From a7077ef99908da791efad3b756687b4a308c492f Mon Sep 17 00:00:00 2001
From: Robert Bolender <robertbolender@github.com>
Date: Mon, 10 Jul 2023 22:55:33 +0000
Subject: [PATCH] Assert secret scanning keys are restored in versions 3.8.0+

---
 test/test-ghe-restore.sh | 39 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/test/test-ghe-restore.sh b/test/test-ghe-restore.sh
index 3c963737..ef13b769 100755
--- a/test/test-ghe-restore.sh
+++ b/test/test-ghe-restore.sh
@@ -389,7 +389,7 @@ begin_test "ghe-restore with encrypted column current encryption key for version
 )
 end_test
 
-begin_test "ghe-restore with secret scanning encrypted secrets encryption keys"
+begin_test "ghe-restore with secret scanning encrypted secrets encryption keys for versions below 3.8.0"
 (
   set -e
   rm -rf "$GHE_REMOTE_ROOT_DIR"
@@ -406,7 +406,7 @@ begin_test "ghe-restore with secret scanning encrypted secrets encryption keys"
     echo "foo" >"$GHE_DATA_DIR/current/$file"
   done
 
-  ghe-restore -v -f localhost
+  GHE_REMOTE_VERSION=3.7.0 ghe-restore -v -f localhost
 
   required_secrets=(
     "secrets.secret-scanning.encrypted-secrets-current-storage-key"
@@ -416,7 +416,40 @@ begin_test "ghe-restore with secret scanning encrypted secrets encryption keys"
   )
 
   for secret in "${required_secrets[@]}"; do
-    [ "$(ghe-ssh "$GHE_HOSTNAME" -- ghe-config "$secret")" = "foo" ]
+    [ "$(ghe-ssh "$GHE_HOSTNAME" -- ghe-config "$secret")" = "" ] # expecting these to not be set for versions below 3.8.0
+  done
+)
+end_test
+
+
+begin_test "ghe-restore with secret scanning encrypted secrets encryption keys for versions 3.8.0+"
+(
+  set -e
+  rm -rf "$GHE_REMOTE_ROOT_DIR"
+  setup_remote_metadata
+
+  required_files=(
+    "secret-scanning-encrypted-secrets-current-storage-key"
+    "secret-scanning-encrypted-secrets-delimited-storage-keys"
+    "secret-scanning-encrypted-secrets-current-shared-transit-key"
+    "secret-scanning-encrypted-secrets-delimited-shared-transit-keys"
+  )
+
+  for file in "${required_files[@]}"; do
+    echo "foo" >"$GHE_DATA_DIR/current/$file"
+  done
+
+  GHE_REMOTE_VERSION=3.8.0 ghe-restore -v -f localhost
+
+  required_secrets=(
+    "secrets.secret-scanning.encrypted-secrets-current-storage-key"
+    "secrets.secret-scanning.encrypted-secrets-delimited-storage-keys"
+    "secrets.secret-scanning.encrypted-secrets-current-shared-transit-key"
+    "secrets.secret-scanning.encrypted-secrets-delimited-shared-transit-keys"
+  )
+
+  for secret in "${required_secrets[@]}"; do
+    [ "$(ghe-ssh "$GHE_HOSTNAME" -- ghe-config "$secret")" = "foo" ] # expecting this to have been restored successfully for versions 3.8.0+
   done
 )
 end_test