blob: 7b592cebcfa7bceb8f7712f6d0d3e74a00d5bc03 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
Test suite for ACL on git.liw.fi
================================
FIXME: alice.key should be genreated by test suite, not stored in git
FIXME: alice/ and liw/ should be cleaned up
This is a test suite for my Gitano ACL setup on git.liw.fi. It is run
against either the real or a test instance of the setup.
Fundamental concepts:
* liw is my user account
* alice and bob are test accounts
* foo, private/foo and alice/foo are test repositories
Here's a scenario for verifying that I can create and remove
users and accounts.
SCENARIO git.liw.fi gitano ruleset testing
GIVEN user alice does not exist
AND user bob does not exist
AND repository private/foo does not exist
AND repository foo does not exist
AND repository alice/foo does not exist
I need to be able to create a user.
WHEN liw creates user alice
THEN user alice exists
However, nobody else should be able to do that.
WHEN alice attempts to create user bob
THEN gitano gives an error matching "You may not perform site administration"
I should be able to create a private repository. I should see it,
and be able to clone it over ssh, but not over git. Others should
not be able to see or clone it. Private repositories are those
under the private/ prefix.
WHEN liw creates repository private/foo
THEN liw cannot clone private/foo using git
AND liw can clone private/foo using ssh
AND liw can see private/foo
AND alice cannot clone private/foo using git
AND alice cannot clone private/foo using ssh
AND alice cannot see private/foo
AND cgit does not allow viewing private/foo
I should be able to change the private repository. Others can't, since
they can't clone it. (FIXME: What happens if it was public, but now
isn't?)
WHEN liw creates master branch in private/foo
AND liw makes change in cloned private/foo in master
THEN liw can push master in private/foo
I should be able to create a public repository, and see it and coone
it over both git and ssh. So should others.
WHEN liw creates repository foo
THEN liw can see foo
AND liw can clone foo using git
AND liw can clone foo using ssh
AND alice can see foo
AND alice can clone foo using git
AND alice can clone foo using ssh
AND cgit allows viewing foo
I should be able to change the master branch.
WHEN liw creates master branch in foo
AND liw makes change in cloned foo in master
THEN liw can push master in foo
Others mustn't be able to push a change to master.
WHEN alice makes change in cloned foo in master
AND alice attempts to push master in foo
THEN gitano gives an error matching "FIXME"
However, they can create a branch prefixed by their username
and a slash, and push that.
WHEN alice creates branch alice/branch in foo
AND alice makes change in cloned foo in alice/branch
THEN alice can push alice/branch in foo
Others mustn't be able to create repositories. I'm not running
a general git hosting service.
WHEN alice attempts to create repository alice/bar
THEN gitano gives an error matching "FIXME"
Some cleanup at the end.
FINALLY remove user alice
AND remove user bob
AND remove repository foo
AND remove repository private/foo
AND remove repository alice/foo
Implementations
---------------
IMPLEMENTS THEN user (\S+) exists
gitano liw user | grep "^$MATCH_1:"
IMPLEMENTS GIVEN user (\S+) does not exist
if gitano liw user | grep "^$MATCH_1:"
then
die "User $MATCH_1 seems to exist"
fi
IMPLEMENTS GIVEN repository (\S+) does not exist
if gitano liw ls | awk -v "r=$MATCH_1" '$NF == r' | grep .
then
die "Repo $MATCH_1 seems to exist already"
fi
IMPLEMENTS WHEN (\S+) creates user (\S+)
gitano "$MATCH_1" user add "$MATCH_2" "$MATCH_2" "$MATCH_2@example.com"
gitano "$MATCH_1" as "$MATCH_2" sshkey add default < "$MATCH_2.key.pub"
IMPLEMENTS WHEN (\S+) attempts to create user (\S+)
attempt gitano "$MATCH_1" \
user add "$MATCH_2" "$MATCH_2" "$MATCH_2@example.com"
IMPLEMENTS THEN gitano gives an error matching "(.*)"$
cat "$DATADIR/attempt.stderr"
grep "$MATCH_1" "$DATADIR/attempt.stderr"
IMPLEMENTS WHEN (\S+) creates repository (\S+)
gitano "$MATCH_1" create "$MATCH_2"
IMPLEMENTS THEN (\S+) cannot clone (\S+) using git
if clone_using_git "$MATCH_1" "$MATCH_2"
then
die "Clone of $MATCH using git succeeded unexpectedly"
fi
IMPLEMENTS THEN (\S+) cannot clone (\S+) using ssh
if clone_using_ssh "$MATCH_1" "$MATCH_2"
then
die "Clone of $MATCH_2 using ssh succeeded unexpectedly"
fi
IMPLEMENTS THEN (\S+) can clone (\S+) using git
clone_using_git "$MATCH_1" "$MATCH_2"
IMPLEMENTS THEN (\S+) can clone (\S+) using ssh
clone_using_ssh "$MATCH_1" "$MATCH_2"
IMPLEMENTS THEN (\S+) can see (\S+)
gitano "$MATCH_1" ls | awk -v "r=$MATCH_2" '$NF == r' | grep .
IMPLEMENTS THEN (\S+) cannot see (\S+)
if gitano "$MATCH_1" ls | awk -v "r=$MATCH_2" '$NF == r' | grep .
then
die "User $MATCH_1 can see repo $MATCH_2 unexpectedly"
fi
IMPLEMENTS THEN cgit allows viewing (\S+)
true
IMPLEMENTS THEN cgit does not allow viewing (\S+)
true
IMPLEMENTS WHEN (\S+) creates master branch in (\S+)
cd "$MATCH_1/$MATCH_2"
touch foo.txt
git add foo.txt
git commit -m initial
IMPLEMENTS WHEN (\S+) makes change in cloned (\S+) in (\S+)
cd "$MATCH_1/$MATCH_2"
git checkout "$MATCH_3"
date > foo.txt
git add foo.txt
git commit -m change
IMPLEMENTS THEN (\S+) can push (\S+) in (\S+)
true
IMPLEMENTS WHEN (\S+) attempts to push (\S+) in (\S+)
true
IMPLEMENTS WHEN (\S+) creates branch (\S+) in (\S+)
true
IMPLEMENTS WHEN (\S+) attempts to create repository (\S+)
attempt gitano "$MATCH_1" create "$MATCH_2"
IMPLEMENTS FINALLY remove user (\S+)
if gitano liw user del "$MATCH_1" 2> "$DATADIR/temp"
then
gitano liw user del "$MATCH_1" \
$(awk '{ s = $2 } END { print s }' "$DATADIR/temp")
fi
IMPLEMENTS FINALLY remove repository (\S+)
if gitano liw destroy "$MATCH_1" 2> "$DATADIR/temp"
then
gitano liw destroy "$MATCH_1" \
$(awk '{ s = $2 } END { print s }' "$DATADIR/temp")
fi
|