Add tests for libgit2

Signed-off-by: Somtochi Onyekwere <[email protected]>

Author: somtochiama

pkg/git/gogit/transport.go

@@ -83,13 +83,12 @@ func (s *PublicKeyAuth) Method(secret corev1.Secret) (*git.Auth, error) {
 		return nil, fmt.Errorf("invalid '%s' secret data: required fields 'identity' and 'known_hosts'", secret.Name)
 	}
 
-	password := secret.Data["password"]
-
 	user := s.user
 	if user == "" {
 		user = git.DefaultPublicKeyAuthUser
 	}
 
+	password := secret.Data["password"]
 	pk, err := ssh.NewPublicKeys(user, identity, string(password))
 	if err != nil {
 		return nil, err

pkg/git/libgit2/transport.go

@@ -119,13 +119,13 @@ func (s *PublicKeyAuth) Method(secret corev1.Secret) (*git.Auth, error) {
 		return nil, err
 	}
 
-	password := secret.Data["password"]
 	// Need to validate private key as it is not
 	// done by git2go when loading the key
-	if len(password) == 0 {
-		_, err = ssh.ParsePrivateKey(identity)
-	} else {
+	password, ok := secret.Data["password"]
+	if ok {
 		_, err = ssh.ParsePrivateKeyWithPassphrase(identity, password)
+	} else {
+		_, err = ssh.ParsePrivateKey(identity)
 	}
 
 	if err != nil {

pkg/git/libgit2/transport_test.go

@@ -44,6 +44,21 @@ v2MYnxRjc9INpi/Dyzz2MMvOnOW+aDuOh/If2AtVCmeJUx1pf4CFk3viQwJBAKyC
 t824+evjv+NQBlme3AOF6PgxtV4D4wWoJ5Uk/dTejER0j/Hbl6sqPxuiILRRV9qJ
 Ngkgu4mLjc3RfenEhJECQAx8zjWUE6kHHPGAd9DfiAIQ4bChqnyS0Nwb9+Gd4hSE
 P0Ah10mHiK/M0o3T8Eanwum0gbQHPnOwqZgsPkwXRqQ=
+-----END RSA PRIVATE KEY-----`
+
+	// secretKeyFixture is a randomly generated
+	// 512bit RSA private key with password foobar.
+	secretPassphraseFixture = `-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,0B016973B2A761D31E6B388D0F327C35
+
+X9GET/qAyZkAJBl/RK+1XX75NxONgdUfZDw7PIYi/g+Efh3Z5zH5kh/dx9lxH5ZG
+HGCqPAeMO/ofGDGtDULWW6iqDUFRu5gPgEVSCnnbqoHNU325WHhXdhejVAItwObC
+IpL/zYfs2+gDHXct/n9FJ/9D/EGXZihwPqYaK8GQSfZAxz0QjLuh0wU1qpbm3y3N
+q+o9FLv3b2Ys/tCJOUsYVQOYLSrZEI77y1ii3nWgQ8lXiTJbBUKzuq4f1YWeO8Ah
+RZbdhTa57AF5lUaRtL7Nrm3HJUrK1alBbU7HHyjeW4Q4n/D3fiRDC1Mh2Bi4EOOn
+wGctSx4kHsZGhJv5qwKqqPEFPhUzph8D2tm2TABk8HJa5KJFDbGrcfvk2uODAoZr
+MbcpIxCfl8oB09bWfY6tDQjyvwSYYo2Phdwm7kT92xc=
 -----END RSA PRIVATE KEY-----`
 
 	// knownHostsFixture is known_hosts fixture in the expected
@@ -64,6 +79,13 @@ var (
 			"known_hosts": []byte(knownHostsFixture),
 		},
 	}
+	privateKeySecretWithPassphraseFixture = corev1.Secret{
+		Data: map[string][]byte{
+			"identity":    []byte(secretPassphraseFixture),
+			"known_hosts": []byte(knownHostsFixture),
+			"password":    []byte("foobar"),
+		},
+	}
 )
 
 func TestAuthSecretStrategyForURL(t *testing.T) {
@@ -126,10 +148,13 @@ func TestPublicKeyStrategy_Method(t *testing.T) {
 		wantErr bool
 	}{
 		{"private key and known_hosts", privateKeySecretFixture, nil, false},
+		{"private key with passphrase and known_hosts", privateKeySecretWithPassphraseFixture, nil, false},
 		{"missing private key", privateKeySecretFixture, func(s *corev1.Secret) { delete(s.Data, "identity") }, true},
 		{"invalid private key", privateKeySecretFixture, func(s *corev1.Secret) { s.Data["identity"] = []byte(`-----BEGIN RSA PRIVATE KEY-----`) }, true},
 		{"missing known_hosts", privateKeySecretFixture, func(s *corev1.Secret) { delete(s.Data, "known_hosts") }, true},
 		{"invalid known_hosts", privateKeySecretFixture, func(s *corev1.Secret) { s.Data["known_hosts"] = []byte(`invalid`) }, true},
+		{"missing password", privateKeySecretWithPassphraseFixture, func(s *corev1.Secret) { delete(s.Data, "password") }, true},
+		{"invalid password", privateKeySecretWithPassphraseFixture, func(s *corev1.Secret) { s.Data["password"] = []byte("foo") }, true},
 		{"empty", corev1.Secret{}, nil, true},
 	}
 	for _, tt := range tests {