1 files changed, 0 insertions, 195 deletions

diff --git a/cli/internal/cache/cache_signature_authentication_test.go b/cli/internal/cache/cache_signature_authentication_test.go
deleted file mode 100644
index 7f3f865..0000000
--- a/cli/internal/cache/cache_signature_authentication_test.go
+++ /dev/null
@@ -1,195 +0,0 @@
-// Adapted from ghttps://github.com/thought-machine/please
-// Copyright Thought Machine, Inc. or its affiliates. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-package cache
-
-import (
-	"crypto/hmac"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/json"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_SecretKeySuccess(t *testing.T) {
-	teamId := "team_someid"
-	secretKeyEnvName := "TURBO_REMOTE_CACHE_SIGNATURE_KEY"
-	secretKeyEnvValue := "my-secret-key-env"
-	t.Setenv(secretKeyEnvName, secretKeyEnvValue)
-
-	cases := []struct {
-		name                   string
-		asa                    *ArtifactSignatureAuthentication
-		expectedSecretKey      string
-		expectedSecretKeyError bool
-	}{
-		{
-			name: "Accepts secret key",
-			asa: &ArtifactSignatureAuthentication{
-				teamId:  teamId,
-				enabled: true,
-			},
-			expectedSecretKey:      secretKeyEnvValue,
-			expectedSecretKeyError: false,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.name, func(t *testing.T) {
-			secretKey, err := tc.asa.secretKey()
-			if tc.expectedSecretKeyError {
-				assert.Error(t, err)
-			} else {
-				assert.NoError(t, err)
-				assert.Equal(t, tc.expectedSecretKey, string(secretKey))
-			}
-		})
-	}
-}
-
-func Test_SecretKeyErrors(t *testing.T) {
-	teamId := "team_someid"
-
-	// Env secret key TURBO_REMOTE_CACHE_SIGNATURE_KEY is not set
-
-	cases := []struct {
-		name                   string
-		asa                    *ArtifactSignatureAuthentication
-		expectedSecretKey      string
-		expectedSecretKeyError bool
-	}{
-		{
-			name: "Secret key not defined errors",
-			asa: &ArtifactSignatureAuthentication{
-				teamId:  teamId,
-				enabled: true,
-			},
-			expectedSecretKey:      "",
-			expectedSecretKeyError: true,
-		},
-		{
-			name: "Secret key is empty errors",
-			asa: &ArtifactSignatureAuthentication{
-				teamId:  teamId,
-				enabled: true,
-			},
-			expectedSecretKey:      "",
-			expectedSecretKeyError: true,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.name, func(t *testing.T) {
-			secretKey, err := tc.asa.secretKey()
-			if tc.expectedSecretKeyError {
-				assert.Error(t, err)
-			} else {
-				assert.NoError(t, err)
-				assert.Equal(t, tc.expectedSecretKey, string(secretKey))
-			}
-		})
-	}
-}
-
-func Test_GenerateTagAndValidate(t *testing.T) {
-	teamId := "team_someid"
-	hash := "the-artifact-hash"
-	artifactBody := []byte("the artifact body as bytes")
-	secretKeyEnvName := "TURBO_REMOTE_CACHE_SIGNATURE_KEY"
-	secretKeyEnvValue := "my-secret-key-env"
-	t.Setenv(secretKeyEnvName, secretKeyEnvValue)
-
-	cases := []struct {
-		name                    string
-		asa                     *ArtifactSignatureAuthentication
-		expectedTagMatches      string
-		expectedTagDoesNotMatch string
-	}{
-		{
-			name: "Uses hash to generate tag",
-			asa: &ArtifactSignatureAuthentication{
-				teamId:  teamId,
-				enabled: true,
-			},
-			expectedTagMatches:      testUtilGetHMACTag(hash, teamId, artifactBody, secretKeyEnvValue),
-			expectedTagDoesNotMatch: testUtilGetHMACTag("wrong-hash", teamId, artifactBody, secretKeyEnvValue),
-		},
-		{
-			name: "Uses teamId to generate tag",
-			asa: &ArtifactSignatureAuthentication{
-				teamId:  teamId,
-				enabled: true,
-			},
-			expectedTagMatches:      testUtilGetHMACTag(hash, teamId, artifactBody, secretKeyEnvValue),
-			expectedTagDoesNotMatch: testUtilGetHMACTag(hash, "wrong-teamId", artifactBody, secretKeyEnvValue),
-		},
-		{
-			name: "Uses artifactBody to generate tag",
-			asa: &ArtifactSignatureAuthentication{
-				teamId:  teamId,
-				enabled: true,
-			},
-			expectedTagMatches:      testUtilGetHMACTag(hash, teamId, artifactBody, secretKeyEnvValue),
-			expectedTagDoesNotMatch: testUtilGetHMACTag(hash, teamId, []byte("wrong-artifact-body"), secretKeyEnvValue),
-		},
-		{
-			name: "Uses secret to generate tag",
-			asa: &ArtifactSignatureAuthentication{
-				teamId:  teamId,
-				enabled: true,
-			},
-			expectedTagMatches:      testUtilGetHMACTag(hash, teamId, artifactBody, secretKeyEnvValue),
-			expectedTagDoesNotMatch: testUtilGetHMACTag(hash, teamId, artifactBody, "wrong-secret"),
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.name, func(t *testing.T) {
-			tag, err := tc.asa.generateTag(hash, artifactBody)
-			assert.NoError(t, err)
-
-			// validates the tag
-			assert.Equal(t, tc.expectedTagMatches, tag)
-			isValid, err := tc.asa.validate(hash, artifactBody, tc.expectedTagMatches)
-			assert.NoError(t, err)
-			assert.True(t, isValid)
-
-			// does not validate the tag
-			assert.NotEqual(t, tc.expectedTagDoesNotMatch, tag)
-			isValid, err = tc.asa.validate(hash, artifactBody, tc.expectedTagDoesNotMatch)
-			assert.NoError(t, err)
-			assert.False(t, isValid)
-
-		})
-	}
-}
-
-// Test utils
-
-// Return the Base64 encoded HMAC given the artifact metadata and artifact body
-func testUtilGetHMACTag(hash string, teamId string, artifactBody []byte, secret string) string {
-	artifactMetadata := &struct {
-		Hash   string `json:"hash"`
-		TeamId string `json:"teamId"`
-	}{
-		Hash:   hash,
-		TeamId: teamId,
-	}
-	metadata, _ := json.Marshal(artifactMetadata)
-	h := hmac.New(sha256.New, []byte(secret))
-	h.Write(metadata)
-	h.Write(artifactBody)
-	return base64.StdEncoding.EncodeToString(h.Sum(nil))
-}
-
-func Test_Utils(t *testing.T) {
-	teamId := "team_someid"
-	secret := "my-secret"
-	hash := "the-artifact-hash"
-	artifactBody := []byte("the artifact body as bytes")
-	testTag := testUtilGetHMACTag(hash, teamId, artifactBody, secret)
-	expectedTag := "9Fu8YniPZ2dEBolTPQoNlFWG0LNMW8EXrBsRmf/fEHk="
-	assert.True(t, hmac.Equal([]byte(testTag), []byte(expectedTag)))
-}