Test suite for ACL on git.liw.fi ================================ FIXME: alice.key should be genreated by test suite, not stored in git FIXME: alice/ and liw/ should be cleaned up This is a test suite for my Gitano ACL setup on git.liw.fi. It is run against either the real or a test instance of the setup. Fundamental concepts: * liw is my user account * alice and bob are test accounts * foo, private/foo and alice/foo are test repositories Here's a scenario for verifying that I can create and remove users and accounts. SCENARIO git.liw.fi gitano ruleset testing GIVEN user alice does not exist AND user bob does not exist AND repository private/foo does not exist AND repository foo does not exist AND repository alice/foo does not exist I need to be able to create a user. WHEN liw creates user alice THEN user alice exists However, nobody else should be able to do that. WHEN alice attempts to create user bob THEN gitano gives an error matching "You may not perform site administration" I should be able to create a private repository. I should see it, and be able to clone it over ssh, but not over git. Others should not be able to see or clone it. Private repositories are those under the private/ prefix. WHEN liw creates repository private/foo THEN liw cannot clone private/foo using git AND liw can clone private/foo using ssh AND liw can see private/foo AND alice cannot clone private/foo using git AND alice cannot clone private/foo using ssh AND alice cannot see private/foo AND cgit does not allow viewing private/foo I should be able to change the private repository. Others can't, since they can't clone it. (FIXME: What happens if it was public, but now isn't?) WHEN liw creates master branch in private/foo AND liw makes change in cloned private/foo in master THEN liw can push master in private/foo I should be able to create a public repository, and see it and coone it over both git and ssh. So should others. WHEN liw creates repository foo THEN liw can see foo AND liw can clone foo using git AND liw can clone foo using ssh AND alice can see foo AND alice can clone foo using git AND alice can clone foo using ssh AND cgit allows viewing foo I should be able to change the master branch. WHEN liw creates master branch in foo AND liw makes change in cloned foo in master THEN liw can push master in foo Others mustn't be able to push a change to master. WHEN alice makes change in cloned foo in master AND alice attempts to push master in foo THEN gitano gives an error matching "FIXME" However, they can create a branch prefixed by their username and a slash, and push that. WHEN alice creates branch alice/branch in foo AND alice makes change in cloned foo in alice/branch THEN alice can push alice/branch in foo Others mustn't be able to create repositories. I'm not running a general git hosting service. WHEN alice attempts to create repository alice/bar THEN gitano gives an error matching "FIXME" Some cleanup at the end. FINALLY remove user alice AND remove user bob AND remove repository foo AND remove repository private/foo AND remove repository alice/foo Implementations --------------- IMPLEMENTS THEN user (\S+) exists gitano liw user | grep "^$MATCH_1:" IMPLEMENTS GIVEN user (\S+) does not exist if gitano liw user | grep "^$MATCH_1:" then die "User $MATCH_1 seems to exist" fi IMPLEMENTS GIVEN repository (\S+) does not exist if gitano liw ls | awk -v "r=$MATCH_1" '$NF == r' | grep . then die "Repo $MATCH_1 seems to exist already" fi IMPLEMENTS WHEN (\S+) creates user (\S+) gitano "$MATCH_1" user add "$MATCH_2" "$MATCH_2" "$MATCH_2@example.com" gitano "$MATCH_1" as "$MATCH_2" sshkey add default < "$MATCH_2.key.pub" IMPLEMENTS WHEN (\S+) attempts to create user (\S+) attempt gitano "$MATCH_1" \ user add "$MATCH_2" "$MATCH_2" "$MATCH_2@example.com" IMPLEMENTS THEN gitano gives an error matching "(.*)"$ cat "$DATADIR/attempt.stderr" grep "$MATCH_1" "$DATADIR/attempt.stderr" IMPLEMENTS WHEN (\S+) creates repository (\S+) gitano "$MATCH_1" create "$MATCH_2" IMPLEMENTS THEN (\S+) cannot clone (\S+) using git if clone_using_git "$MATCH_1" "$MATCH_2" then die "Clone of $MATCH using git succeeded unexpectedly" fi IMPLEMENTS THEN (\S+) cannot clone (\S+) using ssh if clone_using_ssh "$MATCH_1" "$MATCH_2" then die "Clone of $MATCH_2 using ssh succeeded unexpectedly" fi IMPLEMENTS THEN (\S+) can clone (\S+) using git clone_using_git "$MATCH_1" "$MATCH_2" IMPLEMENTS THEN (\S+) can clone (\S+) using ssh clone_using_ssh "$MATCH_1" "$MATCH_2" IMPLEMENTS THEN (\S+) can see (\S+) gitano "$MATCH_1" ls | awk -v "r=$MATCH_2" '$NF == r' | grep . IMPLEMENTS THEN (\S+) cannot see (\S+) if gitano "$MATCH_1" ls | awk -v "r=$MATCH_2" '$NF == r' | grep . then die "User $MATCH_1 can see repo $MATCH_2 unexpectedly" fi IMPLEMENTS THEN cgit allows viewing (\S+) true IMPLEMENTS THEN cgit does not allow viewing (\S+) true IMPLEMENTS WHEN (\S+) creates master branch in (\S+) cd "$MATCH_1/$MATCH_2" touch foo.txt git add foo.txt git commit -m initial IMPLEMENTS WHEN (\S+) makes change in cloned (\S+) in (\S+) cd "$MATCH_1/$MATCH_2" git checkout "$MATCH_3" date > foo.txt git add foo.txt git commit -m change IMPLEMENTS THEN (\S+) can push (\S+) in (\S+) true IMPLEMENTS WHEN (\S+) attempts to push (\S+) in (\S+) true IMPLEMENTS WHEN (\S+) creates branch (\S+) in (\S+) true IMPLEMENTS WHEN (\S+) attempts to create repository (\S+) attempt gitano "$MATCH_1" create "$MATCH_2" IMPLEMENTS FINALLY remove user (\S+) if gitano liw user del "$MATCH_1" 2> "$DATADIR/temp" then gitano liw user del "$MATCH_1" \ $(awk '{ s = $2 } END { print s }' "$DATADIR/temp") fi IMPLEMENTS FINALLY remove repository (\S+) if gitano liw destroy "$MATCH_1" 2> "$DATADIR/temp" then gitano liw destroy "$MATCH_1" \ $(awk '{ s = $2 } END { print s }' "$DATADIR/temp") fi