kubernetes
/
git-sync
mirror of https://github.com/kubernetes/git-sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add e2e test for askpasswd_url

This commit is contained in:
Chuanying Du 2019-12-18 21:07:01 -08:00
parent b0bdc02e8b
commit d8d9ff72b8
2 changed files with 47 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/askpass-url.md
View File

@ -6,7 +6,7 @@ The GIT ASKPASS Service is exposed via HTTP and provide the answer to GIT_ASKPAS
Example of the service's output, see more at <https://git-scm.com/docs/gitcredentials> Example of the service's output, see more at <https://git-scm.com/docs/gitcredentials>
```json ```
username=xxx@example.com username=xxx@example.com
password=ya29.mysecret password=ya29.mysecret
``` ```
@ -18,12 +18,7 @@ In your git-sync container configuration, specify the GIT_ASKPASS_URL
The credentials will pass in plain text, make sure the connection between git-sync The credentials will pass in plain text, make sure the connection between git-sync
and GIT ASKPASS Service are secure. and GIT ASKPASS Service are secure.
The recommended situation are: See askpass_url e2e test as an example.
* ASKPASS Service running within the same pod as git-sync.
* ASKPASS Service rely on [GCE metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata) to get service account's credential to access Google Cloud Source Repo.
See <https://github.com/cydu-cloud/git-askpass-gce-node> as a full example.
```yaml ```yaml
name: "git-sync" name: "git-sync"

45
test_e2e.sh
View File

@ -666,6 +666,51 @@ assert_file_eq "$ROOT"/link/file "$TESTCASE 1"
# Wrap up # Wrap up
pass pass
##############################################
# Test askpass_url
##############################################
testcase "askpass_url"
echo "$TESTCASE 1" > "$REPO"/file
NCPORT=8888
git -C "$REPO" commit -qam "$TESTCASE 1"
# run the askpass_url service with wrong password
# Need to run it twice one for setup another for real clone
{ (for i in 1 2; do echo -e 'HTTP/1.1 200 OK\r\n\r\nusername=you@example.com\npassword=dummypw' | nc -N -l $NCPORT > /dev/null; done) &}
GIT_SYNC \
--git=$ASKPASS_GIT \
--askpass-url="http://localhost:$NCPORT/git_askpass" \
--logtostderr \
--v=5 \
--one-time \
--repo="file://$REPO" \
--branch=master \
--rev=HEAD \
--root="$ROOT" \
--dest="link" \
> "$DIR"/log."$TESTCASE" 2>&1 || true
# check for failure
assert_file_absent "$ROOT"/link/file
# run with askpass_url service with correct password
# Need to run it twice one for setup another for real clone
{ (for i in 1 2; do echo -e 'HTTP/1.1 200 OK\r\n\r\nusername=you@example.com\npassword=Lov3!k0os' | nc -N -l $NCPORT > /dev/null; done) &}
GIT_SYNC \
--git=$ASKPASS_GIT \
--askpass-url="http://localhost:$NCPORT/git_askpass" \
--logtostderr \
--v=5 \
--one-time \
--repo="file://$REPO" \
--branch=master \
--rev=HEAD \
--root="$ROOT" \
--dest="link" \
> "$DIR"/log."$TESTCASE" 2>&1
assert_link_exists "$ROOT"/link
assert_file_exists "$ROOT"/link/file
assert_file_eq "$ROOT"/link/file "$TESTCASE 1"
# Wrap up
pass
############################################## ##############################################
# Test webhook # Test webhook
############################################## ##############################################