault_key" "customer_managed_key" { ] depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret -} \ No newline at end of file +} From 01607a2ca3b883321b2802f914d4f6f147e30b51 Mon Sep 17 00:00:00 2001 From: James Herr Date: Thu, 12 Sep 2024 16:12:20 -0500 Subject: [PATCH 35/54] Fixed private key name Co-Authored-By: Sylvie <38440028+somesylvie@users.noreply.github.com> Co-Authored-By: Samuel Aquino Co-Authored-By: Bella L. Quintero <96704946+pluckyswan@users.noreply.github.com> Co-Authored-By: halprin --- src/sftp/handler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sftp/handler.go b/src/sftp/handler.go index 5cba10b1..f8809873 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -114,7 +114,7 @@ func getSshClientHostKeyCallback(serverKey string) (ssh.HostKeyCallback, error) func getPublicKeysForSshClient(credentialGetter secrets.CredentialGetter) (ssh.Signer, error) { - userAuthenticationKeyName := utils.CA_PHL + "-sftp-key-private-" + utils.EnvironmentName() // pragma: allowlist secret + userAuthenticationKeyName := utils.CA_PHL + "-sftp-private-key-" + utils.EnvironmentName() // pragma: allowlist secret key, err := credentialGetter.GetSecret(userAuthenticationKeyName) if err != nil { From b444f6f1e40dcd3911050d1aeafb6f2c798a52a6 Mon Sep 17 00:00:00 2001 From: halprin Date: Fri, 13 Sep 2024 11:14:56 -0600 Subject: [PATCH 36/54] Rename secrets associated with the CA PHL SFTP host key Co-authored-by: jcrichlake --- docker-compose.yml | 2 +- mock_credentials/ca-phl-private-key-local | 0 ...p-private-key-local => ca-phl-sftp-host-private-key-local} | 0 ...ftp-public-key-local => ca-phl-sftp-host-public-key-local} | 0 operations/template/key.tf | 4 ++-- src/sftp/handler.go | 2 +- 6 files changed, 4 insertions(+), 4 deletions(-) mode change 100644 => 100755 mock_credentials/ca-phl-private-key-local rename mock_credentials/{ca-phl-sftp-private-key-local => ca-phl-sftp-host-private-key-local} (100%) mode change 100644 => 100755 rename mock_credentials/{ca-phl-sftp-public-key-local => ca-phl-sftp-host-public-key-local} (100%) diff --git a/docker-compose.yml b/docker-compose.yml index 96723308..79dc8342 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -96,7 +96,7 @@ services: SFTP_USERS: ti_user:ti_password:::files volumes: - ./mock_credentials/ca-phl-sftp-public-key-local:/home/ti_user/.ssh/keys/id_rsa.pub:ro - - ./mock_credentials/ca-phl-sftp-private-key-local:/etc/ssh/ssh_host_rsa_key + - ./mock_credentials/ca-phl-sftp-host-private-key-local:/etc/ssh/ssh_host_rsa_key - ./localdata/sftp_server_require_publickey.sh:/etc/sftp.d/sftp_server_require_publickey.sh - ./localdata/data/sftp:/home/ti_user/files ports: diff --git a/mock_credentials/ca-phl-private-key-local b/mock_credentials/ca-phl-private-key-local old mode 100644 new mode 100755 diff --git a/mock_credentials/ca-phl-sftp-private-key-local b/mock_credentials/ca-phl-sftp-host-private-key-local old mode 100644 new mode 100755 similarity index 100% rename from mock_credentials/ca-phl-sftp-private-key-local rename to mock_credentials/ca-phl-sftp-host-private-key-local diff --git a/mock_credentials/ca-phl-sftp-public-key-local b/mock_credentials/ca-phl-sftp-host-public-key-local similarity index 100% rename from mock_credentials/ca-phl-sftp-public-key-local rename to mock_credentials/ca-phl-sftp-host-public-key-local diff --git a/operations/template/key.tf b/operations/template/key.tf index 8b29b479..191359d6 100644 --- a/operations/template/key.tf +++ b/operations/template/key.tf @@ -150,8 +150,8 @@ resource "azurerm_key_vault_secret" "ca_phl_sftp_server_address" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "ca_phl_sftp_public_key" { - name = "ca-phl-sftp-public-key-${var.environment}" +resource "azurerm_key_vault_secret" "ca_phl_sftp_host_public_key" { + name = "ca-phl-sftp-host-public-key-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id diff --git a/src/sftp/handler.go b/src/sftp/handler.go index f8809873..9900a317 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -32,7 +32,7 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } - sftpKeyName := utils.CA_PHL + "-sftp-public-key-" + utils.EnvironmentName() // pragma: allowlist secret + sftpKeyName := utils.CA_PHL + "-sftp-host-public-key-" + utils.EnvironmentName() // pragma: allowlist secret serverKey, err := credentialGetter.GetSecret(sftpKeyName) if err != nil { slog.Error("Unable to get SFTP key secret", slog.String("KeyName", sftpKeyName), slog.Any(utils.ErrorKey, err)) From a0a004be23cd651ce7ce025554294e6a59d9fe57 Mon Sep 17 00:00:00 2001 From: halprin Date: Fri, 13 Sep 2024 11:37:10 -0600 Subject: [PATCH 37/54] Rename secrets associated with the CA PHL SFTP user credential key Co-authored-by: jcrichlake Co-authored-by: pluckyswan --- docker-compose.yml | 2 +- mock_credentials/ca-phl-sftp-host-private-key-local | 0 ...ey-local => ca-phl-sftp-user-credential-private-key-local} | 0 ...key-local => ca-phl-sftp-user-credential-public-key-local} | 0 operations/template/key.tf | 4 ++-- src/sftp/handler.go | 2 +- 6 files changed, 4 insertions(+), 4 deletions(-) mode change 100755 => 100644 mock_credentials/ca-phl-sftp-host-private-key-local rename mock_credentials/{ca-phl-sftp-key-local => ca-phl-sftp-user-credential-private-key-local} (100%) mode change 100644 => 100755 rename mock_credentials/{sftp-public-key-local => ca-phl-sftp-user-credential-public-key-local} (100%) diff --git a/docker-compose.yml b/docker-compose.yml index 79dc8342..153c40c1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -95,7 +95,7 @@ services: environment: SFTP_USERS: ti_user:ti_password:::files volumes: - - ./mock_credentials/ca-phl-sftp-public-key-local:/home/ti_user/.ssh/keys/id_rsa.pub:ro + - ./mock_credentials/ca-phl-sftp-user-credential-public-key-local:/home/ti_user/.ssh/keys/id_rsa.pub:ro - ./mock_credentials/ca-phl-sftp-host-private-key-local:/etc/ssh/ssh_host_rsa_key - ./localdata/sftp_server_require_publickey.sh:/etc/sftp.d/sftp_server_require_publickey.sh - ./localdata/data/sftp:/home/ti_user/files diff --git a/mock_credentials/ca-phl-sftp-host-private-key-local b/mock_credentials/ca-phl-sftp-host-private-key-local old mode 100755 new mode 100644 diff --git a/mock_credentials/ca-phl-sftp-key-local b/mock_credentials/ca-phl-sftp-user-credential-private-key-local old mode 100644 new mode 100755 similarity index 100% rename from mock_credentials/ca-phl-sftp-key-local rename to mock_credentials/ca-phl-sftp-user-credential-private-key-local diff --git a/mock_credentials/sftp-public-key-local b/mock_credentials/ca-phl-sftp-user-credential-public-key-local similarity index 100% rename from mock_credentials/sftp-public-key-local rename to mock_credentials/ca-phl-sftp-user-credential-public-key-local diff --git a/operations/template/key.tf b/operations/template/key.tf index 191359d6..633bff5d 100644 --- a/operations/template/key.tf +++ b/operations/template/key.tf @@ -126,8 +126,8 @@ resource "azurerm_key_vault_secret" "ca_phl_sftp_user" { depends_on = [azurerm_key_vault_access_policy.allow_github_deployer] //wait for the permission that allows our deployer to write the secret } -resource "azurerm_key_vault_secret" "ca_phl_sftp_private_key" { - name = "ca-phl-sftp-private-key-${var.environment}" +resource "azurerm_key_vault_secret" "ca_phl_sftp_user_credential_private_key" { + name = "ca-phl-sftp-user-credential-private-key-${var.environment}" value = "dogcow" key_vault_id = azurerm_key_vault.key_storage.id diff --git a/src/sftp/handler.go b/src/sftp/handler.go index 9900a317..c870e16a 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -114,7 +114,7 @@ func getSshClientHostKeyCallback(serverKey string) (ssh.HostKeyCallback, error) func getPublicKeysForSshClient(credentialGetter secrets.CredentialGetter) (ssh.Signer, error) { - userAuthenticationKeyName := utils.CA_PHL + "-sftp-private-key-" + utils.EnvironmentName() // pragma: allowlist secret + userAuthenticationKeyName := utils.CA_PHL + "-sftp-user-credential-private-key-" + utils.EnvironmentName() // pragma: allowlist secret key, err := credentialGetter.GetSecret(userAuthenticationKeyName) if err != nil { From ef071401d0c56bde725ba5873f221f3b5c327dad Mon Sep 17 00:00:00 2001 From: halprin Date: Fri, 13 Sep 2024 11:49:45 -0600 Subject: [PATCH 38/54] Rename the mock secret for CA PHLs ReportStream key Co-authored-by: jcrichlake Co-authored-by: pluckyswan --- ...hl-private-key-local => ca-phl-reportstream-private-key-local} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename mock_credentials/{ca-phl-private-key-local => ca-phl-reportstream-private-key-local} (100%) diff --git a/mock_credentials/ca-phl-private-key-local b/mock_credentials/ca-phl-reportstream-private-key-local similarity index 100% rename from mock_credentials/ca-phl-private-key-local rename to mock_credentials/ca-phl-reportstream-private-key-local From 009f6a914865c11d9ac10ad2d94db3724ce4fc13 Mon Sep 17 00:00:00 2001 From: halprin Date: Fri, 13 Sep 2024 11:52:52 -0600 Subject: [PATCH 39/54] Revert the CA PHLs ReportStream client name to flexion.simulated-lab for now Co-authored-by: jcrichlake Co-authored-by: pluckyswan --- operations/template/app.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/template/app.tf b/operations/template/app.tf index e49fa0ed..3472b133 100644 --- a/operations/template/app.tf +++ b/operations/template/app.tf @@ -128,7 +128,7 @@ resource "azurerm_linux_web_app" "sftp" { AZURE_STORAGE_CONNECTION_STRING = azurerm_storage_account.storage.primary_blob_connection_string REPORT_STREAM_URL_PREFIX = "https://${local.rs_domain_prefix}prime.cdc.gov" AZURE_KEY_VAULT_URI = azurerm_key_vault.key_storage.vault_uri - CA_PHL_CLIENT_NAME = "ca-phl.etor-nbs-results" + CA_PHL_CLIENT_NAME = "flexion.simulated-lab" QUEUE_MAX_DELIVERY_ATTEMPTS = azurerm_eventgrid_system_topic_event_subscription.topic_sub.retry_policy.0.max_delivery_attempts # making the Azure container <-> queue retry count be in sync with the queue <-> application retry count.. } From 41ea59ce95c1bd6caa2b074baa23da7b8b7fa4ef Mon Sep 17 00:00:00 2001 From: halprin Date: Fri, 13 Sep 2024 16:16:27 -0600 Subject: [PATCH 40/54] Set PHL client name when running locally back to flexion.simulated-lab --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 153c40c1..6bf32c54 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: ENV: local # Uncomment the line below to call local report stream. Otherwise we'll use a mock response # REPORT_STREAM_URL_PREFIX: http://host.docker.internal:7071 - CA_PHL_CLIENT_NAME: ca-phl.etor-nbs-result + CA_PHL_CLIENT_NAME: flexion.simulated-lab QUEUE_MAX_DELIVERY_ATTEMPTS: 5 POLLING_TRIGGER_QUEUE_NAME: polling-trigger-queue volumes: From e94abc3ac1f7471ba426552936556e8d164f029d Mon Sep 17 00:00:00 2001 From: halprin Date: Fri, 13 Sep 2024 16:23:51 -0600 Subject: [PATCH 41/54] Do not log private keys. Co-authored-by: pluckyswan --- src/sftp/handler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sftp/handler.go b/src/sftp/handler.go index c870e16a..816b58ff 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -28,7 +28,7 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er pem, err := getPublicKeysForSshClient(credentialGetter) if err != nil { - slog.Error("Unable to get public keys for ssh client", slog.Any("KeyName", pem), slog.Any(utils.ErrorKey, err)) + slog.Error("Unable to get public keys for ssh client", slog.Any(utils.ErrorKey, err)) return nil, err } From 5e798b9be67f32e7b0387eace346da2876e21128 Mon Sep 17 00:00:00 2001 From: halprin Date: Fri, 13 Sep 2024 16:28:29 -0600 Subject: [PATCH 42/54] Improve logging and function names around the user credential private key Co-authored-by: pluckyswan --- src/sftp/handler.go | 8 ++++---- src/sftp/handler_test.go | 14 ++++++-------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/src/sftp/handler.go b/src/sftp/handler.go index 816b58ff..3dc03701 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -26,9 +26,9 @@ type SftpHandler struct { func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, error) { // In the future, we'll pass in info about what customer we're using (and thus what URL/key/password to use) - pem, err := getPublicKeysForSshClient(credentialGetter) + userCredentialPrivateKey, err := getUserCredentialPrivateKey(credentialGetter) if err != nil { - slog.Error("Unable to get public keys for ssh client", slog.Any(utils.ErrorKey, err)) + slog.Error("Unable to get user's credential private key", slog.Any(utils.ErrorKey, err)) return nil, err } @@ -55,7 +55,7 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er config := &ssh.ClientConfig{ User: sftpUser, Auth: []ssh.AuthMethod{ - ssh.PublicKeys(pem), + ssh.PublicKeys(userCredentialPrivateKey), }, HostKeyCallback: hostKeyCallback, } @@ -112,7 +112,7 @@ func getSshClientHostKeyCallback(serverKey string) (ssh.HostKeyCallback, error) return ssh.FixedHostKey(pk), nil } -func getPublicKeysForSshClient(credentialGetter secrets.CredentialGetter) (ssh.Signer, error) { +func getUserCredentialPrivateKey(credentialGetter secrets.CredentialGetter) (ssh.Signer, error) { userAuthenticationKeyName := utils.CA_PHL + "-sftp-user-credential-private-key-" + utils.EnvironmentName() // pragma: allowlist secret diff --git a/src/sftp/handler_test.go b/src/sftp/handler_test.go index 20503632..fad7287a 100644 --- a/src/sftp/handler_test.go +++ b/src/sftp/handler_test.go @@ -20,7 +20,7 @@ import ( const serverKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDg90HXaJnI1KtfJp8MWHxAwC00PvQCZKm4FRRdPGhEMepXIeLdjOtZV6LdePMT3WUmNkd6vaJ4EEmFUtH9lKLidALL9blOJF1iZKXK81JBJsds8axz5cqAau6aclgc9B1z2tAa+JtaSqN7uXvfPsrmsVss4jcOxX+thAhz7U6chN6ahabgIPqHBEjwvPlVNNbSqv0Q0eS4WaEEo/39tiXn5DYpPRC6DjuZ3m5s3VIgHznTv2Ufp3kcLcfEDZFwjm5XRWLNNvM5h3aW1vmr4lgBwuEzPV7CYIdIyDxe9V7YYcGfO+uu/VrDpY1wSmcD3lzHLLTbi5WWOurwiMsWIVRZfa/rmzuoTYknd5iJoiTyIWmR7L0FLfzPlDYJZmAWSdLZrZaUdD8SDIoKMSEV/5/ZzcI0wuoknis+zpyFqT0jfOy7E4GtG8pEQf7JGXaiExNd9TKxbRmaxp3Yv4WgPBThY39Va7EMUC/s0hX2Ah8pIWZG4Lze4x7Z4dElCOHDgnsl3Akc399jnIDfUY4bVn+rfBJntx9mBRaNnV1GqRodbSkHK5dTcZEmRslhuhsQVO2CxrlkPhFEe0XXpA3llO9YIkf4sCZDUbRFKPJiHyDhfrf2/HzkLndODdFaAnICYd51zOI1SgP3aFx60bZ2nPSoLs9DsR1LLIpz4uoiy5hCHw== sschuresko@flexion-mac-J40DPF4YQR" const user = "ti_user" -func Test_NewSFTPHandler_UnableToGetSshClientPublicKey_ReturnsError(t *testing.T) { +func Test_NewSFTPHandler_UnableToGetUserCredentialPrivateKey_ReturnsError(t *testing.T) { buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) @@ -31,7 +31,7 @@ func Test_NewSFTPHandler_UnableToGetSshClientPublicKey_ReturnsError(t *testing.T assert.Nil(t, sftpHandler) assert.Error(t, err) - assert.Contains(t, buffer.String(), "Unable to get public keys for ssh client") + assert.Contains(t, buffer.String(), "Unable to get user's credential private key") } func Test_NewSFTPHandler_UnableToGetSFTPServerPublicKeyNameSecret_ReturnsError(t *testing.T) { @@ -43,7 +43,7 @@ func Test_NewSFTPHandler_UnableToGetSFTPServerPublicKeyNameSecret_ReturnsError(t mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return("", errors.New("error")) - + sftpHandler, err := NewSftpHandler(mockCredentialGetter) assert.Nil(t, sftpHandler) @@ -81,7 +81,6 @@ func Test_NewSFTPHandler_UnableToGetSFTPUserNameSecret_ReturnsError(t *testing.T mockCredentialGetter.On("GetSecret", mock.Anything).Return(serverKey, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return("", errors.New("error")) - sftpHandler, err := NewSftpHandler(mockCredentialGetter) assert.Nil(t, sftpHandler) @@ -122,7 +121,6 @@ func Test_NewSFTPHandler_UnableToDialIntoTCP_ReturnsError(t *testing.T) { mockCredentialGetter.On("GetSecret", mock.Anything).Return(user, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return("wrong-value", nil).Once() - sftpHandler, err := NewSftpHandler(mockCredentialGetter) assert.Nil(t, sftpHandler) @@ -153,7 +151,7 @@ func Test_getPublicKeysForSshClient_ReturnsPem(t *testing.T) { mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil) - pem, err := getPublicKeysForSshClient(mockCredentialGetter) + pem, err := getUserCredentialPrivateKey(mockCredentialGetter) mockCredentialGetter.AssertCalled(t, "GetSecret", mock.Anything) assert.NotNil(t, pem) @@ -165,7 +163,7 @@ func Test_getPublicKeysForSshClient_UnableToRetrieveSFTPKey_ReturnsError(t *test mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return("", errors.New(utils.ErrorKey)) - pem, err := getPublicKeysForSshClient(mockCredentialGetter) + pem, err := getUserCredentialPrivateKey(mockCredentialGetter) mockCredentialGetter.AssertCalled(t, "GetSecret", mock.Anything) assert.Nil(t, pem) @@ -179,7 +177,7 @@ func Test_getPublicKeysForSshClient_UnableToParsePrivateKey_ReturnsError(t *test mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil) - pem, err := getPublicKeysForSshClient(mockCredentialGetter) + pem, err := getUserCredentialPrivateKey(mockCredentialGetter) mockCredentialGetter.AssertCalled(t, "GetSecret", mock.Anything) assert.Nil(t, pem) From 53f7e7ce6bb54bc79f7bb48c7e7126fc9742a99f Mon Sep 17 00:00:00 2001 From: halprin Date: Fri, 13 Sep 2024 16:33:23 -0600 Subject: [PATCH 43/54] Improve logging for host public keys. Co-authored-by: pluckyswan --- src/sftp/handler.go | 10 +++++----- src/sftp/handler_test.go | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/sftp/handler.go b/src/sftp/handler.go index 3dc03701..04ab8635 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -32,16 +32,16 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er return nil, err } - sftpKeyName := utils.CA_PHL + "-sftp-host-public-key-" + utils.EnvironmentName() // pragma: allowlist secret - serverKey, err := credentialGetter.GetSecret(sftpKeyName) + hostPublicKeyName := utils.CA_PHL + "-sftp-host-public-key-" + utils.EnvironmentName() // pragma: allowlist secret + hostPublicKey, err := credentialGetter.GetSecret(hostPublicKeyName) if err != nil { - slog.Error("Unable to get SFTP key secret", slog.String("KeyName", sftpKeyName), slog.Any(utils.ErrorKey, err)) + slog.Error("Unable to get host public key", slog.String("KeyName", hostPublicKeyName), slog.Any(utils.ErrorKey, err)) return nil, err } - hostKeyCallback, err := getSshClientHostKeyCallback(serverKey) + hostKeyCallback, err := getSshClientHostKeyCallback(hostPublicKey) if err != nil { - slog.Error("Unable to get SSH Client Host Key", slog.Any("KeyName", hostKeyCallback), slog.Any(utils.ErrorKey, err)) + slog.Error("Unable construct the host key callback", slog.Any("KeyName", hostPublicKeyName), slog.Any(utils.ErrorKey, err)) return nil, err } diff --git a/src/sftp/handler_test.go b/src/sftp/handler_test.go index fad7287a..3f26407d 100644 --- a/src/sftp/handler_test.go +++ b/src/sftp/handler_test.go @@ -48,7 +48,7 @@ func Test_NewSFTPHandler_UnableToGetSFTPServerPublicKeyNameSecret_ReturnsError(t assert.Nil(t, sftpHandler) assert.Error(t, err) - assert.Contains(t, buffer.String(), "Unable to get SFTP key secret") + assert.Contains(t, buffer.String(), "Unable to get host public key") } func Test_NewSFTPHandler_UnableToGetSSHClientHostKeyCallback_ReturnsError(t *testing.T) { @@ -66,7 +66,7 @@ func Test_NewSFTPHandler_UnableToGetSSHClientHostKeyCallback_ReturnsError(t *tes assert.Nil(t, sftpHandler) assert.Error(t, err) - assert.Contains(t, buffer.String(), "Unable to get SSH Client Host Key") + assert.Contains(t, buffer.String(), "Unable construct the host key callback") } func Test_NewSFTPHandler_UnableToGetSFTPUserNameSecret_ReturnsError(t *testing.T) { From 051c954a7b6dfe3f3e1f6ef75d3d92ab71fb0b1d Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Fri, 13 Sep 2024 17:49:11 -0600 Subject: [PATCH 44/54] started README for secrets --- SECRETS.md | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 SECRETS.md diff --git a/SECRETS.md b/SECRETS.md new file mode 100644 index 00000000..2aa73801 --- /dev/null +++ b/SECRETS.md @@ -0,0 +1,40 @@ +# Secrets + +## Current Secrets + +Below are the secrets that currently exist in Azure KeyVault and what they represent: + +- ZIP password: `ca-phl-zip-password-env` +- SFTP starting directory: `ca-phl-sftp-starting-directory-env` +- SFTP server address: `ca-phl-sftp-server-address-env` +- SFTP username: `ca-phl-sftp-user-env` +- SFTP server host public key: `ca-phl-sftp-host-public-key-env` +- SFTP user private key: `ca-phl-sftp-user-credential-private-key-env` +- RS JWT signing key: `ca-phl-reportstream-private-key-env` + +## Types + +Currently, there are these types of keys: + +- To access to partners: + - To access report stream + - To access SFTP + +## Naming Convention + +The current naming convention for secrets is: + +- partner-name-user-type + +## Past Naming + +Previously, the secrets existed in a different name, here are the mappings from old to new: + +- `ca-dph-zip-password-env` => `ca-phl-zip-password-env` +- `sftp-starting-directory-env` => `ca-phl-sftp-starting-directory-env` +- `sftp-server-address-env` => `ca-phl-sftp-server-address-env` +- `sftp-user-env` => `ca-phl-sftp-user-env` +- `sftp-server-public-key-env` => `ca-phl-sftp-host-public-key-env` +- `sftp-key-env` => `ca-phl-sftp-user-credential-private-key-env` +- `mock-public-health-lab-private-key-env` => `ca-phl-reportstream-private-key-env` + From 51e8e89b999aba7c4b3e14c7a95e9af965ac09ea Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Fri, 13 Sep 2024 18:20:39 -0600 Subject: [PATCH 45/54] continued refinements --- SECRETS.md | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/SECRETS.md b/SECRETS.md index 2aa73801..6c6fb96b 100644 --- a/SECRETS.md +++ b/SECRETS.md @@ -1,5 +1,7 @@ # Secrets +Rotating secrets is tricky and tedious, the purpose of this document is to align contributors with the current state of secrets and ensure they continue to align as secrets are created/renamed or deleted. + ## Current Secrets Below are the secrets that currently exist in Azure KeyVault and what they represent: @@ -12,23 +14,27 @@ Below are the secrets that currently exist in Azure KeyVault and what they repre - SFTP user private key: `ca-phl-sftp-user-credential-private-key-env` - RS JWT signing key: `ca-phl-reportstream-private-key-env` -## Types +### Types + +Currently, there are two types of secrets to access our partners. Each secret associated with said service will contain one its name after the partner's name: + +- To access ReportStream: `reportstream` +- To access SFTP: `sftp` -Currently, there are these types of keys: +There are also two types of keys using RSA: -- To access to partners: - - To access report stream - - To access SFTP +- Private key, distinguished by .pem ending +- Public key, distinguished by .pem.pub ending ## Naming Convention The current naming convention for secrets is: -- partner-name-user-type +- [partner-name]-[associated-service]-[purpose] -## Past Naming +### Past Naming -Previously, the secrets existed in a different name, here are the mappings from old to new: +Previously, the secrets existed in a different name, for prosperity here are the mappings from old to new: - `ca-dph-zip-password-env` => `ca-phl-zip-password-env` - `sftp-starting-directory-env` => `ca-phl-sftp-starting-directory-env` From 2a3c9f8223e48fb3de50b9ebe04de3fe8e2b8b43 Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Fri, 13 Sep 2024 18:27:58 -0600 Subject: [PATCH 46/54] pulled duplicate variables in tests into constants --- src/sftp/handler_test.go | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/src/sftp/handler_test.go b/src/sftp/handler_test.go index 3f26407d..8715227f 100644 --- a/src/sftp/handler_test.go +++ b/src/sftp/handler_test.go @@ -19,6 +19,10 @@ import ( const serverKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDg90HXaJnI1KtfJp8MWHxAwC00PvQCZKm4FRRdPGhEMepXIeLdjOtZV6LdePMT3WUmNkd6vaJ4EEmFUtH9lKLidALL9blOJF1iZKXK81JBJsds8axz5cqAau6aclgc9B1z2tAa+JtaSqN7uXvfPsrmsVss4jcOxX+thAhz7U6chN6ahabgIPqHBEjwvPlVNNbSqv0Q0eS4WaEEo/39tiXn5DYpPRC6DjuZ3m5s3VIgHznTv2Ufp3kcLcfEDZFwjm5XRWLNNvM5h3aW1vmr4lgBwuEzPV7CYIdIyDxe9V7YYcGfO+uu/VrDpY1wSmcD3lzHLLTbi5WWOurwiMsWIVRZfa/rmzuoTYknd5iJoiTyIWmR7L0FLfzPlDYJZmAWSdLZrZaUdD8SDIoKMSEV/5/ZzcI0wuoknis+zpyFqT0jfOy7E4GtG8pEQf7JGXaiExNd9TKxbRmaxp3Yv4WgPBThY39Va7EMUC/s0hX2Ah8pIWZG4Lze4x7Z4dElCOHDgnsl3Akc399jnIDfUY4bVn+rfBJntx9mBRaNnV1GqRodbSkHK5dTcZEmRslhuhsQVO2CxrlkPhFEe0XXpA3llO9YIkf4sCZDUbRFKPJiHyDhfrf2/HzkLndODdFaAnICYd51zOI1SgP3aFx60bZ2nPSoLs9DsR1LLIpz4uoiy5hCHw== sschuresko@flexion-mac-J40DPF4YQR" const user = "ti_user" +const secretValue = "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret +const invalidSecretValue = "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret +const invalidServerKey = "AAAAB3NzaC1yc2EAAAADAQABAAACAQDg90HXaJnI1KtfJp8MWHxAwC00PvQCZKm4FRRdPGhEMepXIeLdjOtZV6LdePMT3WUmNkd6vaJ4EEmFUtH9lKLidALL9blOJF1iZKXK81JBJsds8axz5cqAau6aclgc9B1z2tAa+JtaSqN7uXvfPsrmsVss4jcOxX+thAhz7U6chN6ahabgIPqHBEjwvPlVNNbSqv0Q0eS4WaEEo/39tiXn5DYpPRC6DjuZ3m5s3VIgHznTv2Ufp3kcLcfEDZFwjm5XRWLNNvM5h3aW1vmr4lgBwuEzPV7CYIdIyDxe9V7YYcGfO+uu/VrDpY1wSmcD3lzHLLTbi5WWOurwiMsWIVRZfa/rmzuoTYknd5iJoiTyIWmR7L0FLfzPlDYJZmAWSdLZrZaUdD8SDIoKMSEV/5/ZzcI0wuoknis+zpyFqT0jfOy7E4GtG8pEQf7JGXaiExNd9TKxbRmaxp3Yv4WgPBThY39Va7EMUC/s0hX2Ah8pIWZG4Lze4x7Z4dElCOHDgnsl3Akc399jnIDfUY4bVn+rfBJntx9mBRaNnV1GqRodbSkHK5dTcZEmRslhuhsQVO2CxrlkPhFEe0XXpA3llO9YIkf4sCZDUbRFKPJiHyDhfrf2/HzkLndODdFaAnICYd51zOI1SgP3aFx60bZ2nPSoLs9DsR1LLIpz4uoiy5hCHw== sschuresko@flexion-mac-J40DPF4YQR" + func Test_NewSFTPHandler_UnableToGetUserCredentialPrivateKey_ReturnsError(t *testing.T) { buffer, defaultLogger := utils.SetupLogger() @@ -37,9 +41,7 @@ func Test_NewSFTPHandler_UnableToGetUserCredentialPrivateKey_ReturnsError(t *tes func Test_NewSFTPHandler_UnableToGetSFTPServerPublicKeyNameSecret_ReturnsError(t *testing.T) { buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) - - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret - + mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return("", errors.New("error")) @@ -55,8 +57,6 @@ func Test_NewSFTPHandler_UnableToGetSSHClientHostKeyCallback_ReturnsError(t *tes buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret - mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil) @@ -73,8 +73,6 @@ func Test_NewSFTPHandler_UnableToGetSFTPUserNameSecret_ReturnsError(t *testing.T buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret - mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() @@ -92,8 +90,6 @@ func Test_NewSFTPHandler_UnableToGetSFTPServerAddressName_ReturnsError(t *testin buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret - mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() @@ -112,8 +108,6 @@ func Test_NewSFTPHandler_UnableToDialIntoTCP_ReturnsError(t *testing.T) { buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret - mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() @@ -137,17 +131,13 @@ func Test_getSshClientHostKeyCallback_ReturnsFixedHostKeyCallback(t *testing.T) } func Test_getSshClientHostKeyCallback_UnableToParseServerKey_ReturnsError(t *testing.T) { - serverKey := "AAAAB3NzaC1yc2EAAAADAQABAAACAQDg90HXaJnI1KtfJp8MWHxAwC00PvQCZKm4FRRdPGhEMepXIeLdjOtZV6LdePMT3WUmNkd6vaJ4EEmFUtH9lKLidALL9blOJF1iZKXK81JBJsds8axz5cqAau6aclgc9B1z2tAa+JtaSqN7uXvfPsrmsVss4jcOxX+thAhz7U6chN6ahabgIPqHBEjwvPlVNNbSqv0Q0eS4WaEEo/39tiXn5DYpPRC6DjuZ3m5s3VIgHznTv2Ufp3kcLcfEDZFwjm5XRWLNNvM5h3aW1vmr4lgBwuEzPV7CYIdIyDxe9V7YYcGfO+uu/VrDpY1wSmcD3lzHLLTbi5WWOurwiMsWIVRZfa/rmzuoTYknd5iJoiTyIWmR7L0FLfzPlDYJZmAWSdLZrZaUdD8SDIoKMSEV/5/ZzcI0wuoknis+zpyFqT0jfOy7E4GtG8pEQf7JGXaiExNd9TKxbRmaxp3Yv4WgPBThY39Va7EMUC/s0hX2Ah8pIWZG4Lze4x7Z4dElCOHDgnsl3Akc399jnIDfUY4bVn+rfBJntx9mBRaNnV1GqRodbSkHK5dTcZEmRslhuhsQVO2CxrlkPhFEe0XXpA3llO9YIkf4sCZDUbRFKPJiHyDhfrf2/HzkLndODdFaAnICYd51zOI1SgP3aFx60bZ2nPSoLs9DsR1LLIpz4uoiy5hCHw== sschuresko@flexion-mac-J40DPF4YQR" - actualParsedKeyCallback, err := getSshClientHostKeyCallback(serverKey) + actualParsedKeyCallback, err := getSshClientHostKeyCallback(invalidServerKey) assert.Nil(t, actualParsedKeyCallback) assert.Error(t, err) } func Test_getPublicKeysForSshClient_ReturnsPem(t *testing.T) { - - secretValue := "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret - mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil) @@ -159,7 +149,6 @@ func Test_getPublicKeysForSshClient_ReturnsPem(t *testing.T) { } func Test_getPublicKeysForSshClient_UnableToRetrieveSFTPKey_ReturnsError(t *testing.T) { - mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return("", errors.New(utils.ErrorKey)) @@ -171,11 +160,8 @@ func Test_getPublicKeysForSshClient_UnableToRetrieveSFTPKey_ReturnsError(t *test } func Test_getPublicKeysForSshClient_UnableToParsePrivateKey_ReturnsError(t *testing.T) { - - secretValue := "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret - mockCredentialGetter := new(mocks.MockCredentialGetter) - mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil) + mockCredentialGetter.On("GetSecret", mock.Anything).Return(invalidSecretValue, nil) pem, err := getUserCredentialPrivateKey(mockCredentialGetter) From 7997456b060e417ab6f9a40b2497edd8ca7a427f Mon Sep 17 00:00:00 2001 From: Bella Luz Quintero Date: Fri, 13 Sep 2024 18:34:05 -0600 Subject: [PATCH 47/54] added commemt for CA_PHL constant --- src/utils/constants.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/utils/constants.go b/src/utils/constants.go index b079cf36..fcd8f2e3 100644 --- a/src/utils/constants.go +++ b/src/utils/constants.go @@ -29,5 +29,6 @@ const ErrorKey = "error" // E.g. `slog.Info("Successfully copied file and removed from SFTP server", slog.Any(utils.FileNameKey, fileInfo.Name()))` const FileNameKey = "file name" -// +// The name to uniquely identify California's (CA) public health lab (PHL) +// Used to prepend CA-PHL specific secrets const CA_PHL = "ca-phl" From 8ba912f1db888f21c9840a1a8b320f5ace2c6e61 Mon Sep 17 00:00:00 2001 From: halprin Date: Mon, 16 Sep 2024 09:05:55 -0600 Subject: [PATCH 48/54] Spruce up the readme on secrets --- .secrets.baseline | 105 +++++++++++++++++++++++++++++++++++++++++++++- README.md | 12 ++++-- SECRETS.md | 68 +++++++++++++++++------------- 3 files changed, 151 insertions(+), 34 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 66e60883..ebcab454 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -90,6 +90,10 @@ { "path": "detect_secrets.filters.allowlist.is_line_allowlisted" }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, { "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", "min_level": 2 @@ -122,6 +126,103 @@ "path": "detect_secrets.filters.heuristic.is_templated_secret" } ], - "results": {}, - "generated_at": "2024-05-15T17:31:59Z" + "results": { + ".github/workflows/prod-deploy.yml": [ + { + "type": "Secret Keyword", + "filename": ".github/workflows/prod-deploy.yml", + "hashed_secret": "3e26d6750975d678acb8fa35a0f69237881576b0", + "is_verified": false, + "line_number": 12, + "is_secret": false + } + ], + "SECRETS.md": [ + { + "type": "Secret Keyword", + "filename": "SECRETS.md", + "hashed_secret": "4ea048262c33345f67eb41df9f916812bf143cc4", + "is_verified": false, + "line_number": 11, + "is_secret": false + } + ], + "azure_functions/local.settings.json": [ + { + "type": "Azure Storage Account access key", + "filename": "azure_functions/local.settings.json", + "hashed_secret": "5666459779d6a76bea73453137803fd27d8f79cd", + "is_verified": false, + "line_number": 7, + "is_secret": false + } + ], + "mock_credentials/ca-phl-reportstream-private-key-local": [ + { + "type": "Private Key", + "filename": "mock_credentials/ca-phl-reportstream-private-key-local", + "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9", + "is_verified": false, + "line_number": 1, + "is_secret": false + } + ], + "mock_credentials/ca-phl-sftp-host-private-key-local": [ + { + "type": "Private Key", + "filename": "mock_credentials/ca-phl-sftp-host-private-key-local", + "hashed_secret": "27c6929aef41ae2bcadac15ca6abcaff72cda9cd", + "is_verified": false, + "line_number": 1, + "is_secret": false + } + ], + "mock_credentials/ca-phl-sftp-user-credential-private-key-local": [ + { + "type": "Private Key", + "filename": "mock_credentials/ca-phl-sftp-user-credential-private-key-local", + "hashed_secret": "27c6929aef41ae2bcadac15ca6abcaff72cda9cd", + "is_verified": false, + "line_number": 1, + "is_secret": false + } + ], + "src/orchestration/queue_test.go": [ + { + "type": "Azure Storage Account access key", + "filename": "src/orchestration/queue_test.go", + "hashed_secret": "5666459779d6a76bea73453137803fd27d8f79cd", + "is_verified": false, + "line_number": 35, + "is_secret": false + }, + { + "type": "Secret Keyword", + "filename": "src/orchestration/queue_test.go", + "hashed_secret": "8f5ef7ea81fecd1995e8920912b87b232ab41d42", + "is_verified": false, + "line_number": 35, + "is_secret": false + } + ], + "src/senders/report_stream_sender_test.go": [ + { + "type": "Secret Keyword", + "filename": "src/senders/report_stream_sender_test.go", + "hashed_secret": "493a7b3422cad32ee6eeec182085be8a776a27da", + "is_verified": false, + "line_number": 18, + "is_secret": false + }, + { + "type": "JSON Web Token", + "filename": "src/senders/report_stream_sender_test.go", + "hashed_secret": "60cedfd5328355305997af2d7cb822adcd358490", + "is_verified": false, + "line_number": 96, + "is_secret": false + } + ] + }, + "generated_at": "2024-09-16T15:04:44Z" } diff --git a/README.md b/README.md index 60dfc5d2..d2264d63 100644 --- a/README.md +++ b/README.md @@ -120,12 +120,12 @@ In the `sftp` container, upload a file to an `import` folder. If that folder doe it by going to `Upload`, expanding `Advanced`, and putting `import` in the `Upload to folder` box! [upload_file.png](docs/upload_file.png) -or +or -Log into CA SFTP and drop a file into the Output folder. -Then kick off the Azure Function in the portal. +Log into CA SFTP and drop a file into the Output folder. +Then kick off the Azure Function in the portal. -Credentials and URL can be found in Notion under CA Info. +Credentials and URL can be found in Notion under CA Info. #### End-to-end Tests @@ -181,6 +181,10 @@ PR reviews before merge. The Production environment is the real deal. It deploys to a CDC Azure Entra domain and subscription. Deployments occur when a release is published. +### Secrets + +See [SECRETS.md](./SECRETS.md) for a description of our secrets. + ## Related documents * [Azure Functions and Typescript](/azure_functions/src/README.md) diff --git a/SECRETS.md b/SECRETS.md index 6c6fb96b..7fc3d969 100644 --- a/SECRETS.md +++ b/SECRETS.md @@ -1,46 +1,58 @@ # Secrets -Rotating secrets is tricky and tedious, the purpose of this document is to align contributors with the current state of secrets and ensure they continue to align as secrets are created/renamed or deleted. +Rotating secrets is tricky and tedious, the purpose of this document is to align contributors with the current state of +secrets and ensure they continue to align as secrets are created/renamed or deleted. ## Current Secrets -Below are the secrets that currently exist in Azure KeyVault and what they represent: +Below are the secrets that currently exist in Azure KeyVault and what they represent. The `env` part represents the +environment, such as `dev`, `stg`, etc. -- ZIP password: `ca-phl-zip-password-env` -- SFTP starting directory: `ca-phl-sftp-starting-directory-env` -- SFTP server address: `ca-phl-sftp-server-address-env` -- SFTP username: `ca-phl-sftp-user-env` -- SFTP server host public key: `ca-phl-sftp-host-public-key-env` -- SFTP user private key: `ca-phl-sftp-user-credential-private-key-env` -- RS JWT signing key: `ca-phl-reportstream-private-key-env` +- ZIP password: `ca-phl-zip-password-env`. +- SFTP starting directory: `ca-phl-sftp-starting-directory-env`. +- SFTP server address: `ca-phl-sftp-server-address-env`. +- SFTP username: `ca-phl-sftp-user-env`. +- SFTP server host public key: `ca-phl-sftp-host-public-key-env`. +- SFTP user credential private key: `ca-phl-sftp-user-credential-private-key-env`. +- RS JWT signing key: `ca-phl-reportstream-private-key-env`. -### Types +## Naming Convention -Currently, there are two types of secrets to access our partners. Each secret associated with said service will contain one its name after the partner's name: +The current naming convention for secrets is: [partner-name]-[associated-service]-[purpose] -- To access ReportStream: `reportstream` -- To access SFTP: `sftp` +If we ever have private keys or public keys, include whether it is a private or public key in the [purpose]. See our +existing secrets for inspiration. -There are also two types of keys using RSA: +## Types -- Private key, distinguished by .pem ending -- Public key, distinguished by .pem.pub ending +Currently, there are two types of secrets to access our partners. Each secret associated with said service will contain +one its name after the partner's name: -## Naming Convention +- To access ReportStream: `reportstream` is included in the name. +- To access SFTP: `sftp` is included in the name. + +There are also two types of secrets when it comes to connecting to an SFTP server. + +### The User Credentials + +This is represented as `user-credential-private-key` in our secrets. -The current naming convention for secrets is: +This is a private key that the user (us) has and use to authenticate to the SFTP server. The associated +public key is given to the SFTP server administrator before we try to connect. -- [partner-name]-[associated-service]-[purpose] +### The Server's Host Key -### Past Naming +This is represented as `sftp-host-public-key` in our secrets. -Previously, the secrets existed in a different name, for prosperity here are the mappings from old to new: +This is a public key that the user (us) has and use to ensure we are connecting to the correct SFTP server. The +associated private key is pre-created by the SFTP server administrator and installed on the SFTP server. We don't +create the public key, but we can get the public key when we connect to the server or the SFTP server administrator can +give it to us. -- `ca-dph-zip-password-env` => `ca-phl-zip-password-env` -- `sftp-starting-directory-env` => `ca-phl-sftp-starting-directory-env` -- `sftp-server-address-env` => `ca-phl-sftp-server-address-env` -- `sftp-user-env` => `ca-phl-sftp-user-env` -- `sftp-server-public-key-env` => `ca-phl-sftp-host-public-key-env` -- `sftp-key-env` => `ca-phl-sftp-user-credential-private-key-env` -- `mock-public-health-lab-private-key-env` => `ca-phl-reportstream-private-key-env` +## Local Secrets +We put mock secrets into [mock_credentials](./mock_credentials) that are used when running the service locally. There +are additional secrets in there than are used by our application. For example, we have a private key for our user +credentials as one of our secrets, but we need an associated public key to be installed on the mock SFTP server for this +to work. So, we have a public key that isn't used by our service but is used by our mock SFTP server to make the +authentication work. A similar concept applies to the SFTP host key and could apply to other secrets. From 540794a87cafc44bbd561272ce7c414139146e0d Mon Sep 17 00:00:00 2001 From: halprin Date: Mon, 16 Sep 2024 11:09:55 -0600 Subject: [PATCH 49/54] Update secrets readme --- SECRETS.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/SECRETS.md b/SECRETS.md index 7fc3d969..2273e393 100644 --- a/SECRETS.md +++ b/SECRETS.md @@ -5,7 +5,7 @@ secrets and ensure they continue to align as secrets are created/renamed or dele ## Current Secrets -Below are the secrets that currently exist in Azure KeyVault and what they represent. The `env` part represents the +Below are the secrets that currently exist in Azure KeyVault and what they represent. The `env` part represents the environment, such as `dev`, `stg`, etc. - ZIP password: `ca-phl-zip-password-env`. @@ -20,7 +20,7 @@ environment, such as `dev`, `stg`, etc. The current naming convention for secrets is: [partner-name]-[associated-service]-[purpose] -If we ever have private keys or public keys, include whether it is a private or public key in the [purpose]. See our +If we ever have private keys or public keys, include whether it is a private or public key in the [purpose]. See our existing secrets for inspiration. ## Types @@ -37,22 +37,22 @@ There are also two types of secrets when it comes to connecting to an SFTP serve This is represented as `user-credential-private-key` in our secrets. -This is a private key that the user (us) has and use to authenticate to the SFTP server. The associated +This is a private key that the user (us) has and uses to authenticate to the SFTP server. The associated public key is given to the SFTP server administrator before we try to connect. ### The Server's Host Key This is represented as `sftp-host-public-key` in our secrets. -This is a public key that the user (us) has and use to ensure we are connecting to the correct SFTP server. The -associated private key is pre-created by the SFTP server administrator and installed on the SFTP server. We don't +This is a public key that the user (us) has and uses to ensure we are connecting to the correct SFTP server. The +associated private key is pre-created by the SFTP server administrator and installed on the SFTP server. We don't create the public key, but we can get the public key when we connect to the server or the SFTP server administrator can give it to us. ## Local Secrets -We put mock secrets into [mock_credentials](./mock_credentials) that are used when running the service locally. There -are additional secrets in there than are used by our application. For example, we have a private key for our user +We put mock secrets into [mock_credentials](./mock_credentials) that are used when running the service locally. There +are additional secrets in there than are used by our application. For example, we have a private key for our user credentials as one of our secrets, but we need an associated public key to be installed on the mock SFTP server for this -to work. So, we have a public key that isn't used by our service but is used by our mock SFTP server to make the -authentication work. A similar concept applies to the SFTP host key and could apply to other secrets. +to work. So, we have a public key that isn't used by our service but is used by our mock SFTP server to make the +authentication work. A similar concept applies to the SFTP host key and could apply to other secrets. From 65e96202bc3d6fc4f27abc2dfd156fa828432bf9 Mon Sep 17 00:00:00 2001 From: halprin Date: Mon, 16 Sep 2024 11:15:49 -0600 Subject: [PATCH 50/54] More secrets documentation improvement --- SECRETS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECRETS.md b/SECRETS.md index 2273e393..b81839a5 100644 --- a/SECRETS.md +++ b/SECRETS.md @@ -29,7 +29,7 @@ Currently, there are two types of secrets to access our partners. Each secret as one its name after the partner's name: - To access ReportStream: `reportstream` is included in the name. -- To access SFTP: `sftp` is included in the name. +- To access an external SFTP site: `sftp` is included in the name. There are also two types of secrets when it comes to connecting to an SFTP server. From 8d3fb21572e52511c35322e22325be0b79aca5e1 Mon Sep 17 00:00:00 2001 From: halprin Date: Mon, 16 Sep 2024 11:35:42 -0600 Subject: [PATCH 51/54] Improve readme on how to manually upload to an SFTP server --- README.md | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d2264d63..4ce21591 100644 --- a/README.md +++ b/README.md @@ -114,18 +114,28 @@ As of 7/3/24, when we copy a file from the local SFTP server, we try to unzip it files into the import folder, and if there are any errors, we upload an error file for the zip. If the original file is not a zip, we just copy it into the import folder. -#### Manual cloud testing -To trigger file ingestion in a deployed environment, go to the `cdcrssftp{env}` storage account in the Azure portal. +#### Manual Cloud Testing + +##### Upload to Our Azure Container + +To trigger file ingestion in a deployed environment, go to the `cdcrssftp{env}` storage account in the Azure Portal. In the `sftp` container, upload a file to an `import` folder. If that folder doesn't already exist, you can create it by going to `Upload`, expanding `Advanced`, and putting `import` in the `Upload to folder` box! [upload_file.png](docs/upload_file.png) -or +##### Upload to SFTP Server + +Log into CA's SFTP staging environment and drop a file into the `OUTPUT` folder. You can either wait for one of our +lower environments to trigger, or you can manually trigger the Azure function from the Azure Portal. + +The credentials and domain name for CA's SFTP environment can be found in Keybase under CA Info. -Log into CA SFTP and drop a file into the Output folder. -Then kick off the Azure Function in the portal. +To manually trigger the Azure function... -Credentials and URL can be found in Notion under CA Info. +1. Go to the `polling-function-{env}` function app in the Azure Portal. +2. Navigate to the CORS section, and add `https://portal.azure.com` as an allowed origin. Click save. +3. Navigate back to the Overview section, and click on the trigger function. +4. Click on the Test/Run button, and then click on the Run button that pops-up. #### End-to-end Tests From dd0f1f0d14e9ce89e5a2b46311a686b4535eb86e Mon Sep 17 00:00:00 2001 From: halprin Date: Mon, 16 Sep 2024 11:40:38 -0600 Subject: [PATCH 52/54] Add bit about loggin in as a SU account --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4ce21591..5135f3c9 100644 --- a/README.md +++ b/README.md @@ -132,10 +132,11 @@ The credentials and domain name for CA's SFTP environment can be found in Keybas To manually trigger the Azure function... -1. Go to the `polling-function-{env}` function app in the Azure Portal. -2. Navigate to the CORS section, and add `https://portal.azure.com` as an allowed origin. Click save. -3. Navigate back to the Overview section, and click on the trigger function. -4. Click on the Test/Run button, and then click on the Run button that pops-up. +1. If this is in an Azure Entra domain environment, you will need to log in as your -SU account. +2. Go to the `polling-function-{env}` function app in the Azure Portal. +3. Navigate to the CORS section, and add `https://portal.azure.com` as an allowed origin. Click save. +4. Navigate back to the Overview section, and click on the trigger function. +5. Click on the Test/Run button, and then click on the Run button that pops-up. #### End-to-end Tests From c358168dfc627f29f6af07a94ee7fd6b60a8ed64 Mon Sep 17 00:00:00 2001 From: halprin Date: Mon, 16 Sep 2024 15:14:14 -0600 Subject: [PATCH 53/54] Update error string to not be posessive --- src/sftp/handler.go | 2 +- src/sftp/handler_test.go | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/sftp/handler.go b/src/sftp/handler.go index f909e6ed..e4981930 100644 --- a/src/sftp/handler.go +++ b/src/sftp/handler.go @@ -28,7 +28,7 @@ func NewSftpHandler(credentialGetter secrets.CredentialGetter) (*SftpHandler, er userCredentialPrivateKey, err := getUserCredentialPrivateKey(credentialGetter) if err != nil { - slog.Error("Unable to get user's credential private key", slog.Any(utils.ErrorKey, err)) + slog.Error("Unable to get user credential private key", slog.Any(utils.ErrorKey, err)) return nil, err } diff --git a/src/sftp/handler_test.go b/src/sftp/handler_test.go index ee346e74..a668a3d8 100644 --- a/src/sftp/handler_test.go +++ b/src/sftp/handler_test.go @@ -20,10 +20,9 @@ import ( const serverKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDg90HXaJnI1KtfJp8MWHxAwC00PvQCZKm4FRRdPGhEMepXIeLdjOtZV6LdePMT3WUmNkd6vaJ4EEmFUtH9lKLidALL9blOJF1iZKXK81JBJsds8axz5cqAau6aclgc9B1z2tAa+JtaSqN7uXvfPsrmsVss4jcOxX+thAhz7U6chN6ahabgIPqHBEjwvPlVNNbSqv0Q0eS4WaEEo/39tiXn5DYpPRC6DjuZ3m5s3VIgHznTv2Ufp3kcLcfEDZFwjm5XRWLNNvM5h3aW1vmr4lgBwuEzPV7CYIdIyDxe9V7YYcGfO+uu/VrDpY1wSmcD3lzHLLTbi5WWOurwiMsWIVRZfa/rmzuoTYknd5iJoiTyIWmR7L0FLfzPlDYJZmAWSdLZrZaUdD8SDIoKMSEV/5/ZzcI0wuoknis+zpyFqT0jfOy7E4GtG8pEQf7JGXaiExNd9TKxbRmaxp3Yv4WgPBThY39Va7EMUC/s0hX2Ah8pIWZG4Lze4x7Z4dElCOHDgnsl3Akc399jnIDfUY4bVn+rfBJntx9mBRaNnV1GqRodbSkHK5dTcZEmRslhuhsQVO2CxrlkPhFEe0XXpA3llO9YIkf4sCZDUbRFKPJiHyDhfrf2/HzkLndODdFaAnICYd51zOI1SgP3aFx60bZ2nPSoLs9DsR1LLIpz4uoiy5hCHw== sschuresko@flexion-mac-J40DPF4YQR" const user = "ti_user" const secretValue = "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" // pragma: allowlist secret -const invalidSecretValue = "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret +const invalidSecretValue = "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmzU8ySo21iuT7NAbuPJXmJ\nyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZYp3kboNvRI9gQiHtlYV+d\nawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4kUV385vKke4zDe7EH8g9\nvLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77Id/55yNIGr8gRBGPjtiwW\nBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5jSVCBpr8eIdo1iRuLLzLh\nmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7slEvHoOJPqMuiF+e3THpM\nk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoNR4DkNM7H9wi0wAwT74zG\nlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJQs/RI0WuZOZkczv7sNR6\nNvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSDznJntxRvPF+NVH58MtbP\n3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+65jvBUM8+8VJt8jNA6tcm\nUAAAdIBj7vigY+74oAAAAHc3NoLXJzYQAAAgEAumdM026JYzIrA3aNXWY4o6SMcxRyIxmz\nU8ySo21iuT7NAbuPJXmJyjw6WaMlIktUT1r/bV+/bOV41yNFiYUld7ZB6xIiBEESf7iNZY\np3kboNvRI9gQiHtlYV+dawQwFb35w+0mlvjR2faSCdFPs6p6GiZdn9k1qG+CewSB9UbqG4\nkUV385vKke4zDe7EH8g9vLPWosYIqEkgHAjPwEArc9izuXTCR2Dsl0xLfwcNc8Xf/Su77I\nd/55yNIGr8gRBGPjtiwWBMN0PSyV109yyDBq6vjeDDZ9SHKSoErYnhFHnTkjprIlgR9/5j\nSVCBpr8eIdo1iRuLLzLhmQ8DZN+y7OsAwlJc1kEa5U4ubwmFxMqoCNRPBhqXdm+LDIx+7s\nlEvHoOJPqMuiF+e3THpMk5vAwITlBVZtj3I/qkap2MR6lg+zkdW2cW8Ml+VxCmWT+sykoN\nR4DkNM7H9wi0wAwT74zGlQ72YSwvoaWMc3VSYPMpaVaJV+jhujBGUV3E2Ay9LfdR1oWZPJ\nQs/RI0WuZOZkczv7sNR6NvHLl6VIsHcnvYY+prmFmEwJ+bHsysVsp7m/In46GLgZr73MSD\nznJntxRvPF+NVH58MtbP3i9IECBCH0BCG0waYQooKM1grdf3+da8ZA+tbakRcPjO89Gn+6\n5jvBUM8+8VJt8jNA6tcmUAAAADAQABAAACAQCAqZTJy95g7dvqxAXHlis6KPYY6N/vgmnZ\nSbddvr8KBmMS8xdXUpDdWr0b6hRTm5NSQwlTwWcsDyhdtybkSVcXTmIpk5aPQSs3pXdTw0\nPM/pNFEjYJvo2OOdVpYdrAJUv5CKwEKGqrCOtjcPN76/0Mf/DMRK9W6oGHAD4ZSibJRi9T\ndpPZPouQNs5eq5QMK/cRLUDVkcOgBPl44Ewl8yULDWTgecsv4aLsu+jQgVmzs71rzqgkF1\nMd111CJxarL0SM6Ai+WW3CJ7py62M0yTCXiDP8xkuae4Pf0fTwo98MdxqmMFSKnCeq+Zgm\nnr8fDYQK8cdKIAzuQzycnVRGaHHjEIQSAVv3qfxzb2lk8qCB2NTGvjfMFITJoKYyPWb7Jj\nb41EPk8NZGqOVch5a44vvrHYsuNwdk40+YtNodQ0DREDTtvplAUcmSwZrIACj7I/PsYRZx\nWCiSlJ6UxpdBbFJ7HpTDwlPQMkUzmxVQzg+abtqI7mZPomS/EZ2xtNpwm98p0pyell9wGw\nsiZBi6Mt6iPsKDdQTK6XbTZnYnLuIzXcpSJ/gTAavvyn3D5Up2LUU/NmTpUsuqoTz/VSjb\ntlVaDiz2nmem3zvC1t01PV+aSo39Wg4AMG2moEo/buZhfAqXUMz1XmYJ3js0fY0HUoq4RS\nqfd90aWhqmQmcTbpkScQAAAQEAuMHiHwAGi34hprW61Qxmu1b3XlicLW0kSP5qjn4l6kM9\nT44J1KSbU90Bs/FZq9GPfYazHEPf4j1BleHEOcsOTLf86rfkJHtuebU1Lelv3nGGytlfc/\ny6NVXTQXdG/RDIHec3LXX6D/zqfYQPbG4T8flWJ5c7/JtVScflhRp1SmjesoHkgq83eZI9\nY0j9W8CLA/LrMQnEq8SzL1p+Cj2n2aIwZhX9hS/VkQFDmvZ0w9Z4rxNRnsMxwabni1A84g\nP7qDZltTpJZLZ9BRlhP9hkqmO8tlDH2Lj1j8DaxlUlPNVzJTUY+SjctE/eLvYSWduUHJ9w\npgZvfwzVfoRd67T0ZwAAAQEA4hzssuT34awOuP6SCg6tshu9ORfDmSiZHdolnNcOpe9GZm\ncg/aR4RcPjrpeQxEIEjlEBbvyXu+G5A3rr+SCnBduD0szzpAkVkAAy3+Tat9iNhrPxD5bU\nTc1VSaSiAln533cdgqBRAXp7zU5vXhD3DA1cWmhjoLnkggfp96kX9z13zw66n7IiQF9BDW\ns1AuUGhjFxtxXvkdncS4EjijwSSCSMu3ttEwpXrQXJjmbER5GkxEIX1jJTLgCukzEsAFG8\nwDVTBxB3QNi+luucoKRyzZlf2fc+m529M+QnVCxWu4ElQsssexDEX/mGdYU9IIDhP9KaRA\nRQ/OZX9/8tAPCHqwAAAQEA0wq11SyeNXx67U63Go2iQnTkKWIqjdVIuQd4vgdmXiHglmBE\nxTmd7VFNBZ7Waje4y7WmMVYdoCAlyOYpKGdwGX5HjE3r4D60HN7+zOYxSdUBUCJWykER1Y\nVjQxSwnSkh4Xdil3QK7Ql1nYRfNSgOwMHd5RyBglSC88eh2vtH5FU8OafzBYmfDkSAdyy2\n5vX83kv5oMUoliJuyFSz7b/AF3b+OAxVxwQfy1J+2ufErRbxNIePfc/EhoSD0MxZD8SebR\nZG0RV/SBTxh5UMmFKqx5OsXJuG7WRmuqqY8+LHDy0JtcKYeEYkSuX2u4JeY1xrcyVU9jM/\nx02R0p/Ln1ueLwAAAA1tZUBoYWxwcmluLmlvAQIDBA==\n-----END OPENSSH PRIVATE KEY-----\n" //pragma: allowlist secret const invalidServerKey = "AAAAB3NzaC1yc2EAAAADAQABAAACAQDg90HXaJnI1KtfJp8MWHxAwC00PvQCZKm4FRRdPGhEMepXIeLdjOtZV6LdePMT3WUmNkd6vaJ4EEmFUtH9lKLidALL9blOJF1iZKXK81JBJsds8axz5cqAau6aclgc9B1z2tAa+JtaSqN7uXvfPsrmsVss4jcOxX+thAhz7U6chN6ahabgIPqHBEjwvPlVNNbSqv0Q0eS4WaEEo/39tiXn5DYpPRC6DjuZ3m5s3VIgHznTv2Ufp3kcLcfEDZFwjm5XRWLNNvM5h3aW1vmr4lgBwuEzPV7CYIdIyDxe9V7YYcGfO+uu/VrDpY1wSmcD3lzHLLTbi5WWOurwiMsWIVRZfa/rmzuoTYknd5iJoiTyIWmR7L0FLfzPlDYJZmAWSdLZrZaUdD8SDIoKMSEV/5/ZzcI0wuoknis+zpyFqT0jfOy7E4GtG8pEQf7JGXaiExNd9TKxbRmaxp3Yv4WgPBThY39Va7EMUC/s0hX2Ah8pIWZG4Lze4x7Z4dElCOHDgnsl3Akc399jnIDfUY4bVn+rfBJntx9mBRaNnV1GqRodbSkHK5dTcZEmRslhuhsQVO2CxrlkPhFEe0XXpA3llO9YIkf4sCZDUbRFKPJiHyDhfrf2/HzkLndODdFaAnICYd51zOI1SgP3aFx60bZ2nPSoLs9DsR1LLIpz4uoiy5hCHw== sschuresko@flexion-mac-J40DPF4YQR" - func Test_NewSFTPHandler_UnableToGetUserCredentialPrivateKey_ReturnsError(t *testing.T) { buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) @@ -35,13 +34,13 @@ func Test_NewSFTPHandler_UnableToGetUserCredentialPrivateKey_ReturnsError(t *tes assert.Nil(t, sftpHandler) assert.Error(t, err) - assert.Contains(t, buffer.String(), "Unable to get user's credential private key") + assert.Contains(t, buffer.String(), "Unable to get user credential private key") } func Test_NewSFTPHandler_UnableToGetSFTPServerPublicKeyNameSecret_ReturnsError(t *testing.T) { buffer, defaultLogger := utils.SetupLogger() defer slog.SetDefault(defaultLogger) - + mockCredentialGetter := new(mocks.MockCredentialGetter) mockCredentialGetter.On("GetSecret", mock.Anything).Return(secretValue, nil).Once() mockCredentialGetter.On("GetSecret", mock.Anything).Return("", errors.New("error")) From aa8da4266995cc6902bb6f3abb8ef193d92488a1 Mon Sep 17 00:00:00 2001 From: halprin Date: Mon, 16 Sep 2024 16:08:53 -0600 Subject: [PATCH 54/54] comment back out the skipAPIVersionCheck --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6bf32c54..54e22b27 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -30,7 +30,7 @@ services: sftp-Azurite: image: mcr.microsoft.com/azure-storage/azurite # uncomment the line below to skip x-ms-version checks - command: azurite --skipApiVersionCheck --blobHost 0.0.0.0 --queueHost 0.0.0.0 + # command: azurite --skipApiVersionCheck --blobHost 0.0.0.0 --queueHost 0.0.0.0 volumes: # map to Azurite data objects to the build directory - ./localdata/data/azurite:/data