internal/git: add tests for auth method helpers

hiddeco · hiddeco · commit 594cfd0b13be · 2020-04-13T16:51:24.000+02:00
diff --git a/internal/git/transport_test.go b/internal/git/transport_test.go
@@ -0,0 +1,143 @@
+package git
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/go-git/go-git/v5/plumbing/transport"
+	"github.com/go-git/go-git/v5/plumbing/transport/http"
+	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
+	corev1 "k8s.io/api/core/v1"
+)
+
+const (
+	// secretKeyFixture is a randomly generated password less
+	// 512bit RSA private key.
+	secretKeyFixture string = `-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCrakELAKxozvwJijQEggYlTvS1QTZx1DaBwOhW/4kRSuR21plu
+xuQeyuUiztoWeb9jgW7wjzG4j1PIJjdbsgjPIcIZ4PBY7JeEW+QRopfwuN8MHXNp
+uTLgIHbkmhoOg5qBEcjzO/lEOOPpV0EmbObgqv3+wRmLJrgfzWl/cTtRewIDAQAB
+AoGAawKFImpEN5Xn78iwWpQVZBsbV0AjzgHuGSiloxIZrorzf2DPHkHZzYNaclVx
+/o/4tBTsfg7WumH3qr541qyZJDgU7iRMABwmx0v1vm2wQiX7NJzLzH2E9vlMC3mw
+d8S99g9EqRuNH98XX8su34B9WGRPqiKvEm0RW8Hideo2/KkCQQDbs6rHcriKQyPB
+paidHZAfguu0eVbyHT2EgLgRboWE+tEAqFEW2ycqNL3VPz9fRvwexbB6rpOcPpQJ
+DEL4XB2XAkEAx7xJz8YlCQ2H38xggK8R8EUXF9Zhb0fqMJHMNmao1HCHVMtbsa8I
+jR2EGyQ4CaIqNG5tdWukXQSJrPYDRWNvvQJAZX3rP7XUYDLB2twvN12HzbbKMhX3
+v2MYnxRjc9INpi/Dyzz2MMvOnOW+aDuOh/If2AtVCmeJUx1pf4CFk3viQwJBAKyC
+t824+evjv+NQBlme3AOF6PgxtV4D4wWoJ5Uk/dTejER0j/Hbl6sqPxuiILRRV9qJ
+Ngkgu4mLjc3RfenEhJECQAx8zjWUE6kHHPGAd9DfiAIQ4bChqnyS0Nwb9+Gd4hSE
+P0Ah10mHiK/M0o3T8Eanwum0gbQHPnOwqZgsPkwXRqQ=
+-----END RSA PRIVATE KEY-----`
+
+	// knownHostsFixture is known_hosts fixture in the expected
+	// format.
+	knownHostsFixture string = `github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==`
+)
+
+var (
+	basicAuthSecretFixture = corev1.Secret{
+		Data: map[string][]byte{
+			"username": []byte("git"),
+			"password": []byte("password"),
+		},
+	}
+	privateKeySecretFixture = corev1.Secret{
+		Data: map[string][]byte{
+			"identity":    []byte(secretKeyFixture),
+			"known_hosts": []byte(knownHostsFixture),
+		},
+	}
+)
+
+func TestAuthMethodFromSecret(t *testing.T) {
+	tests := []struct {
+		name    string
+		url     string
+		secret  corev1.Secret
+		want    transport.AuthMethod
+		wantErr bool
+	}{
+		{"HTTP", "http://git.example.com/org/repo.git", basicAuthSecretFixture, &http.BasicAuth{}, false},
+		{"HTTPS", "https://git.example.com/org/repo.git", basicAuthSecretFixture, &http.BasicAuth{}, false},
+		{"SSH", "ssh://git.example.com:2222/org/repo.git", privateKeySecretFixture,  &ssh.PublicKeys{}, false},
+		{"unsupported", "protocol://git.example.com/org/repo.git", corev1.Secret{}, nil, false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, cleanup, err := AuthMethodFromSecret(tt.url, tt.secret)
+			if cleanup != nil {
+				defer cleanup()
+			}
+			if (err != nil) != tt.wantErr {
+				t.Errorf("AuthMethodFromSecret() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if reflect.TypeOf(got) != reflect.TypeOf(tt.want) {
+				t.Errorf("AuthMethodFromSecret() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestBasicAuthFromSecret(t *testing.T) {
+	tests := []struct {
+		name    string
+		secret  corev1.Secret
+		modify 	func(secret *corev1.Secret)
+		want    *http.BasicAuth
+		wantErr bool
+	}{
+		{"username and password", basicAuthSecretFixture, nil, &http.BasicAuth{Username: "git", Password: "password"}, false},
+		{"without username", basicAuthSecretFixture, func(s *corev1.Secret) { delete(s.Data, "username")}, nil, true},
+		{"without password", basicAuthSecretFixture, func(s *corev1.Secret) { delete(s.Data, "password")}, nil, true},
+		{"empty", corev1.Secret{}, nil, nil, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			secret := tt.secret.DeepCopy()
+			if tt.modify != nil {
+				tt.modify(secret)
+			}
+			got, err := BasicAuthFromSecret(*secret)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("BasicAuthFromSecret() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("BasicAuthFromSecret() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestPublicKeysFromSecret(t *testing.T) {
+	tests := []struct {
+		name    string
+		secret  corev1.Secret
+		modify 	func(secret *corev1.Secret)
+		wantErr bool
+	}{
+		{"private key and known_hosts", privateKeySecretFixture, nil, false},
+		{"missing private key", privateKeySecretFixture, func(s *corev1.Secret) { delete(s.Data, "identity") }, true},
+		{"invalid private key", privateKeySecretFixture, func(s *corev1.Secret) { s.Data["identity"] = []byte(`-----BEGIN RSA PRIVATE KEY-----`) }, true},
+		{"missing known_hosts", privateKeySecretFixture, func(s *corev1.Secret) { delete(s.Data, "known_hosts") }, true},
+		{"invalid known_hosts", privateKeySecretFixture, func(s *corev1.Secret) { s.Data["known_hosts"] = []byte(`invalid`) }, true},
+		{"empty", corev1.Secret{}, nil, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			secret := tt.secret.DeepCopy()
+			if tt.modify != nil {
+				tt.modify(secret)
+			}
+			_, cleanup, err := PublicKeysFromSecret(*secret)
+			if cleanup != nil {
+				defer cleanup()
+			}
+			if (err != nil) != tt.wantErr {
+				t.Errorf("PublicKeysFromSecret() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+		})
+	}
+}
