Add Git test coverage for supported algorithms #708
Conversation
pjbgf
force-pushed
the
algo-tests
branch
2 times, most recently
from
f1c8dd3
to
90c8be6
Compare
Enables the setting of HostKey algorithms to be used from a client perspective. This implementation supports go-git and libgit2 when in ManagedTransport. Signed-off-by: Paulo Gomes <[email protected]>
pkg/git/gogit/checkout_test.go
Outdated
| } | ||
|
|
||
| // lastly, ensure that if the authentication was not | ||
| // successful, an error is returned. |
There was a problem hiding this comment.
Maybe optional:
Instead of a separate section at the end here, this can be consolidated within the above subtests with a few more fields in the test cases struct, maybe also following the pattern we follow in a lot of our other tests where we run beforeFunc just before the function that we are testing and apply any configurations accordingly.
In this case, I think we can update the tests struct to something like:
tests := []struct {
name string
keyType ssh.KeyPairType
beforeFunc func(publicKey []byte)
wantErr bool
}name can be brought back to describe the case, especially when we have a failure case.
beforeFunc can be called before checkout and used to set authorizedPublicKey, similar to other usage of beforeFunc, for example this.
This will make it easier to add more different test cases.
pkg/git/libgit2/managed/flag.go
Outdated
| if v, ok := os.LookupEnv("EXPERIMENTAL_GIT_TRANSPORT"); ok { | ||
| return strings.ToLower(v) == "true" || v == "1" | ||
| } | ||
| return false | ||
| } | ||
|
|
||
| // SetEnabled allows for the managed transport state to be changed on demand. | ||
| // This is mainly used to enable testing. |
There was a problem hiding this comment.
If this is just for testing, I wonder if it'd be better to just write a helper functions that sets and unsets the env var instead of introducing conditionals in the main code that'll only be used for testing.
There was a problem hiding this comment.
That's a fair point, I removed the SetEnabled and just set the environment variable for the time being.
I haven't unset the environment variable as this has an ever lasting side effect. Once enabled, unmanaged transport is overwritten by the managed transport, so unsetting the variable may lead to an in-between state.
I am working towards having managed transport enabled by default soon (maybe next minor), so this will be flipped around.
There was a problem hiding this comment.
Thanks. Would be good to leave a comment about why it's not being unset at present. Usually we unset all the env vars set in tests.
pjbgf
force-pushed
the
algo-tests
branch
2 times, most recently
from
f8bd8be
to
6b64fd3
Compare
Assures support for: - Authentication Key Types - rsa - ecdsa P256 - ecdsa P384 - ecdsa P521 - ed25519 - Key Exchange Algoritms: - diffie-hellman-group14-sha1 - diffie-hellman-group14-sha256 - curve25519-sha256 - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - [email protected] - HostKey Algoritms: - ssh-rsa - rsa-sha2-256 - rsa-sha2-512 - ecdsa-sha2-nistp256 - ecdsa-sha2-nistp384 - ecdsa-sha2-nistp521 - ssh-ed25519 Signed-off-by: Paulo Gomes <[email protected]>
Provides test coverage for the supported algorithms for
go-gitandlibgit2(Managed Transport):Authentication Key Types
Key Exchange Algoritms:
HostKey Algoritms:
These tests will provide Flux the guarantees that the algorithms above are supported. When our upstream dependencies (e.g. libgit2, go crypto) withdraw such support, we should be able to identify and warn users accordingly.
xref: fluxcd/flux2#2593