|
| 1 | +package handlers |
| 2 | + |
| 3 | +// deploy_git_installation_token_test.go — coverage for P4.2b: minting a GitHub |
| 4 | +// App installation token for a source=git clone (applyInstallationAuth + |
| 5 | +// installationCloneToken). Driven with sqlmock + a fake minter so every branch |
| 6 | +// (non-git / PAT-present / app-disabled / no-connection / no-installation-id / |
| 7 | +// installation-missing / suspended / team-mismatch / mint-error / minted) runs |
| 8 | +// synchronously without a real DB. The end-to-end source=git runDeploy path |
| 9 | +// (with a real DB) is exercised by TestDeployNew_SourceGit_FlagOn_Accepted. |
| 10 | + |
| 11 | +import ( |
| 12 | + "context" |
| 13 | + "crypto/rand" |
| 14 | + "crypto/rsa" |
| 15 | + "crypto/x509" |
| 16 | + "encoding/pem" |
| 17 | + "errors" |
| 18 | + "testing" |
| 19 | + "time" |
| 20 | + |
| 21 | + "github.com/DATA-DOG/go-sqlmock" |
| 22 | + "github.com/google/uuid" |
| 23 | + |
| 24 | + "instant.dev/internal/config" |
| 25 | + "instant.dev/internal/models" |
| 26 | + "instant.dev/internal/plans" |
| 27 | + "instant.dev/internal/providers/compute" |
| 28 | +) |
| 29 | + |
| 30 | +// fakeTokenMinter is an installationTokenMinter double. |
| 31 | +type fakeTokenMinter struct { |
| 32 | + token string |
| 33 | + err error |
| 34 | + calls int |
| 35 | +} |
| 36 | + |
| 37 | +func (f *fakeTokenMinter) InstallationToken(_ context.Context, _ int64) (string, error) { |
| 38 | + f.calls++ |
| 39 | + return f.token, f.err |
| 40 | +} |
| 41 | + |
| 42 | +// connRow builds an app_github_connections row for sqlmock. installID < 0 → NULL. |
| 43 | +func connRow(appID, team uuid.UUID, installID int64) *sqlmock.Rows { |
| 44 | + r := sqlmock.NewRows([]string{ |
| 45 | + "id", "app_id", "team_id", "github_repo", "branch", "webhook_secret", |
| 46 | + "installation_id", "created_at", "last_deploy_at", "last_commit_sha", |
| 47 | + }) |
| 48 | + var iid interface{} |
| 49 | + if installID >= 0 { |
| 50 | + iid = installID |
| 51 | + } |
| 52 | + return r.AddRow(uuid.New(), appID, team, "owner/repo", "main", "sec", iid, time.Now(), nil, nil) |
| 53 | +} |
| 54 | + |
| 55 | +func instRow(team uuid.UUID, suspended bool) *sqlmock.Rows { |
| 56 | + var susp interface{} |
| 57 | + if suspended { |
| 58 | + susp = time.Now() |
| 59 | + } |
| 60 | + return sqlmock.NewRows([]string{ |
| 61 | + "installation_id", "team_id", "account_login", "suspended_at", "created_at", "updated_at", |
| 62 | + }).AddRow(int64(42), team, "acme", susp, time.Now(), time.Now()) |
| 63 | +} |
| 64 | + |
| 65 | +// runApply builds a DeployHandler over a sqlmock DB + fake minter, runs |
| 66 | +// applyInstallationAuth on a git deploy, and returns the resolved GitAuth. |
| 67 | +func runApply(t *testing.T, setup func(sqlmock.Sqlmock), minter installationTokenMinter, opts *compute.DeployOptions, team uuid.UUID) { |
| 68 | + t.Helper() |
| 69 | + db, mock, err := sqlmock.New() |
| 70 | + if err != nil { |
| 71 | + t.Fatal(err) |
| 72 | + } |
| 73 | + defer func() { _ = db.Close() }() |
| 74 | + if setup != nil { |
| 75 | + setup(mock) |
| 76 | + } |
| 77 | + h := &DeployHandler{db: db} |
| 78 | + if minter != nil { |
| 79 | + h.SetGitHubApp(minter) // exercise the setter (not a struct-literal field write) |
| 80 | + } |
| 81 | + d := &models.Deployment{ID: uuid.New(), TeamID: team, AppID: "gitdep"} |
| 82 | + h.applyInstallationAuth(context.Background(), opts, d) |
| 83 | +} |
| 84 | + |
| 85 | +func TestApplyInstallationAuth_Minted(t *testing.T) { |
| 86 | + team := uuid.New() |
| 87 | + m := &fakeTokenMinter{token: "ghs_minted"} |
| 88 | + opts := &compute.DeployOptions{Source: "git"} |
| 89 | + runApply(t, func(mk sqlmock.Sqlmock) { |
| 90 | + mk.ExpectQuery(`FROM app_github_connections WHERE app_id`).WillReturnRows(connRow(uuid.New(), team, 42)) |
| 91 | + mk.ExpectQuery(`FROM github_installations WHERE installation_id`).WillReturnRows(instRow(team, false)) |
| 92 | + }, m, opts, team) |
| 93 | + if opts.GitAuth != "ghs_minted" || m.calls != 1 { |
| 94 | + t.Errorf("want minted token + 1 call, got GitAuth=%q calls=%d", opts.GitAuth, m.calls) |
| 95 | + } |
| 96 | +} |
| 97 | + |
| 98 | +func TestApplyInstallationAuth_EarlyReturns(t *testing.T) { |
| 99 | + team := uuid.New() |
| 100 | + m := &fakeTokenMinter{token: "ghs"} |
| 101 | + // non-git source → no-op, no queries. |
| 102 | + o1 := &compute.DeployOptions{Source: "image"} |
| 103 | + runApply(t, nil, m, o1, team) |
| 104 | + // PAT already present → no-op. |
| 105 | + o2 := &compute.DeployOptions{Source: "git", GitAuth: "ghp_pat"} |
| 106 | + runApply(t, nil, m, o2, team) |
| 107 | + // app disabled (nil minter) → no-op. |
| 108 | + o3 := &compute.DeployOptions{Source: "git"} |
| 109 | + runApply(t, nil, nil, o3, team) |
| 110 | + if o1.GitAuth != "" || o2.GitAuth != "ghp_pat" || o3.GitAuth != "" || m.calls != 0 { |
| 111 | + t.Errorf("early-returns must not mint: %q %q %q calls=%d", o1.GitAuth, o2.GitAuth, o3.GitAuth, m.calls) |
| 112 | + } |
| 113 | +} |
| 114 | + |
| 115 | +func TestInstallationCloneToken_Misses(t *testing.T) { |
| 116 | + team := uuid.New() |
| 117 | + cases := map[string]func(sqlmock.Sqlmock){ |
| 118 | + "no connection": func(mk sqlmock.Sqlmock) { |
| 119 | + mk.ExpectQuery(`FROM app_github_connections WHERE app_id`).WillReturnError(errors.New("nope")) |
| 120 | + }, |
| 121 | + "connection without installation_id": func(mk sqlmock.Sqlmock) { |
| 122 | + mk.ExpectQuery(`FROM app_github_connections WHERE app_id`).WillReturnRows(connRow(uuid.New(), team, -1)) |
| 123 | + }, |
| 124 | + "installation missing": func(mk sqlmock.Sqlmock) { |
| 125 | + mk.ExpectQuery(`FROM app_github_connections WHERE app_id`).WillReturnRows(connRow(uuid.New(), team, 42)) |
| 126 | + mk.ExpectQuery(`FROM github_installations WHERE installation_id`).WillReturnError(errors.New("gone")) |
| 127 | + }, |
| 128 | + "installation suspended": func(mk sqlmock.Sqlmock) { |
| 129 | + mk.ExpectQuery(`FROM app_github_connections WHERE app_id`).WillReturnRows(connRow(uuid.New(), team, 42)) |
| 130 | + mk.ExpectQuery(`FROM github_installations WHERE installation_id`).WillReturnRows(instRow(team, true)) |
| 131 | + }, |
| 132 | + "team mismatch": func(mk sqlmock.Sqlmock) { |
| 133 | + mk.ExpectQuery(`FROM app_github_connections WHERE app_id`).WillReturnRows(connRow(uuid.New(), team, 42)) |
| 134 | + mk.ExpectQuery(`FROM github_installations WHERE installation_id`).WillReturnRows(instRow(uuid.New(), false)) // different team |
| 135 | + }, |
| 136 | + } |
| 137 | + for name, setup := range cases { |
| 138 | + t.Run(name, func(t *testing.T) { |
| 139 | + opts := &compute.DeployOptions{Source: "git"} |
| 140 | + m := &fakeTokenMinter{token: "ghs"} |
| 141 | + runApply(t, setup, m, opts, team) |
| 142 | + if opts.GitAuth != "" { |
| 143 | + t.Errorf("%s: must not mint, got %q", name, opts.GitAuth) |
| 144 | + } |
| 145 | + if m.calls != 0 { |
| 146 | + t.Errorf("%s: minter must not be called, calls=%d", name, m.calls) |
| 147 | + } |
| 148 | + }) |
| 149 | + } |
| 150 | +} |
| 151 | + |
| 152 | +func TestInstallationCloneToken_MintError(t *testing.T) { |
| 153 | + team := uuid.New() |
| 154 | + m := &fakeTokenMinter{err: context.DeadlineExceeded} |
| 155 | + opts := &compute.DeployOptions{Source: "git"} |
| 156 | + runApply(t, func(mk sqlmock.Sqlmock) { |
| 157 | + mk.ExpectQuery(`FROM app_github_connections WHERE app_id`).WillReturnRows(connRow(uuid.New(), team, 42)) |
| 158 | + mk.ExpectQuery(`FROM github_installations WHERE installation_id`).WillReturnRows(instRow(team, false)) |
| 159 | + }, m, opts, team) |
| 160 | + if opts.GitAuth != "" || m.calls != 1 { |
| 161 | + t.Errorf("mint error must fail-soft: GitAuth=%q calls=%d", opts.GitAuth, m.calls) |
| 162 | + } |
| 163 | +} |
| 164 | + |
| 165 | +// testRSAPEM returns a throwaway PKCS#1 RSA private key PEM (what GitHub issues). |
| 166 | +func testRSAPEM(t *testing.T) string { |
| 167 | + t.Helper() |
| 168 | + key, err := rsa.GenerateKey(rand.Reader, 2048) |
| 169 | + if err != nil { |
| 170 | + t.Fatal(err) |
| 171 | + } |
| 172 | + return string(pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})) |
| 173 | +} |
| 174 | + |
| 175 | +// NewDeployHandler wires the GitHub App minter when enabled + key valid, leaves |
| 176 | +// it nil on a bad key (logged), and nil when disabled (P4.2b). |
| 177 | +func TestNewDeployHandler_GitHubAppWiring(t *testing.T) { |
| 178 | + valid := NewDeployHandler(nil, nil, &config.Config{ |
| 179 | + GitHubAppEnabled: true, GitHubAppID: "12345", GitHubAppPrivateKey: testRSAPEM(t), |
| 180 | + }, plans.Default()) |
| 181 | + if valid.githubApp == nil { |
| 182 | + t.Error("enabled + valid key must wire the minter") |
| 183 | + } |
| 184 | + |
| 185 | + badKey := NewDeployHandler(nil, nil, &config.Config{ |
| 186 | + GitHubAppEnabled: true, GitHubAppID: "12345", GitHubAppPrivateKey: "not-a-pem", |
| 187 | + }, plans.Default()) |
| 188 | + if badKey.githubApp != nil { |
| 189 | + t.Error("a malformed key must leave the minter nil (logged), not panic") |
| 190 | + } |
| 191 | + |
| 192 | + disabled := NewDeployHandler(nil, nil, &config.Config{GitHubAppEnabled: false}, plans.Default()) |
| 193 | + if disabled.githubApp != nil { |
| 194 | + t.Error("disabled must leave the minter nil") |
| 195 | + } |
| 196 | +} |
0 commit comments