test: Add tests for reading in Git SSL certification settings

3 files changed, 245 insertions, 1 deletions

diff --git a/test/other_tools/git_operations/TARGETS b/test/other_tools/git_operations/TARGETS
index 4309bd02..4b4c43ee 100644
--- a/test/other_tools/git_operations/TARGETS
+++ b/test/other_tools/git_operations/TARGETS
@@ -39,9 +39,30 @@
     ]
   , "stage": ["test", "other_tools", "git_operations"]
   }
+, "git_config_run":
+  { "type": ["@", "rules", "CC", "binary"]
+  , "tainted": ["test"]
+  , "name": ["git_config_run_test"]
+  , "srcs": ["git_config_run.test.cpp"]
+  , "private-deps":
+    [ ["", "libgit2"]
+    , ["src/other_tools/git_operations", "git_config_settings"]
+    , ["src/buildtool/file_system", "git_utils"]
+    , ["src/buildtool/file_system", "git_context"]
+    , ["src/buildtool/logging", "logging"]
+    , ["test/utils", "log_config"]
+    ]
+  , "stage": ["src"]
+  }
+, "git_config_ssl":
+  { "type": ["@", "rules", "shell/test", "script"]
+  , "name": ["git_config_ssl"]
+  , "test": ["git_config_ssl.sh"]
+  , "deps": ["git_config_run"]
+  }
 , "TESTS":
   { "type": "install"
   , "tainted": ["test"]
-  , "deps": ["critical_git_ops_mp", "git_repo_remote"]
+  , "deps": ["critical_git_ops_mp", "git_repo_remote", "git_config_ssl"]
   }
 }
diff --git a/test/other_tools/git_operations/git_config_run.test.cpp b/test/other_tools/git_operations/git_config_run.test.cpp
new file mode 100644
index 00000000..9a9af9b9
--- /dev/null
+++ b/test/other_tools/git_operations/git_config_run.test.cpp
@@ -0,0 +1,111 @@
+// Copyright 2023 Huawei Cloud Computing Technology Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <filesystem>
+
+#include "src/buildtool/file_system/git_context.hpp"
+#include "src/buildtool/file_system/git_utils.hpp"
+#include "src/buildtool/logging/logger.hpp"
+#include "src/other_tools/git_operations/git_config_settings.hpp"
+#include "test/utils/logging/log_config.hpp"
+
+#include <span>
+
+extern "C" {
+#include <git2.h>
+}
+
+namespace {
+
+using anon_logger_t = std::function<void(const std::string&, bool)>;
+
+auto const kGitConfigPath = std::filesystem::path{"gitconfig"};
+
+}  // namespace
+
+/// \brief Expects 2 mandatory arguments:
+/// 1. the test type: "SSL" | "proxy"
+/// 2. the remote URL to test
+/// The third argument gives the expected result to check against:
+///   - for type "SSL":    anything (check SSL) | missing arg (passthrough)
+///   - for type "proxy":  proxy string (exact match) | missing arg (no proxy)
+auto main(int argc, char* argv[]) -> int {
+    try {
+        ConfigureLogging();
+
+        // start a git context, needed to read in the config file
+        GitContext context{};
+
+        // handle args
+        if (argc < 3) {
+            Logger::Log(LogLevel::Error,
+                        "Expected at least 3 args, but found {}",
+                        argc);
+            return 1;
+        }
+        auto args = std::span(argv, size_t(argc));
+        std::string test_type{args[1]};  // type of test
+        std::string test_url{args[2]};   // remote URL to test
+
+        // setup dummy logger
+        auto logger = std::make_shared<anon_logger_t>(
+            []([[maybe_unused]] auto const& msg, [[maybe_unused]] bool fatal) {
+                Logger::Log(fatal ? LogLevel::Error : LogLevel::Progress,
+                            std::string(msg));
+            });
+
+        // read in the git config file
+        git_config* cfg_ptr{nullptr};
+        if (git_config_open_ondisk(&cfg_ptr, kGitConfigPath.c_str()) != 0) {
+            Logger::Log(LogLevel::Error, "Open git config on disk failed");
+            return 1;
+        }
+        auto cfg = std::shared_ptr<git_config>(cfg_ptr, config_closer);
+
+        // run the method for given type
+        if (test_type == "SSL") {
+            auto callback =
+                GitConfigSettings::GetSSLCallback(cfg, test_url, logger);
+            if (not callback) {
+                Logger::Log(LogLevel::Error, "Null SSL callback");
+                return 1;
+            }
+            // check expected result
+            auto expected_result = static_cast<int>(argc >= 4);
+            auto actual_result = callback.value()(nullptr, 0, nullptr, nullptr);
+            if (actual_result != expected_result) {
+                Logger::Log(LogLevel::Error,
+                            "Expected test result {}, but obtained {}",
+                            expected_result,
+                            actual_result);
+                return 1;
+            }
+        }
+        else if (test_type == "proxy") {
+            Logger::Log(LogLevel::Error, "Proxy tests not yet implemented");
+            return 1;
+        }
+        else {
+            Logger::Log(LogLevel::Error,
+                        R"(Expected test type {"SSL"|"proxy"}, but found {})",
+                        test_type);
+            return 1;
+        }
+    } catch (std::exception const& ex) {
+        Logger::Log(
+            LogLevel::Error, "Git config run test failed with:\n{}", ex.what());
+        return 1;
+    }
+    return 0;
+}
diff --git a/test/other_tools/git_operations/git_config_ssl.sh b/test/other_tools/git_operations/git_config_ssl.sh
new file mode 100644
index 00000000..c1ee761e
--- /dev/null
+++ b/test/other_tools/git_operations/git_config_ssl.sh
@@ -0,0 +1,112 @@
+#!/bin/sh
+# Copyright 2023 Huawei Cloud Computing Technology Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -eu
+
+###
+# Run Git config SSL settings retrieval tests for various scenarios
+#
+# Expected Git config (relative) file path: gitconfig
+#
+#
+##
+
+readonly ROOT=`pwd`
+readonly TESTEXEC="${ROOT}/src/git_config_run_test"
+
+# ensure clean env for this type of test
+unset GIT_SSL_NO_VERIFY
+
+# run the test scenarios
+k=1  # scenarios counter
+
+echo
+echo "Scenario $k: missing gitconfig"
+k=$((k+1))
+$(
+cd $(mktemp -d)
+${TESTEXEC} SSL https://192.0.2.1 1
+cd ${ROOT}
+)
+echo "PASSED"
+
+echo
+echo "Scenario $k: empty gitconfig"
+k=$((k+1))
+$(
+cd $(mktemp -d)
+touch gitconfig
+${TESTEXEC} SSL https://example.com 1
+cd ${ROOT}
+)
+echo "PASSED"
+
+echo
+echo "Scenario $k: disable SSL check via http.sslVerify"
+k=$((k+1))
+$(
+cd $(mktemp -d)
+cat > gitconfig <<INNER
+[http]
+    sslVerify = false
+INNER
+${TESTEXEC} SSL https://example.com
+cd ${ROOT}
+)
+echo "PASSED"
+
+echo
+echo "Scenario $k: disable SSL check via http.<url>.sslVerify"
+k=$((k+1))
+$(
+cd $(mktemp -d)
+cat > gitconfig <<INNER
+[http "https://example.com"]
+    sslVerify = false
+INNER
+${TESTEXEC} SSL https://example.com
+cd ${ROOT}
+)
+echo "PASSED"
+
+echo
+echo "Scenario $k: enable SSL check via http.sslVerify, but disable via envariable"
+k=$((k+1))
+$(
+cd $(mktemp -d)
+cat > gitconfig <<INNER
+[http]
+    sslVerify = true
+INNER
+GIT_SSL_NO_VERIFY= ${TESTEXEC} SSL https://example.com
+cd ${ROOT}
+)
+echo "PASSED"
+
+echo
+echo "Scenario $k: check priority of gitconfig entries"
+k=$((k+1))
+$(
+cd $(mktemp -d)
+cat > gitconfig <<INNER
+[http]
+    sslVerify = true
+[http "https://example.com"]
+    sslVerify = false
+INNER
+${TESTEXEC} SSL https://example.com
+cd ${ROOT}
+)
+echo "PASSED"