-
Notifications
You must be signed in to change notification settings - Fork 4.7k
/
Copy pathgitauth.go
122 lines (100 loc) · 4 KB
/
gitauth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package builds
import (
"context"
"fmt"
"github.com/openshift/origin/test/extended/util"
g "github.com/onsi/ginkgo/v2"
o "github.com/onsi/gomega"
corev1 "k8s.io/api/core/v1"
kerrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
exutil "github.com/openshift/origin/test/extended/util"
)
var _ = g.Describe("[sig-builds][Feature:Builds][Slow] can use private repositories as build input", func() {
defer g.GinkgoRecover()
const (
buildConfigName = "gitauth"
)
var (
testBuildFixture = exutil.FixturePath("testdata", "builds", "test-auth-build.yaml")
oc = exutil.NewCLI("build-s2i-private-repo")
)
g.Context("", func() {
g.BeforeEach(func() {
exutil.PreTestDump()
})
g.AfterEach(func() {
if g.CurrentSpecReport().Failed() {
exutil.DumpPodStates(oc)
exutil.DumpConfigMapStates(oc)
exutil.DumpPodLogsStartingWith("", oc)
}
})
testGitAuth := func(sourceURL string, sourceSecretName string) {
g.By(fmt.Sprintf("creating a new BuildConfig to clone source via %s", sourceURL))
err := oc.Run("new-app").Args("-f", testBuildFixture, "-p", fmt.Sprintf("SOURCE_SECRET=%s", sourceSecretName), "-p", fmt.Sprintf("SOURCE_URL=%s", sourceURL)).Execute()
o.Expect(err).NotTo(o.HaveOccurred())
g.By("starting a test build and waiting for success")
br, _ := exutil.StartBuildAndWait(oc, buildConfigName)
if !br.BuildSuccess {
exutil.DumpBuildLogs(buildConfigName, oc)
}
br.AssertSuccess()
}
g.Describe("build using an HTTP token", func() {
g.BeforeEach(func() {
ctx := context.Background()
httpToken, err := oc.AsAdmin().KubeClient().CoreV1().Secrets("build-e2e-github-secrets").Get(ctx, "github-http-token", metav1.GetOptions{})
if err != nil && kerrors.IsNotFound(err) {
g.Skip("required secret build-e2e-github-secrets/github-http-token is missing")
}
o.Expect(err).NotTo(o.HaveOccurred())
copiedHTTPToken := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "github-http-token",
},
Data: httpToken.Data,
Type: httpToken.Type,
}
_, err = oc.KubeClient().CoreV1().Secrets(oc.Namespace()).Create(ctx, copiedHTTPToken, metav1.CreateOptions{})
o.Expect(err).NotTo(o.HaveOccurred())
})
g.It("should be able to clone source code via an HTTP token [apigroup:build.openshift.io]", func() {
testGitAuth("https://github.com/openshift-github-testing/nodejs-ex-private.git", "github-http-token")
})
})
g.Describe("build using an ssh private key", func() {
g.BeforeEach(func() {
// Skip this test when running in FIPS mode
// FIPS requires ssh-based clone to have a known_hosts file provided, and GitHub's
// known hosts can be dynamic
isFIPS, err := util.IsFIPS(oc.AdminKubeClient().CoreV1())
o.Expect(err).NotTo(o.HaveOccurred())
if isFIPS {
g.Skip("skipping ssh git clone test on FIPS cluster")
}
ctx := context.Background()
sshKey, err := oc.AsAdmin().KubeClient().CoreV1().Secrets("build-e2e-github-secrets").Get(ctx, "github-ssh-privatekey", metav1.GetOptions{})
if err != nil && kerrors.IsNotFound(err) {
g.Skip("required secret build-e2e-github-secrets/github-ssh-privatekey is missing")
}
o.Expect(err).NotTo(o.HaveOccurred())
copiedSSHKey := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "github-ssh-privatekey",
},
Data: sshKey.Data,
Type: sshKey.Type,
}
_, err = oc.KubeClient().CoreV1().Secrets(oc.Namespace()).Create(ctx, copiedSSHKey, metav1.CreateOptions{})
o.Expect(err).NotTo(o.HaveOccurred())
})
g.It("should be able to clone source code via ssh [apigroup:build.openshift.io]", func() {
testGitAuth("ssh://[email protected]/openshift-github-testing/nodejs-ex-private.git", "github-ssh-privatekey")
})
g.It("should be able to clone source code via ssh using SCP-style URIs [apigroup:build.openshift.io]", func() {
testGitAuth("[email protected]:openshift-github-testing/nodejs-ex-private.git", "github-ssh-privatekey")
})
})
})
})