package dehub import ( "dehub/sigcred" "testing" "gopkg.in/src-d/go-git.v4/plumbing" yaml "gopkg.in/yaml.v2" ) func TestCredentialCommitVerify(t *testing.T) { h := newHarness(t) // create a new account and modify the config so that that account is only // allowed to add verifications to a single branch tootSig, tootPubKeyBody := sigcred.SignifierPGPTmp("toot", h.rand) h.cfg.Accounts = append(h.cfg.Accounts, Account{ ID: "toot", Signifiers: []sigcred.Signifier{{PGPPublicKey: &sigcred.SignifierPGP{ Body: string(tootPubKeyBody), }}}, }) tootBranch := plumbing.NewBranchReferenceName("toot_branch") err := yaml.Unmarshal([]byte(` - action: allow filters: - type: branch pattern: `+tootBranch.Short()+` - type: signature count: 1 account_ids: - root - toot - action: allow filters: - type: signature count: 1 account_ids: - root - action: deny `), &h.cfg.AccessControls) if err != nil { t.Fatal(err) } h.stageCfg() rootGitCommit := h.changeCommit("initial commit", h.cfg.Accounts[0].ID, h.sig) // toot user wants to create a credential commit for the root commit, for // whatever reason. rootChangeHash := rootGitCommit.Commit.Change.ChangeHash credCommit, err := h.repo.NewCommitCredential(rootChangeHash) if err != nil { t.Fatalf("creating credential commit for hash %x: %v", rootChangeHash, err) } h.tryCommit(false, credCommit, "toot", tootSig) // toot tries again in their own branch, and should be allowed. h.checkout(tootBranch) h.tryCommit(true, credCommit, "toot", tootSig) }