Add test to prove migration between encrypters

adobe-apiplatform · Feb 3, 2020 · b60b9e9 · b60b9e9
1 parent 5c5d4a8
commit b60b9e9
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/common/scala/src/main/scala/org/apache/openwhisk/core/entity/Parameter.scala b/common/scala/src/main/scala/org/apache/openwhisk/core/entity/Parameter.scala
@@ -299,7 +299,7 @@ protected[core] object Parameters extends ArgNormalizer[Parameters] {
             i._2.asJsObject.getFields("value", "init", "encryption") match {
               case Seq(v: JsValue, JsBoolean(init), e: JsValue) if e != JsNull =>
                 val key = new ParameterName(i._1)
-                val value = ParameterValue(v, init, Some(JsString(e.toString())))
+                val value = ParameterValue(v, init, Some(JsString(e.convertTo[String])))
                 converted = converted + (key -> value)
               case Seq(v: JsValue, JsBoolean(init), e: JsValue) =>
                 val key = new ParameterName(i._1)

diff --git a/tests/src/test/scala/org/apache/openwhisk/core/entity/test/ParameterEncryptionTests.scala b/tests/src/test/scala/org/apache/openwhisk/core/entity/test/ParameterEncryptionTests.scala
@@ -172,6 +172,34 @@ class ParameterEncryptionTests extends FlatSpec with Matchers with BeforeAndAfte
         cancel(e.toString)
     }
   }
+  it should "support reverting back to Noop encryption" in {
+    ParameterEncryption.storageConfig = new ParameterStorageConfig("aes-128", "ra1V6AfOYAv0jCzEdufIFA==", "")
+    try {
+      val locked = ParameterEncryption.lock(parameters)
+      locked.getMap.map(({
+        case (_, paramValue) =>
+          paramValue.encryption.convertTo[String] shouldBe "aes-128"
+          paramValue.value.convertTo[String] should not be "secret"
+      }))
+
+      val lockedJson = locked.toJsObject
+
+      ParameterEncryption.storageConfig = new ParameterStorageConfig("", "ra1V6AfOYAv0jCzEdufIFA==", "")
+
+      val toDecrypt = Parameters.serdes.read(lockedJson)
+
+      val unlocked = ParameterEncryption.unlock(toDecrypt)
+      unlocked.getMap.map(({
+        case (_, paramValue) =>
+          paramValue.encryption shouldBe JsNull
+          paramValue.value.convertTo[String] shouldBe "secret"
+      }))
+      unlocked.toJsObject should not be JsNull
+    } catch {
+      case e: InvalidAlgorithmParameterException =>
+        cancel(e.toString)
+    }
+  }
 
   behavior of "NoopEncryption"
   it should "not mark parameters as encrypted" in {