From b0bdc02e8bec14a292c065ff3f95f9021320dcff Mon Sep 17 00:00:00 2001 From: Chuanying Du Date: Wed, 18 Dec 2019 20:05:51 -0800 Subject: [PATCH] manually merge https://github.com/kubernetes/git-sync/pull/217 --- askpass_git.sh | 27 +++++++++++++++++++++++++ cmd/git-sync/main.go | 4 ++-- test_e2e.sh | 47 +++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 75 insertions(+), 3 deletions(-) create mode 100755 askpass_git.sh diff --git a/askpass_git.sh b/askpass_git.sh new file mode 100755 index 0000000..5a33a7c --- /dev/null +++ b/askpass_git.sh @@ -0,0 +1,27 @@ +#!/bin/sh +# Ask pass when cloning new repo, fail if it mismatched the magic password. + +mkdir -p "${XDG_CONFIG_HOME}/git/" +# Override the default 'git --global' config location, the default location +# outside the e2e test environment. See https://git-scm.com/docs/git-config +touch "${XDG_CONFIG_HOME}/git/config" +# Override the default 'git credential store' config location, the default location +# outside the e2e test environment. See https://git-scm.com/docs/git-credential-store +touch "${XDG_CONFIG_HOME}/git/credentials" + +if [ "$1" != "clone" ]; then + git "$@" + exit $? +fi + +# `git credential fill` requires the repo url match to consume the credentials stored by git-sync. +# Askpass git only support repo started with "file://" which is used in test_e2e.sh. +REPO=$(echo "$@" | grep -o "file://[^ ]*") +PASSWD=$(echo "url=${REPO}" | git credential fill | grep -o "password=.*") +# Test case much match the magic password below. +if [ "${PASSWD}" != "password=Lov3!k0os" ]; then + echo "invalid password ${PASSWD}, try Lov3!k0os next time." + exit 1 +fi + +git "$@" diff --git a/cmd/git-sync/main.go b/cmd/git-sync/main.go index 3313bfd..e8ec321 100644 --- a/cmd/git-sync/main.go +++ b/cmd/git-sync/main.go @@ -711,9 +711,9 @@ func runCommandWithStdin(ctx context.Context, cwd, stdin, command string, args . } func setupGitAuth(ctx context.Context, username, password, gitURL string) error { - log.V(1).Info("setting up git credential cache") + log.V(1).Info("setting up git credential store") - _, err := runCommand(ctx, "", *flGitCmd, "config", "--global", "credential.helper", "cache") + _, err := runCommand(ctx, "", *flGitCmd, "config", "--global", "credential.helper", "store") if err != nil { return fmt.Errorf("error setting up git credentials: %v", err) } diff --git a/test_e2e.sh b/test_e2e.sh index c680362..d3ae055 100755 --- a/test_e2e.sh +++ b/test_e2e.sh @@ -89,6 +89,8 @@ function GIT_SYNC() { -u $(id -u):$(id -g) \ -v "$DIR":"$DIR" \ -v "$(pwd)/slow_git.sh":"/slow_git.sh" \ + -v "$(pwd)/askpass_git.sh":"/askpass_git.sh" \ + --env XDG_CONFIG_HOME=$DIR \ --network="host" \ --rm \ e2e/git-sync:$(make -s version)__$(go env GOOS)_$(go env GOARCH) \ @@ -102,6 +104,7 @@ function remove_sync_container() { } SLOW_GIT=/slow_git.sh +ASKPASS_GIT=/askpass_git.sh REPO="$DIR/repo" mkdir "$REPO" @@ -621,6 +624,48 @@ remove_sync_container wait pass +############################################## +# Test password +############################################## +testcase "password" +echo "$TESTCASE 1" > "$REPO"/file +git -C "$REPO" commit -qam "$TESTCASE 1" +# run with askpass_git but with wrong password +GIT_SYNC \ + --git=$ASKPASS_GIT \ + --username="you@example.com" \ + --password="I have no idea what the password is." \ + --logtostderr \ + --v=5 \ + --one-time \ + --repo="file://$REPO" \ + --branch=master \ + --rev=HEAD \ + --root="$ROOT" \ + --dest="link" \ + > "$DIR"/log."$TESTCASE" 2>&1 || true +# check for failure +assert_file_absent "$ROOT"/link/file +# run with askpass_git with correct password +GIT_SYNC \ + --git=$ASKPASS_GIT \ + --username="you@example.com" \ + --password="Lov3!k0os" \ + --logtostderr \ + --v=5 \ + --one-time \ + --repo="file://$REPO" \ + --branch=master \ + --rev=HEAD \ + --root="$ROOT" \ + --dest="link" \ + > "$DIR"/log."$TESTCASE" 2>&1 +assert_link_exists "$ROOT"/link +assert_file_exists "$ROOT"/link/file +assert_file_eq "$ROOT"/link/file "$TESTCASE 1" +# Wrap up +pass + ############################################## # Test webhook ############################################## @@ -788,7 +833,7 @@ assert_file_absent "$ROOT"/link/$SUBMODULE_REPO_NAME/$NESTED_SUBMODULE_REPO_NAME # Remove submodule git -C "$REPO" submodule deinit -q $SUBMODULE_REPO_NAME rm -rf "$REPO"/.git/modules/$SUBMODULE_REPO_NAME -git -C "$REPO" rm -qf $SUBMODULE_REPO_NAME +git -C "$REPO" rm -qf $SUBMODULE_REPO_NAME git -C "$REPO" commit -aqm "delete submodule" sleep 3 assert_link_exists "$ROOT"/link