319 lines
8.7 KiB
Go
319 lines
8.7 KiB
Go
package controllers
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/go-logr/logr"
|
|
libgit2 "github.com/libgit2/git2go/v33"
|
|
. "github.com/onsi/gomega"
|
|
"k8s.io/apimachinery/pkg/types"
|
|
|
|
"github.com/fluxcd/pkg/gittestserver"
|
|
"github.com/fluxcd/source-controller/pkg/git"
|
|
)
|
|
|
|
func populateRepoFromFixture(repo *libgit2.Repository, fixture string) error {
|
|
absFixture, err := filepath.Abs(fixture)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if err := filepath.Walk(absFixture, func(path string, info os.FileInfo, err error) error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if info.IsDir() {
|
|
return os.MkdirAll(filepath.Join(path[len(fixture):]), info.Mode())
|
|
}
|
|
// copy symlinks as-is, so I can test what happens with broken symlinks
|
|
if info.Mode()&os.ModeSymlink > 0 {
|
|
target, err := os.Readlink(path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return os.Symlink(target, path[len(fixture):])
|
|
}
|
|
|
|
fileBytes, err := os.ReadFile(path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
ff, err := os.Create(path[len(fixture):])
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer ff.Close()
|
|
|
|
_, err = ff.Write(fileBytes)
|
|
return err
|
|
}); err != nil {
|
|
return err
|
|
}
|
|
|
|
sig := &libgit2.Signature{
|
|
Name: "Testbot",
|
|
Email: "test@example.com",
|
|
When: time.Now(),
|
|
}
|
|
|
|
if _, err := commitWorkDir(repo, "main", "Initial revision from "+fixture, sig); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func TestRepoForFixture(t *testing.T) {
|
|
tmp, err := os.MkdirTemp("", "flux-test")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
defer os.RemoveAll(tmp)
|
|
|
|
repo, err := initGitRepoPlain("testdata/pathconfig", tmp)
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
repo.Free()
|
|
}
|
|
|
|
func TestIgnoreBrokenSymlink(t *testing.T) {
|
|
// init a git repo in the filesystem so we can operate on files there
|
|
tmp, err := os.MkdirTemp("", "flux-test")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
defer os.RemoveAll(tmp)
|
|
|
|
repo, err := initGitRepoPlain("testdata/brokenlink", tmp)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
_, err = commitChangedManifests(logr.Discard(), repo, tmp, nil, nil, "unused")
|
|
if err != errNoChanges {
|
|
t.Fatalf("expected no changes but got: %v", err)
|
|
}
|
|
}
|
|
|
|
// this is a hook script that will reject a ref update for a branch
|
|
// that's not `main`
|
|
const rejectBranch = `
|
|
if [ "$1" != "refs/heads/main" ]; then
|
|
echo "*** Rejecting push to non-main branch $1" >&2
|
|
exit 1
|
|
fi
|
|
`
|
|
|
|
func TestPushRejected(t *testing.T) {
|
|
// Check that pushing to a repository which rejects a ref update
|
|
// results in an error. Why would a repo reject an update? If yu
|
|
// use e.g., branch protection in GitHub, this is what happens --
|
|
// see
|
|
// https://github.com/fluxcd/image-automation-controller/issues/194.
|
|
|
|
branch := "push-branch"
|
|
|
|
gitServer, err := gittestserver.NewTempGitServer()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
gitServer.AutoCreate()
|
|
gitServer.InstallUpdateHook(rejectBranch)
|
|
|
|
if err = gitServer.StartHTTP(); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// We use "test" as the branch to init repo, to avoid potential conflicts
|
|
// with the default branch(main/master) of the system this test is running
|
|
// on. If, for e.g., we used main as the branch and the default branch is
|
|
// supposed to be main, this will fail as this would try to create a branch
|
|
// named main explicitly.
|
|
if err = initGitRepo(gitServer, "testdata/appconfig", "test", "/appconfig.git"); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
repoURL := gitServer.HTTPAddressWithCredentials() + "/appconfig.git"
|
|
cloneCtx, cancel := context.WithTimeout(ctx, time.Second*10)
|
|
defer cancel()
|
|
repo, err := clone(cloneCtx, repoURL, "test", nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
defer repo.Free()
|
|
|
|
cleanup, err := configureTransportOptsForRepo(repo, nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
defer cleanup()
|
|
|
|
// This is here to guard against push in general being broken
|
|
err = push(context.TODO(), repo.Workdir(), "test", repoAccess{})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// This is not under test, but needed for the next bit
|
|
if err = repo.SetHead(fmt.Sprintf("refs/heads/%s", branch)); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// This is supposed to fail, because the hook rejects the branch
|
|
// pushed to.
|
|
err = push(context.TODO(), repo.Workdir(), branch, repoAccess{})
|
|
if err == nil {
|
|
t.Error("push to a forbidden branch is expected to fail, but succeeded")
|
|
}
|
|
}
|
|
|
|
func TestEarlyEOF(t *testing.T) {
|
|
g := NewWithT(t)
|
|
|
|
gitServer, err := gittestserver.NewTempGitServer()
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
defer os.RemoveAll(gitServer.Root())
|
|
|
|
username := "norris"
|
|
password := "chuck"
|
|
|
|
gitServer.
|
|
AutoCreate().
|
|
KeyDir(filepath.Join(t.TempDir(), "keys")).
|
|
Auth(username, password).
|
|
ReadOnly(true)
|
|
|
|
err = gitServer.StartHTTP()
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
|
|
err = initGitRepo(gitServer, "testdata/appconfig", "test", "/appconfig.git")
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
|
|
repoURL := gitServer.HTTPAddressWithCredentials() + "/appconfig.git"
|
|
cloneCtx, cancel := context.WithTimeout(ctx, time.Second*10)
|
|
defer cancel()
|
|
|
|
access := repoAccess{
|
|
auth: &git.AuthOptions{
|
|
Username: username,
|
|
Password: password,
|
|
},
|
|
}
|
|
|
|
repo, err := clone(cloneCtx, repoURL, "test", access.auth)
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
|
|
defer repo.Free()
|
|
|
|
cleanup, err := configureTransportOptsForRepo(repo, access.auth)
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
|
|
defer cleanup()
|
|
|
|
err = push(context.TODO(), repo.Workdir(), "test", access)
|
|
g.Expect(err).To(HaveOccurred())
|
|
g.Expect(err.Error()).To(ContainSubstring("early EOF (the SSH key may not have write access to the repository)"))
|
|
}
|
|
|
|
func Test_switchToBranch(t *testing.T) {
|
|
g := NewWithT(t)
|
|
gitServer, err := gittestserver.NewTempGitServer()
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
gitServer.AutoCreate()
|
|
g.Expect(gitServer.StartHTTP()).To(Succeed())
|
|
|
|
// We use "test" as the branch to init repo, to avoid potential conflicts
|
|
// with the default branch(main/master) of the system this test is running
|
|
// on. If, for e.g., we used main as the branch and the default branch is
|
|
// supposed to be main, this will fail as this would try to create a branch
|
|
// named main explicitly.
|
|
branch := "test"
|
|
g.Expect(initGitRepo(gitServer, "testdata/appconfig", branch, "/appconfig.git")).To(Succeed())
|
|
|
|
repoURL := gitServer.HTTPAddressWithCredentials() + "/appconfig.git"
|
|
cloneCtx, cancel := context.WithTimeout(ctx, time.Second*10)
|
|
defer cancel()
|
|
repo, err := clone(cloneCtx, repoURL, branch, nil)
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
defer repo.Free()
|
|
|
|
head, err := repo.Head()
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
defer head.Free()
|
|
target := head.Target()
|
|
|
|
// register transport options and update remote to transport url
|
|
cleanup, err := configureTransportOptsForRepo(repo, nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
defer cleanup()
|
|
|
|
// calling switchToBranch with a branch that doesn't exist on origin
|
|
// should result in the branch being created and switched to.
|
|
branch = "not-on-origin"
|
|
switchToBranch(repo, context.TODO(), branch, repoAccess{})
|
|
|
|
head, err = repo.Head()
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
name, err := head.Branch().Name()
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
g.Expect(name).To(Equal(branch))
|
|
|
|
cc, err := repo.LookupCommit(head.Target())
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
defer cc.Free()
|
|
g.Expect(cc.Id().String()).To(Equal(target.String()))
|
|
|
|
// create a branch with the HEAD commit and push it to origin
|
|
branch = "exists-on-origin"
|
|
_, err = repo.CreateBranch(branch, cc, false)
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
origin, err := repo.Remotes.Lookup(originRemote)
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
defer origin.Free()
|
|
|
|
g.Expect(origin.Push(
|
|
[]string{fmt.Sprintf("refs/heads/%s:refs/heads/%s", branch, branch)}, &libgit2.PushOptions{},
|
|
)).To(Succeed())
|
|
|
|
// push a new commit to the branch. this is done to test whether we properly
|
|
// sync our local branch with the remote branch, before switching.
|
|
policyKey := types.NamespacedName{
|
|
Name: "policy",
|
|
Namespace: "ns",
|
|
}
|
|
commitID := commitInRepo(g, repoURL, branch, "Install setter marker", func(tmp string) {
|
|
g.Expect(replaceMarker(tmp, policyKey)).To(Succeed())
|
|
})
|
|
|
|
// calling switchToBranch with a branch that exists should make sure to fetch latest
|
|
// for that branch from origin, and then switch to it.
|
|
switchToBranch(repo, context.TODO(), branch, repoAccess{})
|
|
head, err = repo.Head()
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
name, err = head.Branch().Name()
|
|
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
g.Expect(name).To(Equal(branch))
|
|
g.Expect(head.Target().String()).To(Equal(commitID.String()))
|
|
|
|
// push a commit after switching to the branch, to check if the local
|
|
// branch is synced with origin.
|
|
replaceMarker(repo.Workdir(), policyKey)
|
|
sig := &libgit2.Signature{
|
|
Name: "Testbot",
|
|
Email: "test@example.com",
|
|
When: time.Now(),
|
|
}
|
|
_, err = commitWorkDir(repo, branch, "update policy", sig)
|
|
g.Expect(err).ToNot(HaveOccurred())
|
|
g.Expect(push(context.TODO(), repo.Workdir(), branch, repoAccess{})).To(Succeed())
|
|
}
|