diff options
| -rw-r--r-- | gitserver.yaml | 9 | ||||
| -rw-r--r-- | internal/admin/model_test.go | 2 | ||||
| -rw-r--r-- | internal/admin/service_test.go | 2 | ||||
| -rw-r--r-- | internal/authz/middleware.go | 2 | ||||
| -rw-r--r-- | internal/authz/middleware_test.go | 2 | ||||
| -rw-r--r-- | justfile | 1 | ||||
| -rw-r--r-- | policy.csv | 9 | ||||
| -rw-r--r-- | tests/test_gitserver.yaml | 19 | ||||
| -rw-r--r-- | tests/testpolicy.csv | 11 |
9 files changed, 45 insertions, 12 deletions
diff --git a/gitserver.yaml b/gitserver.yaml index 70d8eed..cb35011 100644 --- a/gitserver.yaml +++ b/gitserver.yaml @@ -7,6 +7,15 @@ repos: permissions: - role: admin mode: 1 +- name: restic-wrapper + public: true + permissions: + - role: maintainers + mode: 1 + git_web_config: + owner: grumps + description: >- + A simple wrapper around restic wrapper - name: testmerepo public: true git_web_config: diff --git a/internal/admin/model_test.go b/internal/admin/model_test.go index 70ec738..ee0b72a 100644 --- a/internal/admin/model_test.go +++ b/internal/admin/model_test.go @@ -86,7 +86,7 @@ func TestLoadServerConfig(t *testing.T) { localDir := t.TempDir() // TODO Refactor next touch localFile := filepath.Join(localDir, "stuff.yaml") - srcFile, err := os.Open(filepath.Clean("../../gitserver.yaml")) + srcFile, err := os.Open(filepath.Clean("../../tests/test_gitserver.yaml")) if err != nil { t.Fatalf("Error opening base config %s", err) } diff --git a/internal/admin/service_test.go b/internal/admin/service_test.go index e13d28c..ae616c3 100644 --- a/internal/admin/service_test.go +++ b/internal/admin/service_test.go @@ -73,7 +73,7 @@ func TestInitServer(t *testing.T) { // policy destPolicyFile := filepath.Join(tempDir, "testpolicy.csv") - srcPolicyFile := "../../testpolicy.csv" + srcPolicyFile := "../../tests/testpolicy.csv" copyFile(t, srcPolicyFile, destPolicyFile) // end policy diff --git a/internal/authz/middleware.go b/internal/authz/middleware.go index abebcdb..441240f 100644 --- a/internal/authz/middleware.go +++ b/internal/authz/middleware.go @@ -65,7 +65,7 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler { return } if !ok { - log.Printf("Not Authorized - attempted access %s", urn) + log.Printf("Not Authorized - %s attempted access %s", urn, repo) http.Error(rw, "Access denied", http.StatusForbidden) return } diff --git a/internal/authz/middleware_test.go b/internal/authz/middleware_test.go index 314c24e..99ca0b0 100644 --- a/internal/authz/middleware_test.go +++ b/internal/authz/middleware_test.go @@ -115,7 +115,7 @@ func TestAuthorization(t *testing.T) { } svcr := admin.NewService( "../../auth_model.ini", - "../../testpolicy.csv", + "../../tests/testpolicy.csv", "../../gitserver.yaml", "../../repos", false) @@ -12,6 +12,7 @@ test: golangci-lint run go test -v -coverprofile={{ TEMPDIR }}/testcover.out ./... go tool cover -func={{ TEMPDIR }}/testcover.out + debug-run: dlv debug cmd/main.go -- -s {{justfile_directory()}}/gitserver.yaml -r $(mktemp -d) @@ -1,10 +1,3 @@ -p, role:admin, /mgmt/info/refs, GET -p, role:admin, /mgmt/git-upload-pack, POST -p, role:admin, /mgmt/git-receive-pack, POST -p, role:maintainers, /testmerepo/info/refs, GET -p, role:maintainers, /testmerepo/git-upload-pack, POST -p, role:maintainers, /testmerepo/git-receive-pack, POST g, role:admin, role:maintainers g, uid:admin, role:admin -g, uid:grumps, role:maintainers -g, aid:argo, role:bots +g, uid:maintainer, role:maintainers diff --git a/tests/test_gitserver.yaml b/tests/test_gitserver.yaml new file mode 100644 index 0000000..70d8eed --- /dev/null +++ b/tests/test_gitserver.yaml @@ -0,0 +1,19 @@ +--- +name: "go-git-server" +version: "v1alpha1" +repos: +- name: mgmt + public: false + permissions: + - role: admin + mode: 1 +- name: testmerepo + public: true + git_web_config: + owner: grumps + description: >- + A wrapper to git http-backend providing authentcation and authorization + inspired by gitolite. + permissions: + - role: maintainers + mode: 1 diff --git a/tests/testpolicy.csv b/tests/testpolicy.csv new file mode 100644 index 0000000..1befec0 --- /dev/null +++ b/tests/testpolicy.csv @@ -0,0 +1,11 @@ +p, role:test, /repo/url, GET +p, role:admin, /mgmt/info/refs, GET +p, role:admin, /mgmt/git-upload-pack, POST +p, role:admin, /mgmt/git-receive-pack, POST +p, role:maintainers, /testmerepo/info/refs, GET +p, role:maintainers, /testmerepo/git-upload-pack, POST +p, role:maintainers, /testmerepo/git-receive-pack, POST +p, role:maintainers, /restic-wrapper/info/refs, GET +p, role:maintainers, /restic-wrapper/git-upload-pack, POST +p, role:maintainers, /restic-wrapper/git-receive-pack, POST +g, uid:jack, role:test
\ No newline at end of file |