Add Secrets test in ProgramData (DataDog#32438)

johntrogan · Jan 9, 2025 · 3f997d2 · 3f997d2
1 parent b7ca1f2
commit 3f997d2
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 5 deletions.
diff --git a/test/new-e2e/tests/agent-shared-components/secret/secret_win_test.go b/test/new-e2e/tests/agent-shared-components/secret/secret_win_test.go
@@ -7,6 +7,7 @@
 package secret
 
 import (
+	"strings"
 	"testing"
 	"time"
 
@@ -32,18 +33,22 @@ func TestWindowsRuntimeSecretSuite(t *testing.T) {
 	)))
 }
 
-func (v *windowsRuntimeSecretSuite) TestSecretRuntimeHostname() {
-	config := `secret_backend_command: C:\TestFolder\wrapper.bat
+func (v *windowsRuntimeSecretSuite) testSecretRuntimeHostname(wrapperDirectory string) {
+	config := `secret_backend_command: ` + wrapperDirectory + `\wrapper.bat
 secret_backend_arguments:
-  - 'C:\TestFolder'
+  - '` + wrapperDirectory + `'
 hostname: ENC[hostname]`
 
 	agentParams := []func(*agentparams.Params) error{
 		agentparams.WithAgentConfig(config),
 	}
-	agentParams = append(agentParams, secrets.WithWindowsSecretSetupScript("C:/TestFolder/wrapper.bat", false)...)
+	if strings.Contains(wrapperDirectory, "ProgramData") {
+		agentParams = append(agentParams, secrets.WithWindowsSecretSetupScriptNoPerms(wrapperDirectory+"/wrapper.bat")...)
+	} else {
+		agentParams = append(agentParams, secrets.WithWindowsSecretSetupScript(wrapperDirectory+"/wrapper.bat", false)...)
+	}
 
-	secretClient := secrets.NewSecretClient(v.T(), v.Env().RemoteHost, "C:/TestFolder")
+	secretClient := secrets.NewSecretClient(v.T(), v.Env().RemoteHost, wrapperDirectory)
 	secretClient.SetSecret("hostname", "e2e.test")
 
 	v.UpdateEnv(
@@ -61,3 +66,11 @@ hostname: ENC[hostname]`
 		}
 	}, 30*time.Second, 2*time.Second)
 }
+
+func (v *windowsRuntimeSecretSuite) TestSecretRuntimeHostname() {
+	v.testSecretRuntimeHostname(`C:/TestFolder`)
+}
+
+func (v *windowsRuntimeSecretSuite) TestSecretRuntimeHostnameProgramData() {
+	v.testSecretRuntimeHostname(`C:/ProgramData/DataDog/Test`)
+}
diff --git a/test/new-e2e/tests/agent-shared-components/secretsutils/helpers.go b/test/new-e2e/tests/agent-shared-components/secretsutils/helpers.go
@@ -60,6 +60,20 @@ func WithWindowsSecretSetupScript(wrapperPath string, allowGroupExec bool) []fun
 	}
 }
 
+// WithWindowsSecretSetupScriptNoPerms returns a list of agent params that setups a secret resolver script with no permissions.
+func WithWindowsSecretSetupScriptNoPerms(wrapperPath string) []func(*agentparams.Params) error {
+	wrapperPath = strings.ReplaceAll(wrapperPath, `\`, `/`)
+
+	dir, _ := filepath.Split(wrapperPath)
+	pythonScriptPath := filepath.Join(dir, "secret.py")
+	secretWrapperContent := fillSecretWrapperTemplate(strings.ReplaceAll(pythonScriptPath, "/", "\\"))
+
+	return []func(*agentparams.Params) error{
+		agentparams.WithFile(wrapperPath, secretWrapperContent, true),
+		agentparams.WithFile(pythonScriptPath, secretResolverScript, true),
+	}
+}
+
 // WithWindowsSecretPermissions returns a WindowsPermissions object containing correct permissions for a secret backend script.
 func WithWindowsSecretPermissions(allowGroupExec bool) option.Option[perms.FilePermissions] {
 	icaclsCmd := `/grant "ddagentuser:(RX)"`