Git resolver tests for authentication with token (#689)

Author: manthinasai

pkg/oc/oc.go

@@ -127,6 +127,10 @@ func CreateSecretForGitResolver(secretData string) {
 	cmd.MustSucceed("oc", "create", "secret", "generic", "github-auth-secret", "--from-literal", "github-auth-key="+secretData, "-n", "openshift-pipelines")
 }
 
+func CreateSecretInNamespace(secretData, secretName, namespace string) {
+	cmd.MustSucceed("oc", "create", "secret", "generic", secretName, "--from-literal", "private-repo-token="+secretData, "-n", namespace)
+}
+
 func CreateSecretForWebhook(tokenSecretData, webhookSecretData, namespace string) {
 	cmd.MustSucceed("oc", "create", "secret", "generic", "gitlab-webhook-config", "--from-literal", "provider.token="+tokenSecretData, "--from-literal", "webhook.secret="+webhookSecretData, "-n", namespace)
 }
@@ -168,18 +172,4 @@ func CopySecret(secretName string, sourceNamespace string, destNamespace string)
 	cmdOutput := cmd.MustSucceed("bash", "-c", fmt.Sprintf(`echo '%s' | jq 'del(.metadata["namespace", "creationTimestamp", "resourceVersion", "selfLink", "uid", "annotations"]) | .data |= with_entries(if .key == "github-auth-key" then .key = "token" else . end)'`, secretJson)).Stdout()
 	cmd.MustSucceed("bash", "-c", fmt.Sprintf(`echo '%s' | kubectl apply -n %s -f -`, cmdOutput, destNamespace))
 	log.Printf("Successfully copied secret %s from %s to %s", secretName, sourceNamespace, destNamespace)
-}
-
-func CopySecretWithNewName(secretName string, sourceNamespace string, destNamespace string, newSecretName string) {
-	secretJson := cmd.MustSucceed("oc", "get", "secret", secretName, "-n", sourceNamespace, "-o", "json").Stdout()
-	cmdOutput := cmd.MustSucceed("bash", "-c", fmt.Sprintf(`echo '%s' | jq 'del(.metadata["namespace", "creationTimestamp", "resourceVersion", "selfLink", "uid", "annotations"]) | .metadata.name = "%s"'`, secretJson, newSecretName)).Stdout()
-	cmd.MustSucceed("bash", "-c", fmt.Sprintf(`echo '%s' | kubectl apply -n %s -f -`, cmdOutput, destNamespace))
-	log.Printf("Successfully copied secret %s from %s to %s as %s", secretName, sourceNamespace, destNamespace, newSecretName)
-}
-
-func PatchSecretTokenKey(secretName string, namespace string, tokenKey string) {
-	secretJson := cmd.MustSucceed("oc", "get", "secret", secretName, "-n", namespace, "-o", "json").Stdout()
-	cmdOutput := cmd.MustSucceed("bash", "-c", fmt.Sprintf(`echo '%s' | jq '.data |= with_entries(if .key == "github-auth-key" or .key == "token" then .key = "%s" else . end)'`, secretJson, tokenKey)).Stdout()
-	cmd.MustSucceed("bash", "-c", fmt.Sprintf(`echo '%s' | kubectl apply -n %s -f -`, cmdOutput, namespace))
-	log.Printf("Successfully patched secret %s in namespace %s to set token key to %s", secretName, namespace, tokenKey)
-}
+}

specs/pipelines/git-resolvers.spec

@@ -20,38 +20,24 @@ Steps:
       |----|-----------------------------------|------------|
       |1   |git-resolver-pipelinerun           |successful  |
 
-## Test the functionality of git resolvers with authentication: PIPELINES-24-TC02
+## Test the functionality of git resolvers with authentication and token: PIPELINES-24-TC02
 Tags: e2e
 Component: Resolvers
 Level: Integration
 Type: Functional
 Importance: High
 
 Steps:
+    * Create secret "private-repo-auth-secret" in autogenerated namespace with GitHub token
     * Create 
-      |S.NO|resource_dir                                                     |
-      |----|-----------------------------------------------------------------|
-      |1   |testdata/resolvers/pipelineruns/git-resolver-pipelinerun-private.yaml        | 
-    * Verify pipelinerun
-      |S.NO|pipeline_run_name                  |status      |
-      |----|-----------------------------------|------------|
-      |1   |git-resolver-pipelinerun-private   |successful  |
-
-## Test the functionality of git resolvers authentication with token: PIPELINES-24-TC03
-Tags: e2e
-Component: Resolvers
-Level: Integration
-Type: Functional
-Importance: High
-
-Steps:
-    * Copy secret "github-auth-secret" from "openshift-pipelines" namespace to autogenerated namespace as "private-repo-auth-secret"
-    * Patch secret "private-repo-auth-secret" in autogenerated namespace to set token to "private-repo-token"
-    * Create 
-      |S.NO|resource_dir                                                     |
-      |----|-----------------------------------------------------------------|
-      |1   |testdata/resolvers/pipelineruns/git-resolver-pipelinerun-private-token-auth.yaml        | 
+      |S.NO|resource_dir                                                                     |
+      |----|---------------------------------------------------------------------------------|
+      |1   |testdata/resolvers/pipelineruns/git-resolver-pipelinerun-private.yaml            | 
+      |2   |testdata/resolvers/pipelineruns/git-resolver-pipelinerun-private-token-auth.yaml | 
+      |3   |testdata/resolvers/pipelineruns/git-resolver-pipelinerun-private-url.yaml        | 
     * Verify pipelinerun
       |S.NO|pipeline_run_name                  |status      |
       |----|-----------------------------------|------------|
-      |1   |git-resolver-pipelinerun-private-token-auth   |successful  |
+      |1   |git-resolver-pipelinerun-private            |successful  |
+      |2   |git-resolver-pipelinerun-private-token-auth |successful  |
+      |3   |git-resolver-pipelinerun-private-url        |successful  |

steps/cli/oc.go

@@ -230,6 +230,15 @@ var _ = gauge.Step("Configure GitHub token for git resolver in TektonConfig", fu
 	}
 })
 
+var _ = gauge.Step("Create secret <secretName> in autogenerated namespace with GitHub token", func(secretName string) {
+	if os.Getenv("GITHUB_TOKEN") == "" {
+		log.Printf("Token for authorization to the GitHub repository was not exported as a system variable")
+	} else {
+		secretData := os.Getenv("GITHUB_TOKEN")
+		oc.CreateSecretInNamespace(secretData, secretName, store.Namespace())
+	}
+})
+
 var _ = gauge.Step("Configure the bundles resolver", func() {
 	patch_data := "{\"spec\":{\"pipeline\":{\"bundles-resolver-config\":{\"default-kind\":\"task\", \"defaut-service-account\":\"pipelines\"}}}}"
 	oc.UpdateTektonConfig(patch_data)
@@ -285,15 +294,3 @@ var _ = gauge.Step("Copy secret <secretName> from <sourceNamespace> namespace to
 		testsuit.T.Fail(fmt.Errorf("secret %s doesn't exist in namespace %s", secretName, sourceNamespace))
 	}
 })
-
-var _ = gauge.Step("Copy secret <secretName> from <sourceNamespace> namespace to autogenerated namespace as <newSecretName>", func(secretName string, sourceNamespace string, newSecretName string) {
-	if oc.SecretExists(secretName, sourceNamespace) {
-		oc.CopySecretWithNewName(secretName, sourceNamespace, store.Namespace(), newSecretName)
-	} else {
-		testsuit.T.Fail(fmt.Errorf("secret %s doesn't exist in namespace %s", secretName, sourceNamespace))
-	}
-})
-
-var _ = gauge.Step("Patch secret <secretName> in autogenerated namespace to set token to <tokenKey>", func(secretName string, tokenKey string) {
-	oc.PatchSecretTokenKey(secretName, store.Namespace(), tokenKey)
-})

testdata/resolvers/pipelineruns/git-resolver-pipelinerun-private-token-auth.yaml

@@ -16,7 +16,7 @@ spec:
       value: main
     - name: pathInRepo
       value: resolver-pipeline.yaml
-    - name: token
+    - name: gitToken
       value: "private-repo-auth-secret"
-    - name: tokenKey
+    - name: gitTokenKey
       value: "private-repo-token"

testdata/resolvers/pipelineruns/git-resolver-pipelinerun-private-url.yaml

@@ -0,0 +1,20 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  name: git-resolver-pipelinerun-private-url
+spec:
+  pipelineRef:
+    resolver: git
+    params:
+    - name: name
+      value: resolver-pipeline
+    - name: url
+      value: https://github.com/openshift-pipelines/test-private
+    - name: revision
+      value: main
+    - name: pathInRepo
+      value: resolver-pipeline.yaml
+    - name: gitToken
+      value: "private-repo-auth-secret"
+    - name: gitTokenKey
+      value: "private-repo-token"