Add tests for kms and kms/apiv1 packages.

kms/apiv1/options_test.go

@@ -0,0 +1,51 @@
+package apiv1
+
+import (
+	"testing"
+)
+
+func TestOptions_Validate(t *testing.T) {
+	tests := []struct {
+		name    string
+		options *Options
+		wantErr bool
+	}{
+		{"nil", nil, false},
+		{"softkms", &Options{Type: "softkms"}, false},
+		{"cloudkms", &Options{Type: "cloudkms"}, false},
+		{"awskms", &Options{Type: "awskms"}, true},
+		{"pkcs11", &Options{Type: "pkcs11"}, true},
+		{"unsupported", &Options{Type: "unsupported"}, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := tt.options.Validate(); (err != nil) != tt.wantErr {
+				t.Errorf("Options.Validate() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
+func TestErrNotImplemented_Error(t *testing.T) {
+	type fields struct {
+		msg string
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   string
+	}{
+		{"default", fields{}, "not implemented"},
+		{"custom", fields{"custom message: not implemented"}, "custom message: not implemented"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			e := ErrNotImplemented{
+				msg: tt.fields.msg,
+			}
+			if got := e.Error(); got != tt.want {
+				t.Errorf("ErrNotImplemented.Error() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

kms/apiv1/requests.go

@@ -90,10 +90,12 @@ func (s SignatureAlgorithm) String() string {
 	}
 }
 
+// GetPublicKeyRequest is the parameter used in the kms.GetPublicKey method.
 type GetPublicKeyRequest struct {
 	Name string
 }
 
+// CreateKeyRequest is the parameter used in the kms.CreateKey method.
 type CreateKeyRequest struct {
 	Name               string
 	SignatureAlgorithm SignatureAlgorithm
@@ -104,6 +106,7 @@ type CreateKeyRequest struct {
 	ProtectionLevel ProtectionLevel
 }
 
+// CreateKeyResponse is the response value of the kms.CreateKey method.
 type CreateKeyResponse struct {
 	Name                string
 	PublicKey           crypto.PublicKey
@@ -111,6 +114,7 @@ type CreateKeyResponse struct {
 	CreateSignerRequest CreateSignerRequest
 }
 
+// CreateSignerRequest is the parameter used in the kms.CreateSigner method.
 type CreateSignerRequest struct {
 	Signer        crypto.Signer
 	SigningKey    string

kms/apiv1/requests_test.go

@@ -0,0 +1,51 @@
+package apiv1
+
+import "testing"
+
+func TestProtectionLevel_String(t *testing.T) {
+	tests := []struct {
+		name string
+		p    ProtectionLevel
+		want string
+	}{
+		{"unspecified", UnspecifiedProtectionLevel, "unspecified"},
+		{"software", Software, "software"},
+		{"hsm", HSM, "hsm"},
+		{"unknown", ProtectionLevel(100), "unknown(100)"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.p.String(); got != tt.want {
+				t.Errorf("ProtectionLevel.String() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestSignatureAlgorithm_String(t *testing.T) {
+	tests := []struct {
+		name string
+		s    SignatureAlgorithm
+		want string
+	}{
+		{"UnspecifiedSignAlgorithm", UnspecifiedSignAlgorithm, "unspecified"},
+		{"SHA256WithRSA", SHA256WithRSA, "SHA256-RSA"},
+		{"SHA384WithRSA", SHA384WithRSA, "SHA384-RSA"},
+		{"SHA512WithRSA", SHA512WithRSA, "SHA512-RSA"},
+		{"SHA256WithRSAPSS", SHA256WithRSAPSS, "SHA256-RSAPSS"},
+		{"SHA384WithRSAPSS", SHA384WithRSAPSS, "SHA384-RSAPSS"},
+		{"SHA512WithRSAPSS", SHA512WithRSAPSS, "SHA512-RSAPSS"},
+		{"ECDSAWithSHA256", ECDSAWithSHA256, "ECDSA-SHA256"},
+		{"ECDSAWithSHA384", ECDSAWithSHA384, "ECDSA-SHA384"},
+		{"ECDSAWithSHA512", ECDSAWithSHA512, "ECDSA-SHA512"},
+		{"PureEd25519", PureEd25519, "Ed25519"},
+		{"unknown", SignatureAlgorithm(100), "unknown(100)"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.s.String(); got != tt.want {
+				t.Errorf("SignatureAlgorithm.String() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

kms/kms_test.go

@@ -0,0 +1,45 @@
+package kms
+
+import (
+	"context"
+	"reflect"
+	"testing"
+
+	"github.com/smallstep/certificates/kms/apiv1"
+	"github.com/smallstep/certificates/kms/cloudkms"
+	"github.com/smallstep/certificates/kms/softkms"
+)
+
+func TestNew(t *testing.T) {
+	ctx := context.Background()
+
+	type args struct {
+		ctx  context.Context
+		opts apiv1.Options
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    KeyManager
+		wantErr bool
+	}{
+		{"softkms", args{ctx, apiv1.Options{Type: "softkms"}}, &softkms.SoftKMS{}, false},
+		{"default", args{ctx, apiv1.Options{}}, &softkms.SoftKMS{}, false},
+		{"cloudkms", args{ctx, apiv1.Options{Type: "cloudkms"}}, &cloudkms.CloudKMS{}, true}, // fails because not credentials
+		{"awskms", args{ctx, apiv1.Options{Type: "awskms"}}, nil, true},                      // not yet supported
+		{"pkcs11", args{ctx, apiv1.Options{Type: "pkcs11"}}, nil, true},                      // not yet supported
+		{"fail validation", args{ctx, apiv1.Options{Type: "foobar"}}, nil, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := New(tt.args.ctx, tt.args.opts)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("New() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if reflect.TypeOf(got) != reflect.TypeOf(tt.want) {
+				t.Errorf("New() = %T, want %T", got, tt.want)
+			}
+		})
+	}
+}