1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
|
package testhelper
import (
"bytes"
"context"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/x509"
"encoding/pem"
"fmt"
"io"
"math/big"
mrand "math/rand"
"net"
"os"
"os/exec"
"path/filepath"
"syscall"
"testing"
"time"
"github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus"
log "github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"gitlab.com/gitlab-org/gitaly/internal/metadata/featureflag"
)
const (
// RepositoryAuthToken is the default token used to authenticate
// against other Gitaly servers. It is inject as part of the
// GitalyServers metadata.
RepositoryAuthToken = "the-secret-token"
// DefaultStorageName is the default name of the Gitaly storage.
DefaultStorageName = "default"
)
// IsPraefectEnabled returns whether this testing run is done with Praefect in front of the Gitaly.
func IsPraefectEnabled() bool {
_, enabled := os.LookupEnv("GITALY_TEST_WITH_PRAEFECT")
return enabled
}
// SkipWithPraefect skips the test if it is being executed with Praefect in front
// of the Gitaly.
func SkipWithPraefect(t testing.TB, reason string) {
if IsPraefectEnabled() {
t.Skipf(reason)
}
}
// MustReadFile returns the content of a file or fails at once.
func MustReadFile(t testing.TB, filename string) []byte {
t.Helper()
content, err := os.ReadFile(filename)
if err != nil {
t.Fatal(err)
}
return content
}
// GitlabTestStoragePath returns the storage path to the gitlab-test repo.
func GitlabTestStoragePath() string {
if testDirectory == "" {
panic("you must call testhelper.Configure() before GitlabTestStoragePath()")
}
return filepath.Join(testDirectory, "storage")
}
// MustRunCommand runs a command with an optional standard input and returns the standard output, or fails.
func MustRunCommand(t testing.TB, stdin io.Reader, name string, args ...string) []byte {
t.Helper()
if filepath.Base(name) == "git" {
require.Fail(t, "Please use gittest.Exec or gittest.ExecStream to run git commands.")
}
cmd := exec.Command(name, args...)
if stdin != nil {
cmd.Stdin = stdin
}
output, err := cmd.Output()
if err != nil {
stderr := err.(*exec.ExitError).Stderr
require.NoError(t, err, "%s %s: %s", name, args, stderr)
}
return output
}
// MustClose calls Close() on the Closer and fails the test in case it returns
// an error. This function is useful when closing via `defer`, as a simple
// `defer require.NoError(t, closer.Close())` would cause `closer.Close()` to
// be executed early already.
func MustClose(t testing.TB, closer io.Closer) {
require.NoError(t, closer.Close())
}
// CopyFile copies a file at the path src to a file at the path dst
func CopyFile(t testing.TB, src, dst string) {
fsrc, err := os.Open(src)
require.NoError(t, err)
defer MustClose(t, fsrc)
fdst, err := os.Create(dst)
require.NoError(t, err)
defer MustClose(t, fdst)
_, err = io.Copy(fdst, fsrc)
require.NoError(t, err)
}
// GetTemporaryGitalySocketFileName will return a unique, useable socket file name
func GetTemporaryGitalySocketFileName(t testing.TB) string {
require.NotEmpty(t, testDirectory, "you must call testhelper.Configure() before GetTemporaryGitalySocketFileName()")
tmpfile, err := os.CreateTemp(testDirectory, "gitaly.socket.")
require.NoError(t, err)
name := tmpfile.Name()
require.NoError(t, tmpfile.Close())
require.NoError(t, os.Remove(name))
return name
}
// GetLocalhostListener listens on the next available TCP port and returns
// the listener and the localhost address (host:port) string.
func GetLocalhostListener(t testing.TB) (net.Listener, string) {
l, err := net.Listen("tcp", "localhost:0")
require.NoError(t, err)
addr := fmt.Sprintf("localhost:%d", l.Addr().(*net.TCPAddr).Port)
return l, addr
}
// ContextOpt returns a new context instance with the new additions to it.
type ContextOpt func(context.Context) context.Context
// ContextWithLogger allows to inject provided logger into the context.
func ContextWithLogger(logger *log.Entry) ContextOpt {
return func(ctx context.Context) context.Context {
return ctxlogrus.ToContext(ctx, logger)
}
}
// Context returns that gets canceled at the end of the test.
func Context(t testing.TB, opts ...ContextOpt) context.Context {
ctx, cancel := context.WithCancel(ContextWithoutCancel(opts...))
t.Cleanup(cancel)
return ctx
}
// ContextWithoutCancel returns a non-cancellable context.
func ContextWithoutCancel(opts ...ContextOpt) context.Context {
ctx := context.Background()
rnd := mrand.New(mrand.NewSource(time.Now().Unix()))
// Enable use of explicit feature flags. Each feature flag which is checked must have been
// explicitly injected into the context, or otherwise we panic. This is a sanity check to
// verify that all feature flags we introduce are tested both with the flag enabled and
// with the flag disabled.
ctx = featureflag.ContextWithExplicitFeatureFlags(ctx)
// There are some feature flags we need to enable in this function because they end up very
// deep in the call stack, so almost every test function would have to inject it into its
// context.
ctx = featureflag.ContextWithFeatureFlag(ctx, featureflag.RunCommandsInCGroup, true)
// ConcurrencyQueueEnforceMax is in the codepath of every RPC call since its in the limithandler
// middleware.
ctx = featureflag.ContextWithFeatureFlag(ctx, featureflag.ConcurrencyQueueEnforceMax, true)
// ConcurrencyQueueMaxWait is in the codepath of every RPC call since it's in the limithandler
// middleware.
ctx = featureflag.ContextWithFeatureFlag(ctx, featureflag.ConcurrencyQueueMaxWait, true)
// Randomly inject the Git flag so that we have coverage of tests with both old and new Git
// version by pure chance.
ctx = featureflag.ContextWithFeatureFlag(ctx, featureflag.GitV2361Gl1, rnd.Int()%2 == 0)
for _, opt := range opts {
ctx = opt(ctx)
}
return ctx
}
// CreateGlobalDirectory creates a directory in the test directory that is shared across all
// between all tests.
func CreateGlobalDirectory(t testing.TB, name string) string {
require.NotEmpty(t, testDirectory, "global temporary directory does not exist")
path := filepath.Join(testDirectory, name)
require.NoError(t, os.Mkdir(path, 0o777))
return path
}
// TempDir is a wrapper around os.MkdirTemp that provides a cleanup function.
func TempDir(t testing.TB) string {
if testDirectory == "" {
panic("you must call testhelper.Configure() before TempDir()")
}
tmpDir, err := os.MkdirTemp(testDirectory, "")
require.NoError(t, err)
t.Cleanup(func() {
require.NoError(t, os.RemoveAll(tmpDir))
})
return tmpDir
}
// Cleanup functions should be called in a defer statement
// immediately after they are returned from a test helper
type Cleanup func()
// WriteExecutable ensures that the parent directory exists, and writes an executable with provided
// content. The executable must not exist previous to writing it. Returns the path of the written
// executable.
func WriteExecutable(t testing.TB, path string, content []byte) string {
dir := filepath.Dir(path)
require.NoError(t, os.MkdirAll(dir, 0o755))
t.Cleanup(func() {
assert.NoError(t, os.RemoveAll(dir))
})
// Open the file descriptor and write the script into it. It may happen that any other
// Goroutine forks while we hold this writeable file descriptor, and as a consequence we
// leak it into the other process. Subsequently, even if we close the file descriptor
// ourselves this other process may still hold on to the writeable file descriptor. The
// result is that calls to execve(3P) on our just-written file will fail with ETXTBSY,
// which is raised when trying to execute a file which is still open to be written to.
//
// We thus need to perform file locking to ensure that all writeable references to this
// file have been closed before returning.
executable, err := os.OpenFile(path, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0o755)
require.NoError(t, err)
_, err = io.Copy(executable, bytes.NewReader(content))
require.NoError(t, err)
// We now lock the file descriptor for exclusive access. If there was a forked process
// holding the writeable file descriptor at this point in time, then it would refer to the
// same file descriptor and thus be locked for exclusive access, as well. If we fork after
// creating the lock and before closing the writeable file descriptor, then the dup'd file
// descriptor would automatically inherit the lock.
//
// No matter what, after this step any file descriptors referring to this writeable file
// descriptor will be exclusively locked.
require.NoError(t, syscall.Flock(int(executable.Fd()), syscall.LOCK_EX))
// We now close this file. The file will be automatically unlocked as soon as all
// references to this file descriptor are closed.
MustClose(t, executable)
// We now open the file again, but this time only for reading.
executable, err = os.Open(path)
require.NoError(t, err)
// And this time, we try to acquire a shared lock on this file. This call will block until
// the exclusive file lock on the above writeable file descriptor has been dropped. So as
// soon as we're able to acquire the lock we know that there cannot be any open writeable
// file descriptors for this file anymore, and thus we won't get ETXTBSY anymore.
require.NoError(t, syscall.Flock(int(executable.Fd()), syscall.LOCK_SH))
MustClose(t, executable)
return path
}
// ModifyEnvironment will change an environment variable and revert it when the test completed.
func ModifyEnvironment(t testing.TB, key string, value string) {
t.Helper()
oldValue, hasOldValue := os.LookupEnv(key)
if value == "" {
require.NoError(t, os.Unsetenv(key))
} else {
require.NoError(t, os.Setenv(key, value))
}
t.Cleanup(func() {
if hasOldValue {
require.NoError(t, os.Setenv(key, oldValue))
} else {
require.NoError(t, os.Unsetenv(key))
}
})
}
// GenerateCerts creates a certificate that can be used to establish TLS protected TCP connection.
// It returns paths to the file with the certificate and its private key.
func GenerateCerts(t *testing.T) (string, string) {
t.Helper()
rootCA := &x509.Certificate{
SerialNumber: big.NewInt(1),
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(0, 0, 1),
BasicConstraintsValid: true,
IsCA: true,
IPAddresses: []net.IP{net.ParseIP("0.0.0.0"), net.ParseIP("127.0.0.1"), net.ParseIP("::1"), net.ParseIP("::")},
DNSNames: []string{"localhost"},
KeyUsage: x509.KeyUsageCertSign,
}
caKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
require.NoError(t, err)
caCert, err := x509.CreateCertificate(rand.Reader, rootCA, rootCA, &caKey.PublicKey, caKey)
require.NoError(t, err)
entityKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
require.NoError(t, err)
entityX509 := &x509.Certificate{
SerialNumber: big.NewInt(2),
}
entityCert, err := x509.CreateCertificate(rand.Reader, rootCA, entityX509, &entityKey.PublicKey, caKey)
require.NoError(t, err)
certFile, err := os.CreateTemp(testDirectory, "")
require.NoError(t, err)
defer MustClose(t, certFile)
t.Cleanup(func() {
require.NoError(t, os.Remove(certFile.Name()))
})
// create chained PEM file with CA and entity cert
for _, cert := range [][]byte{entityCert, caCert} {
require.NoError(t,
pem.Encode(certFile, &pem.Block{
Type: "CERTIFICATE",
Bytes: cert,
}),
)
}
keyFile, err := os.CreateTemp(testDirectory, "")
require.NoError(t, err)
defer MustClose(t, keyFile)
t.Cleanup(func() {
require.NoError(t, os.Remove(keyFile.Name()))
})
entityKeyBytes, err := x509.MarshalECPrivateKey(entityKey)
require.NoError(t, err)
require.NoError(t,
pem.Encode(keyFile, &pem.Block{
Type: "ECDSA PRIVATE KEY",
Bytes: entityKeyBytes,
}),
)
return certFile.Name(), keyFile.Name()
}
|
