Validate bbs2gh env vars in the generated script (#923)

<!--
For the checkboxes below you must check each one to indicate that you
either did the relevant task, or considered it and decided there was
nothing that needed doing
-->

- [x] Did you write/update appropriate tests
- [x] Release notes updated (if appropriate)
- [x] Appropriate logging output
- [x] Issue linked
- [x] Docs updated (or issue created)
- [x] New package licenses are added to `ThirdPartyNotices.txt` (if
applicable)

Implements part of #629 

Added some powershell to the start of the script generated by `bbs2gh
generate-script` that validates the proper environment variables are set
before executing the rest of the script.

This one was a bit trickier than `ado2gh` because depending on what args
you pass to `generate-script` the script will expect different sets of
env vars. This was the pseudocode I came up with before coding this up:
```
always validate GH_PAT
always validate BBS_PASSWORD unless args.Kerberos
if args.BbsUsername.IsNullOrWhitespace() and !args.Kerberos validate BBS_USERNAME
if args.AwsBucketName.HasValue() or args.AwsRegion.HasValue()
	Validate AWS_ACCESS_KEY_ID
	Validate AWS_SECRET_ACCESS_KEY
if AwsBucketName.IsNull and AwsRegion.IsNull
	Validate AZURE_STORAGE_CONNECTION_STRING
if SmbUser.HasValue
	Validate SMB_PASSWORD
```

These are all the various validation messages:
```
if (-not $env:GH_PAT) {
    Write-Error "GH_PAT environment variable must be set to a valid GitHub Personal Access Token with the appropriate scopes. For more information see https://docs.github.com/en/migrations/using-github-enterprise-importer/preparing-to-migrate-with-github-enterprise-importer/managing-access-for-github-enterprise-importer#creating-a-personal-access-token-for-github-enterprise-importer"
    exit 1
} else {
    Write-Host "GH_PAT environment variable is set and will be used to authenticate to GitHub."
}

if (-not $env:BBS_USERNAME) {
    Write-Error "BBS_USERNAME environment variable must be set to a valid user that will be used to call BBS API's to generate a migration archive."
    exit 1
} else {
    Write-Host "BBS_USERNAME environment variable is set and will be used to authenticate to BBS APIs."
}

if (-not $env:BBS_PASSWORD) {
    Write-Error "BBS_PASSWORD environment variable must be set to a valid password that will be used to call BBS API's to generate a migration archive."
    exit 1
} else {
    Write-Host "BBS_PASSWORD environment variable is set and will be used to authenticate to BBS APIs."
}

if (-not $env:AZURE_STORAGE_CONNECTION_STRING) {
    Write-Error "AZURE_STORAGE_CONNECTION_STRING environment variable must be set to a valid Azure Storage Connection String that will be used to upload the migration archive to Azure Blob Storage."
    exit 1
} else {
    Write-Host "AZURE_STORAGE_CONNECTION_STRING environment variable is set and will be used to upload the migration archive to Azure Blob Storage."
}

if (-not $env:AWS_ACCESS_KEY_ID) {
    Write-Error "AWS_ACCESS_KEY_ID environment variable must be set to a valid AWS Access Key ID that will be used to upload the migration archive to AWS S3."
    exit 1
} else {
    Write-Host "AWS_ACCESS_KEY_ID environment variable is set and will be used to upload the migration archive to AWS S3."
}

if (-not $env:AWS_SECRET_ACCESS_KEY) {
    Write-Error "AWS_SECRET_ACCESS_KEY environment variable must be set to a valid AWS Secret Access Key that will be used to upload the migration archive to AWS S3."
    exit 1
} else {
    Write-Host "AWS_SECRET_ACCESS_KEY environment variable is set and will be used to upload the migration archive to AWS S3."
}

if (-not $env:SMB_PASSWORD) {
    Write-Error "SMB_PASSWORD environment variable must be set to a valid password that will be used to download the migration archive from your BBS server using SMB."
    exit 1
} else {
    Write-Host "SMB_PASSWORD environment variable is set and will be used to download the migration archive from your BBS server using SMB."
}
```

Note: I updated this PR to target another PR branch (instead of main) so
the diff is correct for reviewers. Will retarget it to main once that
other PR merges.

<!--
For docs we should review the docs at:

https://docs.github.com/en/early-access/github/migrating-with-github-enterprise-importer
and the README.md in this repo

If a doc update is required based on the changes in this PR, it is
sufficient to create an issue and link to it here. The doc update can be
made later/separately.

The process to update the docs can be found here:
https://github.com/github/docs-early-access#opening-prs

The markdown files are here: 

https://github.com/github/docs-early-access/tree/main/content/github/migrating-with-github-enterprise-importer
-->

Author: dylan-smith

RELEASENOTES.md

@@ -2,5 +2,5 @@
 - Update `gh bbs2gh generate-script` so it supports more than 25 projects/repos
 - Rename `--bbs-project-key` to `--bbs-project` in `gh bbs2gh generate-script` for consistency
 - Fix a bug where `create-team` might not work due to a race condition
-- When using `gh ado2gh generate-script` the script will now validate that the necessary environment variables are set
+- When using `gh ado2gh generate-script` or `gh bbs2gh generate-script` the script will now validate that the necessary environment variables are set
 - Make API calls to GitHub.com that require pagination more resilient by retrying on HTTP failures

src/OctoshiftCLI.Tests/bbs2gh/Handlers/GenerateScriptCommandHandlerTests.cs

@@ -82,7 +82,211 @@ public async Task No_Projects()
         await _handler.Handle(args);
 
         // Assert
-        _mockFileSystemProvider.Verify(m => m.WriteAllTextAsync(It.IsAny<string>(), It.Is<string>(script => TrimNonExecutableLines(script, 9, 0) == "")));
+        _mockFileSystemProvider.Verify(m => m.WriteAllTextAsync(It.IsAny<string>(), It.Is<string>(script => TrimNonExecutableLines(script, 33, 0) == "")));
+    }
+
+    [Fact]
+    public async Task Validates_Env_Vars()
+    {
+        // Arrange
+        _mockBbsApi.Setup(m => m.GetProjects()).ReturnsAsync(Enumerable.Empty<(int Id, string Key, string Name)>());
+
+        // Act
+        var args = new GenerateScriptCommandArgs()
+        {
+            BbsServerUrl = BBS_SERVER_URL,
+            GithubOrg = GITHUB_ORG,
+            SshUser = SSH_USER,
+            SshPrivateKey = SSH_PRIVATE_KEY,
+            Output = new FileInfo(OUTPUT),
+        };
+        await _handler.Handle(args);
+
+        var expected = @"
+if (-not $env:GH_PAT) {
+    Write-Error ""GH_PAT environment variable must be set to a valid GitHub Personal Access Token with the appropriate scopes. For more information see https://docs.github.com/en/migrations/using-github-enterprise-importer/preparing-to-migrate-with-github-enterprise-importer/managing-access-for-github-enterprise-importer#creating-a-personal-access-token-for-github-enterprise-importer""
+    exit 1
+} else {
+    Write-Host ""GH_PAT environment variable is set and will be used to authenticate to GitHub.""
+}
+
+if (-not $env:BBS_PASSWORD) {
+    Write-Error ""BBS_PASSWORD environment variable must be set to a valid password that will be used to call Bitbucket Server/Data Center API's to generate a migration archive.""
+    exit 1
+} else {
+    Write-Host ""BBS_PASSWORD environment variable is set and will be used to authenticate to Bitbucket Server/Data Center APIs.""
+}
+
+if (-not $env:BBS_USERNAME) {
+    Write-Error ""BBS_USERNAME environment variable must be set to a valid user that will be used to call Bitbucket Server/Data Center API's to generate a migration archive.""
+    exit 1
+} else {
+    Write-Host ""BBS_USERNAME environment variable is set and will be used to authenticate to Bitbucket Server/Data Center APIs.""
+}
+
+if (-not $env:AZURE_STORAGE_CONNECTION_STRING) {
+    Write-Error ""AZURE_STORAGE_CONNECTION_STRING environment variable must be set to a valid Azure Storage Connection String that will be used to upload the migration archive to Azure Blob Storage.""
+    exit 1
+} else {
+    Write-Host ""AZURE_STORAGE_CONNECTION_STRING environment variable is set and will be used to upload the migration archive to Azure Blob Storage.""
+}";
+
+        // Assert
+        _mockFileSystemProvider.Verify(m => m.WriteAllTextAsync(It.IsAny<string>(), It.Is<string>(script => TrimNonExecutableLines(script, 9, 0) == TrimNonExecutableLines(expected, 0, 0))));
+    }
+
+    [Fact]
+    public async Task Validates_Env_Vars_BBS_USERNAME_Not_Validated_When_Passed_As_Arg()
+    {
+        // Arrange
+        _mockBbsApi.Setup(m => m.GetProjects()).ReturnsAsync(Enumerable.Empty<(int Id, string Key, string Name)>());
+
+        // Act
+        var args = new GenerateScriptCommandArgs()
+        {
+            BbsServerUrl = BBS_SERVER_URL,
+            GithubOrg = GITHUB_ORG,
+            SshUser = SSH_USER,
+            SshPrivateKey = SSH_PRIVATE_KEY,
+            Output = new FileInfo(OUTPUT),
+            BbsUsername = BBS_USERNAME,
+        };
+        await _handler.Handle(args);
+
+        var expected = @"
+if (-not $env:BBS_USERNAME) {
+    Write-Error ""BBS_USERNAME environment variable must be set to a valid user that will be used to call BBS API's to generate a migration archive.""
+    exit 1
+} else {
+    Write-Host ""BBS_USERNAME environment variable is set and will be used to authenticate to BBS APIs.""
+}";
+
+        // Assert
+        _mockFileSystemProvider.Verify(m => m.WriteAllTextAsync(It.IsAny<string>(), It.Is<string>(script => !TrimNonExecutableLines(script, 0, 0).Contains(TrimNonExecutableLines(expected, 0, 0)))));
+    }
+
+    [Fact]
+    public async Task Validates_Env_Vars_BBS_PASSWORD_Not_Validated_When_Kerberos()
+    {
+        // Arrange
+        _mockBbsApi.Setup(m => m.GetProjects()).ReturnsAsync(Enumerable.Empty<(int Id, string Key, string Name)>());
+
+        // Act
+        var args = new GenerateScriptCommandArgs()
+        {
+            BbsServerUrl = BBS_SERVER_URL,
+            GithubOrg = GITHUB_ORG,
+            SshUser = SSH_USER,
+            SshPrivateKey = SSH_PRIVATE_KEY,
+            Output = new FileInfo(OUTPUT),
+            Kerberos = true,
+        };
+        await _handler.Handle(args);
+
+        var expected = @"
+if (-not $env:BBS_PASSWORD) {
+    Write-Error ""BBS_PASSWORD environment variable must be set to a valid password that will be used to call BBS API's to generate a migration archive.""
+    exit 1
+} else {
+    Write-Host ""BBS_PASSWORD environment variable is set and will be used to authenticate to BBS APIs.""
+}";
+
+        // Assert
+        _mockFileSystemProvider.Verify(m => m.WriteAllTextAsync(It.IsAny<string>(), It.Is<string>(script => !TrimNonExecutableLines(script, 0, 0).Contains(TrimNonExecutableLines(expected, 0, 0)))));
+    }
+
+    [Fact]
+    public async Task Validates_Env_Vars_AWS()
+    {
+        // Arrange
+        _mockBbsApi.Setup(m => m.GetProjects()).ReturnsAsync(Enumerable.Empty<(int Id, string Key, string Name)>());
+
+        // Act
+        var args = new GenerateScriptCommandArgs()
+        {
+            BbsServerUrl = BBS_SERVER_URL,
+            GithubOrg = GITHUB_ORG,
+            SshUser = SSH_USER,
+            SshPrivateKey = SSH_PRIVATE_KEY,
+            AwsBucketName = AWS_BUCKET_NAME,
+            Output = new FileInfo(OUTPUT),
+        };
+        await _handler.Handle(args);
+
+        var expected = @"
+if (-not $env:AWS_ACCESS_KEY_ID) {
+    Write-Error ""AWS_ACCESS_KEY_ID environment variable must be set to a valid AWS Access Key ID that will be used to upload the migration archive to AWS S3.""
+    exit 1
+} else {
+    Write-Host ""AWS_ACCESS_KEY_ID environment variable is set and will be used to upload the migration archive to AWS S3.""
+}
+if (-not $env:AWS_SECRET_ACCESS_KEY) {
+    Write-Error ""AWS_SECRET_ACCESS_KEY environment variable must be set to a valid AWS Secret Access Key that will be used to upload the migration archive to AWS S3.""
+    exit 1
+} else {
+    Write-Host ""AWS_SECRET_ACCESS_KEY environment variable is set and will be used to upload the migration archive to AWS S3.""
+}";
+
+        // Assert
+        _mockFileSystemProvider.Verify(m => m.WriteAllTextAsync(It.IsAny<string>(), It.Is<string>(script => TrimNonExecutableLines(script, 0, 0).Contains(TrimNonExecutableLines(expected, 0, 0)))));
+    }
+
+    [Fact]
+    public async Task Validates_Env_Vars_AZURE_STORAGE_CONNECTION_STRING_Not_Validated_When_Aws()
+    {
+        // Arrange
+        _mockBbsApi.Setup(m => m.GetProjects()).ReturnsAsync(Enumerable.Empty<(int Id, string Key, string Name)>());
+
+        // Act
+        var args = new GenerateScriptCommandArgs()
+        {
+            BbsServerUrl = BBS_SERVER_URL,
+            GithubOrg = GITHUB_ORG,
+            SshUser = SSH_USER,
+            SshPrivateKey = SSH_PRIVATE_KEY,
+            Output = new FileInfo(OUTPUT),
+            AwsBucketName = AWS_BUCKET_NAME,
+        };
+        await _handler.Handle(args);
+
+        var expected = @"
+if (-not $env:AZURE_STORAGE_CONNECTION_STRING) {
+    Write-Error ""AZURE_STORAGE_CONNECTION_STRING environment variable must be set to a valid Azure Storage Connection String that will be used to upload the migration archive to Azure Blob Storage.""
+    exit 1
+} else {
+    Write-Host ""AZURE_STORAGE_CONNECTION_STRING environment variable is set and will be used to upload the migration archive to Azure Blob Storage.""
+}";
+
+        // Assert
+        _mockFileSystemProvider.Verify(m => m.WriteAllTextAsync(It.IsAny<string>(), It.Is<string>(script => !TrimNonExecutableLines(script, 0, 0).Contains(TrimNonExecutableLines(expected, 0, 0)))));
+    }
+
+    [Fact]
+    public async Task Validates_Env_Vars_SMB_PASSWORD()
+    {
+        // Arrange
+        _mockBbsApi.Setup(m => m.GetProjects()).ReturnsAsync(Enumerable.Empty<(int Id, string Key, string Name)>());
+
+        // Act
+        var args = new GenerateScriptCommandArgs()
+        {
+            BbsServerUrl = BBS_SERVER_URL,
+            GithubOrg = GITHUB_ORG,
+            Output = new FileInfo(OUTPUT),
+            SmbUser = SMB_USER,
+        };
+        await _handler.Handle(args);
+
+        var expected = @"
+if (-not $env:SMB_PASSWORD) {
+    Write-Error ""SMB_PASSWORD environment variable must be set to a valid password that will be used to download the migration archive from your BBS server using SMB.""
+    exit 1
+} else {
+    Write-Host ""SMB_PASSWORD environment variable is set and will be used to download the migration archive from your BBS server using SMB.""
+}";
+
+        // Assert
+        _mockFileSystemProvider.Verify(m => m.WriteAllTextAsync(It.IsAny<string>(), It.Is<string>(script => TrimNonExecutableLines(script, 0, 0).Contains(TrimNonExecutableLines(expected, 0, 0)))));
     }
 
     [Fact]
@@ -102,7 +306,7 @@ public async Task No_Repos()
         await _handler.Handle(args);
 
         // Assert
-        _mockFileSystemProvider.Verify(m => m.WriteAllTextAsync(It.IsAny<string>(), It.Is<string>(script => TrimNonExecutableLines(script, 9, 0) == "")));
+        _mockFileSystemProvider.Verify(m => m.WriteAllTextAsync(It.IsAny<string>(), It.Is<string>(script => TrimNonExecutableLines(script, 33, 0) == "")));
     }
 
     [Fact]
@@ -488,6 +692,7 @@ private string TrimNonExecutableLines(string script, int skipFirst = 9, int skip
             .Skip(skipFirst)
             .SkipLast(skipLast);
 
-        return string.Join(Environment.NewLine, lines);
+        var result = string.Join(Environment.NewLine, lines);
+        return result;
     }
 }

src/bbs2gh/Handlers/GenerateScriptCommandHandler.cs

@@ -64,6 +64,29 @@ private async Task<string> GenerateScript(GenerateScriptCommandArgs args)
         content.AppendLine(VersionComment);
         content.AppendLine(EXEC_FUNCTION_BLOCK);
 
+        content.AppendLine(VALIDATE_GH_PAT);
+        if (!args.Kerberos)
+        {
+            content.AppendLine(VALIDATE_BBS_PASSWORD);
+        }
+        if (args.BbsUsername.IsNullOrWhiteSpace() && !args.Kerberos)
+        {
+            content.AppendLine(VALIDATE_BBS_USERNAME);
+        }
+        if (args.AwsBucketName.HasValue() || args.AwsRegion.HasValue())
+        {
+            content.AppendLine(VALIDATE_AWS_ACCESS_KEY_ID);
+            content.AppendLine(VALIDATE_AWS_SECRET_ACCESS_KEY);
+        }
+        else
+        {
+            content.AppendLine(VALIDATE_AZURE_STORAGE_CONNECTION_STRING);
+        }
+        if (args.SmbUser.HasValue())
+        {
+            content.AppendLine(VALIDATE_SMB_PASSWORD);
+        }
+
         var projects = args.BbsProject.HasValue()
             ? new List<string>() { args.BbsProject }
             : (await _bbsApi.GetProjects()).Select(x => x.Key);
@@ -232,5 +255,54 @@ function Exec {
     if ($lastexitcode -ne 0) {
         exit $lastexitcode
     }
+}";
+    private const string VALIDATE_GH_PAT = @"
+if (-not $env:GH_PAT) {
+    Write-Error ""GH_PAT environment variable must be set to a valid GitHub Personal Access Token with the appropriate scopes. For more information see https://docs.github.com/en/migrations/using-github-enterprise-importer/preparing-to-migrate-with-github-enterprise-importer/managing-access-for-github-enterprise-importer#creating-a-personal-access-token-for-github-enterprise-importer""
+    exit 1
+} else {
+    Write-Host ""GH_PAT environment variable is set and will be used to authenticate to GitHub.""
+}";
+    private const string VALIDATE_BBS_USERNAME = @"
+if (-not $env:BBS_USERNAME) {
+    Write-Error ""BBS_USERNAME environment variable must be set to a valid user that will be used to call Bitbucket Server/Data Center API's to generate a migration archive.""
+    exit 1
+} else {
+    Write-Host ""BBS_USERNAME environment variable is set and will be used to authenticate to Bitbucket Server/Data Center APIs.""
+}";
+    private const string VALIDATE_BBS_PASSWORD = @"
+if (-not $env:BBS_PASSWORD) {
+    Write-Error ""BBS_PASSWORD environment variable must be set to a valid password that will be used to call Bitbucket Server/Data Center API's to generate a migration archive.""
+    exit 1
+} else {
+    Write-Host ""BBS_PASSWORD environment variable is set and will be used to authenticate to Bitbucket Server/Data Center APIs.""
+}";
+    private const string VALIDATE_AZURE_STORAGE_CONNECTION_STRING = @"
+if (-not $env:AZURE_STORAGE_CONNECTION_STRING) {
+    Write-Error ""AZURE_STORAGE_CONNECTION_STRING environment variable must be set to a valid Azure Storage Connection String that will be used to upload the migration archive to Azure Blob Storage.""
+    exit 1
+} else {
+    Write-Host ""AZURE_STORAGE_CONNECTION_STRING environment variable is set and will be used to upload the migration archive to Azure Blob Storage.""
+}";
+    private const string VALIDATE_AWS_ACCESS_KEY_ID = @"
+if (-not $env:AWS_ACCESS_KEY_ID) {
+    Write-Error ""AWS_ACCESS_KEY_ID environment variable must be set to a valid AWS Access Key ID that will be used to upload the migration archive to AWS S3.""
+    exit 1
+} else {
+    Write-Host ""AWS_ACCESS_KEY_ID environment variable is set and will be used to upload the migration archive to AWS S3.""
+}";
+    private const string VALIDATE_AWS_SECRET_ACCESS_KEY = @"
+if (-not $env:AWS_SECRET_ACCESS_KEY) {
+    Write-Error ""AWS_SECRET_ACCESS_KEY environment variable must be set to a valid AWS Secret Access Key that will be used to upload the migration archive to AWS S3.""
+    exit 1
+} else {
+    Write-Host ""AWS_SECRET_ACCESS_KEY environment variable is set and will be used to upload the migration archive to AWS S3.""
+}";
+    private const string VALIDATE_SMB_PASSWORD = @"
+if (-not $env:SMB_PASSWORD) {
+    Write-Error ""SMB_PASSWORD environment variable must be set to a valid password that will be used to download the migration archive from your BBS server using SMB.""
+    exit 1
+} else {
+    Write-Host ""SMB_PASSWORD environment variable is set and will be used to download the migration archive from your BBS server using SMB.""
 }";
 }