feat(gitops): tidy up git auth [BE-12666] (#2026)
This commit is contained in:
+65
-67
@@ -10,7 +10,9 @@ import (
|
||||
gittypes "github.com/portainer/portainer/api/git/types"
|
||||
|
||||
"github.com/go-git/go-git/v5"
|
||||
"github.com/go-git/go-git/v5/plumbing"
|
||||
"github.com/go-git/go-git/v5/plumbing/object"
|
||||
githttp "github.com/go-git/go-git/v5/plumbing/transport/http"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
@@ -20,7 +22,7 @@ func setup(t *testing.T) string {
|
||||
dir := t.TempDir()
|
||||
bareRepoDir := filepath.Join(dir, "test-clone.git")
|
||||
|
||||
file, err := os.OpenFile("./testdata/test-clone-git-repo.tar.gz", os.O_RDONLY, 0755)
|
||||
file, err := os.OpenFile("./testdata/test-clone-git-repo.tar.gz", os.O_RDONLY, 0o755)
|
||||
if err != nil {
|
||||
t.Fatal(errors.Wrap(err, "failed to open an archive"))
|
||||
}
|
||||
@@ -39,7 +41,7 @@ func Test_ClonePublicRepository_Shallow(t *testing.T) {
|
||||
|
||||
dir := t.TempDir()
|
||||
t.Logf("Cloning into %s", dir)
|
||||
err := service.CloneRepository(dir, repositoryURL, referenceName, "", "", gittypes.GitCredentialAuthType_Basic, false)
|
||||
err := service.CloneRepository(dir, repositoryURL, referenceName, "", "", false)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, 1, getCommitHistoryLength(t, dir), "cloned repo has incorrect depth")
|
||||
}
|
||||
@@ -51,41 +53,18 @@ func Test_ClonePublicRepository_NoGitDirectory(t *testing.T) {
|
||||
|
||||
dir := t.TempDir()
|
||||
t.Logf("Cloning into %s", dir)
|
||||
err := service.CloneRepository(dir, repositoryURL, referenceName, "", "", gittypes.GitCredentialAuthType_Basic, false)
|
||||
err := service.CloneRepository(dir, repositoryURL, referenceName, "", "", false)
|
||||
require.NoError(t, err)
|
||||
assert.NoDirExists(t, filepath.Join(dir, ".git"))
|
||||
}
|
||||
|
||||
func Test_cloneRepository(t *testing.T) {
|
||||
service := Service{git: NewGitClient(true)} // no need for http client since the test access the repo via file system.
|
||||
|
||||
repositoryURL := setup(t)
|
||||
referenceName := "refs/heads/main"
|
||||
|
||||
dir := t.TempDir()
|
||||
t.Logf("Cloning into %s", dir)
|
||||
|
||||
err := service.cloneRepository(dir, cloneOption{
|
||||
fetchOption: fetchOption{
|
||||
baseOption: baseOption{
|
||||
repositoryUrl: repositoryURL,
|
||||
},
|
||||
referenceName: referenceName,
|
||||
},
|
||||
depth: 10,
|
||||
})
|
||||
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, 4, getCommitHistoryLength(t, dir), "cloned repo has incorrect depth")
|
||||
}
|
||||
|
||||
func Test_latestCommitID(t *testing.T) {
|
||||
service := Service{git: NewGitClient(true)} // no need for http client since the test access the repo via file system.
|
||||
|
||||
repositoryURL := setup(t)
|
||||
referenceName := "refs/heads/main"
|
||||
|
||||
id, err := service.LatestCommitID(repositoryURL, referenceName, "", "", gittypes.GitCredentialAuthType_Basic, false)
|
||||
id, err := service.LatestCommitID(repositoryURL, referenceName, "", "", false)
|
||||
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, "68dcaa7bd452494043c64252ab90db0f98ecf8d2", id)
|
||||
@@ -96,7 +75,7 @@ func Test_ListRefs(t *testing.T) {
|
||||
|
||||
repositoryURL := setup(t)
|
||||
|
||||
fs, err := service.ListRefs(repositoryURL, "", "", gittypes.GitCredentialAuthType_Basic, false, false)
|
||||
fs, err := service.ListRefs(repositoryURL, "", "", false, false)
|
||||
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, []string{"refs/heads/main"}, fs)
|
||||
@@ -113,7 +92,6 @@ func Test_ListFiles(t *testing.T) {
|
||||
referenceName,
|
||||
"",
|
||||
"",
|
||||
gittypes.GitCredentialAuthType_Basic,
|
||||
false,
|
||||
false,
|
||||
[]string{".yml"},
|
||||
@@ -154,6 +132,12 @@ func Test_listRefsPrivateRepository(t *testing.T) {
|
||||
|
||||
client := NewGitClient(false)
|
||||
|
||||
type args struct {
|
||||
repositoryUrl string
|
||||
username string
|
||||
password string
|
||||
}
|
||||
|
||||
type expectResult struct {
|
||||
err error
|
||||
refsCount int
|
||||
@@ -161,12 +145,12 @@ func Test_listRefsPrivateRepository(t *testing.T) {
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
args baseOption
|
||||
args args
|
||||
expect expectResult
|
||||
}{
|
||||
{
|
||||
name: "list refs of a real private repository",
|
||||
args: baseOption{
|
||||
args: args{
|
||||
repositoryUrl: privateGitRepoURL,
|
||||
username: username,
|
||||
password: accessToken,
|
||||
@@ -178,7 +162,7 @@ func Test_listRefsPrivateRepository(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "list refs of a real private repository with incorrect credential",
|
||||
args: baseOption{
|
||||
args: args{
|
||||
repositoryUrl: privateGitRepoURL,
|
||||
username: "test-username",
|
||||
password: "test-token",
|
||||
@@ -189,7 +173,7 @@ func Test_listRefsPrivateRepository(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "list refs of a fake repository without providing credential",
|
||||
args: baseOption{
|
||||
args: args{
|
||||
repositoryUrl: privateGitRepoURL + "fake",
|
||||
username: "",
|
||||
password: "",
|
||||
@@ -200,7 +184,7 @@ func Test_listRefsPrivateRepository(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "list refs of a fake repository",
|
||||
args: baseOption{
|
||||
args: args{
|
||||
repositoryUrl: privateGitRepoURL + "fake",
|
||||
username: username,
|
||||
password: accessToken,
|
||||
@@ -213,7 +197,14 @@ func Test_listRefsPrivateRepository(t *testing.T) {
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
refs, err := client.listRefs(context.TODO(), tt.args)
|
||||
option := &git.ListOptions{}
|
||||
if tt.args.username != "" || tt.args.password != "" {
|
||||
option.Auth = &githttp.BasicAuth{
|
||||
Username: tt.args.username,
|
||||
Password: tt.args.password,
|
||||
}
|
||||
}
|
||||
refs, err := client.ListRefs(context.TODO(), tt.args.repositoryUrl, option)
|
||||
if tt.expect.err == nil {
|
||||
require.NoError(t, err)
|
||||
if tt.expect.refsCount > 0 {
|
||||
@@ -232,6 +223,13 @@ func Test_listFilesPrivateRepository(t *testing.T) {
|
||||
|
||||
client := NewGitClient(false)
|
||||
|
||||
type args struct {
|
||||
repositoryUrl string
|
||||
referenceName string
|
||||
username string
|
||||
password string
|
||||
}
|
||||
|
||||
type expectResult struct {
|
||||
shouldFail bool
|
||||
err error
|
||||
@@ -243,18 +241,16 @@ func Test_listFilesPrivateRepository(t *testing.T) {
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
args fetchOption
|
||||
args args
|
||||
expect expectResult
|
||||
}{
|
||||
{
|
||||
name: "list tree with real repository and head ref but incorrect credential",
|
||||
args: fetchOption{
|
||||
baseOption: baseOption{
|
||||
repositoryUrl: privateGitRepoURL,
|
||||
username: "test-username",
|
||||
password: "test-token",
|
||||
},
|
||||
args: args{
|
||||
repositoryUrl: privateGitRepoURL,
|
||||
referenceName: "refs/heads/main",
|
||||
username: "test-username",
|
||||
password: "test-token",
|
||||
},
|
||||
expect: expectResult{
|
||||
shouldFail: true,
|
||||
@@ -263,13 +259,11 @@ func Test_listFilesPrivateRepository(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "list tree with real repository and head ref but no credential",
|
||||
args: fetchOption{
|
||||
baseOption: baseOption{
|
||||
repositoryUrl: privateGitRepoURL,
|
||||
username: "",
|
||||
password: "",
|
||||
},
|
||||
args: args{
|
||||
repositoryUrl: privateGitRepoURL,
|
||||
referenceName: "refs/heads/main",
|
||||
username: "",
|
||||
password: "",
|
||||
},
|
||||
expect: expectResult{
|
||||
shouldFail: true,
|
||||
@@ -278,13 +272,11 @@ func Test_listFilesPrivateRepository(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "list tree with real repository and head ref",
|
||||
args: fetchOption{
|
||||
baseOption: baseOption{
|
||||
repositoryUrl: privateGitRepoURL,
|
||||
username: username,
|
||||
password: accessToken,
|
||||
},
|
||||
args: args{
|
||||
repositoryUrl: privateGitRepoURL,
|
||||
referenceName: "refs/heads/main",
|
||||
username: username,
|
||||
password: accessToken,
|
||||
},
|
||||
expect: expectResult{
|
||||
err: nil,
|
||||
@@ -293,13 +285,11 @@ func Test_listFilesPrivateRepository(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "list tree with real repository but non-existing ref",
|
||||
args: fetchOption{
|
||||
baseOption: baseOption{
|
||||
repositoryUrl: privateGitRepoURL,
|
||||
username: username,
|
||||
password: accessToken,
|
||||
},
|
||||
args: args{
|
||||
repositoryUrl: privateGitRepoURL,
|
||||
referenceName: "refs/fake/feature",
|
||||
username: username,
|
||||
password: accessToken,
|
||||
},
|
||||
expect: expectResult{
|
||||
shouldFail: true,
|
||||
@@ -307,13 +297,11 @@ func Test_listFilesPrivateRepository(t *testing.T) {
|
||||
},
|
||||
{
|
||||
name: "list tree with fake repository ",
|
||||
args: fetchOption{
|
||||
baseOption: baseOption{
|
||||
repositoryUrl: privateGitRepoURL + "fake",
|
||||
username: username,
|
||||
password: accessToken,
|
||||
},
|
||||
args: args{
|
||||
repositoryUrl: privateGitRepoURL + "fake",
|
||||
referenceName: "refs/fake/feature",
|
||||
username: username,
|
||||
password: accessToken,
|
||||
},
|
||||
expect: expectResult{
|
||||
shouldFail: true,
|
||||
@@ -324,7 +312,17 @@ func Test_listFilesPrivateRepository(t *testing.T) {
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
paths, err := client.listFiles(context.TODO(), tt.args)
|
||||
option := &git.CloneOptions{
|
||||
URL: tt.args.repositoryUrl,
|
||||
ReferenceName: plumbing.ReferenceName(tt.args.referenceName),
|
||||
}
|
||||
if tt.args.username != "" || tt.args.password != "" {
|
||||
option.Auth = &githttp.BasicAuth{
|
||||
Username: tt.args.username,
|
||||
Password: tt.args.password,
|
||||
}
|
||||
}
|
||||
paths, err := client.ListFiles(context.TODO(), false, option)
|
||||
if tt.expect.shouldFail {
|
||||
require.Error(t, err)
|
||||
if tt.expect.err != nil {
|
||||
|
||||
Reference in New Issue
Block a user