|
|
|
|
package dehub
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"dehub/sigcred"
|
|
|
|
|
"reflect"
|
|
|
|
|
"strings"
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"github.com/davecgh/go-spew/spew"
|
|
|
|
|
"gopkg.in/src-d/go-git.v4"
|
|
|
|
|
"gopkg.in/src-d/go-git.v4/plumbing"
|
|
|
|
|
yaml "gopkg.in/yaml.v2"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestChangeCommitVerify(t *testing.T) {
|
|
|
|
|
type step struct {
|
|
|
|
|
msg string
|
|
|
|
|
msgHead string // defaults to msg
|
|
|
|
|
tree map[string]string
|
|
|
|
|
}
|
|
|
|
|
testCases := []struct {
|
|
|
|
|
descr string
|
|
|
|
|
steps []step
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
descr: "single commit",
|
|
|
|
|
steps: []step{
|
|
|
|
|
{
|
|
|
|
|
msg: "first commit",
|
|
|
|
|
tree: map[string]string{"a": "0", "b": "1"},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
descr: "multiple commits",
|
|
|
|
|
steps: []step{
|
|
|
|
|
{
|
|
|
|
|
msg: "first commit",
|
|
|
|
|
tree: map[string]string{"a": "0", "b": "1"},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
msg: "second commit, changing a",
|
|
|
|
|
tree: map[string]string{"a": "1"},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
msg: "third commit, empty",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
msg: "fourth commit, adding c, removing b",
|
|
|
|
|
tree: map[string]string{"b": "", "c": "2"},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
descr: "big body commits",
|
|
|
|
|
steps: []step{
|
|
|
|
|
{
|
|
|
|
|
msg: "first commit, single line but with newline\n",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
msg: "second commit, single line but with two newlines\n\n",
|
|
|
|
|
msgHead: "second commit, single line but with two newlines\n\n",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
msg: "third commit, multi-line with one newline\nanother line!",
|
|
|
|
|
msgHead: "third commit, multi-line with one newline\n\n",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
msg: "fourth commit, multi-line with two newlines\n\nanother line!",
|
|
|
|
|
msgHead: "fourth commit, multi-line with two newlines\n\n",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
|
t.Run(test.descr, func(t *testing.T) {
|
|
|
|
|
h := newHarness(t)
|
|
|
|
|
for _, step := range test.steps {
|
|
|
|
|
h.stage(step.tree)
|
|
|
|
|
account := h.cfg.Accounts[0]
|
|
|
|
|
|
|
|
|
|
changeCommit, hash := h.changeCommit(step.msg, account.ID, h.sig)
|
|
|
|
|
if err := h.repo.VerifyChangeCommit(TrunkRefName, hash); err != nil {
|
|
|
|
|
t.Fatalf("could not verify hash %v: %v", hash, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
commit, err := h.repo.GitRepo.CommitObject(hash)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("failed to retrieve commit %v: %v", hash, err)
|
|
|
|
|
} else if step.msgHead == "" {
|
|
|
|
|
step.msgHead = strings.TrimSpace(step.msg) + "\n\n"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !strings.HasPrefix(commit.Message, step.msgHead) {
|
|
|
|
|
t.Fatalf("commit message %q does not start with expected head %q", commit.Message, step.msgHead)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var actualChangeCommit ChangeCommit
|
|
|
|
|
if err := actualChangeCommit.UnmarshalText([]byte(commit.Message)); err != nil {
|
|
|
|
|
t.Fatalf("error unmarshaling commit body: %v", err)
|
|
|
|
|
} else if !reflect.DeepEqual(actualChangeCommit, changeCommit) {
|
|
|
|
|
t.Fatalf("returned change commit:\n%s\ndoes not match actual one:\n%s",
|
|
|
|
|
spew.Sdump(changeCommit), spew.Sdump(actualChangeCommit))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestConfigChange(t *testing.T) {
|
|
|
|
|
h := newHarness(t)
|
|
|
|
|
|
|
|
|
|
var hashes []plumbing.Hash
|
|
|
|
|
|
|
|
|
|
// commit the initial staged changes, which merely include the config and
|
|
|
|
|
// public key
|
|
|
|
|
_, hash := h.changeCommit("commit configuration", h.cfg.Accounts[0].ID, h.sig)
|
|
|
|
|
hashes = append(hashes, hash)
|
|
|
|
|
|
|
|
|
|
// create a new account and add it to the configuration. That commit should
|
|
|
|
|
// not be verifiable, though
|
|
|
|
|
newSig, newPubKeyBody := sigcred.SignifierPGPTmp(h.rand)
|
|
|
|
|
h.cfg.Accounts = append(h.cfg.Accounts, Account{
|
|
|
|
|
ID: "toot",
|
|
|
|
|
Signifiers: []sigcred.Signifier{{PGPPublicKey: &sigcred.SignifierPGP{
|
|
|
|
|
Body: string(newPubKeyBody),
|
|
|
|
|
}}},
|
|
|
|
|
})
|
|
|
|
|
h.cfg.AccessControls[0].ChangeAccessControls[0].Condition.Signature.AccountIDs = []string{"root", "toot"}
|
|
|
|
|
h.cfg.AccessControls[0].ChangeAccessControls[0].Condition.Signature.Count = "1"
|
|
|
|
|
|
|
|
|
|
cfgBody, err := yaml.Marshal(h.cfg)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
h.stage(map[string]string{ConfigPath: string(cfgBody)})
|
|
|
|
|
_, badHash := h.changeCommit("add toot user", h.cfg.Accounts[1].ID, newSig)
|
|
|
|
|
|
|
|
|
|
if err := h.repo.VerifyChangeCommit(TrunkRefName, badHash); err == nil {
|
|
|
|
|
t.Fatal("toot user shouldn't be able to add itself to config")
|
|
|
|
|
}
|
|
|
|
|
h.reset(hash, git.HardReset)
|
|
|
|
|
|
|
|
|
|
// now add with the root user, this should work.
|
|
|
|
|
h.stage(map[string]string{ConfigPath: string(cfgBody)})
|
|
|
|
|
_, hash = h.changeCommit("add toot user", h.cfg.Accounts[0].ID, h.sig)
|
|
|
|
|
hashes = append(hashes, hash)
|
|
|
|
|
|
|
|
|
|
// _now_ the toot user should be able to do things.
|
|
|
|
|
h.stage(map[string]string{"foo/bar": "what a cool file"})
|
|
|
|
|
_, hash = h.changeCommit("add a cool file", h.cfg.Accounts[1].ID, newSig)
|
|
|
|
|
hashes = append(hashes, hash)
|
|
|
|
|
|
|
|
|
|
for i, hash := range hashes {
|
|
|
|
|
if err := h.repo.VerifyChangeCommit(TrunkRefName, hash); err != nil {
|
|
|
|
|
t.Fatalf("commit %d (%v) should have been verified but wasn't: %v", i, hash, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
