import json import os import subprocess from datetime import datetime, timedelta SCRIPT_PATH = "/home/jay/workspace/scripts/secret-rotation-check.py" def make_inventory(secrets, tmpdir): """헬퍼: 임시 인벤토리 파일 생성""" inv = {"version": "1.0", "last_checked": None, "rotation_policy_days": 90, "secrets": secrets} path = os.path.join(tmpdir, "secret-inventory.json") with open(path, "w") as f: json.dump(inv, f) return path def run_script(inventory_path, *args): """헬퍼: 스크립트 실행""" cmd = ["python3", SCRIPT_PATH, "--inventory", inventory_path] + list(args) result = subprocess.run(cmd, capture_output=True, text=True) return result class TestSecretRotationCheck: def test_all_ok(self, tmp_path): """모든 시크릿 정상일 때 exit code 0""" future = (datetime.now() + timedelta(days=30)).strftime("%Y-%m-%d") secrets = [ { "name": "TEST_KEY", "source_file": ".env", "owner": "test", "created_date": "2026-03-01", "last_rotated": "2026-03-01", "expires_date": future, "category": "test", "rotation_notes": "test", } ] inv_path = make_inventory(secrets, str(tmp_path)) result = run_script(inv_path) assert result.returncode == 0 def test_expired_detected(self, tmp_path): """만료된 시크릿 감지 → exit code 1""" past = (datetime.now() - timedelta(days=1)).strftime("%Y-%m-%d") secrets = [ { "name": "EXPIRED_KEY", "source_file": ".env", "owner": "test", "created_date": "2026-01-01", "last_rotated": "2026-01-01", "expires_date": past, "category": "test", "rotation_notes": "test", } ] inv_path = make_inventory(secrets, str(tmp_path)) result = run_script(inv_path) assert result.returncode == 1 assert "EXPIRED" in result.stdout def test_warning_14days(self, tmp_path): """14일 이내 만료 경고 → exit code 1""" soon = (datetime.now() + timedelta(days=7)).strftime("%Y-%m-%d") secrets = [ { "name": "SOON_KEY", "source_file": ".env", "owner": "test", "created_date": "2026-03-01", "last_rotated": "2026-03-01", "expires_date": soon, "category": "test", "rotation_notes": "test", } ] inv_path = make_inventory(secrets, str(tmp_path)) result = run_script(inv_path) assert result.returncode == 1 assert "WARNING" in result.stdout def test_json_output(self, tmp_path): """--json 출력 형식 검증""" future = (datetime.now() + timedelta(days=30)).strftime("%Y-%m-%d") secrets = [ { "name": "TEST_KEY", "source_file": ".env", "owner": "test", "created_date": "2026-03-01", "last_rotated": "2026-03-01", "expires_date": future, "category": "test", "rotation_notes": "test", } ] inv_path = make_inventory(secrets, str(tmp_path)) result = run_script(inv_path, "--json") assert result.returncode == 0 data = json.loads(result.stdout) assert "results" in data assert data["results"][0]["status"] == "OK" def test_update_checked(self, tmp_path): """--update-checked로 last_checked 갱신""" future = (datetime.now() + timedelta(days=30)).strftime("%Y-%m-%d") secrets = [ { "name": "TEST_KEY", "source_file": ".env", "owner": "test", "created_date": "2026-03-01", "last_rotated": "2026-03-01", "expires_date": future, "category": "test", "rotation_notes": "test", } ] inv_path = make_inventory(secrets, str(tmp_path)) result = run_script(inv_path, "--update-checked") assert result.returncode == 0 with open(inv_path) as f: updated = json.load(f) assert updated["last_checked"] is not None