Fix TestDestroySetsEncryptionsalt test and resulting bug #15432
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
While working on some other secret manager changes I found that
TestDestroySetsEncryptedkey
wasn't actually fully testing what we thought it was.Firstly it was a bad name, we're checking for
encryptionsalt
being set notencryptedkey
. But more importantly it wasn't checking that the salt stayed the same.Turned out
destroy
was loading the stack config, seeing noencryptionsalt
and so new'ing up a brand new passphrase secret manager and state and then saving that to the stack config.This is now fixed that the test asserts that the salt is exactly what's expected and I've fixed up the engine code to do this correctly.
Checklist
make tidy
to update any new dependenciesmake lint
to verify my code passes the lint checkgofumpt
make changelog
and committed thechangelog/pending/<file>
documenting my change