From 51dff542d6746110bdd9260cbb84431430ad0e0f Mon Sep 17 00:00:00 2001 From: Florian Wagner Date: Fri, 4 Nov 2022 04:44:35 +0000 Subject: [PATCH] add e2e test for impersonations and visibility Signed-off-by: Florian Wagner --- script/test-build | 21 +++++++++++++++++++ test/github.go | 52 ++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 66 insertions(+), 7 deletions(-) diff --git a/script/test-build b/script/test-build index 7a94fe7..2517759 100755 --- a/script/test-build +++ b/script/test-build @@ -123,6 +123,16 @@ function test_push() { push "pushing to authenticated user's account" assert_dest_sha "monalisa/new-repo" "heads/main" "e9009d51dd6da2c363d1d14779c53dd27fcb0c52" "updating monalisa/new-repo" + # Push to GHAE with impersonation + setup_cache "org-already-exists/ghae-repo:heads/main:e9009d51dd6da2c363d1d14779c53dd27fcb0c52" + setup_dest "org-already-exists/ghae-repo:heads/main:a5984bb887dd2fcdc2892cd906d6f004844d1142" + push_impersonation "ghae-admin" "pushing to GHAE repo" + + # Push to GHES with impersonation + setup_cache "org-already-exists/ghes-repo:heads/main:e9009d51dd6da2c363d1d14779c53dd27fcb0c52" + setup_dest "org-already-exists/ghes-repo:heads/main:a5984bb887dd2fcdc2892cd906d6f004844d1142" + push_impersonation "ghes-admin" "pushing to GHES repo" + echo "all push tests passed successfully" } @@ -313,6 +323,17 @@ function push2args() { fail $3 } +function push_impersonation() { + bin/actions-sync push \ + --cache-dir "test/tmp/cache" \ + --disable-push-git-auth \ + --destination-token "token" \ + --destination-url "http://localhost:$DEST_API_PORT" \ + --actions-admin-user $1 \ + &> $OUTPUT || + fail "$2" +} + function sync() { bin/actions-sync sync \ --cache-dir "test/tmp/cache" \ diff --git a/test/github.go b/test/github.go index f767798..7cf95b3 100644 --- a/test/github.go +++ b/test/github.go @@ -8,14 +8,18 @@ import ( "io/ioutil" "net/http" "path" + "strings" "github.com/google/go-github/v43/github" "github.com/gorilla/mux" ) var authenticatedLogin string = "monalisa" -var existingOrg string = "org-already-exists" -var existingRepo string = "repo-already-exists" + +const existingOrg string = "org-already-exists" +const existingRepo string = "repo-already-exists" +const ghaeRepo string = "ghae-repo" +const xOAuthScopesHeader = "X-OAuth-Scopes" func main() { var port, gitDaemonURL string @@ -28,9 +32,14 @@ func main() { r.HandleFunc("/api/v3", func(w http.ResponseWriter, r *http.Request) { w.Header().Set("x-github-enterprise-version", "GitHub AE") + w.Header().Set(xOAuthScopesHeader, "site_admin") }) r.HandleFunc("/api/v3/user", func(w http.ResponseWriter, r *http.Request) { + token := r.Header.Get("Authorization") + if strings.Contains(token, "ghaetoken") { + w.Header().Set("x-github-enterprise-version", "GitHub AE") + } currentUser := github.User{Login: &authenticatedLogin} b, _ := json.Marshal(currentUser) _, err := w.Write(b) @@ -39,8 +48,7 @@ func main() { } }) - r.HandleFunc("/api/v3/admin/users/actions-admin/authorizations", func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("x-github-enterprise-version", "GitHub AE") + r.HandleFunc("/api/v3/admin/users/ghes-admin/authorizations", func(w http.ResponseWriter, r *http.Request) { token := "token" auth := github.Authorization{Token: &token} b, _ := json.Marshal(auth) @@ -50,6 +58,17 @@ func main() { } }).Methods("POST") + r.HandleFunc("/api/v3/admin/users/ghae-admin/authorizations", func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("x-github-enterprise-version", "GitHub AE") + token := "ghaetoken" + auth := github.Authorization{Token: &token} + b, _ := json.Marshal(auth) + _, err := w.Write(b) + if err != nil { + panic(err) + } + }).Methods("POST") + r.HandleFunc("/api/v3/admin/organizations", func(w http.ResponseWriter, r *http.Request) { b, err := ioutil.ReadAll(r.Body) if err != nil { @@ -114,16 +133,35 @@ func main() { panic(err) } var repoReq struct { - Name string `json:"name,omitempty"` + Name string `json:"name,omitempty"` + Visibility string `json:"visibility,omitempty"` } err = json.Unmarshal(b, &repoReq) if err != nil { panic(err) } - if repoReq.Name == "repo-already-exists" { + var errString string = "" + // check visibility requirements + if repoReq.Name == ghaeRepo { + if repoReq.Visibility != "internal" { + errString = fmt.Sprintf("Provided repo visibility %s for GHAE must be internal", repoReq.Visibility) + } + } else { + if repoReq.Visibility != "public" { + errString = fmt.Sprintf("Provided repo visibility %s for GHES must be public", repoReq.Visibility) + } + } + + // check if we are testing existing Repo + if repoReq.Name == existingRepo { + errString = fmt.Sprintf("Repo %s already exists", html.EscapeString(repoReq.Name)) + } + + // if there is an error throw it back + if errString != "" { w.WriteHeader(http.StatusUnprocessableEntity) - _, err := w.Write([]byte(fmt.Sprintf("Repo %s already exists", html.EscapeString(repoReq.Name)))) + _, err := w.Write([]byte(errString)) if err != nil { panic(err) }