Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add test for http bearer-token auth #1058

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Santosh1176
Copy link
Contributor

Add test for HTTP bearer-token auth.

=== RUN   TestGitRepositoryReconciler_reconcileSource_authStrategy/HTTP_with_bearer-token_secret_makes_Reconciling=True
2023/03/27 19:51:47 http: TLS handshake error from 127.0.0.1:50948: remote error: tls: bad certificate
2023/03/27 19:51:47 request: GET 127.0.0.1:36123/test.git/info/refs?service=git-receive-pack
2023/03/27 19:51:47 request: POST 127.0.0.1:36123/test.git/git-receive-pack
2023/03/27 19:51:47 request: GET 127.0.0.1:41101/test.git/info/refs?service=git-upload-pack
2023/03/27 19:51:47 request: POST 127.0.0.1:41101/test.git/git-upload-pack
=== RUN   TestGitRepositoryReconciler_reconcileSource_authStrategy/SSH_with_private_key_secret_makes_Reconciling=True
<snip>
.
.
<snip>
--- PASS: TestGitRepositoryReconciler_reconcileSource_authStrategy (3.19s)
    --- PASS: TestGitRepositoryReconciler_reconcileSource_authStrategy/HTTP_without_secretRef_makes_Reconciling=True (0.13s)
    --- PASS: TestGitRepositoryReconciler_reconcileSource_authStrategy/HTTP_with_Basic_Auth_secret_makes_Reconciling=True (0.11s)
    --- PASS: TestGitRepositoryReconciler_reconcileSource_authStrategy/HTTPS_with_CAFile_secret_makes_Reconciling=True (0.12s)
    --- PASS: TestGitRepositoryReconciler_reconcileSource_authStrategy/HTTPS_with_invalid_CAFile_secret_makes_CheckoutFailed=True_and_returns_error (0.07s)
    --- PASS: TestGitRepositoryReconciler_reconcileSource_authStrategy/HTTP_with_bearer-token_secret_makes_Reconciling=True (0.15s)
    --- PASS: TestGitRepositoryReconciler_reconcileSource_authStrategy/SSH_with_private_key_secret_makes_Reconciling=True (0.50s)
    --- PASS: TestGitRepositoryReconciler_reconcileSource_authStrategy/SSH_with_password_protected_private_key_secret_makes_Reconciling=True (1.74s)
    --- PASS: TestGitRepositoryReconciler_reconcileSource_authStrategy/Include_get_failure_makes_CheckoutFailed=True_and_returns_error (0.16s)
    --- PASS: TestGitRepositoryReconciler_reconcileSource_authStrategy/Existing_artifact_makes_ArtifactOutdated=True (0.20s)
PASS
        github.com/fluxcd/source-controller/controllers coverage: 4.1% of statements

This PR closes #1005

controllers/gitrepository_controller_test.go Outdated Show resolved Hide resolved
controllers/gitrepository_controller_test.go Outdated Show resolved Hide resolved
Signed-off-by: Santosh Kaluskar <[email protected]>
Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Santosh1176 thanks for taking this up.

Looks like the tests pass because there's no real authentication check being performed in the git test server.
In

if len(tt.server.username+tt.server.password) > 0 {
server.Auth(tt.server.username, tt.server.password)
}
, authentication is only configured when username or password is set. In the test case you've added, since they are not set, the git test server doesn't have authentication enabled.

As mentioned in #1005 (comment) , the gittestserver needs to be updated to use the new gitkit which has bearer token support and update the gitkit AuthFunc in the GitServer in https://github.com/fluxcd/pkg/blob/5382a4b12ebd84c10c63433e63e379eae6bde153/gittestserver/server.go#L153-L155 to check and compare the provided bearer token if any. May also need to add a new function, maybe with the signature

func (s *GitServer) WithBearerAuth(token string) *GitServer

to set the bearer token in the GitServer similar to GitServer.Auth(). Please create a PR against https://github.com/fluxcd/pkg/ for this.

After all that, this gitrepository test can be updated to configure the gittestserver to set the bearer token when it's used in the test case.

The bearer token support in gitkit got merged a few days ago, refer fluxcd/gitkit@a88e269 . For now, you can pin the go dependency to that commit when updating the gittestserver dependencies. Once we have a tagged release, you can update it to a specific tag.

@aryan9600 can we do a new gitkit release with the bearer token support?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Git: Add test for http bearer token auth
3 participants