Skip to content

Commit 9ec9f2d

Browse files
tobyhedetobyhede
committed
test(sqlx): add ciphertext extraction and encrypted selector tests
Add test coverage for JSONB path operators with encrypted selectors: - eql_v2.ciphertext() extraction from arrow operator results - -> and ->> operators with eql_v2_encrypted selectors Tests verify ciphertext extraction functionality and encrypted selector handling across both single-row and multi-row scenarios.
1 parent 07e44b1 commit 9ec9f2d

File tree

1 file changed

+106
-0
lines changed

1 file changed

+106
-0
lines changed

tests/sqlx/tests/jsonb_path_operators_tests.rs

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -128,3 +128,109 @@ async fn arrow_operator_returns_metadata_fields(pool: PgPool) -> Result<()> {
128128

129129
Ok(())
130130
}
131+
132+
#[sqlx::test(fixtures(path = "../fixtures", scripts("encrypted_json")))]
133+
async fn ciphertext_function_extracts_from_arrow_result(pool: PgPool) -> Result<()> {
134+
// Test: eql_v2.ciphertext(e -> 'selector') extracts ciphertext value
135+
// SQL equivalent: src/operators/->_test.sql lines 60-75
136+
//
137+
// The ciphertext() function extracts the 'c' field from the encrypted JSONB structure.
138+
// When combined with the -> operator, it allows extracting ciphertext from nested paths.
139+
140+
let sql = format!(
141+
"SELECT eql_v2.ciphertext(e -> '{}'::text) FROM encrypted LIMIT 1",
142+
Selectors::N
143+
);
144+
145+
// Should return ciphertext value (a text string)
146+
QueryAssertion::new(&pool, &sql).returns_rows().await;
147+
148+
Ok(())
149+
}
150+
151+
#[sqlx::test(fixtures(path = "../fixtures", scripts("encrypted_json")))]
152+
async fn ciphertext_function_returns_all_rows(pool: PgPool) -> Result<()> {
153+
// Test: eql_v2.ciphertext() returns ciphertext for all encrypted rows
154+
// SQL equivalent: src/operators/->_test.sql lines 70-73
155+
156+
let sql = format!(
157+
"SELECT eql_v2.ciphertext(e -> '{}'::text) FROM encrypted",
158+
Selectors::N
159+
);
160+
161+
// All 3 records have $.n path, should return 3 ciphertext values
162+
QueryAssertion::new(&pool, &sql).count(3).await;
163+
164+
Ok(())
165+
}
166+
167+
#[sqlx::test(fixtures(path = "../fixtures", scripts("encrypted_json")))]
168+
async fn arrow_operator_with_encrypted_selector(pool: PgPool) -> Result<()> {
169+
// Test: e -> eql_v2_encrypted selector (encrypted selector)
170+
// SQL equivalent: src/operators/->_test.sql lines 39-56
171+
//
172+
// The -> operator can accept an eql_v2_encrypted value as the selector.
173+
// The selector is created from JSONB with structure: {"s": "selector_hash"}
174+
175+
let encrypted_selector = Selectors::as_encrypted(Selectors::ROOT);
176+
let sql = format!(
177+
"SELECT e -> '{}'::jsonb::eql_v2_encrypted FROM encrypted LIMIT 1",
178+
encrypted_selector
179+
);
180+
181+
QueryAssertion::new(&pool, &sql).returns_rows().await;
182+
183+
Ok(())
184+
}
185+
186+
#[sqlx::test(fixtures(path = "../fixtures", scripts("encrypted_json")))]
187+
async fn arrow_operator_with_encrypted_selector_all_rows(pool: PgPool) -> Result<()> {
188+
// Test: e -> eql_v2_encrypted selector returns all matching rows
189+
// SQL equivalent: src/operators/->_test.sql lines 51-54
190+
191+
let encrypted_selector = Selectors::as_encrypted(Selectors::ROOT);
192+
let sql = format!(
193+
"SELECT e -> '{}'::jsonb::eql_v2_encrypted FROM encrypted",
194+
encrypted_selector
195+
);
196+
197+
// All 3 records should have the root selector
198+
QueryAssertion::new(&pool, &sql).count(3).await;
199+
200+
Ok(())
201+
}
202+
203+
#[sqlx::test(fixtures(path = "../fixtures", scripts("encrypted_json")))]
204+
async fn double_arrow_operator_with_encrypted_selector(pool: PgPool) -> Result<()> {
205+
// Test: e ->> eql_v2_encrypted selector (encrypted selector)
206+
// SQL equivalent: src/operators/->>_test.sql lines 50-67
207+
//
208+
// The ->> operator can also accept an eql_v2_encrypted value as the selector.
209+
210+
let encrypted_selector = Selectors::as_encrypted(Selectors::ROOT);
211+
let sql = format!(
212+
"SELECT e ->> '{}'::jsonb::eql_v2_encrypted FROM encrypted LIMIT 1",
213+
encrypted_selector
214+
);
215+
216+
QueryAssertion::new(&pool, &sql).returns_rows().await;
217+
218+
Ok(())
219+
}
220+
221+
#[sqlx::test(fixtures(path = "../fixtures", scripts("encrypted_json")))]
222+
async fn double_arrow_operator_with_encrypted_selector_all_rows(pool: PgPool) -> Result<()> {
223+
// Test: e ->> eql_v2_encrypted selector returns all matching rows
224+
// SQL equivalent: src/operators/->>_test.sql lines 62-65
225+
226+
let encrypted_selector = Selectors::as_encrypted(Selectors::ROOT);
227+
let sql = format!(
228+
"SELECT e ->> '{}'::jsonb::eql_v2_encrypted FROM encrypted",
229+
encrypted_selector
230+
);
231+
232+
// All 3 records should have the root selector
233+
QueryAssertion::new(&pool, &sql).count(3).await;
234+
235+
Ok(())
236+
}

0 commit comments

Comments
 (0)