Skip to content

Commit b549fec

Browse files
stefanprodanstefanprodan
committed
Add tests for Git mutual TLS
Signed-off-by: Stefan Prodan <[email protected]>
1 parent c1b3251 commit b549fec

File tree

1 file changed

+57
-0
lines changed

1 file changed

+57
-0
lines changed

internal/controller/gitrepository_controller_test.go

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -386,6 +386,63 @@ func TestGitRepositoryReconciler_reconcileSource_authStrategy(t *testing.T) {
386386
*conditions.UnknownCondition(meta.ReadyCondition, meta.ProgressingReason, "building artifact: new upstream revision 'master@sha1:<commit>'"),
387387
},
388388
},
389+
{
390+
name: "HTTPS with mutual TLS makes Reconciling=True",
391+
protocol: "https",
392+
server: options{
393+
publicKey: tlsPublicKey,
394+
privateKey: tlsPrivateKey,
395+
ca: tlsCA,
396+
},
397+
secret: &corev1.Secret{
398+
ObjectMeta: metav1.ObjectMeta{
399+
Name: "mtls-certs",
400+
},
401+
Data: map[string][]byte{
402+
"ca.crt": tlsCA,
403+
"tls.crt": clientPublicKey,
404+
"tls.key": clientPrivateKey,
405+
},
406+
},
407+
beforeFunc: func(obj *sourcev1.GitRepository) {
408+
obj.Spec.SecretRef = &meta.LocalObjectReference{Name: "mtls-certs"}
409+
},
410+
want: sreconcile.ResultSuccess,
411+
assertConditions: []metav1.Condition{
412+
*conditions.TrueCondition(meta.ReconcilingCondition, meta.ProgressingReason, "building artifact: new upstream revision 'master@sha1:<commit>'"),
413+
*conditions.UnknownCondition(meta.ReadyCondition, meta.ProgressingReason, "building artifact: new upstream revision 'master@sha1:<commit>'"),
414+
},
415+
},
416+
{
417+
name: "HTTPS with mutual TLS and invalid private key makes CheckoutFailed=True and returns error",
418+
protocol: "https",
419+
server: options{
420+
publicKey: tlsPublicKey,
421+
privateKey: tlsPrivateKey,
422+
ca: tlsCA,
423+
},
424+
secret: &corev1.Secret{
425+
ObjectMeta: metav1.ObjectMeta{
426+
Name: "invalid-mtls-certs",
427+
},
428+
Data: map[string][]byte{
429+
"ca.crt": tlsCA,
430+
"tls.crt": clientPublicKey,
431+
"tls.key": []byte("invalid"),
432+
},
433+
},
434+
beforeFunc: func(obj *sourcev1.GitRepository) {
435+
obj.Spec.SecretRef = &meta.LocalObjectReference{Name: "invalid-mtls-certs"}
436+
conditions.MarkReconciling(obj, meta.ProgressingReason, "foo")
437+
conditions.MarkUnknown(obj, meta.ReadyCondition, meta.ProgressingReason, "foo")
438+
},
439+
wantErr: true,
440+
assertConditions: []metav1.Condition{
441+
*conditions.TrueCondition(sourcev1.FetchFailedCondition, sourcev1.GitOperationFailedReason, "tls: failed to find any PEM data in key input"),
442+
*conditions.TrueCondition(meta.ReconcilingCondition, meta.ProgressingReason, "foo"),
443+
*conditions.UnknownCondition(meta.ReadyCondition, meta.ProgressingReason, "foo"),
444+
},
445+
},
389446
{
390447
name: "HTTPS with CAFile secret makes Reconciling=True",
391448
protocol: "https",

0 commit comments

Comments
 (0)