blueprint-platform/tests/Core.Blueprint.KeyVault.UnitTests/UnitTest1.cs

using Core.Blueprint.KeyVault.Contracts;
using Core.Blueprint.KeyVault.DependencyInjection;
using Core.Blueprint.KeyVault.Runtime;
using Microsoft.Extensions.DependencyInjection;

namespace Core.Blueprint.KeyVault.UnitTests;

public class UnitTest1
{
    [Fact]
    public void AddBlueprintKeyVaultModule_WhenCalled_RegistersRuntimeSettings()
    {
        var services = new ServiceCollection();

        services.AddBlueprintKeyVaultModule("agile-vault", "vault");

        using var provider = services.BuildServiceProvider();
        var settings = provider.GetRequiredService<BlueprintKeyVaultRuntimeSettings>();

        Assert.Equal("agile-vault", settings.VaultName);
        Assert.Equal("vault", settings.SecretProviderName);
    }

    [Fact]
    public async Task AddBlueprintKeyVaultModule_WhenNoProviderBound_UsesNoOpProvider()
    {
        var services = new ServiceCollection();

        services.AddBlueprintKeyVaultModule("agile-vault");

        await using var provider = services.BuildServiceProvider();
        var secretProvider = provider.GetRequiredService<IBlueprintSecretProvider>();
        var result = await secretProvider.GetSecretAsync(
            new BlueprintSecretReference("thalos/oidc", "google-client-secret"));

        Assert.False(result.IsResolved);
        Assert.Null(result.Value);
        Assert.Equal("unconfigured", result.ProviderName);
    }

    [Fact]
    public async Task AddBlueprintKeyVaultModule_WhenProviderAlreadyRegistered_PreservesCustomProvider()
    {
        var services = new ServiceCollection();
        services.AddSingleton<IBlueprintSecretProvider, FakeSecretProvider>();

        services.AddBlueprintKeyVaultModule();

        await using var provider = services.BuildServiceProvider();
        var secretProvider = provider.GetRequiredService<IBlueprintSecretProvider>();
        var result = await secretProvider.GetSecretAsync(
            new BlueprintSecretReference("scope", "name", "v1"));

        Assert.True(result.IsResolved);
        Assert.Equal("custom-provider", result.ProviderName);
        Assert.Equal("secret-value", result.Value);
        Assert.Equal("v1", result.Version);
    }

    private sealed class FakeSecretProvider : IBlueprintSecretProvider
    {
        public ValueTask<BlueprintSecretResolutionResult> GetSecretAsync(
            BlueprintSecretReference reference,
            CancellationToken cancellationToken = default)
        {
            var result = BlueprintSecretResolutionResult.Resolved(
                "secret-value",
                "custom-provider",
                reference.Version);
            return ValueTask.FromResult(result);
        }
    }
}