update verify func
This commit is contained in:
runzexia
@@ -152,13 +152,11 @@ func addWebService(c *restful.Container) error {
|
|||||||
Writes(errors.Error{}))
|
Writes(errors.Error{}))
|
||||||
|
|
||||||
tags = []string{"Git"}
|
tags = []string{"Git"}
|
||||||
webservice.Route(webservice.POST("/namespaces/{namespace}/secrets/{secret}/gitreadverify").
|
webservice.Route(webservice.POST("/git/readverify").
|
||||||
To(
|
To(
|
||||||
git.GitReadVerify).
|
git.GitReadVerify).
|
||||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||||
Doc("secret git read verify").
|
Doc("secret git read verify").
|
||||||
Param(webservice.PathParameter("namespace", "secret's namespace")).
|
|
||||||
Param(webservice.PathParameter("secret", "secret's name")).
|
|
||||||
Reads(gitmodel.AuthInfo{}).
|
Reads(gitmodel.AuthInfo{}).
|
||||||
Writes(errors.Error{}),
|
Writes(errors.Error{}),
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -14,13 +14,12 @@ func GitReadVerify(request *restful.Request, response *restful.Response) {
|
|||||||
|
|
||||||
err := request.ReadEntity(&authInfo)
|
err := request.ReadEntity(&authInfo)
|
||||||
ns := request.PathParameter("namespace")
|
ns := request.PathParameter("namespace")
|
||||||
name := request.PathParameter("name")
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
|
response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
err = git.GitReadVerify(ns, name, authInfo)
|
err = git.GitReadVerify(ns, authInfo)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
|
response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
|
||||||
|
|||||||
@@ -12,33 +12,44 @@ import (
|
|||||||
|
|
||||||
type AuthInfo struct {
|
type AuthInfo struct {
|
||||||
RemoteUrl string `json:"remoteUrl"`
|
RemoteUrl string `json:"remoteUrl"`
|
||||||
|
SecretRef *corev1.SecretReference `json:"secretRef,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func GitReadVerify(namespace string, name string, authInfo AuthInfo) error {
|
func GitReadVerify(namespace string, authInfo AuthInfo) error {
|
||||||
secret, err := informers.SharedInformerFactory().Core().V1().Secrets().Lister().Secrets(namespace).Get(name)
|
username := ""
|
||||||
|
password := ""
|
||||||
|
if authInfo.SecretRef != nil {
|
||||||
|
secret, err := informers.SharedInformerFactory().Core().V1().Secrets().Lister().
|
||||||
|
Secrets(authInfo.SecretRef.Namespace).Get(authInfo.SecretRef.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
username, ok := secret.Data[corev1.BasicAuthUsernameKey]
|
usernameBytes, ok := secret.Data[corev1.BasicAuthUsernameKey]
|
||||||
if !ok {
|
if !ok {
|
||||||
return fmt.Errorf("could not get username in secret %s", secret.Name)
|
return fmt.Errorf("could not get username in secret %s", secret.Name)
|
||||||
}
|
}
|
||||||
password, ok := secret.Data[corev1.BasicAuthPasswordKey]
|
passwordBytes, ok := secret.Data[corev1.BasicAuthPasswordKey]
|
||||||
if !ok {
|
if !ok {
|
||||||
return fmt.Errorf("could not get password in secret %s", secret.Name)
|
return fmt.Errorf("could not get password in secret %s", secret.Name)
|
||||||
}
|
}
|
||||||
|
username = string(usernameBytes)
|
||||||
|
password = string(passwordBytes)
|
||||||
|
}
|
||||||
|
|
||||||
|
return gitReadVerifyWithBasicAuth(string(username), string(password), authInfo.RemoteUrl)
|
||||||
|
}
|
||||||
|
|
||||||
|
func gitReadVerifyWithBasicAuth(username string, password string, remote string) error {
|
||||||
r, _ := git.Init(memory.NewStorage(), nil)
|
r, _ := git.Init(memory.NewStorage(), nil)
|
||||||
|
|
||||||
// Add a new remote, with the default fetch refspec
|
// Add a new remote, with the default fetch refspec
|
||||||
origin, err := r.CreateRemote(&config.RemoteConfig{
|
origin, err := r.CreateRemote(&config.RemoteConfig{
|
||||||
Name: git.DefaultRemoteName,
|
Name: git.DefaultRemoteName,
|
||||||
URLs: []string{authInfo.RemoteUrl},
|
URLs: []string{remote},
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
_, err = origin.List(&git.ListOptions{Auth:
|
_, err = origin.List(&git.ListOptions{Auth: &http.BasicAuth{Username: string(username), Password: string(password)}})
|
||||||
&http.BasicAuth{Username: string(username), Password: string(password)}})
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|||||||
51
pkg/models/git/git_test.go
Normal file
51
pkg/models/git/git_test.go
Normal file
@@ -0,0 +1,51 @@
|
|||||||
|
package git
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestGitReadVerifyWithBasicAuth(t *testing.T) {
|
||||||
|
shouldSuccess := []map[string]string{
|
||||||
|
{
|
||||||
|
"username": "",
|
||||||
|
"password": "",
|
||||||
|
"remote": "https://github.com/kubesphere/kubesphere",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
shouldFailed := []map[string]string{
|
||||||
|
{
|
||||||
|
"username": "",
|
||||||
|
"password": "",
|
||||||
|
"remote": "https://github.com/kubesphere/kubesphere12222",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"username": "",
|
||||||
|
"password": "",
|
||||||
|
"remote": "git@github.com:kubesphere/kubesphere.git",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"username": "runzexia",
|
||||||
|
"password": "",
|
||||||
|
"remote": "git@github.com:kubesphere/kubesphere.git",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"username": "",
|
||||||
|
"password": "",
|
||||||
|
"remote": "git@fdsfs41342`@@@2414!!!!github.com:kubesphere/kubesphere.git",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, item := range shouldSuccess {
|
||||||
|
err := gitReadVerifyWithBasicAuth(item["username"], item["password"], item["remote"])
|
||||||
|
if err != nil {
|
||||||
|
|
||||||
|
t.Errorf("should could access repo [%s] with %s:%s, %v", item["username"], item["password"], item["remote"], err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, item := range shouldFailed {
|
||||||
|
err := gitReadVerifyWithBasicAuth(item["username"], item["password"], item["remote"])
|
||||||
|
if err == nil {
|
||||||
|
t.Errorf("should could access repo [%s] with %s:%s ", item["username"], item["password"], item["remote"])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user