Missing acceptance tests for sq
The current sq
acceptance test suite (sq-sublot.md
) is reasonable coverage, but some things are missing. This issue lists what's missing, so they're not lost. It may be good to split this into sub-issues when work on this starts.
Need to feed stdin from named file
There are many subcommands that can optionally read input from stdin, rather than from a named file. Unfortunately, Subplot doesn't yet have a convenient way to implement that, so there are no scenarios for doing that. At least the following subcommands lack such scenarios.
-
sq keyring join
-
sq keyring filter
-
sq keyring list
-
sq armor
-
sq dearmor
-
sq encrypt
-
sq decrypt
sq keyring merge
This command is like sq keyring join
, but multiple versions of the same certificate are merged together. The join scenarios can be duplicated, with added verification that the merge happens. Basically, create a key, copy it, add different certificates to each, merge them, verify the result has one key with two certificates.
To do that, we either need to write custom steps, or Subplot needs to grow the ability to capture in a variable parts of the output of a command, and check that the captured value is as expected.
sq keyring split
How do we verify the expected files are created? The same output capture functionality as for sq keyring merge
would be useful here.
sq key adopt
This needs to be able to make sure the resulting key has the adopted key as a fingerprint. Capturing output from commands in Subplot seems like a suitable way to do that.
sq key attest-certifications
I ran out of time to implement this. The sq certify
command is certified, so attestation should be fairly easy, but may require improvements to Subplot.
sq key password
This require a way to feed a password via a pseudo terminal. Maybe with expect? We may need to write a custom step function for this, or help Subplot to grow one.
sq encrypt
The following options aren't tested:
--use-expired-subkey
--symmetric
--mode=transport,rest,all
--time
--private-key-store=STORE
sq sign
The following options aren't tested:
--notation NAME VALUE
--private-key-store
--time-TIME
sq autocrypt
I don't know this enough to write verification scenarios.
sq keyserver
This would require interacting with a key server, either a real one or a mock. That's too much work for now.
sq wkd
I don't yet know enough about WKD to write verification scenarios.
sq inspect, sq packet
Not sure how I would test these, especially before they can output JSON.
sq certify
The following options aren't tested:
--local
--non-revocable
--amount=TRUST
--depth=N
--expires=WHEN
--expires-in=DURATION
--notation NAME VALUE
--private-key-store=STORE
--regex=PATTERN
sq revoke
This is still being written.