feat(sources): add sources and workflows to the backend BE-12919 (#2666)

This commit is contained in:
andres-portainer
2026-05-20 20:42:10 -03:00
committed by GitHub
parent 4cd8c04691
commit 3d09c70e13
71 changed files with 3117 additions and 317 deletions
@@ -0,0 +1,105 @@
package sources
import (
"errors"
"net/http"
"strings"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/dataservices"
gittypes "github.com/portainer/portainer/api/git/types"
httperror "github.com/portainer/portainer/pkg/libhttp/error"
"github.com/portainer/portainer/pkg/libhttp/request"
"github.com/portainer/portainer/pkg/libhttp/response"
)
// GitAuthenticationPayload holds authentication parameters for a git source
type GitAuthenticationPayload struct {
Username string `json:"username"`
Password string `json:"password"`
Provider gittypes.GitProvider `json:"provider"`
AuthorizationType gittypes.GitCredentialAuthType `json:"authorizationType"`
}
// GitSourceCreatePayload holds the parameters for creating a git-backed source
type GitSourceCreatePayload struct {
Name string `json:"name"`
URL string `json:"url"`
ReferenceName string `json:"referenceName"`
TLSSkipVerify bool `json:"tlsSkipVerify"`
Authentication *GitAuthenticationPayload `json:"authentication"`
ClearAuthentication bool `json:"clearAuthentication"`
}
// Validate implements the portainer.Validatable interface
func (payload *GitSourceCreatePayload) Validate(_ *http.Request) error {
if strings.TrimSpace(payload.URL) == "" {
return errors.New("url is required")
}
return nil
}
// BuildGitSource constructs a portainer.Source from a GitSourceCreatePayload
func BuildGitSource(payload GitSourceCreatePayload) *portainer.Source {
gitConfig := &gittypes.RepoConfig{
URL: payload.URL,
ReferenceName: payload.ReferenceName,
TLSSkipVerify: payload.TLSSkipVerify,
}
if payload.Authentication != nil {
gitConfig.Authentication = &gittypes.GitAuthentication{
Username: payload.Authentication.Username,
Password: payload.Authentication.Password,
Provider: payload.Authentication.Provider,
AuthorizationType: payload.Authentication.AuthorizationType,
}
}
name := payload.Name
if strings.TrimSpace(name) == "" {
name = gittypes.RepoName(payload.URL)
}
return &portainer.Source{
Name: name,
Type: portainer.SourceTypeGit,
GitConfig: gitConfig,
}
}
// @id GitOpsSourcesCreateGit
// @summary Create a Git source
// @description Creates a new GitOps source backed by a Git repository.
// @description **Access policy**: admin
// @tags gitops
// @security ApiKeyAuth
// @security jwt
// @accept json
// @produce json
// @param body body GitSourceCreatePayload true "Git source details"
// @success 201 {object} portainer.Source
// @failure 400 "Invalid request payload"
// @failure 403 "Access denied"
// @failure 500 "Server error"
// @router /gitops/sources/git [post]
func (h *Handler) gitSourceCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
var payload GitSourceCreatePayload
if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
return httperror.BadRequest("Invalid request payload", err)
}
src := BuildGitSource(payload)
if err := h.dataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
return tx.Source().Create(src)
}); err != nil {
return httperror.InternalServerError("Unable to create source", err)
}
src.GitConfig = gittypes.SanitizeRepoConfig(src.GitConfig)
return response.JSONWithStatus(w, src, http.StatusCreated)
}
@@ -0,0 +1,166 @@
package sources
import (
"net/http"
"net/http/httptest"
"testing"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/dataservices"
"github.com/portainer/portainer/api/datastore"
"github.com/segmentio/encoding/json"
"github.com/stretchr/testify/require"
)
func TestBuildGitSource_DerivesNameFromURL(t *testing.T) {
t.Parallel()
src := BuildGitSource(GitSourceCreatePayload{
URL: "https://github.com/org/my-repo.git",
})
require.Equal(t, "my-repo", src.Name)
require.Equal(t, portainer.SourceTypeGit, src.Type)
require.Nil(t, src.GitConfig.Authentication)
}
func TestBuildGitSource_UsesExplicitName(t *testing.T) {
t.Parallel()
src := BuildGitSource(GitSourceCreatePayload{
Name: "custom-name",
URL: "https://github.com/org/repo.git",
})
require.Equal(t, "custom-name", src.Name)
}
func TestBuildGitSource_WithAuthentication(t *testing.T) {
t.Parallel()
src := BuildGitSource(GitSourceCreatePayload{
URL: "https://github.com/org/repo.git",
Authentication: &GitAuthenticationPayload{
Username: "alice",
Password: "secret",
},
})
require.NotNil(t, src.GitConfig.Authentication)
require.Equal(t, "alice", src.GitConfig.Authentication.Username)
require.Equal(t, "secret", src.GitConfig.Authentication.Password)
}
func TestGitSourceCreatePayload_Validate_EmptyURL(t *testing.T) {
t.Parallel()
err := (&GitSourceCreatePayload{}).Validate(nil)
require.Error(t, err)
}
func TestGitSourceCreatePayload_Validate_ValidURL(t *testing.T) {
t.Parallel()
err := (&GitSourceCreatePayload{URL: "https://github.com/org/repo.git"}).Validate(nil)
require.NoError(t, err)
}
func TestGitSourceCreate_Success(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
body, err := json.Marshal(GitSourceCreatePayload{
URL: "https://github.com/org/repo.git",
Name: "my-source",
})
require.NoError(t, err)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildCreateReq(t, 1, body))
require.Equal(t, http.StatusCreated, rr.Code)
var src portainer.Source
err = json.NewDecoder(rr.Body).Decode(&src)
require.NoError(t, err)
require.Equal(t, "my-source", src.Name)
require.Equal(t, portainer.SourceTypeGit, src.Type)
require.NotZero(t, src.ID)
require.NotNil(t, src.GitConfig)
require.Equal(t, "https://github.com/org/repo.git", src.GitConfig.URL)
}
func TestGitSourceCreate_SanitizesCredentials(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
body, err := json.Marshal(GitSourceCreatePayload{
URL: "https://github.com/org/repo.git",
Authentication: &GitAuthenticationPayload{
Username: "alice",
Password: "secret",
},
})
require.NoError(t, err)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildCreateReq(t, 1, body))
require.Equal(t, http.StatusCreated, rr.Code)
var src portainer.Source
err = json.NewDecoder(rr.Body).Decode(&src)
require.NoError(t, err)
require.NotNil(t, src.GitConfig)
require.NotNil(t, src.GitConfig.Authentication)
require.Equal(t, "alice", src.GitConfig.Authentication.Username)
require.Empty(t, src.GitConfig.Authentication.Password)
}
func TestGitSourceCreate_MissingURL(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
body, err := json.Marshal(GitSourceCreatePayload{Name: "no-url"})
require.NoError(t, err)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildCreateReq(t, 1, body))
require.Equal(t, http.StatusBadRequest, rr.Code)
}
func TestGitSourceCreate_MalformedJSON(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildCreateReq(t, 1, []byte("not-valid-json{")))
require.Equal(t, http.StatusBadRequest, rr.Code)
}
+67
View File
@@ -0,0 +1,67 @@
package sources
import (
"errors"
"net/http"
"slices"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/dataservices"
dserrors "github.com/portainer/portainer/api/dataservices/errors"
httperror "github.com/portainer/portainer/pkg/libhttp/error"
"github.com/portainer/portainer/pkg/libhttp/request"
"github.com/portainer/portainer/pkg/libhttp/response"
)
var ErrSourceInUse = errors.New("source is used by one or more workflows")
// @id GitOpsSourcesDelete
// @summary Delete a source
// @description Deletes an existing GitOps source. Returns 409 if the source is referenced by any workflow.
// @description **Access policy**: admin
// @tags gitops
// @security ApiKeyAuth
// @security jwt
// @param id path int true "Source identifier"
// @success 204 "Source deleted"
// @failure 400 "Invalid request"
// @failure 403 "Access denied"
// @failure 404 "Source not found"
// @failure 409 "Source is in use by one or more workflows"
// @failure 500 "Server error"
// @router /gitops/sources/{id} [delete]
func (h *Handler) sourceDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
sourceID, err := request.RetrieveNumericRouteVariableValue(r, "id")
if err != nil {
return httperror.BadRequest("Invalid source identifier route variable", err)
}
if err := h.dataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
if exists, err := tx.Source().Exists(portainer.SourceID(sourceID)); err != nil {
return err
} else if !exists {
return dserrors.ErrObjectNotFound
}
workflows, err := tx.Workflow().ReadAll()
if err != nil {
return err
}
for _, wf := range workflows {
if slices.Contains(wf.SourceIDs, portainer.SourceID(sourceID)) {
return ErrSourceInUse
}
}
return tx.Source().Delete(portainer.SourceID(sourceID))
}); h.dataStore.IsErrObjectNotFound(err) {
return httperror.NotFound("Unable to find a source with the specified identifier", err)
} else if errors.Is(err, ErrSourceInUse) {
return httperror.Conflict("Source is used by one or more workflows", err)
} else if err != nil {
return httperror.InternalServerError("Unable to delete source", err)
}
return response.Empty(w)
}
@@ -0,0 +1,89 @@
package sources
import (
"net/http"
"net/http/httptest"
"testing"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/dataservices"
"github.com/portainer/portainer/api/datastore"
"github.com/stretchr/testify/require"
)
func TestSourceDelete_Success(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
var srcID portainer.SourceID
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
src := &portainer.Source{Name: "to-delete", Type: portainer.SourceTypeGit}
err := tx.Source().Create(src)
require.NoError(t, err)
srcID = src.ID
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildDeleteReq(t, 1, int(srcID)))
require.Equal(t, http.StatusNoContent, rr.Code)
}
func TestSourceDelete_NotFound(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildDeleteReq(t, 1, 99))
require.Equal(t, http.StatusNotFound, rr.Code)
}
func TestSourceDelete_InUse(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
var srcID portainer.SourceID
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
src := &portainer.Source{Name: "in-use", Type: portainer.SourceTypeGit}
err := tx.Source().Create(src)
require.NoError(t, err)
srcID = src.ID
wf := &portainer.Workflow{SourceIDs: []portainer.SourceID{src.ID}}
err = tx.Workflow().Create(wf)
require.NoError(t, err)
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildDeleteReq(t, 1, int(srcID)))
require.Equal(t, http.StatusConflict, rr.Code)
}
func TestSourceDelete_NonNumericID(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildDeleteReqWithRawID(t, 1, "not-a-number"))
require.Equal(t, http.StatusBadRequest, rr.Code)
}
+10 -5
View File
@@ -40,7 +40,9 @@ func TestGetSource_ReturnsDetail(t *testing.T) {
}
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{ID: 1, Name: "my-stack", GitConfig: cfg}))
stack := &portainer.Stack{ID: 1, Name: "my-stack"}
createGitWorkflow(t, tx, stack, cfg)
require.NoError(t, tx.Stack().Create(stack))
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
@@ -71,7 +73,9 @@ func TestGetSource_RedactsCredentials(t *testing.T) {
}
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{ID: 1, Name: "secure-stack", GitConfig: cfg}))
stack := &portainer.Stack{ID: 1, Name: "secure-stack"}
createGitWorkflow(t, tx, stack, cfg)
require.NoError(t, tx.Stack().Create(stack))
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
@@ -94,12 +98,13 @@ func TestGetSource_AutoUpdate(t *testing.T) {
cfg := gitCfg("https://github.com/org/polled")
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
stack := &portainer.Stack{
ID: 1,
Name: "polled-stack",
GitConfig: cfg,
AutoUpdate: &portainer.AutoUpdateSettings{Interval: "5m"},
}))
}
createGitWorkflow(t, tx, stack, cfg)
require.NoError(t, tx.Stack().Create(stack))
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
+8 -2
View File
@@ -37,10 +37,16 @@ func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStor
k8sFactory: k8sFactory,
}
authenticatedRouter := h.PathPrefix("/gitops/sources").Subrouter()
authenticatedRouter.Use(bouncer.AuthenticatedAccess)
authenticatedRouter.Handle("", httperror.LoggerHandler(h.list)).Methods(http.MethodGet)
authenticatedRouter.Handle("/summary", httperror.LoggerHandler(h.summary)).Methods(http.MethodGet)
adminRouter := h.PathPrefix("/gitops/sources").Subrouter()
adminRouter.Use(bouncer.AdminAccess)
adminRouter.Handle("", httperror.LoggerHandler(h.list)).Methods(http.MethodGet)
adminRouter.Handle("/summary", httperror.LoggerHandler(h.summary)).Methods(http.MethodGet)
adminRouter.Handle("/git", httperror.LoggerHandler(h.gitSourceCreate)).Methods(http.MethodPost)
adminRouter.Handle("/{id}", httperror.LoggerHandler(h.getSource)).Methods(http.MethodGet)
adminRouter.Handle("/{id}", httperror.LoggerHandler(h.gitSourceUpdate)).Methods(http.MethodPut)
adminRouter.Handle("/{id}", httperror.LoggerHandler(h.sourceDelete)).Methods(http.MethodDelete)
return h
}
@@ -1,6 +1,8 @@
package sources
import (
"bytes"
"fmt"
"net/http"
"net/http/httptest"
"testing"
@@ -15,6 +17,26 @@ import (
"github.com/stretchr/testify/require"
)
// createGitWorkflow creates a Source and Workflow for the given config and
// wires them up by setting stack.WorkflowID before creating the stack.
func createGitWorkflow(t *testing.T, tx dataservices.DataStoreTx, stack *portainer.Stack, cfg *gittypes.RepoConfig) {
t.Helper()
src := &portainer.Source{
Name: gittypes.RepoName(cfg.URL),
Type: portainer.SourceTypeGit,
GitConfig: cfg,
}
require.NoError(t, tx.Source().Create(src))
wf := &portainer.Workflow{
SourceIDs: []portainer.SourceID{src.ID},
}
require.NoError(t, tx.Workflow().Create(wf))
stack.WorkflowID = wf.ID
}
func newTestHandler(t *testing.T, store dataservices.DataStore) *Handler {
t.Helper()
return NewHandler(testhelpers.NewTestRequestBouncer(), store, nil, nil)
@@ -63,3 +85,66 @@ func gitCfg(url string) *gittypes.RepoConfig {
ReferenceName: "refs/heads/main",
}
}
func buildCreateReq(t *testing.T, userID portainer.UserID, body []byte) *http.Request {
t.Helper()
req := httptest.NewRequest(http.MethodPost, "/gitops/sources/git", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
req = req.WithContext(security.StoreTokenData(req, &portainer.TokenData{ID: userID}))
req = req.WithContext(security.StoreRestrictedRequestContext(req, &security.RestrictedRequestContext{
UserID: userID, IsAdmin: true,
}))
return req
}
func buildUpdateReq(t *testing.T, userID portainer.UserID, id int, body []byte) *http.Request {
t.Helper()
req := httptest.NewRequest(http.MethodPut, fmt.Sprintf("/gitops/sources/%d", id), bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
req = req.WithContext(security.StoreTokenData(req, &portainer.TokenData{ID: userID}))
req = req.WithContext(security.StoreRestrictedRequestContext(req, &security.RestrictedRequestContext{
UserID: userID, IsAdmin: true,
}))
return req
}
func buildDeleteReq(t *testing.T, userID portainer.UserID, id int) *http.Request {
t.Helper()
req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/gitops/sources/%d", id), nil)
req = req.WithContext(security.StoreTokenData(req, &portainer.TokenData{ID: userID}))
req = req.WithContext(security.StoreRestrictedRequestContext(req, &security.RestrictedRequestContext{
UserID: userID, IsAdmin: true,
}))
return req
}
func buildSummaryReq(t *testing.T, userID portainer.UserID) *http.Request {
t.Helper()
req := httptest.NewRequest(http.MethodGet, "/gitops/sources/summary", nil)
req = req.WithContext(security.StoreTokenData(req, &portainer.TokenData{ID: userID}))
req = req.WithContext(security.StoreRestrictedRequestContext(req, &security.RestrictedRequestContext{
UserID: userID, IsAdmin: true,
}))
return req
}
func buildUpdateReqWithRawID(t *testing.T, userID portainer.UserID, id string, body []byte) *http.Request {
t.Helper()
req := httptest.NewRequest(http.MethodPut, "/gitops/sources/"+id, bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
req = req.WithContext(security.StoreTokenData(req, &portainer.TokenData{ID: userID}))
req = req.WithContext(security.StoreRestrictedRequestContext(req, &security.RestrictedRequestContext{
UserID: userID, IsAdmin: true,
}))
return req
}
func buildDeleteReqWithRawID(t *testing.T, userID portainer.UserID, id string) *http.Request {
t.Helper()
req := httptest.NewRequest(http.MethodDelete, "/gitops/sources/"+id, nil)
req = req.WithContext(security.StoreTokenData(req, &portainer.TokenData{ID: userID}))
req = req.WithContext(security.StoreRestrictedRequestContext(req, &security.RestrictedRequestContext{
UserID: userID, IsAdmin: true,
}))
return req
}
+48 -9
View File
@@ -7,7 +7,9 @@ import (
"strconv"
"strings"
gocache "github.com/patrickmn/go-cache"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/dataservices"
gittypes "github.com/portainer/portainer/api/git/types"
ceWorkflows "github.com/portainer/portainer/api/gitops/workflows"
"github.com/portainer/portainer/api/http/security"
"github.com/portainer/portainer/api/http/utils/filters"
@@ -15,12 +17,14 @@ import (
httperror "github.com/portainer/portainer/pkg/libhttp/error"
"github.com/portainer/portainer/pkg/libhttp/request"
"github.com/portainer/portainer/pkg/libhttp/response"
gocache "github.com/patrickmn/go-cache"
)
// @id GitOpsSourcesList
// @summary List all GitOps sources
// @description Returns a deduplicated list of git repositories used across all GitOps workflows.
// @description **Access policy**: admin
// @description **Access policy**: authenticated
// @tags gitops
// @security ApiKeyAuth
// @security jwt
@@ -107,16 +111,51 @@ func cacheKey(sc *security.RestrictedRequestContext) string {
}
func (h *Handler) fetchSources(ctx context.Context, sc *security.RestrictedRequestContext) ([]Source, error) {
workflows, err := ceWorkflows.FetchWorkflows(ctx, h.dataStore, h.gitService, h.k8sFactory, sc, nil)
if err != nil {
var allSrcs []portainer.Source
var stats map[portainer.SourceID]ceWorkflows.SourceStats
if err := h.dataStore.ViewTx(func(tx dataservices.DataStoreTx) error {
var err error
allSrcs, stats, err = ceWorkflows.FetchSourceStats(tx, h.k8sFactory, sc)
return err
}); err != nil {
return nil, err
}
byID := workflowsBySourceID(workflows)
result := make([]Source, 0, len(allSrcs))
for _, src := range allSrcs {
s, accessible := stats[src.ID]
if !accessible && !sc.IsAdmin {
continue
}
sources := make([]Source, 0, len(byID))
for id, wfs := range byID {
sources = append(sources, buildSource(id, wfs[0].GitConfig.URL, wfs))
var status ceWorkflows.Status
var sourceErr string
if src.GitConfig != nil {
phase, _ := ceWorkflows.ComputeGitPhasesForConfig(ctx, h.gitService, src.GitConfig)
status = phase.Status
sourceErr = phase.Error
} else {
status = ceWorkflows.StatusUnknown
}
url := ""
if src.GitConfig != nil {
url = gittypes.SanitizeURL(src.GitConfig.URL)
}
result = append(result, Source{
ID: strconv.Itoa(int(src.ID)),
Name: src.Name,
Type: sourceTypeString(src.Type),
URL: url,
Status: status,
Error: sourceErr,
UsedBy: s.WorkflowCount,
Environments: len(s.EndpointIDs),
LastSync: s.LastSync,
})
}
return sources, nil
return result, nil
}
+32 -17
View File
@@ -18,12 +18,18 @@ func TestSourcesList_GroupsByURLAndCredentials(t *testing.T) {
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
ID: 1, Name: "stack-a", GitConfig: gitCfg("https://github.com/org/repo"),
}))
require.NoError(t, tx.Stack().Create(&portainer.Stack{
ID: 2, Name: "stack-b", GitConfig: gitCfg("https://github.com/org/repo"),
}))
cfg := gitCfg("https://github.com/org/repo")
src := &portainer.Source{Name: "repo", Type: portainer.SourceTypeGit, GitConfig: cfg}
require.NoError(t, tx.Source().Create(src))
wfA := &portainer.Workflow{SourceIDs: []portainer.SourceID{src.ID}}
require.NoError(t, tx.Workflow().Create(wfA))
wfB := &portainer.Workflow{SourceIDs: []portainer.SourceID{src.ID}}
require.NoError(t, tx.Workflow().Create(wfB))
require.NoError(t, tx.Stack().Create(&portainer.Stack{ID: 1, Name: "stack-a", WorkflowID: wfA.ID}))
require.NoError(t, tx.Stack().Create(&portainer.Stack{ID: 2, Name: "stack-b", WorkflowID: wfB.ID}))
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
@@ -45,8 +51,15 @@ func TestSourcesList_SeparatesCredentials(t *testing.T) {
cfg1.Authentication = &gittypes.GitAuthentication{Username: "alice", Password: "pass1"}
cfg2 := gitCfg("https://github.com/org/repo")
cfg2.Authentication = &gittypes.GitAuthentication{Username: "bob", Password: "pass2"}
require.NoError(t, tx.Stack().Create(&portainer.Stack{ID: 1, Name: "stack-a", GitConfig: cfg1}))
require.NoError(t, tx.Stack().Create(&portainer.Stack{ID: 2, Name: "stack-b", GitConfig: cfg2}))
stackA := &portainer.Stack{ID: 1, Name: "stack-a"}
createGitWorkflow(t, tx, stackA, cfg1)
require.NoError(t, tx.Stack().Create(stackA))
stackB := &portainer.Stack{ID: 2, Name: "stack-b"}
createGitWorkflow(t, tx, stackB, cfg2)
require.NoError(t, tx.Stack().Create(stackB))
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
@@ -64,9 +77,9 @@ func TestSourcesList_StatusFilter(t *testing.T) {
// With nil gitService, source git-phase status is always StatusUnknown.
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
ID: 1, GitConfig: gitCfg("https://github.com/org/app"),
}))
stack := &portainer.Stack{ID: 1}
createGitWorkflow(t, tx, stack, gitCfg("https://github.com/org/app"))
require.NoError(t, tx.Stack().Create(stack))
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
@@ -92,12 +105,14 @@ func TestSourcesList_SearchByURL(t *testing.T) {
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
ID: 1, GitConfig: gitCfg("https://github.com/org/app"),
}))
require.NoError(t, tx.Stack().Create(&portainer.Stack{
ID: 2, GitConfig: gitCfg("https://github.com/org/infra"),
}))
stackA := &portainer.Stack{ID: 1}
createGitWorkflow(t, tx, stackA, gitCfg("https://github.com/org/app"))
require.NoError(t, tx.Stack().Create(stackA))
stackB := &portainer.Stack{ID: 2}
createGitWorkflow(t, tx, stackB, gitCfg("https://github.com/org/infra"))
require.NoError(t, tx.Stack().Create(stackB))
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
+1 -5
View File
@@ -12,7 +12,7 @@ import (
// @id GitOpsSourcesSummary
// @summary Summarize GitOps source status counts
// @description Returns a count of sources per status.
// @description **Access policy**: admin
// @description **Access policy**: authenticated
// @tags gitops
// @security ApiKeyAuth
// @security jwt
@@ -27,10 +27,6 @@ func (h *Handler) summary(w http.ResponseWriter, r *http.Request) *httperror.Han
return httperror.InternalServerError("Unable to retrieve info from request context", err)
}
if !securityContext.IsAdmin {
return httperror.Forbidden("Access denied", nil)
}
key := cacheKey(securityContext)
sources, err := h.getSources(r.Context(), key, securityContext)
@@ -0,0 +1,65 @@
package sources
import (
"net/http"
"net/http/httptest"
"testing"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/dataservices"
"github.com/portainer/portainer/api/datastore"
ceWorkflows "github.com/portainer/portainer/api/gitops/workflows"
"github.com/segmentio/encoding/json"
"github.com/stretchr/testify/require"
)
func TestSourcesSummary_Empty(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildSummaryReq(t, 1))
require.Equal(t, http.StatusOK, rr.Code)
var summary ceWorkflows.StatusSummary
err := json.NewDecoder(rr.Body).Decode(&summary)
require.NoError(t, err)
require.Equal(t, ceWorkflows.StatusSummary{}, summary)
}
func TestSourcesSummary_CountsByStatus(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
// With nil gitService and nil GitConfig, all sources get StatusUnknown.
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
for _, name := range []string{"source-a", "source-b", "source-c"} {
err := tx.Source().Create(&portainer.Source{Name: name, Type: portainer.SourceTypeGit})
require.NoError(t, err)
}
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildSummaryReq(t, 1))
require.Equal(t, http.StatusOK, rr.Code)
var summary ceWorkflows.StatusSummary
err := json.NewDecoder(rr.Body).Decode(&summary)
require.NoError(t, err)
require.Equal(t, 3, summary.Unknown)
require.Zero(t, summary.Healthy)
require.Zero(t, summary.Error)
require.Zero(t, summary.Syncing)
require.Zero(t, summary.Paused)
}
+17 -4
View File
@@ -7,6 +7,7 @@ import (
"path"
"strings"
portainer "github.com/portainer/portainer/api"
gittypes "github.com/portainer/portainer/api/git/types"
"github.com/portainer/portainer/api/gitops/workflows"
)
@@ -41,6 +42,19 @@ func parseSourceType(s string) (string, error) {
}
}
func sourceTypeString(t portainer.SourceType) string {
switch t {
case portainer.SourceTypeGit:
return string(SourceTypeGit)
case portainer.SourceTypeHelm:
return string(SourceTypeHelm)
case portainer.SourceTypeRegistry:
return string(SourceTypeOCI)
default:
return string(SourceTypeGit)
}
}
type sourceGroupKey struct {
URL string
Username string
@@ -53,6 +67,7 @@ func gitSourceKey(cfg *gittypes.RepoConfig) sourceGroupKey {
key.Username = cfg.Authentication.Username
key.Password = cfg.Authentication.Password
}
return key
}
@@ -61,11 +76,8 @@ func sourceID(key sourceGroupKey) string {
return hex.EncodeToString(h[:8])
}
// repoName extracts the repository name from a URL.
// e.g. "https://github.com/org/app-config.git" → "app-config"
func repoName(rawURL string) string {
base := path.Base(rawURL)
return strings.TrimSuffix(base, ".git")
return strings.TrimSuffix(path.Base(rawURL), ".git")
}
func worstCaseStatus(statuses []workflows.Status) workflows.Status {
@@ -82,5 +94,6 @@ func worstCaseStatus(statuses []workflows.Status) workflows.Status {
worst = s
}
}
return worst
}
@@ -0,0 +1,103 @@
package sources
import (
"errors"
"net/http"
"strings"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/dataservices"
gittypes "github.com/portainer/portainer/api/git/types"
httperror "github.com/portainer/portainer/pkg/libhttp/error"
"github.com/portainer/portainer/pkg/libhttp/request"
"github.com/portainer/portainer/pkg/libhttp/response"
)
var ErrNotGitSource = errors.New("source is not a Git source")
// @id GitOpsSourcesUpdateGit
// @summary Update a Git source
// @description Updates an existing GitOps source backed by a Git repository.
// @description **Access policy**: admin
// @tags gitops
// @security ApiKeyAuth
// @security jwt
// @accept json
// @produce json
// @param id path int true "Source identifier"
// @param body body GitSourceCreatePayload true "Git source details"
// @success 200 {object} portainer.Source
// @failure 400 "Invalid request payload"
// @failure 403 "Access denied"
// @failure 404 "Source not found"
// @failure 500 "Server error"
// @router /gitops/sources/{id} [put]
func (h *Handler) gitSourceUpdate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
sourceID, err := request.RetrieveNumericRouteVariableValue(r, "id")
if err != nil {
return httperror.BadRequest("Invalid source identifier route variable", err)
}
var payload GitSourceCreatePayload
if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
return httperror.BadRequest("Invalid request payload", err)
}
var src *portainer.Source
if err := h.dataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
var err error
if src, err = tx.Source().Read(portainer.SourceID(sourceID)); err != nil {
return err
}
if src.Type != portainer.SourceTypeGit {
return ErrNotGitSource
}
name := payload.Name
if strings.TrimSpace(name) == "" {
name = gittypes.RepoName(payload.URL)
}
src.Name = name
var existingAuth *gittypes.GitAuthentication
if src.GitConfig != nil {
existingAuth = src.GitConfig.Authentication
}
src.GitConfig = &gittypes.RepoConfig{
URL: payload.URL,
ReferenceName: payload.ReferenceName,
TLSSkipVerify: payload.TLSSkipVerify,
}
if payload.Authentication != nil {
src.GitConfig.Authentication = &gittypes.GitAuthentication{
Username: payload.Authentication.Username,
Password: payload.Authentication.Password,
Provider: payload.Authentication.Provider,
AuthorizationType: payload.Authentication.AuthorizationType,
}
} else if payload.ClearAuthentication {
src.GitConfig.Authentication = nil
} else {
src.GitConfig.Authentication = existingAuth
}
return tx.Source().Update(src.ID, src)
}); h.dataStore.IsErrObjectNotFound(err) {
return httperror.NotFound("Unable to find a source with the specified identifier", err)
} else if errors.Is(err, ErrNotGitSource) {
return httperror.BadRequest("Source is not a Git source", err)
} else if err != nil {
return httperror.InternalServerError("Unable to update source", err)
}
src.GitConfig = gittypes.SanitizeRepoConfig(src.GitConfig)
return response.JSON(w, src)
}
@@ -0,0 +1,264 @@
package sources
import (
"net/http"
"net/http/httptest"
"testing"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/dataservices"
"github.com/portainer/portainer/api/datastore"
gittypes "github.com/portainer/portainer/api/git/types"
"github.com/segmentio/encoding/json"
"github.com/stretchr/testify/require"
)
func TestGitSourceUpdate_Success(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
var srcID portainer.SourceID
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
src := &portainer.Source{Name: "old-name", Type: portainer.SourceTypeGit}
err := tx.Source().Create(src)
require.NoError(t, err)
srcID = src.ID
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
body, err := json.Marshal(GitSourceCreatePayload{
URL: "https://github.com/org/new.git",
Name: "new-name",
})
require.NoError(t, err)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildUpdateReq(t, 1, int(srcID), body))
require.Equal(t, http.StatusOK, rr.Code)
var src portainer.Source
err = json.NewDecoder(rr.Body).Decode(&src)
require.NoError(t, err)
require.Equal(t, "new-name", src.Name)
require.NotNil(t, src.GitConfig)
require.Equal(t, "https://github.com/org/new.git", src.GitConfig.URL)
}
func TestGitSourceUpdate_DerivesNameFromURL(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
var srcID portainer.SourceID
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
src := &portainer.Source{Name: "old-name", Type: portainer.SourceTypeGit}
err := tx.Source().Create(src)
require.NoError(t, err)
srcID = src.ID
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
body, err := json.Marshal(GitSourceCreatePayload{
URL: "https://github.com/org/my-project.git",
})
require.NoError(t, err)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildUpdateReq(t, 1, int(srcID), body))
require.Equal(t, http.StatusOK, rr.Code)
var src portainer.Source
err = json.NewDecoder(rr.Body).Decode(&src)
require.NoError(t, err)
require.Equal(t, "my-project", src.Name)
}
func TestGitSourceUpdate_PreservesAuthWhenNotProvided(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
var srcID portainer.SourceID
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
src := &portainer.Source{
Name: "auth-source",
Type: portainer.SourceTypeGit,
GitConfig: &gittypes.RepoConfig{
URL: "https://github.com/org/repo.git",
Authentication: &gittypes.GitAuthentication{
Username: "alice",
Password: "secret",
},
},
}
err := tx.Source().Create(src)
require.NoError(t, err)
srcID = src.ID
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
body, err := json.Marshal(GitSourceCreatePayload{
URL: "https://github.com/org/repo.git",
Name: "renamed",
})
require.NoError(t, err)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildUpdateReq(t, 1, int(srcID), body))
require.Equal(t, http.StatusOK, rr.Code)
var stored *portainer.Source
require.NoError(t, store.ViewTx(func(tx dataservices.DataStoreTx) error {
var err error
stored, err = tx.Source().Read(srcID)
return err
}))
require.NotNil(t, stored.GitConfig)
require.NotNil(t, stored.GitConfig.Authentication)
require.Equal(t, "alice", stored.GitConfig.Authentication.Username)
require.Equal(t, "secret", stored.GitConfig.Authentication.Password)
}
func TestGitSourceUpdate_ClearsAuthWhenRequested(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
var srcID portainer.SourceID
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
src := &portainer.Source{
Name: "auth-source",
Type: portainer.SourceTypeGit,
GitConfig: &gittypes.RepoConfig{
URL: "https://github.com/org/repo.git",
Authentication: &gittypes.GitAuthentication{
Username: "alice",
Password: "secret",
},
},
}
err := tx.Source().Create(src)
require.NoError(t, err)
srcID = src.ID
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
body, err := json.Marshal(GitSourceCreatePayload{
URL: "https://github.com/org/repo.git",
ClearAuthentication: true,
})
require.NoError(t, err)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildUpdateReq(t, 1, int(srcID), body))
require.Equal(t, http.StatusOK, rr.Code)
var stored *portainer.Source
require.NoError(t, store.ViewTx(func(tx dataservices.DataStoreTx) error {
var err error
stored, err = tx.Source().Read(srcID)
return err
}))
require.NotNil(t, stored.GitConfig)
require.Nil(t, stored.GitConfig.Authentication)
}
func TestGitSourceUpdate_NotFound(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
body, err := json.Marshal(GitSourceCreatePayload{URL: "https://github.com/org/repo.git"})
require.NoError(t, err)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildUpdateReq(t, 1, 99, body))
require.Equal(t, http.StatusNotFound, rr.Code)
}
func TestGitSourceUpdate_NotGitSource(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
var srcID portainer.SourceID
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
src := &portainer.Source{Name: "helm-source", Type: portainer.SourceTypeHelm}
err := tx.Source().Create(src)
require.NoError(t, err)
srcID = src.ID
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
body, err := json.Marshal(GitSourceCreatePayload{URL: "https://github.com/org/repo.git"})
require.NoError(t, err)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildUpdateReq(t, 1, int(srcID), body))
require.Equal(t, http.StatusBadRequest, rr.Code)
}
func TestGitSourceUpdate_MalformedJSON(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
var srcID portainer.SourceID
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
src := &portainer.Source{Name: "src", Type: portainer.SourceTypeGit}
err := tx.Source().Create(src)
require.NoError(t, err)
srcID = src.ID
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildUpdateReq(t, 1, int(srcID), []byte("not-valid-json{")))
require.Equal(t, http.StatusBadRequest, rr.Code)
}
func TestGitSourceUpdate_NonNumericID(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := newTestHandler(t, store)
body, err := json.Marshal(GitSourceCreatePayload{URL: "https://github.com/org/repo.git"})
require.NoError(t, err)
req := buildUpdateReqWithRawID(t, 1, "not-a-number", body)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, req)
require.Equal(t, http.StatusBadRequest, rr.Code)
}
+1 -3
View File
@@ -28,9 +28,7 @@ func buildSource(id, url string, wfs []ce.Workflow) Source {
if sourceError == "" && wf.Status.Source.Status == ce.StatusError {
sourceError = wf.Status.Source.Error
}
if wf.LastSyncDate > lastSync {
lastSync = wf.LastSyncDate
}
lastSync = max(lastSync, wf.LastSyncDate)
if wf.Target.EndpointID != 0 {
endpointIDs.Add(wf.Target.EndpointID)
}
@@ -28,10 +28,10 @@ func TestWorkflowsList_RBAC_NonAdminNoAccess(t *testing.T) {
require.NoError(t, store.Endpoint().Create(&portainer.Endpoint{ID: 1, Name: "test-env"}))
// Stack on endpoint 1 WITHOUT resource control — non-admin cannot see it
require.NoError(t, store.StackService.Create(&portainer.Stack{
createGitStack(t, store, &portainer.Stack{
ID: 1, Name: "no-rc-stack", EndpointID: 1,
GitConfig: gitConfig("https://github.com/x/no-rc"),
}))
})
h := NewHandler(store, nil, nil)
rr := httptest.NewRecorder()
@@ -56,10 +56,10 @@ func TestWorkflowsList_RBAC_NonAdminWithAccess(t *testing.T) {
require.NoError(t, store.Endpoint().Create(&portainer.Endpoint{ID: 1, Name: "test-env"}))
const stackName = "rc-stack"
require.NoError(t, store.StackService.Create(&portainer.Stack{
createGitStack(t, store, &portainer.Stack{
ID: 1, Name: stackName, EndpointID: 1,
GitConfig: gitConfig("https://github.com/x/rc"),
}))
})
require.NoError(t, store.ResourceControl().Create(&portainer.ResourceControl{
ID: 1,
@@ -6,6 +6,7 @@ import (
"testing"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/dataservices"
gittypes "github.com/portainer/portainer/api/git/types"
ce "github.com/portainer/portainer/api/gitops/workflows"
"github.com/portainer/portainer/api/http/security"
@@ -40,3 +41,20 @@ func decodeWorkflows(t *testing.T, rr *httptest.ResponseRecorder) []ce.Workflow
func gitConfig(url string) *gittypes.RepoConfig {
return &gittypes.RepoConfig{URL: url, ConfigFilePath: "docker-compose.yml"}
}
// createGitStack creates Source, Workflow, and Stack records with WorkflowID properly wired.
func createGitStack(t *testing.T, tx dataservices.DataStoreTx, stack *portainer.Stack) {
t.Helper()
if stack.GitConfig != nil {
src := &portainer.Source{GitConfig: stack.GitConfig, Type: portainer.SourceTypeGit}
require.NoError(t, tx.Source().Create(src))
wf := &portainer.Workflow{SourceIDs: []portainer.SourceID{src.ID}}
require.NoError(t, tx.Workflow().Create(wf))
stack.WorkflowID = wf.ID
}
require.NoError(t, tx.Stack().Create(stack))
}
+2 -5
View File
@@ -128,16 +128,13 @@ func (h *Handler) getWorkflows(ctx context.Context, key string, sc *security.Res
return slices.Clone(cached.([]svc.Workflow)), nil
}
result, err := h.fetchWorkflows(ctx, sc, set.ToSet(endpointIDs))
result, err := svc.FetchWorkflows(ctx, h.dataStore, h.gitService, h.k8sFactory, sc, set.ToSet(endpointIDs))
if err != nil {
return nil, err
}
h.cache.Set(key, result, gocache.DefaultExpiration)
return slices.Clone(result), nil
}
func (h *Handler) fetchWorkflows(ctx context.Context, sc *security.RestrictedRequestContext, endpointIDSet set.Set[portainer.EndpointID]) ([]svc.Workflow, error) {
return svc.FetchWorkflows(ctx, h.dataStore, h.gitService, h.k8sFactory, sc, endpointIDSet)
return slices.Clone(result), nil
}
func cacheKey(sc *security.RestrictedRequestContext, endpointIDs []portainer.EndpointID) string {
+32 -34
View File
@@ -23,10 +23,10 @@ func TestWorkflowsList_GitConfigFilter(t *testing.T) {
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
createGitStack(t, tx, &portainer.Stack{
ID: 1, Name: "gitops-stack",
GitConfig: gitConfig("https://github.com/example/repo"),
}))
})
require.NoError(t, tx.Stack().Create(&portainer.Stack{ID: 2, Name: "plain-stack"}))
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
return nil
@@ -50,12 +50,12 @@ func TestWorkflowsList_EndpointIDsFilter(t *testing.T) {
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
for i := 1; i <= 3; i++ {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
createGitStack(t, tx, &portainer.Stack{
ID: portainer.StackID(i),
Name: fmt.Sprintf("env%d-stack", i),
EndpointID: portainer.EndpointID(i),
GitConfig: gitConfig(fmt.Sprintf("https://github.com/x/%d", i)),
}))
})
}
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
return nil
@@ -78,11 +78,11 @@ func TestWorkflowsList_Pagination(t *testing.T) {
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
for i := 1; i <= 5; i++ {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
createGitStack(t, tx, &portainer.Stack{
ID: portainer.StackID(i),
Name: fmt.Sprintf("stack-%d", i),
GitConfig: gitConfig("https://github.com/x/y"),
}))
})
}
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
@@ -107,7 +107,7 @@ func TestWorkflowsList_Search(t *testing.T) {
{ID: 1, Name: "alpha", GitConfig: gitConfig("https://github.com/org/alpha")},
{ID: 2, Name: "beta", GitConfig: gitConfig("https://github.com/org/beta")},
} {
require.NoError(t, tx.Stack().Create(s))
createGitStack(t, tx, s)
}
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
@@ -128,14 +128,14 @@ func TestWorkflowsList_SearchByURL(t *testing.T) {
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
createGitStack(t, tx, &portainer.Stack{
ID: 1, Name: "stack-org1",
GitConfig: gitConfig("https://github.com/org1/repo"),
}))
require.NoError(t, tx.Stack().Create(&portainer.Stack{
})
createGitStack(t, tx, &portainer.Stack{
ID: 2, Name: "stack-org2",
GitConfig: gitConfig("https://github.com/org2/repo"),
}))
})
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
return nil
@@ -156,11 +156,11 @@ func TestWorkflowsList_Sort(t *testing.T) {
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
for i, name := range []string{"gamma", "alpha", "beta"} {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
createGitStack(t, tx, &portainer.Stack{
ID: portainer.StackID(i + 1),
Name: name,
GitConfig: gitConfig("https://github.com/x/" + name),
}))
})
}
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
return nil
@@ -188,10 +188,10 @@ func TestWorkflowsList_Cache(t *testing.T) {
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
createGitStack(t, tx, &portainer.Stack{
ID: 1, Name: "initial-stack",
GitConfig: gitConfig("https://github.com/x/initial"),
}))
})
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
return nil
@@ -208,10 +208,10 @@ func TestWorkflowsList_Cache(t *testing.T) {
require.Len(t, decodeWorkflows(t, rr), 1)
// Mutate the store while cache is still warm.
require.NoError(t, store.StackService.Create(&portainer.Stack{
createGitStack(t, store, &portainer.Stack{
ID: 2, Name: "new-stack",
GitConfig: gitConfig("https://github.com/x/new"),
}))
})
// Second request — same cache key, should return stale cached result.
rr = httptest.NewRecorder()
@@ -235,13 +235,11 @@ func TestWorkflowsList_CacheImmutableAfterSort(t *testing.T) {
for i, name := range []string{"alpha", "beta", "gamma"} {
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(
&portainer.Stack{
ID: portainer.StackID(i + 1),
Name: name,
GitConfig: gitConfig("https://github.com/x/" + name),
},
))
createGitStack(t, tx, &portainer.Stack{
ID: portainer.StackID(i + 1),
Name: name,
GitConfig: gitConfig("https://github.com/x/" + name),
})
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
return nil
@@ -278,14 +276,14 @@ func TestWorkflowsList_CacheSeparateKeys(t *testing.T) {
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
createGitStack(t, tx, &portainer.Stack{
ID: 1, Name: "env1-stack", EndpointID: 1,
GitConfig: gitConfig("https://github.com/x/1"),
}))
require.NoError(t, tx.Stack().Create(&portainer.Stack{
})
createGitStack(t, tx, &portainer.Stack{
ID: 2, Name: "env2-stack", EndpointID: 2,
GitConfig: gitConfig("https://github.com/x/2"),
}))
})
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
return nil
}))
@@ -310,15 +308,15 @@ func TestWorkflowsList_StatusFilter(t *testing.T) {
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
createGitStack(t, tx, &portainer.Stack{
ID: 1, Name: "healthy-stack",
GitConfig: gitConfig("https://github.com/x/1"),
}))
require.NoError(t, tx.Stack().Create(&portainer.Stack{
})
createGitStack(t, tx, &portainer.Stack{
ID: 2, Name: "error-stack",
GitConfig: gitConfig("https://github.com/x/2"),
DeploymentStatus: []portainer.StackDeploymentStatus{{Status: portainer.StackStatusError}},
}))
})
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
return nil
}))
@@ -366,9 +364,9 @@ func TestWorkflowsList_RedactsCredentials(t *testing.T) {
cfg.Authentication = &gittypes.GitAuthentication{Username: "user", Password: "s3cr3t"}
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
createGitStack(t, tx, &portainer.Stack{
ID: 1, Name: "secure-stack", GitConfig: cfg,
}))
})
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
return nil
}))
@@ -22,26 +22,26 @@ func TestWorkflowsList_StackStatusDerivation(t *testing.T) {
expectedStatus ce.Status
}{
{
name: "no deployment status healthy",
name: "no deployment status gives healthy",
expectedStatus: ce.StatusHealthy,
},
{
name: "active healthy",
name: "active gives healthy",
deployStatus: []portainer.StackDeploymentStatus{{Status: portainer.StackStatusActive}},
expectedStatus: ce.StatusHealthy,
},
{
name: "error error",
name: "error gives error",
deployStatus: []portainer.StackDeploymentStatus{{Status: portainer.StackStatusError}},
expectedStatus: ce.StatusError,
},
{
name: "deploying syncing",
name: "deploying gives syncing",
deployStatus: []portainer.StackDeploymentStatus{{Status: portainer.StackStatusDeploying}},
expectedStatus: ce.StatusSyncing,
},
{
name: "inactive paused",
name: "inactive gives paused",
deployStatus: []portainer.StackDeploymentStatus{{Status: portainer.StackStatusInactive}},
expectedStatus: ce.StatusPaused,
},
@@ -61,12 +61,12 @@ func TestWorkflowsList_StackStatusDerivation(t *testing.T) {
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
require.NoError(t, tx.Stack().Create(&portainer.Stack{
createGitStack(t, tx, &portainer.Stack{
ID: 1,
Name: "status-stack",
DeploymentStatus: tc.deployStatus,
GitConfig: gitConfig("https://github.com/x/y"),
}))
})
require.NoError(t, tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole}))
return nil
@@ -0,0 +1,92 @@
package workflows
import (
"net/http"
"net/http/httptest"
"testing"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/dataservices"
"github.com/portainer/portainer/api/datastore"
ce "github.com/portainer/portainer/api/gitops/workflows"
"github.com/portainer/portainer/api/http/security"
"github.com/segmentio/encoding/json"
"github.com/stretchr/testify/require"
)
func buildSummaryReq(t *testing.T, userID portainer.UserID, role portainer.UserRole) *http.Request {
t.Helper()
req := httptest.NewRequest(http.MethodGet, "/gitops/workflows/summary", nil)
ctx := security.StoreTokenData(req, &portainer.TokenData{ID: userID})
req = req.WithContext(ctx)
ctx = security.StoreRestrictedRequestContext(req, &security.RestrictedRequestContext{
UserID: userID,
IsAdmin: security.IsAdminRole(role),
})
return req.WithContext(ctx)
}
func decodeSummary(t *testing.T, rr *httptest.ResponseRecorder) ce.StatusSummary {
t.Helper()
require.Equal(t, http.StatusOK, rr.Code, "unexpected status: %s", rr.Body.String())
var s ce.StatusSummary
require.NoError(t, json.NewDecoder(rr.Body).Decode(&s))
return s
}
func TestWorkflowsSummary_Empty(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := NewHandler(store, nil, nil)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildSummaryReq(t, 1, portainer.AdministratorRole))
s := decodeSummary(t, rr)
require.Equal(t, ce.StatusSummary{}, s)
}
func TestWorkflowsSummary_CountsHealthyAndError(t *testing.T) {
t.Parallel()
_, store := datastore.MustNewTestStore(t, false, true)
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
// No deployment status, target healthy, effective status = healthy.
createGitStack(t, tx, &portainer.Stack{
ID: 1, Name: "healthy-stack",
GitConfig: gitConfig("https://github.com/x/1"),
})
// Error deployment status, target error, effective status = error.
createGitStack(t, tx, &portainer.Stack{
ID: 2, Name: "error-stack",
GitConfig: gitConfig("https://github.com/x/2"),
DeploymentStatus: []portainer.StackDeploymentStatus{{Status: portainer.StackStatusError}},
})
// Deploying deployment status, target syncing, effective status = syncing.
createGitStack(t, tx, &portainer.Stack{
ID: 3, Name: "syncing-stack",
GitConfig: gitConfig("https://github.com/x/3"),
DeploymentStatus: []portainer.StackDeploymentStatus{{Status: portainer.StackStatusDeploying}},
})
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
}))
h := NewHandler(store, nil, nil)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, buildSummaryReq(t, 1, portainer.AdministratorRole))
s := decodeSummary(t, rr)
require.Equal(t, 1, s.Healthy)
require.Equal(t, 1, s.Error)
require.Equal(t, 1, s.Syncing)
require.Zero(t, s.Paused)
require.Zero(t, s.Unknown)
}