Elgato_dark/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd synced 2026-04-21 17:07:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 22
argo-cd/test/e2e/fixture/app/context.go
jannfis be718e2b61
feat: GPG commit signature verification (#2492) (#3242) 
* Add initial primitives and tests for GPG related operations

* More tests and test documentation

* Move gpg primitives to own module

* Add initial primitives for running git verify-commit and tests

* Improve and better comment test

* Implement VerifyCommitSignature() primitive for metrics wrapper

* More commentary

* Make reposerver verify gpg signatures when generating manifests

* Make signature validation optional

* Forbid use of local manifests when signature verification is enabled

* Introduce new signatureKeys field in project CRD

* Initial support for only syncing against signed revisions

* Updates to GnuPG primitives and more test cases

* Move signature verification to correct place and add tests

* Add signature verification result to revision metadata and display it in UI

* Add more primitives and move out some stuff to common module

* Add more testdata

* Add key management primitives to ArgoDB

* Move type GnuPGPublicKey to appsv1 package

* Add const ArgoCDGPGKeysConfigMapName

* Handle key operations with appsv1.GnuPGPublicKey

* Add initial API for managing GPG keys

* Remove deprecated code

* Add primitives for adding public keys to configuration

* Change semantics of ValidateGPGKeys to return more key information

* Add key import functionality to public key API

* Fix code quirks reported by linter

* More code quirks fixes

* Fix test

* Add primitives for deleting keys from configuration

* Add delete key operation to API and CLI

* Cosmetics

* Implement logic to sync configuration to keyring in repo-server

* Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes

* Use gpg.IsGPGEnabled() instead of custom test

* Remove all keyring manipulating methods from DB

* Cosmetics/comments

* Require grpc methods from argoproj pkg

* Enable setting config path via ARGOCD_GPG_DATA_PATH

* Allow "no" and any cases in ARGOCD_GPG_ENABLED

* Enable GPG feature on start and start-e2e and set required environment

* Cosmetics/comments

* Cosmetics and commentary

* Update API documentation

* Fix comment

* Only run GPG related operations if GPG is enabled

* Allow setting ARGOCD_GPG_ENABLE from the environment

* Create GPG ConfigMap resource during installation

* Use function instead of constant to get the watcher path

* Re-watch source path in case it gets recreated. Also, error on finish

* Add End-to-End tests for GPG commit verification

* Introduce SignatureKey type for AppProject CRD

* Fix merge error from previous commit

* Adapt test for additional manifest (argocd-gpg-keys-cm.yaml)

* Fix linter issues

* Adapt CircleCI configuration to enable running tests

* Add wrapper scripts for git and gpg

* Sigh.

* Display gpg version in CircleCI

* Install gnupg2 and link it to gpg in CI

* Try to install gnupg2 in CircleCI image

* More CircleCI tweaks

* # This is a combination of 10 commits.
# This is the 1st commit message:

Containerize tests - test cycle

# This is the commit message #2:

adapt working directory

# This is the commit message #3:

Build before running tests (so we might have a cache)

# This is the commit message #4:

Test limiting parallelism

# This is the commit message #5:

Remove unbound variable

# This is the commit message #6:

Decrease parallelism to find out limit

# This is the commit message #7:

Use correct flag

# This is the commit message #8:

Update Docker image

# This is the commit message #9:

Remove build phase and increase parallelism

# This is the commit message #10:

Further increase parallelism

* Dockerize toolchain

* Add new targets to Makefile

* Codegen

* Properly handle permissions for E2E tests

* Remove gnupg2 installation from CircleCI configuration

* Limit parallelism of build

* Fix Yarn lint

* Retrigger CI for possible flaky test

* Codegen

* Remove duplicate target in Makefile

* Pull in pager from dep ensure -v

* Adapt to gitops-engine changes and codegen

* Use new health package for health status constants

* Add GPG methods to ArgoDB mock module

* Fix possible nil pointer dereference

* Fix linter issue in imports

* Introduce RBAC resource type 'gpgkeys' and adapt policies

* Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration

Also remove some deprecated unit tests.

* Also register GPG keys API with gRPC-GW

* Update from codegen

* Update GPG key API

* Add web UI to manage GPG keys

* Lint updates

* Change wording

* Add some plausibility checks for supplied data on key creation

* Update from codegen

* Re-allow binary keys and move check for ASCII armoured to UI

* Make yarn lint happy

* Add editing signature keys for projects in UI

* Add ability to configure signature keys for project in CLI

* Change default value to use for GNUPGHOME

* Do not include data section in default gpg keys CM

* Adapt Docker image for GnuPG feature

* Add required configuration to installation manifests

* Add add-signature-key and remove-signature-key commands to project CLI

* Fix typo

* Add initial user documentation for GnuPG verification

* Fix role name - oops

* Mention required RBAC roles in docs

* Support GPG verification of git annotated tags as well

* Ensure CLI can build succesfully

* Better support verification on tags

* Print key type in upper case

* Update user documentation

* Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false

* Clarify that this feature is only available with Git repositories

* codegen

* Move verification code to own function

* Remove deprecated check

* Make things more developer friendly when running locally

* Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set

* Revert changes to manifests to reflect default enable state

* Codegen
2020-06-22 18:21:53 +02:00

259 lines
5.8 KiB
Go
Raw Blame History

package app
import (
"testing"
"time"
. "github.com/argoproj/argo-cd/common"
"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
"github.com/argoproj/argo-cd/test/e2e/fixture"
"github.com/argoproj/argo-cd/test/e2e/fixture/certs"
"github.com/argoproj/argo-cd/test/e2e/fixture/gpgkeys"
"github.com/argoproj/argo-cd/test/e2e/fixture/repos"
"github.com/argoproj/argo-cd/util/settings"
)
// this implements the "given" part of given/when/then
type Context struct {
t *testing.T
path string
chart string
repoURLType fixture.RepoURLType
// seconds
timeout int
name string
destServer string
env string
parameters []string
namePrefix string
nameSuffix string
resource string
prune bool
configManagementPlugin string
async bool
localPath string
project string
revision string
force bool
directoryRecurse bool
}
func Given(t *testing.T) *Context {
fixture.EnsureCleanState(t)
return &Context{t: t, destServer: KubernetesInternalAPIServerAddr, repoURLType: fixture.RepoURLTypeFile, name: fixture.Name(), timeout: 10, project: "default", prune: true}
}
func (c *Context) GPGPublicKeyAdded() *Context {
gpgkeys.AddGPGPublicKey()
return c
}
func (c *Context) GPGPublicKeyRemoved() *Context {
gpgkeys.DeleteGPGPublicKey()
return c
}
func (c *Context) CustomCACertAdded() *Context {
certs.AddCustomCACert()
return c
}
func (c *Context) CustomSSHKnownHostsAdded() *Context {
certs.AddCustomSSHKnownHostsKeys()
return c
}
func (c *Context) HTTPSRepoURLAdded(withCreds bool) *Context {
repos.AddHTTPSRepo(false, withCreds, fixture.RepoURLTypeHTTPS)
return c
}
func (c *Context) HTTPSInsecureRepoURLAdded(withCreds bool) *Context {
repos.AddHTTPSRepo(true, withCreds, fixture.RepoURLTypeHTTPS)
return c
}
func (c *Context) HTTPSInsecureRepoURLWithClientCertAdded() *Context {
repos.AddHTTPSRepoClientCert(true)
return c
}
func (c *Context) HTTPSRepoURLWithClientCertAdded() *Context {
repos.AddHTTPSRepoClientCert(false)
return c
}
func (c *Context) SubmoduleHTTPSRepoURLAdded(withCreds bool) *Context {
fixture.CreateSubmoduleRepos("https")
repos.AddHTTPSRepo(false, withCreds, fixture.RepoURLTypeHTTPSSubmoduleParent)
return c
}
func (c *Context) SSHRepoURLAdded(withCreds bool) *Context {
repos.AddSSHRepo(false, withCreds, fixture.RepoURLTypeSSH)
return c
}
func (c *Context) SSHInsecureRepoURLAdded(withCreds bool) *Context {
repos.AddSSHRepo(true, withCreds, fixture.RepoURLTypeSSH)
return c
}
func (c *Context) SubmoduleSSHRepoURLAdded(withCreds bool) *Context {
fixture.CreateSubmoduleRepos("ssh")
repos.AddSSHRepo(false, withCreds, fixture.RepoURLTypeSSHSubmoduleParent)
return c
}
func (c *Context) HelmRepoAdded(name string) *Context {
repos.AddHelmRepo(name)
return c
}
func (c *Context) HTTPSCredentialsUserPassAdded() *Context {
repos.AddHTTPSCredentialsUserPass()
return c
}
func (c *Context) HTTPSCredentialsTLSClientCertAdded() *Context {
repos.AddHTTPSCredentialsTLSClientCert()
return c
}
func (c *Context) SSHCredentialsAdded() *Context {
repos.AddSSHCredentials()
return c
}
func (c *Context) ProjectSpec(spec v1alpha1.AppProjectSpec) *Context {
fixture.SetProjectSpec(c.project, spec)
return c
}
func (c *Context) RepoURLType(urlType fixture.RepoURLType) *Context {
c.repoURLType = urlType
return c
}
func (c *Context) GetName() string {
return c.name
}
func (c *Context) Name(name string) *Context {
c.name = name
return c
}
func (c *Context) Path(path string) *Context {
c.path = path
return c
}
func (c *Context) Recurse() *Context {
c.directoryRecurse = true
return c
}
func (c *Context) Chart(chart string) *Context {
c.chart = chart
return c
}
func (c *Context) Revision(revision string) *Context {
c.revision = revision
return c
}
func (c *Context) Timeout(timeout int) *Context {
c.timeout = timeout
return c
}
func (c *Context) DestServer(destServer string) *Context {
c.destServer = destServer
return c
}
func (c *Context) Env(env string) *Context {
c.env = env
return c
}
func (c *Context) Parameter(parameter string) *Context {
c.parameters = append(c.parameters, parameter)
return c
}
// group:kind:name
func (c *Context) SelectedResource(resource string) *Context {
c.resource = resource
return c
}
func (c *Context) NamePrefix(namePrefix string) *Context {
c.namePrefix = namePrefix
return c
}
func (c *Context) NameSuffix(nameSuffix string) *Context {
c.nameSuffix = nameSuffix
return c
}
func (c *Context) ResourceOverrides(overrides map[string]v1alpha1.ResourceOverride) *Context {
fixture.SetResourceOverrides(overrides)
return c
}
func (c *Context) ResourceFilter(filter settings.ResourcesFilter) *Context {
fixture.SetResourceFilter(filter)
return c
}
// this both configures the plugin, but forces use of it
func (c *Context) ConfigManagementPlugin(plugin v1alpha1.ConfigManagementPlugin) *Context {
fixture.SetConfigManagementPlugins(plugin)
c.configManagementPlugin = plugin.Name
return c
}
func (c *Context) And(block func()) *Context {
block()
return c
}
func (c *Context) When() *Actions {
// in case any settings have changed, pause for 1s, not great, but fine
time.Sleep(1 * time.Second)
return &Actions{context: c}
}
func (c *Context) Sleep(seconds time.Duration) *Context {
time.Sleep(seconds * time.Second)
return c
}
func (c *Context) Prune(prune bool) *Context {
c.prune = prune
return c
}
func (c *Context) Async(async bool) *Context {
c.async = async
return c
}
func (c *Context) LocalPath(localPath string) *Context {
c.localPath = localPath
return c
}
func (c *Context) Project(project string) *Context {
c.project = project
return c
}
func (c *Context) Force() *Context {
c.force = true
return c
}
Reference in a new issue View git blame Copy permalink