marcel/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd.git synced 2026-02-20 01:28:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: extend require-error rule from testifylint (#18658)

Browse Source 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
This commit is contained in:
Matthieu MOREL
2024-06-14 15:15:31 +02:00
committed by GitHub
parent f8557d2586
commit c9ea5b13d2
11 changed files with 202 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.golangci.yaml
View File

@@ -7,7 +7,7 @@ issues:
text: "require-error:"
linters:
- testifylint
- path: "util/(argo|cache|cert|clusterauth|config|db|dex|git|gpg|grpc|helm|http|io|kube|kustomize|lua|notification|oidc|rbac|security|session|settings|tls|webhook)/"
- path: "util/(argo|cache|cert|clusterauth|config|db|dex|git|gpg|grpc|helm|http|io|kube|kustomize|lua|notification)/"
text: "require-error:"
linters:
- testifylint

26
util/oidc/oidc_test.go
View File

@@ -33,10 +33,10 @@ func TestInferGrantType(t *testing.T) {
for _, path := range []string{"dex", "okta", "auth0", "onelogin"} {
t.Run(path, func(t *testing.T) {
rawConfig, err := os.ReadFile("testdata/" + path + ".json")
assert.NoError(t, err)
require.NoError(t, err)
var config OIDCConfiguration
err = json.Unmarshal(rawConfig, &config)
assert.NoError(t, err)
require.NoError(t, err)
grantType := InferGrantType(&config)
assert.Equal(t, GrantTypeAuthorizationCode, grantType)
@@ -74,10 +74,10 @@ func TestIDTokenClaims(t *testing.T) {
assert.Len(t, opts, 1)
authCodeURL, err := url.Parse(oauth2Config.AuthCodeURL("TEST", opts...))
assert.NoError(t, err)
require.NoError(t, err)
values, err := url.ParseQuery(authCodeURL.RawQuery)
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "{\"id_token\":{\"groups\":{\"essential\":true}}}", values.Get("claims"))
}
@@ -421,7 +421,7 @@ func TestGenerateAppState(t *testing.T) {
}
returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), state)
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, expectedReturnURL, returnURL)
})
@@ -432,7 +432,7 @@ func TestGenerateAppState(t *testing.T) {
}
_, err := app.verifyAppState(req, httptest.NewRecorder(), "wrong state")
assert.Error(t, err)
require.Error(t, err)
})
}
@@ -465,7 +465,7 @@ func TestGenerateAppState_XSS(t *testing.T) {
}
returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), state)
assert.ErrorIs(t, err, InvalidRedirectURLError)
require.ErrorIs(t, err, InvalidRedirectURLError)
assert.Empty(t, returnURL)
})
@@ -481,7 +481,7 @@ func TestGenerateAppState_XSS(t *testing.T) {
}
returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), state)
assert.NoError(t, err, InvalidRedirectURLError)
require.NoError(t, err, InvalidRedirectURLError)
assert.Equal(t, expectedReturnURL, returnURL)
})
}
@@ -502,7 +502,7 @@ func TestGenerateAppState_NoReturnURL(t *testing.T) {
req.AddCookie(&http.Cookie{Name: common.StateCookieName, Value: hex.EncodeToString(encrypted)})
returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), "123")
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "/argo-cd", returnURL)
}
@@ -728,7 +728,7 @@ func TestGetUserInfo(t *testing.T) {
require.NoError(t, err)
cdSettings := &settings.ArgoCDSettings{ServerSignature: signature}
encryptionKey, err := cdSettings.GetServerEncryptionKey()
assert.NoError(t, err)
require.NoError(t, err)
a, _ := NewClientApp(cdSettings, "", nil, "/argo-cd", tt.cache)
for _, item := range tt.cacheItems {
@@ -736,7 +736,7 @@ func TestGetUserInfo(t *testing.T) {
newValue = []byte(item.value)
if item.encrypt {
newValue, err = crypto.Encrypt([]byte(item.value), encryptionKey)
assert.NoError(t, err)
require.NoError(t, err)
}
err := a.clientCache.Set(&cache.Item{
Key: item.key,
@@ -749,9 +749,9 @@ func TestGetUserInfo(t *testing.T) {
assert.Equal(t, tt.expectedOutput, got)
assert.Equal(t, tt.expectUnauthenticated, unauthenticated)
if tt.expectError {
assert.Error(t, err)
require.Error(t, err)
} else {
assert.NoError(t, err)
require.NoError(t, err)
}
for _, item := range tt.expectedCacheItems {
var tmpValue []byte

3
util/rbac/rbac_norace_test.go
View File

@@ -9,6 +9,7 @@ import (
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
apiv1 "k8s.io/api/core/v1"
"k8s.io/client-go/kubernetes/fake"
)
@@ -48,7 +49,7 @@ func TestPolicyInformer(t *testing.T) {
// update the configmap and update policy
delete(cm.Data, ConfigMapPolicyCSVKey)
err := enf.syncUpdate(cm, noOpUpdate)
assert.NoError(t, err)
require.NoError(t, err)
assert.False(t, enf.Enforce("admin", "applications", "delete", "foo/bar"))
}

72
util/rbac/rbac_test.go
View File

@@ -108,8 +108,7 @@ func TestPolicyCSV(t *testing.T) {
func TestBuiltinPolicyEnforcer(t *testing.T) {
kubeclientset := fake.NewSimpleClientset()
enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil)
err := enf.syncUpdate(fakeConfigMap(), noOpUpdate)
assert.NoError(t, err)
require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate))
// Without setting builtin policy, this should fail
assert.False(t, enf.Enforce("admin", "applications", "get", "foo/bar"))
@@ -181,8 +180,7 @@ g, alice, role:foo-readonly
func TestDefaultRole(t *testing.T) {
kubeclientset := fake.NewSimpleClientset()
enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil)
err := enf.syncUpdate(fakeConfigMap(), noOpUpdate)
assert.NoError(t, err)
require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate))
_ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV)
assert.False(t, enf.Enforce("bob", "applications", "get", "foo/bar"))
@@ -195,8 +193,7 @@ func TestDefaultRole(t *testing.T) {
func TestURLAsObjectName(t *testing.T) {
kubeclientset := fake.NewSimpleClientset()
enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil)
err := enf.syncUpdate(fakeConfigMap(), noOpUpdate)
assert.NoError(t, err)
require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate))
policy := `
p, alice, repositories, *, foo/*, allow
p, bob, repositories, *, foo/https://github.com/argoproj/argo-cd.git, allow
@@ -294,8 +291,7 @@ func TestClaimsEnforcerFunc(t *testing.T) {
func TestDefaultRoleWithRuntimePolicy(t *testing.T) {
kubeclientset := fake.NewSimpleClientset()
enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil)
err := enf.syncUpdate(fakeConfigMap(), noOpUpdate)
assert.NoError(t, err)
require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate))
runtimePolicy := assets.BuiltinPolicyCSV
assert.False(t, enf.EnforceRuntimePolicy("", runtimePolicy, "bob", "applications", "get", "foo/bar"))
enf.SetDefaultRole("role:readonly")
@@ -307,8 +303,7 @@ func TestDefaultRoleWithRuntimePolicy(t *testing.T) {
func TestClaimsEnforcerFuncWithRuntimePolicy(t *testing.T) {
kubeclientset := fake.NewSimpleClientset()
enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil)
err := enf.syncUpdate(fakeConfigMap(), noOpUpdate)
assert.NoError(t, err)
require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate))
runtimePolicy := assets.BuiltinPolicyCSV
claims := jwt.RegisteredClaims{
Subject: "foo",
@@ -325,8 +320,7 @@ func TestInvalidRuntimePolicy(t *testing.T) {
cm := fakeConfigMap()
kubeclientset := fake.NewSimpleClientset(cm)
enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil)
err := enf.syncUpdate(fakeConfigMap(), noOpUpdate)
assert.NoError(t, err)
require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate))
_ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV)
assert.True(t, enf.EnforceRuntimePolicy("", "", "admin", "applications", "update", "foo/bar"))
assert.False(t, enf.EnforceRuntimePolicy("", "", "role:readonly", "applications", "update", "foo/bar"))
@@ -344,14 +338,14 @@ func TestValidatePolicy(t *testing.T) {
` p, role:admin, projects, delete, *, allow `,
}
for _, good := range goodPolicies {
assert.NoError(t, ValidatePolicy(good))
require.NoError(t, ValidatePolicy(good))
}
badPolicies := []string{
"this, is, not, a, good, policy",
"this\ttoo",
}
for _, bad := range badPolicies {
assert.Error(t, ValidatePolicy(bad))
require.Error(t, ValidatePolicy(bad))
}
}
@@ -360,20 +354,20 @@ func TestEnforceErrorMessage(t *testing.T) {
kubeclientset := fake.NewSimpleClientset()
enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil)
err := enf.syncUpdate(fakeConfigMap(), noOpUpdate)
assert.NoError(t, err)
require.NoError(t, err)
err = enf.EnforceErr("admin", "applications", "get", "foo/bar")
assert.Error(t, err)
require.Error(t, err)
assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied: applications, get, foo/bar", err.Error())
err = enf.EnforceErr()
assert.Error(t, err)
require.Error(t, err)
assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied", err.Error())
// nolint:staticcheck
ctx := context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin"})
err = enf.EnforceErr(ctx.Value("claims"), "project")
assert.Error(t, err)
require.Error(t, err)
assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied: project, sub: proj:default:admin", err.Error())
iat := time.Unix(int64(1593035962), 0).Format(time.RFC3339)
@@ -381,27 +375,26 @@ func TestEnforceErrorMessage(t *testing.T) {
// nolint:staticcheck
ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin", IssuedAt: jwt.NewNumericDate(time.Unix(int64(1593035962), 0))})
err = enf.EnforceErr(ctx.Value("claims"), "project")
assert.Error(t, err)
require.Error(t, err)
assert.Equal(t, exp, err.Error())
// nolint:staticcheck
ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{ExpiresAt: jwt.NewNumericDate(time.Now())})
err = enf.EnforceErr(ctx.Value("claims"), "project")
assert.Error(t, err)
require.Error(t, err)
assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied: project", err.Error())
// nolint:staticcheck
ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin", IssuedAt: nil})
err = enf.EnforceErr(ctx.Value("claims"), "project")
assert.Error(t, err)
require.Error(t, err)
assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied: project, sub: proj:default:admin", err.Error())
}
func TestDefaultGlobMatchMode(t *testing.T) {
kubeclientset := fake.NewSimpleClientset()
enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil)
err := enf.syncUpdate(fakeConfigMap(), noOpUpdate)
assert.NoError(t, err)
require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate))
policy := `
p, alice, clusters, get, "https://github.com/*/*.git", allow
`
@@ -416,8 +409,7 @@ func TestGlobMatchMode(t *testing.T) {
cm.Data[ConfigMapMatchModeKey] = GlobMatchMode
kubeclientset := fake.NewSimpleClientset()
enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil)
err := enf.syncUpdate(cm, noOpUpdate)
assert.NoError(t, err)
require.NoError(t, enf.syncUpdate(cm, noOpUpdate))
policy := `
p, alice, clusters, get, "https://github.com/*/*.git", allow
`
@@ -432,8 +424,7 @@ func TestRegexMatchMode(t *testing.T) {
cm.Data[ConfigMapMatchModeKey] = RegexMatchMode
kubeclientset := fake.NewSimpleClientset()
enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil)
err := enf.syncUpdate(cm, noOpUpdate)
assert.NoError(t, err)
require.NoError(t, enf.syncUpdate(cm, noOpUpdate))
policy := `
p, alice, clusters, get, "https://github.com/argo[a-z]{4}/argo-[a-z]+.git", allow
`
@@ -461,55 +452,46 @@ func TestLoadPolicyLine(t *testing.T) {
t.Run("Valid permission line", func(t *testing.T) {
policy := `p, role:Myrole, applications, *, myproj/*, allow`
model := newBuiltInModel()
err := loadPolicyLine(policy, model)
require.NoError(t, err)
require.NoError(t, loadPolicyLine(policy, model))
})
t.Run("Valid grant line", func(t *testing.T) {
policy := `g, your-github-org:your-team, role:org-admin`
model := newBuiltInModel()
err := loadPolicyLine(policy, model)
require.NoError(t, err)
require.NoError(t, loadPolicyLine(policy, model))
})
t.Run("Empty policy line", func(t *testing.T) {
policy := ""
model := newBuiltInModel()
err := loadPolicyLine(policy, model)
require.NoError(t, err)
require.NoError(t, loadPolicyLine(policy, model))
})
t.Run("Comment policy line", func(t *testing.T) {
policy := "# Some comment"
model := newBuiltInModel()
err := loadPolicyLine(policy, model)
require.NoError(t, err)
require.NoError(t, loadPolicyLine(policy, model))
})
t.Run("Invalid policy line: single token", func(t *testing.T) {
policy := "p"
model := newBuiltInModel()
err := loadPolicyLine(policy, model)
require.Error(t, err)
require.Error(t, loadPolicyLine(policy, model))
})
t.Run("Invalid policy line: plain text", func(t *testing.T) {
policy := "Some comment"
model := newBuiltInModel()
err := loadPolicyLine(policy, model)
require.Error(t, err)
require.Error(t, loadPolicyLine(policy, model))
})
t.Run("Invalid policy line", func(t *testing.T) {
policy := "agh, foo, bar"
model := newBuiltInModel()
err := loadPolicyLine(policy, model)
require.Error(t, err)
require.Error(t, loadPolicyLine(policy, model))
})
t.Run("Invalid policy line missing comma", func(t *testing.T) {
policy := "p, role:Myrole, applications, *, myproj/* allow"
model := newBuiltInModel()
err := loadPolicyLine(policy, model)
require.Error(t, err)
require.Error(t, loadPolicyLine(policy, model))
})
t.Run("Invalid policy line missing policy type", func(t *testing.T) {
policy := ", role:Myrole, applications, *, myproj/*, allow"
model := newBuiltInModel()
err := loadPolicyLine(policy, model)
require.Error(t, err)
require.Error(t, loadPolicyLine(policy, model))
})
}

9
util/security/path_traversal_test.go
View File

@@ -4,23 +4,24 @@ import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestEnforceToCurrentRoot(t *testing.T) {
cleanDir, err := EnforceToCurrentRoot("/home/argo/helmapp/", "/home/argo/helmapp/values.yaml")
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "/home/argo/helmapp/values.yaml", cleanDir)
// File is outside current working directory
_, err = EnforceToCurrentRoot("/home/argo/helmapp/", "/home/values.yaml")
assert.Error(t, err)
require.Error(t, err)
// File is outside current working directory
_, err = EnforceToCurrentRoot("/home/argo/helmapp/", "/home/argo/helmapp/../differentapp/values.yaml")
assert.Error(t, err)
require.Error(t, err)
// Goes back and forth, but still legal
cleanDir, err = EnforceToCurrentRoot("/home/argo/helmapp/", "/home/argo/helmapp/../../argo/helmapp/values.yaml")
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "/home/argo/helmapp/values.yaml", cleanDir)
}

5
util/session/sessionmanager_norace_test.go
View File

@@ -9,6 +9,7 @@ import (
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/argoproj/argo-cd/v2/util/settings"
)
@@ -30,9 +31,7 @@ func TestRandomPasswordVerificationDelay(t *testing.T) {
for i := 0; i < 10; i++ {
sleptFor = 0
start := time.Now()
if !assert.NoError(t, mgr.VerifyUsernamePassword("admin", "password")) {
return
}
require.NoError(t, mgr.VerifyUsernamePassword("admin", "password"))
totalDuration := time.Since(start) + sleptFor
assert.GreaterOrEqual(t, totalDuration.Nanoseconds(), verificationDelayNoiseMin.Nanoseconds())
assert.LessOrEqual(t, totalDuration.Nanoseconds(), verificationDelayNoiseMax.Nanoseconds())

38
util/session/sessionmanager_test.go
View File

@@ -95,7 +95,7 @@ func TestSessionManager_AdminToken(t *testing.T) {
}
claims, newToken, err := mgr.Parse(token)
assert.NoError(t, err)
require.NoError(t, err)
assert.Empty(t, newToken)
mapClaims := *(claims.(*jwt.MapClaims))
@@ -119,12 +119,12 @@ func TestSessionManager_AdminToken_ExpiringSoon(t *testing.T) {
// verify new token is generated is login token is expiring soon
_, newToken, err := mgr.Parse(token)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotEmpty(t, newToken)
// verify that new token is valid and for the same user
claims, _, err := mgr.Parse(newToken)
assert.NoError(t, err)
require.NoError(t, err)
mapClaims := *(claims.(*jwt.MapClaims))
subject := mapClaims["sub"].(string)
assert.Equal(t, "admin", subject)
@@ -200,7 +200,7 @@ func TestSessionManager_ProjectToken(t *testing.T) {
require.NoError(t, err)
_, _, err = mgr.Parse(jwtToken)
assert.NoError(t, err)
require.NoError(t, err)
})
t.Run("Token Revoked", func(t *testing.T) {
@@ -341,7 +341,7 @@ func TestSessionManager_WithAuthMiddleware(t *testing.T) {
resp, err := http.DefaultClient.Do(req)
// then
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, resp)
assert.Equal(t, tc.expectedStatusCode, resp.StatusCode)
if tc.expectedResponseBody != nil {
@@ -431,7 +431,7 @@ func TestVerifyUsernamePassword(t *testing.T) {
err := mgr.VerifyUsernamePassword(tc.userName, tc.password)
if tc.expected == nil {
assert.NoError(t, err)
require.NoError(t, err)
} else {
assert.EqualError(t, err, tc.expected.Error())
}
@@ -502,31 +502,31 @@ func TestLoginRateLimiter(t *testing.T) {
t.Run("Test login delay valid user", func(t *testing.T) {
for i := 0; i < getMaxLoginFailures(); i++ {
err := mgr.VerifyUsernamePassword("admin", "wrong")
assert.Error(t, err)
require.Error(t, err)
}
// The 11th time should fail even if password is right
{
err := mgr.VerifyUsernamePassword("admin", "password")
assert.Error(t, err)
require.Error(t, err)
}
storage.attempts = map[string]LoginAttempts{}
// Failed counter should have been reset, should validate immediately
{
err := mgr.VerifyUsernamePassword("admin", "password")
assert.NoError(t, err)
require.NoError(t, err)
}
})
t.Run("Test login delay invalid user", func(t *testing.T) {
for i := 0; i < getMaxLoginFailures(); i++ {
err := mgr.VerifyUsernamePassword("invalid", "wrong")
assert.Error(t, err)
require.Error(t, err)
}
err := mgr.VerifyUsernamePassword("invalid", "wrong")
assert.Error(t, err)
require.Error(t, err)
})
}
@@ -538,7 +538,7 @@ func TestMaxUsernameLength(t *testing.T) {
settingsMgr := settings.NewSettingsManager(context.Background(), getKubeClient("password", true), "argocd")
mgr := newSessionManager(settingsMgr, getProjLister(), NewUserStateStorage(nil))
err := mgr.VerifyUsernamePassword(username, "password")
assert.Error(t, err)
require.Error(t, err)
assert.Contains(t, err.Error(), fmt.Sprintf(usernameTooLongError, maxUsernameLength))
}
@@ -552,7 +552,7 @@ func TestMaxCacheSize(t *testing.T) {
for _, user := range invalidUsers {
err := mgr.VerifyUsernamePassword(user, "password")
assert.Error(t, err)
require.Error(t, err)
}
assert.Len(t, mgr.GetLoginFailures(), 5)
@@ -568,13 +568,13 @@ func TestFailedAttemptsExpiry(t *testing.T) {
for _, user := range invalidUsers {
err := mgr.VerifyUsernamePassword(user, "password")
assert.Error(t, err)
require.Error(t, err)
}
time.Sleep(2 * time.Second)
err := mgr.VerifyUsernamePassword("invalid8", "password")
assert.Error(t, err)
require.Error(t, err)
assert.Len(t, mgr.GetLoginFailures(), 1)
}
@@ -878,7 +878,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
require.NoError(t, err)
_, _, err = mgr.VerifyToken(tokenString)
assert.Error(t, err)
require.Error(t, err)
})
t.Run("OIDC provider is external, audience is not specified, absent audience is allowed", func(t *testing.T) {
@@ -914,7 +914,7 @@ skipAudienceCheckWhenTokenHasNoAudience: true`, oidcTestServer.URL),
require.NoError(t, err)
_, _, err = mgr.VerifyToken(tokenString)
assert.NoError(t, err)
require.NoError(t, err)
})
t.Run("OIDC provider is external, audience is not specified but is required", func(t *testing.T) {
@@ -1023,7 +1023,7 @@ allowedAudiences:
require.NoError(t, err)
_, _, err = mgr.VerifyToken(tokenString)
assert.NoError(t, err)
require.NoError(t, err)
})
t.Run("OIDC provider is external, audience is not in allowed list", func(t *testing.T) {
@@ -1171,7 +1171,7 @@ allowedAudiences: ["aud-a", "aud-b"]`, oidcTestServer.URL),
require.NoError(t, err)
_, _, err = mgr.VerifyToken(tokenString)
assert.NoError(t, err)
require.NoError(t, err)
})
t.Run("OIDC provider is external, audience is not specified, token is signed with the wrong key", func(t *testing.T) {

37
util/settings/accounts_test.go
View File

@@ -6,6 +6,7 @@ import (
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
v1 "k8s.io/api/core/v1"
@@ -17,7 +18,7 @@ import (
func TestGetAccounts_NoAccountsConfigured(t *testing.T) {
_, settingsManager := fixtures(nil)
accounts, err := settingsManager.GetAccounts()
assert.NoError(t, err)
require.NoError(t, err)
adminAccount, ok := accounts[common.ArgoCDAdminUsername]
assert.True(t, ok)
@@ -29,7 +30,7 @@ func TestGetAccounts_HasConfiguredAccounts(t *testing.T) {
secret.Data["accounts.test.tokens"] = []byte(`[{"id":"123","iat":1583789194,"exp":1583789194}]`)
})
accounts, err := settingsManager.GetAccounts()
assert.NoError(t, err)
require.NoError(t, err)
acc, ok := accounts["test"]
assert.True(t, ok)
@@ -44,7 +45,7 @@ func TestGetAccounts_DisableAccount(t *testing.T) {
"accounts.test.enabled": "false",
})
accounts, err := settingsManager.GetAccounts()
assert.NoError(t, err)
require.NoError(t, err)
acc, ok := accounts["test"]
assert.True(t, ok)
@@ -59,13 +60,13 @@ func TestGetAccount(t *testing.T) {
t.Run("ExistingUserName", func(t *testing.T) {
_, err := settingsManager.GetAccount("test")
assert.NoError(t, err)
require.NoError(t, err)
})
t.Run("IncorrectName", func(t *testing.T) {
_, err := settingsManager.GetAccount("incorrect-name")
assert.Error(t, err)
require.Error(t, err)
assert.Equal(t, codes.NotFound, status.Code(err))
})
}
@@ -88,7 +89,7 @@ func TestGetAccount_WithInvalidToken(t *testing.T) {
)
_, err := settingsManager.GetAccounts()
assert.NoError(t, err)
require.NoError(t, err)
}
func TestGetAdminAccount(t *testing.T) {
@@ -99,7 +100,7 @@ func TestGetAdminAccount(t *testing.T) {
})
acc, err := settingsManager.GetAccount(common.ArgoCDAdminUsername)
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "admin-password", acc.PasswordHash)
assert.Equal(t, mTime, acc.FormatPasswordMtime())
@@ -150,16 +151,16 @@ func TestAddAccount_AccountAdded(t *testing.T) {
PasswordMtime: &mTime,
}
err := settingsManager.AddAccount("test", addedAccount)
assert.NoError(t, err)
require.NoError(t, err)
cm, err := clientset.CoreV1().ConfigMaps("default").Get(context.Background(), common.ArgoCDConfigMapName, metav1.GetOptions{})
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "login", cm.Data["accounts.test"])
assert.Equal(t, "false", cm.Data["accounts.test.enabled"])
secret, err := clientset.CoreV1().Secrets("default").Get(context.Background(), common.ArgoCDSecretName, metav1.GetOptions{})
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "hash", string(secret.Data["accounts.test.password"]))
assert.Equal(t, mTime.Format(time.RFC3339), string(secret.Data["accounts.test.passwordMtime"]))
@@ -169,13 +170,13 @@ func TestAddAccount_AccountAdded(t *testing.T) {
func TestAddAccount_AlreadyExists(t *testing.T) {
_, settingsManager := fixtures(map[string]string{"accounts.test": "login"})
err := settingsManager.AddAccount("test", Account{})
assert.Error(t, err)
require.Error(t, err)
}
func TestAddAccount_CannotAddAdmin(t *testing.T) {
_, settingsManager := fixtures(nil)
err := settingsManager.AddAccount("admin", Account{})
assert.Error(t, err)
require.Error(t, err)
}
func TestUpdateAccount_SuccessfullyUpdated(t *testing.T) {
@@ -190,16 +191,16 @@ func TestUpdateAccount_SuccessfullyUpdated(t *testing.T) {
account.PasswordMtime = &mTime
return nil
})
assert.NoError(t, err)
require.NoError(t, err)
cm, err := clientset.CoreV1().ConfigMaps("default").Get(context.Background(), common.ArgoCDConfigMapName, metav1.GetOptions{})
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "login", cm.Data["accounts.test"])
assert.Equal(t, "false", cm.Data["accounts.test.enabled"])
secret, err := clientset.CoreV1().Secrets("default").Get(context.Background(), common.ArgoCDSecretName, metav1.GetOptions{})
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "hash", string(secret.Data["accounts.test.password"]))
assert.Equal(t, mTime.Format(time.RFC3339), string(secret.Data["accounts.test.passwordMtime"]))
@@ -215,10 +216,10 @@ func TestUpdateAccount_UpdateAdminPassword(t *testing.T) {
account.PasswordMtime = &mTime
return nil
})
assert.NoError(t, err)
require.NoError(t, err)
secret, err := clientset.CoreV1().Secrets("default").Get(context.Background(), common.ArgoCDSecretName, metav1.GetOptions{})
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "newPassword", string(secret.Data["admin.password"]))
assert.Equal(t, mTime.Format(time.RFC3339), string(secret.Data["admin.passwordMtime"]))
@@ -231,5 +232,5 @@ func TestUpdateAccount_AccountDoesNotExist(t *testing.T) {
account.Enabled = false
return nil
})
assert.Error(t, err)
require.Error(t, err)
}

154
util/settings/settings_test.go
View File

@@ -57,20 +57,20 @@ func TestGetRepositories(t *testing.T) {
"repositories": "\n - url: http://foo\n",
})
filter, err := settingsManager.GetRepositories()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, []Repository{{URL: "http://foo"}}, filter)
}
func TestSaveRepositories(t *testing.T) {
kubeClient, settingsManager := fixtures(nil)
err := settingsManager.SaveRepositories([]Repository{{URL: "http://foo"}})
assert.NoError(t, err)
require.NoError(t, err)
cm, err := kubeClient.CoreV1().ConfigMaps("default").Get(context.Background(), common.ArgoCDConfigMapName, metav1.GetOptions{})
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "- url: http://foo\n", cm.Data["repositories"])
repos, err := settingsManager.GetRepositories()
assert.NoError(t, err)
require.NoError(t, err)
assert.ElementsMatch(t, repos, []Repository{{URL: "http://foo"}})
}
@@ -79,22 +79,22 @@ func TestSaveRepositoriesNoConfigMap(t *testing.T) {
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
err := settingsManager.SaveRepositories([]Repository{{URL: "http://foo"}})
assert.NoError(t, err)
require.NoError(t, err)
cm, err := kubeClient.CoreV1().ConfigMaps("default").Get(context.Background(), common.ArgoCDConfigMapName, metav1.GetOptions{})
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "- url: http://foo\n", cm.Data["repositories"])
}
func TestSaveRepositoryCredentials(t *testing.T) {
kubeClient, settingsManager := fixtures(nil)
err := settingsManager.SaveRepositoryCredentials([]RepositoryCredentials{{URL: "http://foo"}})
assert.NoError(t, err)
require.NoError(t, err)
cm, err := kubeClient.CoreV1().ConfigMaps("default").Get(context.Background(), common.ArgoCDConfigMapName, metav1.GetOptions{})
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "- url: http://foo\n", cm.Data["repository.credentials"])
creds, err := settingsManager.GetRepositoryCredentials()
assert.NoError(t, err)
require.NoError(t, err)
assert.ElementsMatch(t, creds, []RepositoryCredentials{{URL: "http://foo"}})
}
@@ -103,7 +103,7 @@ func TestGetRepositoryCredentials(t *testing.T) {
"repository.credentials": "\n - url: http://foo\n",
})
filter, err := settingsManager.GetRepositoryCredentials()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, []RepositoryCredentials{{URL: "http://foo"}}, filter)
}
@@ -114,7 +114,7 @@ func TestGetResourceFilter(t *testing.T) {
}
_, settingsManager := fixtures(data)
filter, err := settingsManager.GetResourcesFilter()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, &ResourcesFilter{
ResourceExclusions: []FilteredResource{{APIGroups: []string{"group1"}, Kinds: []string{"kind1"}, Clusters: []string{"cluster1"}}},
ResourceInclusions: []FilteredResource{{APIGroups: []string{"group2"}, Kinds: []string{"kind2"}, Clusters: []string{"cluster2"}}},
@@ -126,14 +126,14 @@ func TestInClusterServerAddressEnabled(t *testing.T) {
"cluster.inClusterEnabled": "true",
})
argoCDCM, err := settingsManager.getConfigMap()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "true", argoCDCM.Data[inClusterEnabledKey])
_, settingsManager = fixtures(map[string]string{
"cluster.inClusterEnabled": "false",
})
argoCDCM, err = settingsManager.getConfigMap()
assert.NoError(t, err)
require.NoError(t, err)
assert.NotEqual(t, "true", argoCDCM.Data[inClusterEnabledKey])
}
@@ -165,7 +165,7 @@ func TestInClusterServerAddressEnabledByDefault(t *testing.T) {
)
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
settings, err := settingsManager.GetSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.True(t, settings.InClusterEnabled)
}
@@ -174,14 +174,14 @@ func TestGetAppInstanceLabelKey(t *testing.T) {
"application.instanceLabelKey": "testLabel",
})
label, err := settingsManager.GetAppInstanceLabelKey()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "testLabel", label)
}
func TestGetServerRBACLogEnforceEnableKeyDefaultFalse(t *testing.T) {
_, settingsManager := fixtures(nil)
serverRBACLogEnforceEnable, err := settingsManager.GetServerRBACLogEnforceEnable()
assert.NoError(t, err)
require.NoError(t, err)
assert.False(t, serverRBACLogEnforceEnable)
}
@@ -190,14 +190,14 @@ func TestGetIsIgnoreResourceUpdatesEnabled(t *testing.T) {
"resource.ignoreResourceUpdatesEnabled": "true",
})
ignoreResourceUpdatesEnabled, err := settingsManager.GetIsIgnoreResourceUpdatesEnabled()
assert.NoError(t, err)
require.NoError(t, err)
assert.True(t, ignoreResourceUpdatesEnabled)
}
func TestGetIsIgnoreResourceUpdatesEnabledDefaultFalse(t *testing.T) {
_, settingsManager := fixtures(nil)
ignoreResourceUpdatesEnabled, err := settingsManager.GetIsIgnoreResourceUpdatesEnabled()
assert.NoError(t, err)
require.NoError(t, err)
assert.False(t, ignoreResourceUpdatesEnabled)
}
@@ -206,7 +206,7 @@ func TestGetServerRBACLogEnforceEnableKey(t *testing.T) {
"server.rbac.log.enforce.enable": "true",
})
serverRBACLogEnforceEnable, err := settingsManager.GetServerRBACLogEnforceEnable()
assert.NoError(t, err)
require.NoError(t, err)
assert.True(t, serverRBACLogEnforceEnable)
}
@@ -234,7 +234,7 @@ func TestGetResourceOverrides(t *testing.T) {
- .webhooks[1].clientConfig.caBundle`,
})
overrides, err := settingsManager.GetResourceOverrides()
assert.NoError(t, err)
require.NoError(t, err)
webHookOverrides := overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"]
assert.NotNil(t, webHookOverrides)
@@ -261,7 +261,7 @@ func TestGetResourceOverrides(t *testing.T) {
ignoreResourceStatusField: all`,
})
overrides, err = settingsManager.GetResourceOverrides()
assert.NoError(t, err)
require.NoError(t, err)
globalOverrides := overrides["*/*"]
assert.NotNil(t, globalOverrides)
@@ -281,7 +281,7 @@ func TestGetResourceOverrides(t *testing.T) {
- .webhooks[0].clientConfig.caBundle`,
})
overrides, err = settingsManager.GetResourceOverrides()
assert.NoError(t, err)
require.NoError(t, err)
crdOverrides = overrides[crdGK]
assert.NotNil(t, crdOverrides)
@@ -296,7 +296,7 @@ func TestGetResourceOverrides(t *testing.T) {
ignoreResourceStatusField: foobar`,
})
overrides, err = settingsManager.GetResourceOverrides()
assert.NoError(t, err)
require.NoError(t, err)
defaultOverrides := overrides[crdGK]
assert.NotNil(t, defaultOverrides)
@@ -309,7 +309,7 @@ func TestGetResourceOverrides(t *testing.T) {
ignoreResourceStatusField: off`,
})
overrides, err = settingsManager.GetResourceOverrides()
assert.NoError(t, err)
require.NoError(t, err)
assert.Empty(t, overrides)
}
@@ -325,7 +325,7 @@ func TestGetResourceOverridesHealthWithWildcard(t *testing.T) {
_, settingsManager := fixtures(data)
overrides, err := settingsManager.GetResourceOverrides()
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, overrides, 2)
assert.Equal(t, "foo", overrides["*.aws.crossplane.io/*"].HealthLua)
})
@@ -336,7 +336,7 @@ func TestSettingsManager_GetResourceOverrides_with_empty_string(t *testing.T) {
resourceCustomizationsKey: "",
})
overrides, err := settingsManager.GetResourceOverrides()
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, overrides, 1)
}
@@ -368,7 +368,7 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) {
_, settingsManager := fixtures(data)
overrides, err := settingsManager.GetResourceOverrides()
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, overrides, 5)
assert.Len(t, overrides[crdGK].IgnoreDifferences.JSONPointers, 2)
assert.Len(t, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreDifferences.JSONPointers, 1)
@@ -417,7 +417,7 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) {
_, settingsManager := fixtures(mergemaps(data, newData))
overrides, err := settingsManager.GetResourceOverrides()
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, overrides, 9)
assert.Len(t, overrides[crdGK].IgnoreDifferences.JSONPointers, 2)
assert.Equal(t, "/status", overrides[crdGK].IgnoreDifferences.JSONPointers[0])
@@ -457,7 +457,7 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) {
_, settingsManager := fixtures(mergemaps(data, newData))
overrides, err := settingsManager.GetResourceOverrides()
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, overrides, 5)
assert.Len(t, overrides["*/*"].IgnoreDifferences.JSONPointers, 1)
assert.Len(t, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreDifferences.JSONPointers, 1)
@@ -475,7 +475,7 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) {
_, settingsManager := fixtures(mergemaps(data, newData))
overrides, err := settingsManager.GetResourceOverrides()
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, overrides, 4)
assert.Len(t, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreDifferences.JSONPointers, 1)
assert.Equal(t, "foo\n", overrides["certmanager.k8s.io/Certificate"].HealthLua)
@@ -514,7 +514,7 @@ func TestGetIgnoreResourceUpdatesOverrides(t *testing.T) {
_, settingsManager := fixtures(testCustomizations)
overrides, err := settingsManager.GetIgnoreResourceUpdatesOverrides()
assert.NoError(t, err)
require.NoError(t, err)
// default overrides should always be present
allOverrides := overrides[allGK]
@@ -537,7 +537,7 @@ func TestGetIgnoreResourceUpdatesOverrides(t *testing.T) {
ignoreDifferencesOnResourceUpdates: true`,
}))
overrides, err = settingsManager.GetIgnoreResourceUpdatesOverrides()
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"])
assert.Equal(t, v1alpha1.ResourceOverride{
@@ -551,18 +551,18 @@ func TestGetIgnoreResourceUpdatesOverrides(t *testing.T) {
func TestConvertToOverrideKey(t *testing.T) {
key, err := convertToOverrideKey("cert-manager.io_Certificate")
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "cert-manager.io/Certificate", key)
key, err = convertToOverrideKey("Certificate")
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "Certificate", key)
_, err = convertToOverrideKey("")
assert.Error(t, err)
require.Error(t, err)
_, err = convertToOverrideKey("_")
assert.NoError(t, err)
require.NoError(t, err)
}
func TestGetResourceCompareOptions(t *testing.T) {
@@ -572,7 +572,7 @@ func TestGetResourceCompareOptions(t *testing.T) {
"resource.compareoptions": "ignoreAggregatedRoles: true",
})
compareOptions, err := settingsManager.GetResourceCompareOptions()
assert.NoError(t, err)
require.NoError(t, err)
assert.True(t, compareOptions.IgnoreAggregatedRoles)
}
@@ -582,7 +582,7 @@ func TestGetResourceCompareOptions(t *testing.T) {
"resource.compareoptions": "ignoreAggregatedRoles: false",
})
compareOptions, err := settingsManager.GetResourceCompareOptions()
assert.NoError(t, err)
require.NoError(t, err)
assert.False(t, compareOptions.IgnoreAggregatedRoles)
}
@@ -592,7 +592,7 @@ func TestGetResourceCompareOptions(t *testing.T) {
"resource.compareoptions": "ignoreDifferencesOnResourceUpdates: true",
})
compareOptions, err := settingsManager.GetResourceCompareOptions()
assert.NoError(t, err)
require.NoError(t, err)
assert.True(t, compareOptions.IgnoreDifferencesOnResourceUpdates)
}
@@ -602,7 +602,7 @@ func TestGetResourceCompareOptions(t *testing.T) {
"resource.compareoptions": "ignoreDifferencesOnResourceUpdates: false",
})
compareOptions, err := settingsManager.GetResourceCompareOptions()
assert.NoError(t, err)
require.NoError(t, err)
assert.False(t, compareOptions.IgnoreDifferencesOnResourceUpdates)
}
@@ -613,7 +613,7 @@ func TestGetResourceCompareOptions(t *testing.T) {
})
compareOptions, err := settingsManager.GetResourceCompareOptions()
defaultOptions := GetDefaultDiffOptions()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, defaultOptions.IgnoreAggregatedRoles, compareOptions.IgnoreAggregatedRoles)
assert.Equal(t, defaultOptions.IgnoreDifferencesOnResourceUpdates, compareOptions.IgnoreDifferencesOnResourceUpdates)
}
@@ -623,7 +623,7 @@ func TestGetResourceCompareOptions(t *testing.T) {
_, settingsManager := fixtures(map[string]string{})
compareOptions, err := settingsManager.GetResourceCompareOptions()
defaultOptions := GetDefaultDiffOptions()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, defaultOptions.IgnoreAggregatedRoles, compareOptions.IgnoreAggregatedRoles)
assert.Equal(t, defaultOptions.IgnoreDifferencesOnResourceUpdates, compareOptions.IgnoreDifferencesOnResourceUpdates)
}
@@ -635,7 +635,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) {
settings, err := settingsManager.GetKustomizeSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.Empty(t, settings.BuildOptions)
assert.Empty(t, settings.Versions)
})
@@ -647,7 +647,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) {
options, err := settingsManager.GetKustomizeSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "foo", options.BuildOptions)
assert.Equal(t, []KustomizeVersion{{Name: "v3.2.1", Path: "somePath"}}, options.Versions)
})
@@ -665,7 +665,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) {
got, err := settingsManager.GetKustomizeSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "--global true", got.BuildOptions)
want := &KustomizeSettings{
BuildOptions: "--global true",
@@ -695,7 +695,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) {
})
got, err := settingsManager.GetKustomizeSettings()
assert.ErrorContains(t, err, "found duplicate kustomize version: v3.2.1")
require.ErrorContains(t, err, "found duplicate kustomize version: v3.2.1")
assert.Empty(t, got)
})
@@ -705,7 +705,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) {
})
got, err := settingsManager.GetKustomizeSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.Empty(t, got)
})
}
@@ -724,14 +724,12 @@ func TestKustomizeSettings_GetOptions(t *testing.T) {
_, err := settings.GetOptions(v1alpha1.ApplicationSource{
Kustomize: &v1alpha1.ApplicationSourceKustomize{Version: "v4"},
})
assert.Error(t, err)
require.Error(t, err)
})
t.Run("DefaultBuildOptions", func(t *testing.T) {
ver, err := settings.GetOptions(v1alpha1.ApplicationSource{})
if !assert.NoError(t, err) {
return
}
require.NoError(t, err)
assert.Equal(t, "", ver.BinaryPath)
assert.Equal(t, "--opt1 val1", ver.BuildOptions)
})
@@ -740,9 +738,7 @@ func TestKustomizeSettings_GetOptions(t *testing.T) {
ver, err := settings.GetOptions(v1alpha1.ApplicationSource{
Kustomize: &v1alpha1.ApplicationSourceKustomize{Version: "v2"},
})
if !assert.NoError(t, err) {
return
}
require.NoError(t, err)
assert.Equal(t, "path_v2", ver.BinaryPath)
assert.Equal(t, "", ver.BuildOptions)
})
@@ -751,9 +747,7 @@ func TestKustomizeSettings_GetOptions(t *testing.T) {
ver, err := settings.GetOptions(v1alpha1.ApplicationSource{
Kustomize: &v1alpha1.ApplicationSourceKustomize{Version: "v3"},
})
if !assert.NoError(t, err) {
return
}
require.NoError(t, err)
assert.Equal(t, "path_v3", ver.BinaryPath)
assert.Equal(t, "--opt2 val2", ver.BuildOptions)
})
@@ -764,7 +758,7 @@ func TestGetGoogleAnalytics(t *testing.T) {
"ga.trackingid": "123",
})
ga, err := settingsManager.GetGoogleAnalytics()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "123", ga.TrackingID)
assert.True(t, ga.AnonymizeUsers)
}
@@ -773,7 +767,7 @@ func TestSettingsManager_GetHelp(t *testing.T) {
t.Run("Default", func(t *testing.T) {
_, settingsManager := fixtures(nil)
h, err := settingsManager.GetHelp()
assert.NoError(t, err)
require.NoError(t, err)
assert.Empty(t, h.ChatURL)
assert.Empty(t, h.ChatText)
})
@@ -783,7 +777,7 @@ func TestSettingsManager_GetHelp(t *testing.T) {
"help.chatText": "bar",
})
h, err := settingsManager.GetHelp()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "foo", h.ChatURL)
assert.Equal(t, "bar", h.ChatText)
})
@@ -792,7 +786,7 @@ func TestSettingsManager_GetHelp(t *testing.T) {
"help.chatUrl": "foo",
})
h, err := settingManager.GetHelp()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "foo", h.ChatURL)
assert.Equal(t, "Chat now!", h.ChatText)
})
@@ -801,7 +795,7 @@ func TestSettingsManager_GetHelp(t *testing.T) {
"help.chatText": "bar",
})
h, err := settingManager.GetHelp()
assert.NoError(t, err)
require.NoError(t, err)
assert.Empty(t, h.ChatURL)
assert.Empty(t, h.ChatText)
})
@@ -812,7 +806,7 @@ func TestSettingsManager_GetHelp(t *testing.T) {
"help.download.unsupported": "nowhere",
})
h, err := settingsManager.GetHelp()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, map[string]string{"darwin-amd64": "amd64-path", "linux-s390x": "s390x-path"}, h.BinaryURLs)
})
}
@@ -845,7 +839,7 @@ func TestSettingsManager_GetSettings(t *testing.T) {
)
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
s, err := settingsManager.GetSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, time.Hour*24, s.UserSessionDuration)
})
t.Run("UserSessionDurationInvalidFormat", func(t *testing.T) {
@@ -877,7 +871,7 @@ func TestSettingsManager_GetSettings(t *testing.T) {
)
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
s, err := settingsManager.GetSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, time.Hour*24, s.UserSessionDuration)
})
t.Run("UserSessionDurationProvided", func(t *testing.T) {
@@ -909,7 +903,7 @@ func TestSettingsManager_GetSettings(t *testing.T) {
)
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
s, err := settingsManager.GetSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, time.Hour*10, s.UserSessionDuration)
})
}
@@ -944,7 +938,7 @@ func TestGetOIDCConfig(t *testing.T) {
)
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
settings, err := settingsManager.GetSettings()
assert.NoError(t, err)
require.NoError(t, err)
oidcConfig := settings.OIDCConfig()
assert.NotNil(t, oidcConfig)
@@ -964,10 +958,10 @@ func TestRedirectURL(t *testing.T) {
for given, expected := range cases {
settings := ArgoCDSettings{URL: given}
redirectURL, err := settings.RedirectURL()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, expected[0], redirectURL)
dexRedirectURL, err := settings.DexRedirectURL()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, expected[1], dexRedirectURL)
}
}
@@ -988,7 +982,7 @@ func Test_validateExternalURL(t *testing.T) {
if tt.errMsg != "" {
assert.EqualError(t, err, tt.errMsg)
} else {
assert.NoError(t, err)
require.NoError(t, err)
}
})
}
@@ -1024,7 +1018,7 @@ func TestGetOIDCSecretTrim(t *testing.T) {
)
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
settings, err := settingsManager.GetSettings()
assert.NoError(t, err)
require.NoError(t, err)
oidcConfig := settings.OIDCConfig()
assert.NotNil(t, oidcConfig)
@@ -1080,7 +1074,7 @@ func Test_GetTLSConfiguration(t *testing.T) {
)
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
settings, err := settingsManager.GetSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.True(t, settings.CertificateIsExternal)
assert.NotNil(t, settings.Certificate)
assert.Contains(t, getCNFromCertificate(settings.Certificate), "localhost")
@@ -1128,7 +1122,7 @@ func Test_GetTLSConfiguration(t *testing.T) {
)
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
settings, err := settingsManager.GetSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.True(t, settings.CertificateIsExternal)
assert.NotNil(t, settings.Certificate)
assert.Contains(t, getCNFromCertificate(settings.Certificate), "localhost")
@@ -1173,7 +1167,7 @@ func Test_GetTLSConfiguration(t *testing.T) {
)
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
settings, err := settingsManager.GetSettings()
assert.Error(t, err)
require.Error(t, err)
assert.Contains(t, err.Error(), "could not read from secret")
assert.NotNil(t, settings)
})
@@ -1209,7 +1203,7 @@ func Test_GetTLSConfiguration(t *testing.T) {
)
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
settings, err := settingsManager.GetSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.False(t, settings.CertificateIsExternal)
assert.NotNil(t, settings.Certificate)
assert.Contains(t, getCNFromCertificate(settings.Certificate), "Argo CD E2E")
@@ -1221,21 +1215,21 @@ func TestDownloadArgoCDBinaryUrls(t *testing.T) {
"help.download.darwin-amd64": "some-url",
})
argoCDCM, err := settingsManager.getConfigMap()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "some-url", argoCDCM.Data["help.download.darwin-amd64"])
_, settingsManager = fixtures(map[string]string{
"help.download.linux-s390x": "some-url",
})
argoCDCM, err = settingsManager.getConfigMap()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "some-url", argoCDCM.Data["help.download.linux-s390x"])
_, settingsManager = fixtures(map[string]string{
"help.download.unsupported": "some-url",
})
argoCDCM, err = settingsManager.getConfigMap()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "some-url", argoCDCM.Data["help.download.unsupported"])
}
@@ -1289,7 +1283,7 @@ requestedIDTokenClaims: {"groups": {"essential": true}}`,
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
settings, err := settingsManager.GetSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, "mywebhooksecret", settings.WebhookGitHubSecret)
oidcConfig := settings.OIDCConfig()
@@ -1416,7 +1410,7 @@ func TestGetHelmSettings(t *testing.T) {
settingsManager := NewSettingsManager(context.Background(), kubeClient, "default")
helmSettings, err := settingsManager.GetHelmSettings()
assert.NoError(t, err)
require.NoError(t, err)
assert.ElementsMatch(t, tc.expected, helmSettings.ValuesFileSchemes)
})

56
util/tls/tls_test.go
View File

@@ -125,19 +125,19 @@ func TestGetTLSVersionByString(t *testing.T) {
t.Run("Valid versions", func(t *testing.T) {
for k, v := range tlsVersionByString {
r, err := getTLSVersionByString(k)
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, v, r)
}
})
t.Run("Invalid versions", func(t *testing.T) {
_, err := getTLSVersionByString("1.4")
assert.Error(t, err)
require.Error(t, err)
})
t.Run("Empty versions", func(t *testing.T) {
r, err := getTLSVersionByString("")
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, uint16(0), r)
})
}
@@ -147,7 +147,7 @@ func TestGetTLSCipherSuitesByString(t *testing.T) {
for _, s := range tls.CipherSuites() {
t.Run(fmt.Sprintf("Test for valid suite %s", s.Name), func(t *testing.T) {
ids, err := getTLSCipherSuitesByString(s.Name)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, ids, 1)
assert.Equal(t, s.ID, ids[0])
suites = append(suites, s.Name)
@@ -156,14 +156,14 @@ func TestGetTLSCipherSuitesByString(t *testing.T) {
t.Run("Test colon separated list", func(t *testing.T) {
ids, err := getTLSCipherSuitesByString(strings.Join(suites, ":"))
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, ids, len(suites))
})
suites = append([]string{"invalid"}, suites...)
t.Run("Test invalid values", func(t *testing.T) {
_, err := getTLSCipherSuitesByString(strings.Join(suites, ":"))
assert.Error(t, err)
require.Error(t, err)
})
}
@@ -187,21 +187,21 @@ func TestGenerate(t *testing.T) {
t.Run("Invalid: No hosts specified", func(t *testing.T) {
opts := CertOptions{Hosts: []string{}, Organization: "Acme", ValidFrom: time.Now(), ValidFor: 10 * time.Hour}
_, _, err := generate(opts)
assert.Error(t, err)
require.Error(t, err)
assert.Contains(t, err.Error(), "hosts not supplied")
})
t.Run("Invalid: No organization specified", func(t *testing.T) {
opts := CertOptions{Hosts: []string{"localhost"}, Organization: "", ValidFrom: time.Now(), ValidFor: 10 * time.Hour}
_, _, err := generate(opts)
assert.Error(t, err)
require.Error(t, err)
assert.Contains(t, err.Error(), "organization not supplied")
})
t.Run("Invalid: Unsupported curve specified", func(t *testing.T) {
opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme", ECDSACurve: "Curve?", ValidFrom: time.Now(), ValidFor: 10 * time.Hour}
_, _, err := generate(opts)
assert.Error(t, err)
require.Error(t, err)
assert.Contains(t, err.Error(), "Unrecognized elliptic curve")
})
@@ -209,17 +209,17 @@ func TestGenerate(t *testing.T) {
t.Run(fmt.Sprintf("Create certificate with curve %s", curve), func(t *testing.T) {
opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme", ECDSACurve: curve}
_, _, err := generate(opts)
assert.NoError(t, err)
require.NoError(t, err)
})
}
t.Run("Create certificate with default options", func(t *testing.T) {
opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme"}
certBytes, privKey, err := generate(opts)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, privKey)
cert, err := x509.ParseCertificate(certBytes)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, cert)
assert.Len(t, cert.DNSNames, 1)
assert.Equal(t, "localhost", cert.DNSNames[0])
@@ -230,10 +230,10 @@ func TestGenerate(t *testing.T) {
t.Run("Create certificate with IP ", func(t *testing.T) {
opts := CertOptions{Hosts: []string{"localhost", "127.0.0.1"}, Organization: "Acme"}
certBytes, privKey, err := generate(opts)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, privKey)
cert, err := x509.ParseCertificate(certBytes)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, cert)
assert.Len(t, cert.DNSNames, 1)
assert.Equal(t, "localhost", cert.DNSNames[0])
@@ -245,10 +245,10 @@ func TestGenerate(t *testing.T) {
t.Run("Create certificate with specific validity timeframe", func(t *testing.T) {
opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme", ValidFrom: time.Now().Add(1 * time.Hour)}
certBytes, privKey, err := generate(opts)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, privKey)
cert, err := x509.ParseCertificate(certBytes)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, cert)
assert.GreaterOrEqual(t, (time.Now().Unix())+int64(1*time.Hour), cert.NotBefore.Unix())
})
@@ -258,10 +258,10 @@ func TestGenerate(t *testing.T) {
validFrom, validFor := time.Now(), 365*24*time.Hour*time.Duration(year)
opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme", ValidFrom: validFrom, ValidFor: validFor}
certBytes, privKey, err := generate(opts)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, privKey)
cert, err := x509.ParseCertificate(certBytes)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, cert)
t.Logf("certificate expiration time %s", cert.NotAfter)
assert.Equal(t, validFrom.Unix()+int64(validFor.Seconds()), cert.NotAfter.Unix())
@@ -273,7 +273,7 @@ func TestGeneratePEM(t *testing.T) {
t.Run("Invalid - PEM creation failure", func(t *testing.T) {
opts := CertOptions{Hosts: nil, Organization: "Acme"}
cert, key, err := generatePEM(opts)
assert.Error(t, err)
require.Error(t, err)
assert.Nil(t, cert)
assert.Nil(t, key)
})
@@ -281,7 +281,7 @@ func TestGeneratePEM(t *testing.T) {
t.Run("Create PEM from certficate options", func(t *testing.T) {
opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme"}
cert, key, err := generatePEM(opts)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, cert)
assert.NotNil(t, key)
})
@@ -289,7 +289,7 @@ func TestGeneratePEM(t *testing.T) {
t.Run("Create X509KeyPair", func(t *testing.T) {
opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme"}
cert, err := GenerateX509KeyPair(opts)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, cert)
})
}
@@ -297,7 +297,7 @@ func TestGeneratePEM(t *testing.T) {
func TestGetTLSConfigCustomizer(t *testing.T) {
t.Run("Valid TLS customization", func(t *testing.T) {
cfunc, err := getTLSConfigCustomizer(DefaultTLSMinVersion, DefaultTLSMaxVersion, DefaultTLSCipherSuite)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, cfunc)
config := tls.Config{}
cfunc(&config)
@@ -307,7 +307,7 @@ func TestGetTLSConfigCustomizer(t *testing.T) {
t.Run("Valid TLS customization - No cipher customization for TLSv1.3 only with default ciphers", func(t *testing.T) {
cfunc, err := getTLSConfigCustomizer("1.3", "1.3", DefaultTLSCipherSuite)
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, cfunc)
config := tls.Config{}
cfunc(&config)
@@ -318,7 +318,7 @@ func TestGetTLSConfigCustomizer(t *testing.T) {
t.Run("Valid TLS customization - No cipher customization for TLSv1.3 only with custom ciphers", func(t *testing.T) {
cfunc, err := getTLSConfigCustomizer("1.3", "1.3", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256")
assert.NoError(t, err)
require.NoError(t, err)
assert.NotNil(t, cfunc)
config := tls.Config{}
cfunc(&config)
@@ -329,25 +329,25 @@ func TestGetTLSConfigCustomizer(t *testing.T) {
t.Run("Invalid TLS customization - Min version higher than max version", func(t *testing.T) {
cfunc, err := getTLSConfigCustomizer("1.3", "1.2", DefaultTLSCipherSuite)
assert.Error(t, err)
require.Error(t, err)
assert.Nil(t, cfunc)
})
t.Run("Invalid TLS customization - Invalid min version given", func(t *testing.T) {
cfunc, err := getTLSConfigCustomizer("2.0", "1.2", DefaultTLSCipherSuite)
assert.Error(t, err)
require.Error(t, err)
assert.Nil(t, cfunc)
})
t.Run("Invalid TLS customization - Invalid max version given", func(t *testing.T) {
cfunc, err := getTLSConfigCustomizer("1.2", "2.0", DefaultTLSCipherSuite)
assert.Error(t, err)
require.Error(t, err)
assert.Nil(t, cfunc)
})
t.Run("Invalid TLS customization - Unknown cipher suite given", func(t *testing.T) {
cfunc, err := getTLSConfigCustomizer("1.3", "1.2", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:invalid")
assert.Error(t, err)
require.Error(t, err)
assert.Nil(t, cfunc)
})
}

23
util/webhook/webhook_test.go
View File

@@ -29,6 +29,7 @@ import (
"github.com/sirupsen/logrus/hooks/test"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
@@ -80,7 +81,7 @@ func TestGitHubCommitEvent(t *testing.T) {
req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
req.Header.Set("X-GitHub-Event", "push")
eventJSON, err := os.ReadFile("testdata/github-commit-event.json")
assert.NoError(t, err)
require.NoError(t, err)
req.Body = io.NopCloser(bytes.NewReader(eventJSON))
w := httptest.NewRecorder()
h.Handler(w, req)
@@ -96,7 +97,7 @@ func TestAzureDevOpsCommitEvent(t *testing.T) {
req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
req.Header.Set("X-Vss-Activityid", "abc")
eventJSON, err := os.ReadFile("testdata/azuredevops-git-push-event.json")
assert.NoError(t, err)
require.NoError(t, err)
req.Body = io.NopCloser(bytes.NewReader(eventJSON))
w := httptest.NewRecorder()
h.Handler(w, req)
@@ -151,7 +152,7 @@ func TestGitHubCommitEvent_MultiSource_Refresh(t *testing.T) {
req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
req.Header.Set("X-GitHub-Event", "push")
eventJSON, err := os.ReadFile("testdata/github-commit-event.json")
assert.NoError(t, err)
require.NoError(t, err)
req.Body = io.NopCloser(bytes.NewReader(eventJSON))
w := httptest.NewRecorder()
h.Handler(w, req)
@@ -232,7 +233,7 @@ func TestGitHubCommitEvent_AppsInOtherNamespaces(t *testing.T) {
req := httptest.NewRequest("POST", "/api/webhook", nil)
req.Header.Set("X-GitHub-Event", "push")
eventJSON, err := os.ReadFile("testdata/github-commit-event.json")
assert.NoError(t, err)
require.NoError(t, err)
req.Body = io.NopCloser(bytes.NewReader(eventJSON))
w := httptest.NewRecorder()
h.Handler(w, req)
@@ -264,7 +265,7 @@ func TestGitHubTagEvent(t *testing.T) {
req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
req.Header.Set("X-GitHub-Event", "push")
eventJSON, err := os.ReadFile("testdata/github-tag-event.json")
assert.NoError(t, err)
require.NoError(t, err)
req.Body = io.NopCloser(bytes.NewReader(eventJSON))
w := httptest.NewRecorder()
h.Handler(w, req)
@@ -280,7 +281,7 @@ func TestGitHubPingEvent(t *testing.T) {
req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
req.Header.Set("X-GitHub-Event", "ping")
eventJSON, err := os.ReadFile("testdata/github-ping-event.json")
assert.NoError(t, err)
require.NoError(t, err)
req.Body = io.NopCloser(bytes.NewReader(eventJSON))
w := httptest.NewRecorder()
h.Handler(w, req)
@@ -296,7 +297,7 @@ func TestBitbucketServerRepositoryReferenceChangedEvent(t *testing.T) {
req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
req.Header.Set("X-Event-Key", "repo:refs_changed")
eventJSON, err := os.ReadFile("testdata/bitbucket-server-event.json")
assert.NoError(t, err)
require.NoError(t, err)
req.Body = io.NopCloser(bytes.NewReader(eventJSON))
w := httptest.NewRecorder()
h.Handler(w, req)
@@ -328,7 +329,7 @@ func TestGogsPushEvent(t *testing.T) {
req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
req.Header.Set("X-Gogs-Event", "push")
eventJSON, err := os.ReadFile("testdata/gogs-event.json")
assert.NoError(t, err)
require.NoError(t, err)
req.Body = io.NopCloser(bytes.NewReader(eventJSON))
w := httptest.NewRecorder()
h.Handler(w, req)
@@ -344,7 +345,7 @@ func TestGitLabPushEvent(t *testing.T) {
req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
req.Header.Set("X-Gitlab-Event", "Push Hook")
eventJSON, err := os.ReadFile("testdata/gitlab-event.json")
assert.NoError(t, err)
require.NoError(t, err)
req.Body = io.NopCloser(bytes.NewReader(eventJSON))
w := httptest.NewRecorder()
h.Handler(w, req)
@@ -360,7 +361,7 @@ func TestGitLabSystemEvent(t *testing.T) {
req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
req.Header.Set("X-Gitlab-Event", "System Hook")
eventJSON, err := os.ReadFile("testdata/gitlab-event.json")
assert.NoError(t, err)
require.NoError(t, err)
req.Body = io.NopCloser(bytes.NewReader(eventJSON))
w := httptest.NewRecorder()
h.Handler(w, req)
@@ -596,7 +597,7 @@ func Test_getWebUrlRegex(t *testing.T) {
t.Run(testCopy.name, func(t *testing.T) {
t.Parallel()
regexp, err := getWebUrlRegex(testCopy.webURL)
assert.NoError(t, err)
require.NoError(t, err)
if matches := regexp.MatchString(testCopy.repo); matches != testCopy.shouldMatch {
t.Errorf("sourceRevisionHasChanged() = %v, want %v", matches, testCopy.shouldMatch)
}