summaryrefslogtreecommitdiff
path: root/ext/git/git_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'ext/git/git_test.go')
-rw-r--r--ext/git/git_test.go163
1 files changed, 104 insertions, 59 deletions
diff --git a/ext/git/git_test.go b/ext/git/git_test.go
index de04454..0eebe35 100644
--- a/ext/git/git_test.go
+++ b/ext/git/git_test.go
@@ -10,6 +10,7 @@ import (
"github.com/stretchr/testify/assert"
+ "github.com/argoproj/argo-cd/v2/common"
"github.com/argoproj/argo-cd/v2/test/fixture/log"
"github.com/argoproj/argo-cd/v2/test/fixture/path"
"github.com/argoproj/argo-cd/v2/test/fixture/test"
@@ -44,18 +45,6 @@ func TestEnsurePrefix(t *testing.T) {
}
}
-func TestRemoveSuffix(t *testing.T) {
- data := [][]string{
- {"hello.git", ".git", "hello"},
- {"hello", ".git", "hello"},
- {".git", ".git", ""},
- }
- for _, table := range data {
- result := removeSuffix(table[0], table[1])
- assert.Equal(t, table[2], result)
- }
-}
-
func TestIsSSHURL(t *testing.T) {
data := map[string]bool{
"git://github.com/argoproj/test.git": false,
@@ -146,19 +135,19 @@ func TestCustomHTTPClient(t *testing.T) {
assert.NotEqual(t, "", string(keyData))
// Get HTTPSCreds with client cert creds specified, and insecure connection
- creds := NewHTTPSCreds("test", "test", string(certData), string(keyData), false, "http://proxy:5000")
+ creds := NewHTTPSCreds("test", "test", string(certData), string(keyData), false, "http://proxy:5000", &NoopCredsStore{}, false)
client := GetRepoHTTPClient("https://localhost:9443/foo/bar", false, creds, "http://proxy:5000")
assert.NotNil(t, client)
assert.NotNil(t, client.Transport)
if client.Transport != nil {
- httpClient := client.Transport.(*http.Transport)
- assert.NotNil(t, httpClient.TLSClientConfig)
-
- assert.Equal(t, false, httpClient.TLSClientConfig.InsecureSkipVerify)
-
- assert.NotNil(t, httpClient.TLSClientConfig.GetClientCertificate)
- if httpClient.TLSClientConfig.GetClientCertificate != nil {
- cert, err := httpClient.TLSClientConfig.GetClientCertificate(nil)
+ transport := client.Transport.(*http.Transport)
+ assert.NotNil(t, transport.TLSClientConfig)
+ assert.Equal(t, true, transport.DisableKeepAlives)
+ assert.Equal(t, false, transport.TLSClientConfig.InsecureSkipVerify)
+ assert.NotNil(t, transport.TLSClientConfig.GetClientCertificate)
+ assert.Nil(t, transport.TLSClientConfig.RootCAs)
+ if transport.TLSClientConfig.GetClientCertificate != nil {
+ cert, err := transport.TLSClientConfig.GetClientCertificate(nil)
assert.NoError(t, err)
if err == nil {
assert.NotNil(t, cert)
@@ -166,30 +155,27 @@ func TestCustomHTTPClient(t *testing.T) {
assert.NotNil(t, cert.PrivateKey)
}
}
- proxy, err := httpClient.Proxy(nil)
+ proxy, err := transport.Proxy(nil)
assert.Nil(t, err)
assert.Equal(t, "http://proxy:5000", proxy.String())
}
- os.Setenv("http_proxy", "http://proxy-from-env:7878")
- defer func() {
- assert.Nil(t, os.Unsetenv("http_proxy"))
- }()
+ t.Setenv("http_proxy", "http://proxy-from-env:7878")
// Get HTTPSCreds without client cert creds, but insecure connection
- creds = NewHTTPSCreds("test", "test", "", "", true, "")
+ creds = NewHTTPSCreds("test", "test", "", "", true, "", &NoopCredsStore{}, false)
client = GetRepoHTTPClient("https://localhost:9443/foo/bar", true, creds, "")
assert.NotNil(t, client)
assert.NotNil(t, client.Transport)
if client.Transport != nil {
- httpClient := client.Transport.(*http.Transport)
- assert.NotNil(t, httpClient.TLSClientConfig)
-
- assert.Equal(t, true, httpClient.TLSClientConfig.InsecureSkipVerify)
-
- assert.NotNil(t, httpClient.TLSClientConfig.GetClientCertificate)
- if httpClient.TLSClientConfig.GetClientCertificate != nil {
- cert, err := httpClient.TLSClientConfig.GetClientCertificate(nil)
+ transport := client.Transport.(*http.Transport)
+ assert.NotNil(t, transport.TLSClientConfig)
+ assert.Equal(t, true, transport.DisableKeepAlives)
+ assert.Equal(t, true, transport.TLSClientConfig.InsecureSkipVerify)
+ assert.NotNil(t, transport.TLSClientConfig.GetClientCertificate)
+ assert.Nil(t, transport.TLSClientConfig.RootCAs)
+ if transport.TLSClientConfig.GetClientCertificate != nil {
+ cert, err := transport.TLSClientConfig.GetClientCertificate(nil)
assert.NoError(t, err)
if err == nil {
assert.NotNil(t, cert)
@@ -197,12 +183,30 @@ func TestCustomHTTPClient(t *testing.T) {
assert.Nil(t, cert.PrivateKey)
}
}
- req, err := http.NewRequest("GET", "http://proxy-from-env:7878", nil)
+ req, err := http.NewRequest(http.MethodGet, "http://proxy-from-env:7878", nil)
assert.Nil(t, err)
- proxy, err := httpClient.Proxy(req)
+ proxy, err := transport.Proxy(req)
assert.Nil(t, err)
assert.Equal(t, "http://proxy-from-env:7878", proxy.String())
}
+ // GetRepoHTTPClient with root ca
+ cert, err := os.ReadFile("../../test/fixture/certs/argocd-test-server.crt")
+ assert.NoError(t, err)
+ temppath := t.TempDir()
+ defer os.RemoveAll(temppath)
+ err = os.WriteFile(filepath.Join(temppath, "127.0.0.1"), cert, 0666)
+ assert.NoError(t, err)
+ t.Setenv(common.EnvVarTLSDataPath, temppath)
+ client = GetRepoHTTPClient("https://127.0.0.1", false, creds, "")
+ assert.NotNil(t, client)
+ assert.NotNil(t, client.Transport)
+ if client.Transport != nil {
+ transport := client.Transport.(*http.Transport)
+ assert.NotNil(t, transport.TLSClientConfig)
+ assert.Equal(t, true, transport.DisableKeepAlives)
+ assert.Equal(t, false, transport.TLSClientConfig.InsecureSkipVerify)
+ assert.NotNil(t, transport.TLSClientConfig.RootCAs)
+ }
}
func TestLsRemote(t *testing.T) {
@@ -245,11 +249,7 @@ func TestLFSClient(t *testing.T) {
// TODO(alexmt): dockerize tests in and enabled it
t.Skip()
- tempDir, err := os.MkdirTemp("", "git-client-lfs-test-")
- assert.NoError(t, err)
- if err == nil {
- defer func() { _ = os.RemoveAll(tempDir) }()
- }
+ tempDir := t.TempDir()
client, err := NewClientExt("https://github.com/argoproj-labs/argocd-testrepo-lfs", tempDir, NopCreds{}, false, true, "")
assert.NoError(t, err)
@@ -264,7 +264,7 @@ func TestLFSClient(t *testing.T) {
err = client.Fetch("")
assert.NoError(t, err)
- err = client.Checkout(commitSHA)
+ err = client.Checkout(commitSHA, true)
assert.NoError(t, err)
largeFiles, err := client.LsLargeFiles()
@@ -274,7 +274,11 @@ func TestLFSClient(t *testing.T) {
fileHandle, err := os.Open(fmt.Sprintf("%s/test3.yaml", tempDir))
assert.NoError(t, err)
if err == nil {
- defer fileHandle.Close()
+ defer func() {
+ if err = fileHandle.Close(); err != nil {
+ assert.NoError(t, err)
+ }
+ }()
text, err := io.ReadAll(fileHandle)
assert.NoError(t, err)
if err == nil {
@@ -284,11 +288,7 @@ func TestLFSClient(t *testing.T) {
}
func TestVerifyCommitSignature(t *testing.T) {
- p, err := os.MkdirTemp("", "test-verify-commit-sig")
- if err != nil {
- panic(err.Error())
- }
- defer os.RemoveAll(p)
+ p := t.TempDir()
client, err := NewClientExt("https://github.com/argoproj/argo-cd.git", p, NopCreds{}, false, false, "")
assert.NoError(t, err)
@@ -302,7 +302,7 @@ func TestVerifyCommitSignature(t *testing.T) {
commitSHA, err := client.LsRemote("HEAD")
assert.NoError(t, err)
- err = client.Checkout(commitSHA)
+ err = client.Checkout(commitSHA, true)
assert.NoError(t, err)
// 28027897aad1262662096745f2ce2d4c74d02b7f is a commit that is signed in the repo
@@ -343,9 +343,7 @@ func TestNewFactory(t *testing.T) {
test.Flaky(t)
}
- dirName, err := os.MkdirTemp("", "git-client-test-")
- assert.NoError(t, err)
- defer func() { _ = os.RemoveAll(dirName) }()
+ dirName := t.TempDir()
client, err := NewClientExt(tt.args.url, dirName, NopCreds{}, tt.args.insecureIgnoreHostKey, false, "")
assert.NoError(t, err)
@@ -362,7 +360,7 @@ func TestNewFactory(t *testing.T) {
err = client.Fetch("")
assert.NoError(t, err)
- err = client.Checkout(commitSHA)
+ err = client.Checkout(commitSHA, true)
assert.NoError(t, err)
revisionMetadata, err := client.RevisionMetadata(commitSHA)
@@ -381,11 +379,7 @@ func TestNewFactory(t *testing.T) {
}
func TestListRevisions(t *testing.T) {
- dir, err := os.MkdirTemp("", "test-list-revisions")
- if err != nil {
- panic(err.Error())
- }
- defer os.RemoveAll(dir)
+ dir := t.TempDir()
repoURL := "https://github.com/argoproj/argo-cd.git"
client, err := NewClientExt(repoURL, dir, NopCreds{}, false, false, "")
@@ -402,3 +396,54 @@ func TestListRevisions(t *testing.T) {
assert.NotContains(t, lsResult.Branches, testTag)
assert.NotContains(t, lsResult.Tags, testBranch)
}
+
+func TestLsFiles(t *testing.T) {
+ tmpDir1 := t.TempDir()
+ tmpDir2 := t.TempDir()
+
+ client, err := NewClientExt("", tmpDir1, NopCreds{}, false, false, "")
+ assert.NoError(t, err)
+
+ err = runCmd(tmpDir1, "git", "init")
+ assert.NoError(t, err)
+
+ // Prepare files
+ a, err := os.Create(filepath.Join(tmpDir1, "a.yaml"))
+ assert.NoError(t, err)
+ a.Close()
+ err = os.MkdirAll(filepath.Join(tmpDir1, "subdir"), 0755)
+ assert.NoError(t, err)
+ b, err := os.Create(filepath.Join(tmpDir1, "subdir", "b.yaml"))
+ assert.NoError(t, err)
+ b.Close()
+ err = os.MkdirAll(filepath.Join(tmpDir2, "subdir"), 0755)
+ assert.NoError(t, err)
+ c, err := os.Create(filepath.Join(tmpDir2, "c.yaml"))
+ assert.NoError(t, err)
+ c.Close()
+ err = os.Symlink(filepath.Join(tmpDir2, "c.yaml"), filepath.Join(tmpDir1, "link.yaml"))
+ assert.NoError(t, err)
+
+ err = runCmd(tmpDir1, "git", "add", ".")
+ assert.NoError(t, err)
+ err = runCmd(tmpDir1, "git", "commit", "-m", "Initial commit")
+ assert.NoError(t, err)
+
+ // Old and default globbing
+ expectedResult := []string{"a.yaml", "link.yaml", "subdir/b.yaml"}
+ lsResult, err := client.LsFiles("*.yaml", false)
+ assert.NoError(t, err)
+ assert.Equal(t, lsResult, expectedResult)
+
+ // New and safer globbing, do not return symlinks resolving outside of the repo
+ expectedResult = []string{"a.yaml"}
+ lsResult, err = client.LsFiles("*.yaml", true)
+ assert.NoError(t, err)
+ assert.Equal(t, lsResult, expectedResult)
+
+ // New globbing, do not return files outside of the repo
+ var nilResult []string
+ lsResult, err = client.LsFiles(filepath.Join(tmpDir2, "*.yaml"), true)
+ assert.NoError(t, err)
+ assert.Equal(t, lsResult, nilResult)
+}
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-12 16:14:42 +0000