-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathencrypted_refs_test.go
More file actions
133 lines (106 loc) · 4.43 KB
/
encrypted_refs_test.go
File metadata and controls
133 lines (106 loc) · 4.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
package githosts
import (
"context"
"os"
"path/filepath"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestGetLatestBundleRefsWithEncryption(t *testing.T) {
// Create temporary directories
tempDir, err := os.MkdirTemp("", "test-encrypted-refs")
require.NoError(t, err)
defer os.RemoveAll(tempDir)
repoDir := filepath.Join(tempDir, "test-repo")
require.NoError(t, os.MkdirAll(repoDir, 0o755))
setupTestRepo(t, repoDir)
backupDir := filepath.Join(tempDir, "backup")
require.NoError(t, os.MkdirAll(backupDir, 0o755))
testPassphrase := "test-refs-passphrase-123" //nolint:gosec // Test passphrase
// Create a test repository
repo := repository{
Name: "test-repo",
Owner: "test-owner",
PathWithNameSpace: "test-owner/test-repo",
Domain: "test.com",
HTTPSUrl: "file://" + repoDir,
}
// Test 1: Create encrypted backup and test reading refs with passphrase
err = processBackup(processBackupInput{
LogLevel: 1,
Repo: repo,
BackupDIR: backupDir,
BackupsToKeep: 5,
DiffRemoteMethod: "clone",
BackupLFS: false,
Secrets: []string{},
EncryptionPassphrase: testPassphrase,
})
require.NoError(t, err)
// Verify encrypted bundle was created
backupRepoDir := filepath.Join(backupDir, repo.Domain, repo.PathWithNameSpace)
encryptedBundleFiles, err := filepath.Glob(filepath.Join(backupRepoDir, "*.bundle.age"))
require.NoError(t, err)
require.Len(t, encryptedBundleFiles, 1, "Should have one encrypted bundle")
// Test reading refs from encrypted bundle with correct passphrase
refs, err := getLatestBundleRefs(context.Background(), backupRepoDir, testPassphrase)
require.NoError(t, err)
assert.NotEmpty(t, refs, "Should be able to read refs from encrypted bundle with passphrase")
// Verify we got actual git refs
found := false
for refName := range refs {
if refName == "refs/heads/master" || refName == "refs/heads/main" {
found = true
break
}
}
assert.True(t, found, "Should find master or main ref")
// Test 2: Try reading refs from encrypted bundle without passphrase
_, err = getLatestBundleRefs(context.Background(), backupRepoDir, "")
assert.Error(t, err, "Should fail to read refs from encrypted bundle without passphrase")
assert.Contains(t, err.Error(), "encrypted bundle found but no passphrase provided", "Error should indicate passphrase needed")
// Test 3: Try reading refs with wrong passphrase
_, err = getLatestBundleRefs(context.Background(), backupRepoDir, "wrong-passphrase") //nolint:gosec // Test passphrase
assert.Error(t, err, "Should fail to read refs from encrypted bundle with wrong passphrase")
}
func TestRemoteRefsMatchWithEncryptedBundle(t *testing.T) {
// Create temporary directories
tempDir, err := os.MkdirTemp("", "test-encrypted-refs-match")
require.NoError(t, err)
defer os.RemoveAll(tempDir)
repoDir := filepath.Join(tempDir, "test-repo")
require.NoError(t, os.MkdirAll(repoDir, 0o755))
setupTestRepo(t, repoDir)
backupDir := filepath.Join(tempDir, "backup")
require.NoError(t, os.MkdirAll(backupDir, 0o755))
testPassphrase := "test-refs-match-passphrase-456" //nolint:gosec // Test passphrase
// Create a test repository
repo := repository{
Name: "test-repo",
Owner: "test-owner",
PathWithNameSpace: "test-owner/test-repo",
Domain: "test.com",
HTTPSUrl: "file://" + repoDir,
}
// Create encrypted backup
err = processBackup(processBackupInput{
LogLevel: 1,
Repo: repo,
BackupDIR: backupDir,
BackupsToKeep: 5,
DiffRemoteMethod: "refs", // Use refs method
BackupLFS: false,
Secrets: []string{},
EncryptionPassphrase: testPassphrase,
})
require.NoError(t, err)
backupRepoDir := filepath.Join(backupDir, repo.Domain, repo.PathWithNameSpace)
// Test refs matching with encrypted bundle and correct passphrase
repoURL := "file://" + repoDir
matches := remoteRefsMatchLocalRefs(context.Background(), repoURL, backupRepoDir, testPassphrase)
assert.True(t, matches, "Refs should match when passphrase is provided for encrypted bundle")
// Test refs matching with encrypted bundle but no passphrase
matches = remoteRefsMatchLocalRefs(context.Background(), repoURL, backupRepoDir, "")
assert.False(t, matches, "Refs should not match when no passphrase provided for encrypted bundle")
}