2020-03-14 22:14:18 +00:00
|
|
|
package dehub
|
|
|
|
|
|
|
|
import (
|
|
|
|
"dehub/sigcred"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"gopkg.in/src-d/go-git.v4/plumbing"
|
2020-03-18 22:35:32 +00:00
|
|
|
yaml "gopkg.in/yaml.v2"
|
2020-03-14 22:14:18 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestCredentialCommitVerify(t *testing.T) {
|
|
|
|
h := newHarness(t)
|
|
|
|
|
|
|
|
// create a new account and modify the config so that that account is only
|
|
|
|
// allowed to add verifications to a single branch
|
|
|
|
tootSig, tootPubKeyBody := sigcred.SignifierPGPTmp("toot", h.rand)
|
|
|
|
h.cfg.Accounts = append(h.cfg.Accounts, Account{
|
|
|
|
ID: "toot",
|
|
|
|
Signifiers: []sigcred.Signifier{{PGPPublicKey: &sigcred.SignifierPGP{
|
|
|
|
Body: string(tootPubKeyBody),
|
|
|
|
}}},
|
|
|
|
})
|
|
|
|
|
|
|
|
tootBranch := plumbing.NewBranchReferenceName("toot_branch")
|
2020-03-18 22:35:32 +00:00
|
|
|
|
|
|
|
err := yaml.Unmarshal([]byte(`
|
|
|
|
- action: allow
|
|
|
|
filters:
|
|
|
|
- type: branch
|
|
|
|
pattern: `+tootBranch.Short()+`
|
|
|
|
- type: signature
|
|
|
|
count: 1
|
|
|
|
account_ids:
|
|
|
|
- root
|
|
|
|
- toot
|
|
|
|
|
|
|
|
- action: allow
|
|
|
|
filters:
|
|
|
|
- type: signature
|
|
|
|
count: 1
|
|
|
|
account_ids:
|
|
|
|
- root
|
|
|
|
|
|
|
|
- action: deny
|
|
|
|
`), &h.cfg.AccessControls)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
2020-03-14 22:14:18 +00:00
|
|
|
}
|
|
|
|
h.stageCfg()
|
normalize how git commits are interacted with, including changing VerifyComit -> VerifyCommits
---
type: change
message: |-
normalize how git commits are interacted with, including changing VerifyComit -> VerifyCommits
This commit attempts to normalize git commit interactions in order to reduce
the amount of manual `GitRepo.CommitObject`, `GitRepo.TreeObject`,
`Commit.UnmarshalText`, and `Commit.Interface` calls are done, by creating a
single structure (`GitCommit`) which holds the output of those calls, and is
only created by a single method (`GetGitCommit`), which is then used by a bunch
of other methods to expand its functionality, including implementing a range
request which can be used by verify and the pre-receive hook (though it's only
used by the hook, currently).
change_hash: AMae4PL6+jrxhn2KEGHejstcdT37Gw/jjkl/UuovHcgd
credentials:
- type: pgp_signature
pub_key_id: 95C46FA6A41148AC
body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl5uhvoACgkQlcRvpqQRSKzJrhAAqi2LEQVTyVktfsOBv/CZmefclLLqWTChVoeIZt2EAGDDGygmrx88hI0SEAviOzPMn0kiZFDeY5k7ICJMhJ9RVDU9WjH7fbOboMJW19rVhx6Ke/M2ERtrT0OFLRmFVJVDM0P8SEheQvR3HE/iiypBICVCtp+meHEq9mOJWZlZnoCqMaulAy/Nnq4N1VD0yPPlr16+yxMqedKHcgKbcH8K61ltNAjXDT+tCWwCq1huA5MVSuTm5EwqIeKPN6JKgwATv8Ku2GhYZWHSGUwecP1J3x2XTDPeChCQVDpC232Pxwk8z/D36F3J/XOfkdl0QYQ077xL1IJfYOnuuHir47CokDf3G0XCQnJ/+X4pZdtP387rc045o/2bhUi2U4eJ5HgS7Hvyi6EApT0Czv7SeJePTvdnRUYse8ZYuIwYXj5GWWxnbKQzLpyjcHdQc2a3B3RN84zXqqAOS6ObFrFPZQIfz2rfQojZN8kvcmUvYhJXSaT65XmqFjyJ4n6grrEnK/N+MfbnpzyF/yvlzxWPqGFQOQj9meosbTAdgZbmdwYqa5r1ee8DmlkzNJJxze96h503a733yciN8Ef4hGZNlRV6YFegkK/cCgKaA4NCEALKb1t0Uri5gnPldXk4HsPF+23GANbE7mjytY8ra3fhXG4VhaFt/WsLg3Bu7djQ0H74y+g=
account: mediocregopher
2020-03-15 19:50:24 +00:00
|
|
|
rootGitCommit := h.changeCommit("initial commit", h.cfg.Accounts[0].ID, h.sig)
|
2020-03-14 22:14:18 +00:00
|
|
|
|
|
|
|
// toot user wants to create a credential commit for the root commit, for
|
|
|
|
// whatever reason.
|
normalize how git commits are interacted with, including changing VerifyComit -> VerifyCommits
---
type: change
message: |-
normalize how git commits are interacted with, including changing VerifyComit -> VerifyCommits
This commit attempts to normalize git commit interactions in order to reduce
the amount of manual `GitRepo.CommitObject`, `GitRepo.TreeObject`,
`Commit.UnmarshalText`, and `Commit.Interface` calls are done, by creating a
single structure (`GitCommit`) which holds the output of those calls, and is
only created by a single method (`GetGitCommit`), which is then used by a bunch
of other methods to expand its functionality, including implementing a range
request which can be used by verify and the pre-receive hook (though it's only
used by the hook, currently).
change_hash: AMae4PL6+jrxhn2KEGHejstcdT37Gw/jjkl/UuovHcgd
credentials:
- type: pgp_signature
pub_key_id: 95C46FA6A41148AC
body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl5uhvoACgkQlcRvpqQRSKzJrhAAqi2LEQVTyVktfsOBv/CZmefclLLqWTChVoeIZt2EAGDDGygmrx88hI0SEAviOzPMn0kiZFDeY5k7ICJMhJ9RVDU9WjH7fbOboMJW19rVhx6Ke/M2ERtrT0OFLRmFVJVDM0P8SEheQvR3HE/iiypBICVCtp+meHEq9mOJWZlZnoCqMaulAy/Nnq4N1VD0yPPlr16+yxMqedKHcgKbcH8K61ltNAjXDT+tCWwCq1huA5MVSuTm5EwqIeKPN6JKgwATv8Ku2GhYZWHSGUwecP1J3x2XTDPeChCQVDpC232Pxwk8z/D36F3J/XOfkdl0QYQ077xL1IJfYOnuuHir47CokDf3G0XCQnJ/+X4pZdtP387rc045o/2bhUi2U4eJ5HgS7Hvyi6EApT0Czv7SeJePTvdnRUYse8ZYuIwYXj5GWWxnbKQzLpyjcHdQc2a3B3RN84zXqqAOS6ObFrFPZQIfz2rfQojZN8kvcmUvYhJXSaT65XmqFjyJ4n6grrEnK/N+MfbnpzyF/yvlzxWPqGFQOQj9meosbTAdgZbmdwYqa5r1ee8DmlkzNJJxze96h503a733yciN8Ef4hGZNlRV6YFegkK/cCgKaA4NCEALKb1t0Uri5gnPldXk4HsPF+23GANbE7mjytY8ra3fhXG4VhaFt/WsLg3Bu7djQ0H74y+g=
account: mediocregopher
2020-03-15 19:50:24 +00:00
|
|
|
rootChangeHash := rootGitCommit.Commit.Change.ChangeHash
|
2020-03-14 22:14:18 +00:00
|
|
|
credCommit, err := h.repo.NewCommitCredential(rootChangeHash)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("creating credential commit for hash %x: %v", rootChangeHash, err)
|
|
|
|
|
|
|
|
}
|
|
|
|
h.tryCommit(false, credCommit, "toot", tootSig)
|
|
|
|
|
|
|
|
// toot tries again in their own branch, and should be allowed.
|
|
|
|
h.checkout(tootBranch)
|
|
|
|
h.tryCommit(true, credCommit, "toot", tootSig)
|
|
|
|
}
|