2020-02-15 22:13:50 +00:00
|
|
|
package dehub
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"dehub/accessctl"
|
|
|
|
|
"dehub/sigcred"
|
|
|
|
|
"io"
|
|
|
|
|
"math/rand"
|
|
|
|
|
"path/filepath"
|
2020-02-22 00:37:19 +00:00
|
|
|
"runtime/debug"
|
2020-02-15 22:13:50 +00:00
|
|
|
"testing"
|
|
|
|
|
|
2020-02-29 20:02:25 +00:00
|
|
|
"gopkg.in/src-d/go-git.v4"
|
2020-02-15 22:13:50 +00:00
|
|
|
"gopkg.in/src-d/go-git.v4/plumbing"
|
|
|
|
|
yaml "gopkg.in/yaml.v2"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type harness struct {
|
|
|
|
|
t *testing.T
|
|
|
|
|
rand *rand.Rand
|
|
|
|
|
repo *Repo
|
|
|
|
|
cfg *Config
|
|
|
|
|
sig sigcred.SignifierInterface
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func newHarness(t *testing.T) *harness {
|
|
|
|
|
rand := rand.New(rand.NewSource(0xb4eadb01))
|
|
|
|
|
sig, pubKeyBody := sigcred.SignifierPGPTmp(rand)
|
|
|
|
|
pubKeyPath := filepath.Join(DehubDir, "root.asc")
|
|
|
|
|
|
|
|
|
|
cfg := &Config{
|
|
|
|
|
Accounts: []Account{{
|
|
|
|
|
ID: "root",
|
|
|
|
|
Signifiers: []sigcred.Signifier{{PGPPublicKeyFile: &sigcred.SignifierPGPFile{
|
|
|
|
|
Path: pubKeyPath,
|
|
|
|
|
}}},
|
|
|
|
|
}},
|
2020-02-29 20:02:25 +00:00
|
|
|
AccessControls: []accessctl.BranchAccessControl{
|
2020-02-15 22:13:50 +00:00
|
|
|
{
|
2020-02-29 20:02:25 +00:00
|
|
|
BranchPattern: "**",
|
|
|
|
|
ChangeAccessControls: []accessctl.ChangeAccessControl{
|
|
|
|
|
{
|
|
|
|
|
FilePathPattern: "**",
|
|
|
|
|
Condition: accessctl.Condition{
|
|
|
|
|
Signature: &accessctl.ConditionSignature{
|
|
|
|
|
AccountIDs: []string{"root"},
|
|
|
|
|
Count: "100%",
|
|
|
|
|
},
|
|
|
|
|
},
|
2020-02-15 22:13:50 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
cfgBody, err := yaml.Marshal(cfg)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
h := &harness{
|
|
|
|
|
t: t,
|
|
|
|
|
rand: rand,
|
|
|
|
|
repo: InitMemRepo(),
|
|
|
|
|
cfg: cfg,
|
|
|
|
|
sig: sig,
|
|
|
|
|
}
|
|
|
|
|
h.stage(map[string]string{
|
|
|
|
|
ConfigPath: string(cfgBody),
|
|
|
|
|
pubKeyPath: string(pubKeyBody),
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return h
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (h *harness) stage(tree map[string]string) {
|
|
|
|
|
w, err := h.repo.GitRepo.Worktree()
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
fs := w.Filesystem
|
|
|
|
|
for path, content := range tree {
|
|
|
|
|
if content == "" {
|
|
|
|
|
if _, err := w.Remove(path); err != nil {
|
|
|
|
|
h.t.Fatalf("error removing %q: %v", path, err)
|
|
|
|
|
}
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dir := filepath.Dir(path)
|
|
|
|
|
if err := fs.MkdirAll(dir, 0666); err != nil {
|
|
|
|
|
h.t.Fatalf("error making directory %q: %v", dir, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
f, err := fs.Create(path)
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.t.Fatalf("error creating file %q: %v", path, err)
|
|
|
|
|
|
|
|
|
|
} else if _, err := io.Copy(f, bytes.NewBufferString(content)); err != nil {
|
|
|
|
|
h.t.Fatalf("error writing to file %q: %v", path, err)
|
|
|
|
|
|
|
|
|
|
} else if err := f.Close(); err != nil {
|
|
|
|
|
h.t.Fatalf("error closing file %q: %v", path, err)
|
|
|
|
|
|
|
|
|
|
} else if _, err := w.Add(path); err != nil {
|
|
|
|
|
h.t.Fatalf("error adding file %q to index: %v", path, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-21 05:06:13 +00:00
|
|
|
func (h *harness) changeCommit(msg, accountID string, sig sigcred.SignifierInterface) (ChangeCommit, plumbing.Hash) {
|
|
|
|
|
tc, err := h.repo.NewChangeCommit(msg, accountID, sig)
|
2020-02-15 22:13:50 +00:00
|
|
|
if err != nil {
|
2020-02-21 05:06:13 +00:00
|
|
|
h.t.Fatalf("failed to make ChangeCommit: %v", err)
|
2020-02-15 22:13:50 +00:00
|
|
|
}
|
2020-02-16 17:28:59 +00:00
|
|
|
|
|
|
|
|
hash, err := h.repo.Commit(tc, accountID)
|
2020-02-15 22:13:50 +00:00
|
|
|
if err != nil {
|
2020-02-21 05:06:13 +00:00
|
|
|
h.t.Fatalf("failed to commit ChangeCommit: %v", err)
|
2020-02-15 22:13:50 +00:00
|
|
|
}
|
|
|
|
|
|
2020-02-16 17:28:59 +00:00
|
|
|
return tc, hash
|
2020-02-15 22:13:50 +00:00
|
|
|
}
|
2020-02-22 00:37:19 +00:00
|
|
|
|
2020-02-29 20:02:25 +00:00
|
|
|
func (h *harness) reset(to plumbing.Hash, mode git.ResetMode) {
|
|
|
|
|
w, err := h.repo.GitRepo.Worktree()
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = w.Reset(&git.ResetOptions{
|
|
|
|
|
Commit: to,
|
|
|
|
|
Mode: mode,
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-22 00:37:19 +00:00
|
|
|
func TestHasStagedChanges(t *testing.T) {
|
|
|
|
|
harness := newHarness(t)
|
|
|
|
|
assertHasStaged := func(expHasStaged bool) {
|
|
|
|
|
hasStaged, err := harness.repo.HasStagedChanges()
|
|
|
|
|
if err != nil {
|
|
|
|
|
debug.PrintStack()
|
|
|
|
|
t.Fatalf("error calling HasStagedChanges: %v", err)
|
|
|
|
|
} else if hasStaged != expHasStaged {
|
|
|
|
|
debug.PrintStack()
|
|
|
|
|
t.Fatalf("expected HasStagedChanges to return %v", expHasStaged)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// the harness starts with some staged changes
|
|
|
|
|
assertHasStaged(true)
|
|
|
|
|
|
|
|
|
|
harness.stage(map[string]string{"foo": "bar"})
|
|
|
|
|
assertHasStaged(true)
|
|
|
|
|
harness.changeCommit("first commit", "root", harness.sig)
|
|
|
|
|
assertHasStaged(false)
|
|
|
|
|
|
|
|
|
|
harness.stage(map[string]string{"foo": ""}) // delete foo
|
|
|
|
|
assertHasStaged(true)
|
|
|
|
|
harness.changeCommit("second commit", "root", harness.sig)
|
|
|
|
|
assertHasStaged(false)
|
|
|
|
|
}
|
2020-02-29 20:02:25 +00:00
|
|
|
|
|
|
|
|
// TestOldConfig tests that having an older, now malformed, Config doesn't mess
|
|
|
|
|
// with the current parsing, as long as the default access controls still work.
|
|
|
|
|
func TestOldConfig(t *testing.T) {
|
|
|
|
|
harness := newHarness(t)
|
|
|
|
|
|
|
|
|
|
// overwrite the currently staged config file with an older form
|
|
|
|
|
harness.stage(map[string]string{ConfigPath: `
|
|
|
|
|
---
|
|
|
|
|
accounts:
|
|
|
|
|
- id: root
|
|
|
|
|
signifiers:
|
|
|
|
|
- type: pgp_public_key_file
|
|
|
|
|
path: ".dehub/root.asc"
|
|
|
|
|
|
|
|
|
|
access_controls:
|
|
|
|
|
- pattern: "**"
|
|
|
|
|
condition:
|
|
|
|
|
type: signature
|
|
|
|
|
account_ids:
|
|
|
|
|
- root
|
|
|
|
|
count: 0
|
|
|
|
|
`})
|
|
|
|
|
_, hash0 := harness.changeCommit("first commit, this is going great", "root", harness.sig)
|
|
|
|
|
|
|
|
|
|
// even though that access_controls doesn't actually require any signatures,
|
|
|
|
|
// it should be used because it's not well formed.
|
|
|
|
|
harness.stage(map[string]string{"foo": "no rules!"})
|
|
|
|
|
_, hash1 := harness.changeCommit("ain't no laws", "toot", nil)
|
|
|
|
|
|
|
|
|
|
// verifying the first should work, but not the second.
|
2020-03-04 19:14:54 +00:00
|
|
|
if err := harness.repo.VerifyChangeCommit(MainRefName, hash0); err != nil {
|
2020-02-29 20:02:25 +00:00
|
|
|
t.Fatalf("first commit %q should be verifiable, but got: %v", hash0, err)
|
2020-03-04 19:14:54 +00:00
|
|
|
} else if err := harness.repo.VerifyChangeCommit(MainRefName, hash1); err == nil {
|
2020-02-29 20:02:25 +00:00
|
|
|
t.Fatalf("second commit %q should not have been verified", hash1)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// reset back to hash0
|
|
|
|
|
harness.reset(hash0, git.HardReset)
|
|
|
|
|
|
|
|
|
|
// make a commit fixing the config. everything should still be fine.
|
|
|
|
|
harness.stage(map[string]string{ConfigPath: `
|
|
|
|
|
---
|
|
|
|
|
accounts:
|
|
|
|
|
- id: root
|
|
|
|
|
signifiers:
|
|
|
|
|
- type: pgp_public_key_file
|
|
|
|
|
path: ".dehub/root.asc"
|
|
|
|
|
`})
|
|
|
|
|
_, hash2 := harness.changeCommit("Fix the config!", "root", harness.sig)
|
2020-03-04 19:14:54 +00:00
|
|
|
if err := harness.repo.VerifyChangeCommit(MainRefName, hash2); err != nil {
|
2020-02-29 20:02:25 +00:00
|
|
|
t.Fatalf("config fix commit %q should be verifiable, but got: %v", hash2, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
