1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
package authorizedkeys
import (
"bytes"
"encoding/json"
"net/http"
"testing"
"github.com/stretchr/testify/require"
"gitlab.com/gitlab-org/gitlab-shell/client/testserver"
"gitlab.com/gitlab-org/gitlab-shell/internal/command/commandargs"
"gitlab.com/gitlab-org/gitlab-shell/internal/command/readwriter"
"gitlab.com/gitlab-org/gitlab-shell/internal/config"
)
var (
requests = []testserver.TestRequestHandler{
{
Path: "/api/v4/internal/authorized_keys",
Handler: func(w http.ResponseWriter, r *http.Request) {
if r.URL.Query().Get("key") == "key" {
body := map[string]interface{}{
"id": 1,
"key": "public-key",
}
json.NewEncoder(w).Encode(body)
} else if r.URL.Query().Get("key") == "broken-message" {
body := map[string]string{
"message": "Forbidden!",
}
w.WriteHeader(http.StatusForbidden)
json.NewEncoder(w).Encode(body)
} else if r.URL.Query().Get("key") == "broken" {
w.WriteHeader(http.StatusInternalServerError)
} else {
w.WriteHeader(http.StatusNotFound)
}
},
},
}
)
func TestExecute(t *testing.T) {
url, cleanup := testserver.StartSocketHttpServer(t, requests)
defer cleanup()
defaultConfig := &config.Config{RootDir: "/tmp", GitlabUrl: url}
configWithSslCertDir := &config.Config{RootDir: "/tmp", GitlabUrl: url, SslCertDir: "/tmp/certs"}
testCases := []struct {
desc string
config *config.Config
arguments *commandargs.AuthorizedKeys
expectedOutput string
}{
{
desc: "With matching username and key",
arguments: &commandargs.AuthorizedKeys{ExpectedUser: "user", ActualUser: "user", Key: "key"},
expectedOutput: "command=\"/tmp/bin/gitlab-shell key-1\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty public-key\n",
},
{
desc: "With SSL cert dir",
config: configWithSslCertDir,
arguments: &commandargs.AuthorizedKeys{ExpectedUser: "user", ActualUser: "user", Key: "key"},
expectedOutput: "command=\"SSL_CERT_DIR=/tmp/certs /tmp/bin/gitlab-shell key-1\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty public-key\n",
},
{
desc: "When key doesn't match any existing key",
arguments: &commandargs.AuthorizedKeys{ExpectedUser: "user", ActualUser: "user", Key: "not-found"},
expectedOutput: "# No key was found for not-found\n",
},
{
desc: "When the API returns an error",
arguments: &commandargs.AuthorizedKeys{ExpectedUser: "user", ActualUser: "user", Key: "broken-message"},
expectedOutput: "# No key was found for broken-message\n",
},
{
desc: "When the API fails",
arguments: &commandargs.AuthorizedKeys{ExpectedUser: "user", ActualUser: "user", Key: "broken"},
expectedOutput: "# No key was found for broken\n",
},
}
for _, tc := range testCases {
t.Run(tc.desc, func(t *testing.T) {
buffer := &bytes.Buffer{}
config := defaultConfig
if tc.config != nil {
config = tc.config
}
cmd := &Command{
Config: config,
Args: tc.arguments,
ReadWriter: &readwriter.ReadWriter{Out: buffer},
}
err := cmd.Execute()
require.NoError(t, err)
require.Equal(t, tc.expectedOutput, buffer.String())
})
}
}
|
