From a96982b302f1decab15164cf508a4205a799e986 Mon Sep 17 00:00:00 2001 From: Matthieu MOREL Date: Fri, 14 Jun 2024 15:15:31 +0200 Subject: [PATCH] chore: extend require-error rule from testifylint (#18658) Signed-off-by: Matthieu MOREL --- .golangci.yaml | 2 +- util/oidc/oidc_test.go | 26 ++-- util/rbac/rbac_norace_test.go | 3 +- util/rbac/rbac_test.go | 72 ++++------ util/security/path_traversal_test.go | 9 +- util/session/sessionmanager_norace_test.go | 5 +- util/session/sessionmanager_test.go | 38 ++--- util/settings/accounts_test.go | 37 ++--- util/settings/settings_test.go | 154 ++++++++++----------- util/tls/tls_test.go | 56 ++++---- util/webhook/webhook_test.go | 23 +-- 11 files changed, 202 insertions(+), 223 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 528cd85e5078e..6f5e5dd7ae554 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -7,7 +7,7 @@ issues: text: "require-error:" linters: - testifylint - - path: "util/(argo|cache|cert|clusterauth|config|db|dex|git|gpg|grpc|helm|http|io|kube|kustomize|lua|notification|oidc|rbac|security|session|settings|tls|webhook)/" + - path: "util/(argo|cache|cert|clusterauth|config|db|dex|git|gpg|grpc|helm|http|io|kube|kustomize|lua|notification)/" text: "require-error:" linters: - testifylint diff --git a/util/oidc/oidc_test.go b/util/oidc/oidc_test.go index 7114bf771c70f..12a715f6a3e9a 100644 --- a/util/oidc/oidc_test.go +++ b/util/oidc/oidc_test.go @@ -33,10 +33,10 @@ func TestInferGrantType(t *testing.T) { for _, path := range []string{"dex", "okta", "auth0", "onelogin"} { t.Run(path, func(t *testing.T) { rawConfig, err := os.ReadFile("testdata/" + path + ".json") - assert.NoError(t, err) + require.NoError(t, err) var config OIDCConfiguration err = json.Unmarshal(rawConfig, &config) - assert.NoError(t, err) + require.NoError(t, err) grantType := InferGrantType(&config) assert.Equal(t, GrantTypeAuthorizationCode, grantType) @@ -74,10 +74,10 @@ func TestIDTokenClaims(t *testing.T) { assert.Len(t, opts, 1) authCodeURL, err := url.Parse(oauth2Config.AuthCodeURL("TEST", opts...)) - assert.NoError(t, err) + require.NoError(t, err) values, err := url.ParseQuery(authCodeURL.RawQuery) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "{\"id_token\":{\"groups\":{\"essential\":true}}}", values.Get("claims")) } @@ -421,7 +421,7 @@ func TestGenerateAppState(t *testing.T) { } returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), state) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, expectedReturnURL, returnURL) }) @@ -432,7 +432,7 @@ func TestGenerateAppState(t *testing.T) { } _, err := app.verifyAppState(req, httptest.NewRecorder(), "wrong state") - assert.Error(t, err) + require.Error(t, err) }) } @@ -465,7 +465,7 @@ func TestGenerateAppState_XSS(t *testing.T) { } returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), state) - assert.ErrorIs(t, err, InvalidRedirectURLError) + require.ErrorIs(t, err, InvalidRedirectURLError) assert.Empty(t, returnURL) }) @@ -481,7 +481,7 @@ func TestGenerateAppState_XSS(t *testing.T) { } returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), state) - assert.NoError(t, err, InvalidRedirectURLError) + require.NoError(t, err, InvalidRedirectURLError) assert.Equal(t, expectedReturnURL, returnURL) }) } @@ -502,7 +502,7 @@ func TestGenerateAppState_NoReturnURL(t *testing.T) { req.AddCookie(&http.Cookie{Name: common.StateCookieName, Value: hex.EncodeToString(encrypted)}) returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), "123") - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "/argo-cd", returnURL) } @@ -728,7 +728,7 @@ func TestGetUserInfo(t *testing.T) { require.NoError(t, err) cdSettings := &settings.ArgoCDSettings{ServerSignature: signature} encryptionKey, err := cdSettings.GetServerEncryptionKey() - assert.NoError(t, err) + require.NoError(t, err) a, _ := NewClientApp(cdSettings, "", nil, "/argo-cd", tt.cache) for _, item := range tt.cacheItems { @@ -736,7 +736,7 @@ func TestGetUserInfo(t *testing.T) { newValue = []byte(item.value) if item.encrypt { newValue, err = crypto.Encrypt([]byte(item.value), encryptionKey) - assert.NoError(t, err) + require.NoError(t, err) } err := a.clientCache.Set(&cache.Item{ Key: item.key, @@ -749,9 +749,9 @@ func TestGetUserInfo(t *testing.T) { assert.Equal(t, tt.expectedOutput, got) assert.Equal(t, tt.expectUnauthenticated, unauthenticated) if tt.expectError { - assert.Error(t, err) + require.Error(t, err) } else { - assert.NoError(t, err) + require.NoError(t, err) } for _, item := range tt.expectedCacheItems { var tmpValue []byte diff --git a/util/rbac/rbac_norace_test.go b/util/rbac/rbac_norace_test.go index 5d558f716ac7b..41503746cd540 100644 --- a/util/rbac/rbac_norace_test.go +++ b/util/rbac/rbac_norace_test.go @@ -9,6 +9,7 @@ import ( "time" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" apiv1 "k8s.io/api/core/v1" "k8s.io/client-go/kubernetes/fake" ) @@ -48,7 +49,7 @@ func TestPolicyInformer(t *testing.T) { // update the configmap and update policy delete(cm.Data, ConfigMapPolicyCSVKey) err := enf.syncUpdate(cm, noOpUpdate) - assert.NoError(t, err) + require.NoError(t, err) assert.False(t, enf.Enforce("admin", "applications", "delete", "foo/bar")) } diff --git a/util/rbac/rbac_test.go b/util/rbac/rbac_test.go index bbc2eaa3a5cf8..f0843952cd2e9 100644 --- a/util/rbac/rbac_test.go +++ b/util/rbac/rbac_test.go @@ -108,8 +108,7 @@ func TestPolicyCSV(t *testing.T) { func TestBuiltinPolicyEnforcer(t *testing.T) { kubeclientset := fake.NewSimpleClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) - err := enf.syncUpdate(fakeConfigMap(), noOpUpdate) - assert.NoError(t, err) + require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) // Without setting builtin policy, this should fail assert.False(t, enf.Enforce("admin", "applications", "get", "foo/bar")) @@ -181,8 +180,7 @@ g, alice, role:foo-readonly func TestDefaultRole(t *testing.T) { kubeclientset := fake.NewSimpleClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) - err := enf.syncUpdate(fakeConfigMap(), noOpUpdate) - assert.NoError(t, err) + require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) _ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV) assert.False(t, enf.Enforce("bob", "applications", "get", "foo/bar")) @@ -195,8 +193,7 @@ func TestDefaultRole(t *testing.T) { func TestURLAsObjectName(t *testing.T) { kubeclientset := fake.NewSimpleClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) - err := enf.syncUpdate(fakeConfigMap(), noOpUpdate) - assert.NoError(t, err) + require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) policy := ` p, alice, repositories, *, foo/*, allow p, bob, repositories, *, foo/https://github.com/argoproj/argo-cd.git, allow @@ -294,8 +291,7 @@ func TestClaimsEnforcerFunc(t *testing.T) { func TestDefaultRoleWithRuntimePolicy(t *testing.T) { kubeclientset := fake.NewSimpleClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) - err := enf.syncUpdate(fakeConfigMap(), noOpUpdate) - assert.NoError(t, err) + require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) runtimePolicy := assets.BuiltinPolicyCSV assert.False(t, enf.EnforceRuntimePolicy("", runtimePolicy, "bob", "applications", "get", "foo/bar")) enf.SetDefaultRole("role:readonly") @@ -307,8 +303,7 @@ func TestDefaultRoleWithRuntimePolicy(t *testing.T) { func TestClaimsEnforcerFuncWithRuntimePolicy(t *testing.T) { kubeclientset := fake.NewSimpleClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) - err := enf.syncUpdate(fakeConfigMap(), noOpUpdate) - assert.NoError(t, err) + require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) runtimePolicy := assets.BuiltinPolicyCSV claims := jwt.RegisteredClaims{ Subject: "foo", @@ -325,8 +320,7 @@ func TestInvalidRuntimePolicy(t *testing.T) { cm := fakeConfigMap() kubeclientset := fake.NewSimpleClientset(cm) enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) - err := enf.syncUpdate(fakeConfigMap(), noOpUpdate) - assert.NoError(t, err) + require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) _ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV) assert.True(t, enf.EnforceRuntimePolicy("", "", "admin", "applications", "update", "foo/bar")) assert.False(t, enf.EnforceRuntimePolicy("", "", "role:readonly", "applications", "update", "foo/bar")) @@ -344,14 +338,14 @@ func TestValidatePolicy(t *testing.T) { ` p, role:admin, projects, delete, *, allow `, } for _, good := range goodPolicies { - assert.NoError(t, ValidatePolicy(good)) + require.NoError(t, ValidatePolicy(good)) } badPolicies := []string{ "this, is, not, a, good, policy", "this\ttoo", } for _, bad := range badPolicies { - assert.Error(t, ValidatePolicy(bad)) + require.Error(t, ValidatePolicy(bad)) } } @@ -360,20 +354,20 @@ func TestEnforceErrorMessage(t *testing.T) { kubeclientset := fake.NewSimpleClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) err := enf.syncUpdate(fakeConfigMap(), noOpUpdate) - assert.NoError(t, err) + require.NoError(t, err) err = enf.EnforceErr("admin", "applications", "get", "foo/bar") - assert.Error(t, err) + require.Error(t, err) assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied: applications, get, foo/bar", err.Error()) err = enf.EnforceErr() - assert.Error(t, err) + require.Error(t, err) assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied", err.Error()) // nolint:staticcheck ctx := context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin"}) err = enf.EnforceErr(ctx.Value("claims"), "project") - assert.Error(t, err) + require.Error(t, err) assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied: project, sub: proj:default:admin", err.Error()) iat := time.Unix(int64(1593035962), 0).Format(time.RFC3339) @@ -381,27 +375,26 @@ func TestEnforceErrorMessage(t *testing.T) { // nolint:staticcheck ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin", IssuedAt: jwt.NewNumericDate(time.Unix(int64(1593035962), 0))}) err = enf.EnforceErr(ctx.Value("claims"), "project") - assert.Error(t, err) + require.Error(t, err) assert.Equal(t, exp, err.Error()) // nolint:staticcheck ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{ExpiresAt: jwt.NewNumericDate(time.Now())}) err = enf.EnforceErr(ctx.Value("claims"), "project") - assert.Error(t, err) + require.Error(t, err) assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied: project", err.Error()) // nolint:staticcheck ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin", IssuedAt: nil}) err = enf.EnforceErr(ctx.Value("claims"), "project") - assert.Error(t, err) + require.Error(t, err) assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied: project, sub: proj:default:admin", err.Error()) } func TestDefaultGlobMatchMode(t *testing.T) { kubeclientset := fake.NewSimpleClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) - err := enf.syncUpdate(fakeConfigMap(), noOpUpdate) - assert.NoError(t, err) + require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) policy := ` p, alice, clusters, get, "https://github.com/*/*.git", allow ` @@ -416,8 +409,7 @@ func TestGlobMatchMode(t *testing.T) { cm.Data[ConfigMapMatchModeKey] = GlobMatchMode kubeclientset := fake.NewSimpleClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) - err := enf.syncUpdate(cm, noOpUpdate) - assert.NoError(t, err) + require.NoError(t, enf.syncUpdate(cm, noOpUpdate)) policy := ` p, alice, clusters, get, "https://github.com/*/*.git", allow ` @@ -432,8 +424,7 @@ func TestRegexMatchMode(t *testing.T) { cm.Data[ConfigMapMatchModeKey] = RegexMatchMode kubeclientset := fake.NewSimpleClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) - err := enf.syncUpdate(cm, noOpUpdate) - assert.NoError(t, err) + require.NoError(t, enf.syncUpdate(cm, noOpUpdate)) policy := ` p, alice, clusters, get, "https://github.com/argo[a-z]{4}/argo-[a-z]+.git", allow ` @@ -461,55 +452,46 @@ func TestLoadPolicyLine(t *testing.T) { t.Run("Valid permission line", func(t *testing.T) { policy := `p, role:Myrole, applications, *, myproj/*, allow` model := newBuiltInModel() - err := loadPolicyLine(policy, model) - require.NoError(t, err) + require.NoError(t, loadPolicyLine(policy, model)) }) t.Run("Valid grant line", func(t *testing.T) { policy := `g, your-github-org:your-team, role:org-admin` model := newBuiltInModel() - err := loadPolicyLine(policy, model) - require.NoError(t, err) + require.NoError(t, loadPolicyLine(policy, model)) }) t.Run("Empty policy line", func(t *testing.T) { policy := "" model := newBuiltInModel() - err := loadPolicyLine(policy, model) - require.NoError(t, err) + require.NoError(t, loadPolicyLine(policy, model)) }) t.Run("Comment policy line", func(t *testing.T) { policy := "# Some comment" model := newBuiltInModel() - err := loadPolicyLine(policy, model) - require.NoError(t, err) + require.NoError(t, loadPolicyLine(policy, model)) }) t.Run("Invalid policy line: single token", func(t *testing.T) { policy := "p" model := newBuiltInModel() - err := loadPolicyLine(policy, model) - require.Error(t, err) + require.Error(t, loadPolicyLine(policy, model)) }) t.Run("Invalid policy line: plain text", func(t *testing.T) { policy := "Some comment" model := newBuiltInModel() - err := loadPolicyLine(policy, model) - require.Error(t, err) + require.Error(t, loadPolicyLine(policy, model)) }) t.Run("Invalid policy line", func(t *testing.T) { policy := "agh, foo, bar" model := newBuiltInModel() - err := loadPolicyLine(policy, model) - require.Error(t, err) + require.Error(t, loadPolicyLine(policy, model)) }) t.Run("Invalid policy line missing comma", func(t *testing.T) { policy := "p, role:Myrole, applications, *, myproj/* allow" model := newBuiltInModel() - err := loadPolicyLine(policy, model) - require.Error(t, err) + require.Error(t, loadPolicyLine(policy, model)) }) t.Run("Invalid policy line missing policy type", func(t *testing.T) { policy := ", role:Myrole, applications, *, myproj/*, allow" model := newBuiltInModel() - err := loadPolicyLine(policy, model) - require.Error(t, err) + require.Error(t, loadPolicyLine(policy, model)) }) } diff --git a/util/security/path_traversal_test.go b/util/security/path_traversal_test.go index 79c41ab6c0ee8..449d031e393d4 100644 --- a/util/security/path_traversal_test.go +++ b/util/security/path_traversal_test.go @@ -4,23 +4,24 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestEnforceToCurrentRoot(t *testing.T) { cleanDir, err := EnforceToCurrentRoot("/home/argo/helmapp/", "/home/argo/helmapp/values.yaml") - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "/home/argo/helmapp/values.yaml", cleanDir) // File is outside current working directory _, err = EnforceToCurrentRoot("/home/argo/helmapp/", "/home/values.yaml") - assert.Error(t, err) + require.Error(t, err) // File is outside current working directory _, err = EnforceToCurrentRoot("/home/argo/helmapp/", "/home/argo/helmapp/../differentapp/values.yaml") - assert.Error(t, err) + require.Error(t, err) // Goes back and forth, but still legal cleanDir, err = EnforceToCurrentRoot("/home/argo/helmapp/", "/home/argo/helmapp/../../argo/helmapp/values.yaml") - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "/home/argo/helmapp/values.yaml", cleanDir) } diff --git a/util/session/sessionmanager_norace_test.go b/util/session/sessionmanager_norace_test.go index 3f116a06bfcda..ae6e22b030897 100644 --- a/util/session/sessionmanager_norace_test.go +++ b/util/session/sessionmanager_norace_test.go @@ -9,6 +9,7 @@ import ( "time" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/argoproj/argo-cd/v2/util/settings" ) @@ -30,9 +31,7 @@ func TestRandomPasswordVerificationDelay(t *testing.T) { for i := 0; i < 10; i++ { sleptFor = 0 start := time.Now() - if !assert.NoError(t, mgr.VerifyUsernamePassword("admin", "password")) { - return - } + require.NoError(t, mgr.VerifyUsernamePassword("admin", "password")) totalDuration := time.Since(start) + sleptFor assert.GreaterOrEqual(t, totalDuration.Nanoseconds(), verificationDelayNoiseMin.Nanoseconds()) assert.LessOrEqual(t, totalDuration.Nanoseconds(), verificationDelayNoiseMax.Nanoseconds()) diff --git a/util/session/sessionmanager_test.go b/util/session/sessionmanager_test.go index b5e51a977a2c7..7a3d5a65f5f5a 100644 --- a/util/session/sessionmanager_test.go +++ b/util/session/sessionmanager_test.go @@ -95,7 +95,7 @@ func TestSessionManager_AdminToken(t *testing.T) { } claims, newToken, err := mgr.Parse(token) - assert.NoError(t, err) + require.NoError(t, err) assert.Empty(t, newToken) mapClaims := *(claims.(*jwt.MapClaims)) @@ -119,12 +119,12 @@ func TestSessionManager_AdminToken_ExpiringSoon(t *testing.T) { // verify new token is generated is login token is expiring soon _, newToken, err := mgr.Parse(token) - assert.NoError(t, err) + require.NoError(t, err) assert.NotEmpty(t, newToken) // verify that new token is valid and for the same user claims, _, err := mgr.Parse(newToken) - assert.NoError(t, err) + require.NoError(t, err) mapClaims := *(claims.(*jwt.MapClaims)) subject := mapClaims["sub"].(string) assert.Equal(t, "admin", subject) @@ -200,7 +200,7 @@ func TestSessionManager_ProjectToken(t *testing.T) { require.NoError(t, err) _, _, err = mgr.Parse(jwtToken) - assert.NoError(t, err) + require.NoError(t, err) }) t.Run("Token Revoked", func(t *testing.T) { @@ -341,7 +341,7 @@ func TestSessionManager_WithAuthMiddleware(t *testing.T) { resp, err := http.DefaultClient.Do(req) // then - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, resp) assert.Equal(t, tc.expectedStatusCode, resp.StatusCode) if tc.expectedResponseBody != nil { @@ -431,7 +431,7 @@ func TestVerifyUsernamePassword(t *testing.T) { err := mgr.VerifyUsernamePassword(tc.userName, tc.password) if tc.expected == nil { - assert.NoError(t, err) + require.NoError(t, err) } else { assert.EqualError(t, err, tc.expected.Error()) } @@ -502,31 +502,31 @@ func TestLoginRateLimiter(t *testing.T) { t.Run("Test login delay valid user", func(t *testing.T) { for i := 0; i < getMaxLoginFailures(); i++ { err := mgr.VerifyUsernamePassword("admin", "wrong") - assert.Error(t, err) + require.Error(t, err) } // The 11th time should fail even if password is right { err := mgr.VerifyUsernamePassword("admin", "password") - assert.Error(t, err) + require.Error(t, err) } storage.attempts = map[string]LoginAttempts{} // Failed counter should have been reset, should validate immediately { err := mgr.VerifyUsernamePassword("admin", "password") - assert.NoError(t, err) + require.NoError(t, err) } }) t.Run("Test login delay invalid user", func(t *testing.T) { for i := 0; i < getMaxLoginFailures(); i++ { err := mgr.VerifyUsernamePassword("invalid", "wrong") - assert.Error(t, err) + require.Error(t, err) } err := mgr.VerifyUsernamePassword("invalid", "wrong") - assert.Error(t, err) + require.Error(t, err) }) } @@ -538,7 +538,7 @@ func TestMaxUsernameLength(t *testing.T) { settingsMgr := settings.NewSettingsManager(context.Background(), getKubeClient("password", true), "argocd") mgr := newSessionManager(settingsMgr, getProjLister(), NewUserStateStorage(nil)) err := mgr.VerifyUsernamePassword(username, "password") - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), fmt.Sprintf(usernameTooLongError, maxUsernameLength)) } @@ -552,7 +552,7 @@ func TestMaxCacheSize(t *testing.T) { for _, user := range invalidUsers { err := mgr.VerifyUsernamePassword(user, "password") - assert.Error(t, err) + require.Error(t, err) } assert.Len(t, mgr.GetLoginFailures(), 5) @@ -568,13 +568,13 @@ func TestFailedAttemptsExpiry(t *testing.T) { for _, user := range invalidUsers { err := mgr.VerifyUsernamePassword(user, "password") - assert.Error(t, err) + require.Error(t, err) } time.Sleep(2 * time.Second) err := mgr.VerifyUsernamePassword("invalid8", "password") - assert.Error(t, err) + require.Error(t, err) assert.Len(t, mgr.GetLoginFailures(), 1) } @@ -878,7 +878,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL), require.NoError(t, err) _, _, err = mgr.VerifyToken(tokenString) - assert.Error(t, err) + require.Error(t, err) }) t.Run("OIDC provider is external, audience is not specified, absent audience is allowed", func(t *testing.T) { @@ -914,7 +914,7 @@ skipAudienceCheckWhenTokenHasNoAudience: true`, oidcTestServer.URL), require.NoError(t, err) _, _, err = mgr.VerifyToken(tokenString) - assert.NoError(t, err) + require.NoError(t, err) }) t.Run("OIDC provider is external, audience is not specified but is required", func(t *testing.T) { @@ -1023,7 +1023,7 @@ allowedAudiences: require.NoError(t, err) _, _, err = mgr.VerifyToken(tokenString) - assert.NoError(t, err) + require.NoError(t, err) }) t.Run("OIDC provider is external, audience is not in allowed list", func(t *testing.T) { @@ -1171,7 +1171,7 @@ allowedAudiences: ["aud-a", "aud-b"]`, oidcTestServer.URL), require.NoError(t, err) _, _, err = mgr.VerifyToken(tokenString) - assert.NoError(t, err) + require.NoError(t, err) }) t.Run("OIDC provider is external, audience is not specified, token is signed with the wrong key", func(t *testing.T) { diff --git a/util/settings/accounts_test.go b/util/settings/accounts_test.go index 0b00b31ad300a..1415ce226de3d 100644 --- a/util/settings/accounts_test.go +++ b/util/settings/accounts_test.go @@ -6,6 +6,7 @@ import ( "time" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" v1 "k8s.io/api/core/v1" @@ -17,7 +18,7 @@ import ( func TestGetAccounts_NoAccountsConfigured(t *testing.T) { _, settingsManager := fixtures(nil) accounts, err := settingsManager.GetAccounts() - assert.NoError(t, err) + require.NoError(t, err) adminAccount, ok := accounts[common.ArgoCDAdminUsername] assert.True(t, ok) @@ -29,7 +30,7 @@ func TestGetAccounts_HasConfiguredAccounts(t *testing.T) { secret.Data["accounts.test.tokens"] = []byte(`[{"id":"123","iat":1583789194,"exp":1583789194}]`) }) accounts, err := settingsManager.GetAccounts() - assert.NoError(t, err) + require.NoError(t, err) acc, ok := accounts["test"] assert.True(t, ok) @@ -44,7 +45,7 @@ func TestGetAccounts_DisableAccount(t *testing.T) { "accounts.test.enabled": "false", }) accounts, err := settingsManager.GetAccounts() - assert.NoError(t, err) + require.NoError(t, err) acc, ok := accounts["test"] assert.True(t, ok) @@ -59,13 +60,13 @@ func TestGetAccount(t *testing.T) { t.Run("ExistingUserName", func(t *testing.T) { _, err := settingsManager.GetAccount("test") - assert.NoError(t, err) + require.NoError(t, err) }) t.Run("IncorrectName", func(t *testing.T) { _, err := settingsManager.GetAccount("incorrect-name") - assert.Error(t, err) + require.Error(t, err) assert.Equal(t, codes.NotFound, status.Code(err)) }) } @@ -88,7 +89,7 @@ func TestGetAccount_WithInvalidToken(t *testing.T) { ) _, err := settingsManager.GetAccounts() - assert.NoError(t, err) + require.NoError(t, err) } func TestGetAdminAccount(t *testing.T) { @@ -99,7 +100,7 @@ func TestGetAdminAccount(t *testing.T) { }) acc, err := settingsManager.GetAccount(common.ArgoCDAdminUsername) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "admin-password", acc.PasswordHash) assert.Equal(t, mTime, acc.FormatPasswordMtime()) @@ -150,16 +151,16 @@ func TestAddAccount_AccountAdded(t *testing.T) { PasswordMtime: &mTime, } err := settingsManager.AddAccount("test", addedAccount) - assert.NoError(t, err) + require.NoError(t, err) cm, err := clientset.CoreV1().ConfigMaps("default").Get(context.Background(), common.ArgoCDConfigMapName, metav1.GetOptions{}) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "login", cm.Data["accounts.test"]) assert.Equal(t, "false", cm.Data["accounts.test.enabled"]) secret, err := clientset.CoreV1().Secrets("default").Get(context.Background(), common.ArgoCDSecretName, metav1.GetOptions{}) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "hash", string(secret.Data["accounts.test.password"])) assert.Equal(t, mTime.Format(time.RFC3339), string(secret.Data["accounts.test.passwordMtime"])) @@ -169,13 +170,13 @@ func TestAddAccount_AccountAdded(t *testing.T) { func TestAddAccount_AlreadyExists(t *testing.T) { _, settingsManager := fixtures(map[string]string{"accounts.test": "login"}) err := settingsManager.AddAccount("test", Account{}) - assert.Error(t, err) + require.Error(t, err) } func TestAddAccount_CannotAddAdmin(t *testing.T) { _, settingsManager := fixtures(nil) err := settingsManager.AddAccount("admin", Account{}) - assert.Error(t, err) + require.Error(t, err) } func TestUpdateAccount_SuccessfullyUpdated(t *testing.T) { @@ -190,16 +191,16 @@ func TestUpdateAccount_SuccessfullyUpdated(t *testing.T) { account.PasswordMtime = &mTime return nil }) - assert.NoError(t, err) + require.NoError(t, err) cm, err := clientset.CoreV1().ConfigMaps("default").Get(context.Background(), common.ArgoCDConfigMapName, metav1.GetOptions{}) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "login", cm.Data["accounts.test"]) assert.Equal(t, "false", cm.Data["accounts.test.enabled"]) secret, err := clientset.CoreV1().Secrets("default").Get(context.Background(), common.ArgoCDSecretName, metav1.GetOptions{}) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "hash", string(secret.Data["accounts.test.password"])) assert.Equal(t, mTime.Format(time.RFC3339), string(secret.Data["accounts.test.passwordMtime"])) @@ -215,10 +216,10 @@ func TestUpdateAccount_UpdateAdminPassword(t *testing.T) { account.PasswordMtime = &mTime return nil }) - assert.NoError(t, err) + require.NoError(t, err) secret, err := clientset.CoreV1().Secrets("default").Get(context.Background(), common.ArgoCDSecretName, metav1.GetOptions{}) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "newPassword", string(secret.Data["admin.password"])) assert.Equal(t, mTime.Format(time.RFC3339), string(secret.Data["admin.passwordMtime"])) @@ -231,5 +232,5 @@ func TestUpdateAccount_AccountDoesNotExist(t *testing.T) { account.Enabled = false return nil }) - assert.Error(t, err) + require.Error(t, err) } diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go index aa78730ace513..0011a79adcf59 100644 --- a/util/settings/settings_test.go +++ b/util/settings/settings_test.go @@ -57,20 +57,20 @@ func TestGetRepositories(t *testing.T) { "repositories": "\n - url: http://foo\n", }) filter, err := settingsManager.GetRepositories() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, []Repository{{URL: "http://foo"}}, filter) } func TestSaveRepositories(t *testing.T) { kubeClient, settingsManager := fixtures(nil) err := settingsManager.SaveRepositories([]Repository{{URL: "http://foo"}}) - assert.NoError(t, err) + require.NoError(t, err) cm, err := kubeClient.CoreV1().ConfigMaps("default").Get(context.Background(), common.ArgoCDConfigMapName, metav1.GetOptions{}) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "- url: http://foo\n", cm.Data["repositories"]) repos, err := settingsManager.GetRepositories() - assert.NoError(t, err) + require.NoError(t, err) assert.ElementsMatch(t, repos, []Repository{{URL: "http://foo"}}) } @@ -79,22 +79,22 @@ func TestSaveRepositoriesNoConfigMap(t *testing.T) { settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") err := settingsManager.SaveRepositories([]Repository{{URL: "http://foo"}}) - assert.NoError(t, err) + require.NoError(t, err) cm, err := kubeClient.CoreV1().ConfigMaps("default").Get(context.Background(), common.ArgoCDConfigMapName, metav1.GetOptions{}) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "- url: http://foo\n", cm.Data["repositories"]) } func TestSaveRepositoryCredentials(t *testing.T) { kubeClient, settingsManager := fixtures(nil) err := settingsManager.SaveRepositoryCredentials([]RepositoryCredentials{{URL: "http://foo"}}) - assert.NoError(t, err) + require.NoError(t, err) cm, err := kubeClient.CoreV1().ConfigMaps("default").Get(context.Background(), common.ArgoCDConfigMapName, metav1.GetOptions{}) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "- url: http://foo\n", cm.Data["repository.credentials"]) creds, err := settingsManager.GetRepositoryCredentials() - assert.NoError(t, err) + require.NoError(t, err) assert.ElementsMatch(t, creds, []RepositoryCredentials{{URL: "http://foo"}}) } @@ -103,7 +103,7 @@ func TestGetRepositoryCredentials(t *testing.T) { "repository.credentials": "\n - url: http://foo\n", }) filter, err := settingsManager.GetRepositoryCredentials() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, []RepositoryCredentials{{URL: "http://foo"}}, filter) } @@ -114,7 +114,7 @@ func TestGetResourceFilter(t *testing.T) { } _, settingsManager := fixtures(data) filter, err := settingsManager.GetResourcesFilter() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, &ResourcesFilter{ ResourceExclusions: []FilteredResource{{APIGroups: []string{"group1"}, Kinds: []string{"kind1"}, Clusters: []string{"cluster1"}}}, ResourceInclusions: []FilteredResource{{APIGroups: []string{"group2"}, Kinds: []string{"kind2"}, Clusters: []string{"cluster2"}}}, @@ -126,14 +126,14 @@ func TestInClusterServerAddressEnabled(t *testing.T) { "cluster.inClusterEnabled": "true", }) argoCDCM, err := settingsManager.getConfigMap() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "true", argoCDCM.Data[inClusterEnabledKey]) _, settingsManager = fixtures(map[string]string{ "cluster.inClusterEnabled": "false", }) argoCDCM, err = settingsManager.getConfigMap() - assert.NoError(t, err) + require.NoError(t, err) assert.NotEqual(t, "true", argoCDCM.Data[inClusterEnabledKey]) } @@ -165,7 +165,7 @@ func TestInClusterServerAddressEnabledByDefault(t *testing.T) { ) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") settings, err := settingsManager.GetSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, settings.InClusterEnabled) } @@ -174,14 +174,14 @@ func TestGetAppInstanceLabelKey(t *testing.T) { "application.instanceLabelKey": "testLabel", }) label, err := settingsManager.GetAppInstanceLabelKey() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "testLabel", label) } func TestGetServerRBACLogEnforceEnableKeyDefaultFalse(t *testing.T) { _, settingsManager := fixtures(nil) serverRBACLogEnforceEnable, err := settingsManager.GetServerRBACLogEnforceEnable() - assert.NoError(t, err) + require.NoError(t, err) assert.False(t, serverRBACLogEnforceEnable) } @@ -190,14 +190,14 @@ func TestGetIsIgnoreResourceUpdatesEnabled(t *testing.T) { "resource.ignoreResourceUpdatesEnabled": "true", }) ignoreResourceUpdatesEnabled, err := settingsManager.GetIsIgnoreResourceUpdatesEnabled() - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, ignoreResourceUpdatesEnabled) } func TestGetIsIgnoreResourceUpdatesEnabledDefaultFalse(t *testing.T) { _, settingsManager := fixtures(nil) ignoreResourceUpdatesEnabled, err := settingsManager.GetIsIgnoreResourceUpdatesEnabled() - assert.NoError(t, err) + require.NoError(t, err) assert.False(t, ignoreResourceUpdatesEnabled) } @@ -206,7 +206,7 @@ func TestGetServerRBACLogEnforceEnableKey(t *testing.T) { "server.rbac.log.enforce.enable": "true", }) serverRBACLogEnforceEnable, err := settingsManager.GetServerRBACLogEnforceEnable() - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, serverRBACLogEnforceEnable) } @@ -234,7 +234,7 @@ func TestGetResourceOverrides(t *testing.T) { - .webhooks[1].clientConfig.caBundle`, }) overrides, err := settingsManager.GetResourceOverrides() - assert.NoError(t, err) + require.NoError(t, err) webHookOverrides := overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"] assert.NotNil(t, webHookOverrides) @@ -261,7 +261,7 @@ func TestGetResourceOverrides(t *testing.T) { ignoreResourceStatusField: all`, }) overrides, err = settingsManager.GetResourceOverrides() - assert.NoError(t, err) + require.NoError(t, err) globalOverrides := overrides["*/*"] assert.NotNil(t, globalOverrides) @@ -281,7 +281,7 @@ func TestGetResourceOverrides(t *testing.T) { - .webhooks[0].clientConfig.caBundle`, }) overrides, err = settingsManager.GetResourceOverrides() - assert.NoError(t, err) + require.NoError(t, err) crdOverrides = overrides[crdGK] assert.NotNil(t, crdOverrides) @@ -296,7 +296,7 @@ func TestGetResourceOverrides(t *testing.T) { ignoreResourceStatusField: foobar`, }) overrides, err = settingsManager.GetResourceOverrides() - assert.NoError(t, err) + require.NoError(t, err) defaultOverrides := overrides[crdGK] assert.NotNil(t, defaultOverrides) @@ -309,7 +309,7 @@ func TestGetResourceOverrides(t *testing.T) { ignoreResourceStatusField: off`, }) overrides, err = settingsManager.GetResourceOverrides() - assert.NoError(t, err) + require.NoError(t, err) assert.Empty(t, overrides) } @@ -325,7 +325,7 @@ func TestGetResourceOverridesHealthWithWildcard(t *testing.T) { _, settingsManager := fixtures(data) overrides, err := settingsManager.GetResourceOverrides() - assert.NoError(t, err) + require.NoError(t, err) assert.Len(t, overrides, 2) assert.Equal(t, "foo", overrides["*.aws.crossplane.io/*"].HealthLua) }) @@ -336,7 +336,7 @@ func TestSettingsManager_GetResourceOverrides_with_empty_string(t *testing.T) { resourceCustomizationsKey: "", }) overrides, err := settingsManager.GetResourceOverrides() - assert.NoError(t, err) + require.NoError(t, err) assert.Len(t, overrides, 1) } @@ -368,7 +368,7 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) { _, settingsManager := fixtures(data) overrides, err := settingsManager.GetResourceOverrides() - assert.NoError(t, err) + require.NoError(t, err) assert.Len(t, overrides, 5) assert.Len(t, overrides[crdGK].IgnoreDifferences.JSONPointers, 2) assert.Len(t, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreDifferences.JSONPointers, 1) @@ -417,7 +417,7 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) { _, settingsManager := fixtures(mergemaps(data, newData)) overrides, err := settingsManager.GetResourceOverrides() - assert.NoError(t, err) + require.NoError(t, err) assert.Len(t, overrides, 9) assert.Len(t, overrides[crdGK].IgnoreDifferences.JSONPointers, 2) assert.Equal(t, "/status", overrides[crdGK].IgnoreDifferences.JSONPointers[0]) @@ -457,7 +457,7 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) { _, settingsManager := fixtures(mergemaps(data, newData)) overrides, err := settingsManager.GetResourceOverrides() - assert.NoError(t, err) + require.NoError(t, err) assert.Len(t, overrides, 5) assert.Len(t, overrides["*/*"].IgnoreDifferences.JSONPointers, 1) assert.Len(t, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreDifferences.JSONPointers, 1) @@ -475,7 +475,7 @@ func TestGetResourceOverrides_with_splitted_keys(t *testing.T) { _, settingsManager := fixtures(mergemaps(data, newData)) overrides, err := settingsManager.GetResourceOverrides() - assert.NoError(t, err) + require.NoError(t, err) assert.Len(t, overrides, 4) assert.Len(t, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"].IgnoreDifferences.JSONPointers, 1) assert.Equal(t, "foo\n", overrides["certmanager.k8s.io/Certificate"].HealthLua) @@ -514,7 +514,7 @@ func TestGetIgnoreResourceUpdatesOverrides(t *testing.T) { _, settingsManager := fixtures(testCustomizations) overrides, err := settingsManager.GetIgnoreResourceUpdatesOverrides() - assert.NoError(t, err) + require.NoError(t, err) // default overrides should always be present allOverrides := overrides[allGK] @@ -537,7 +537,7 @@ func TestGetIgnoreResourceUpdatesOverrides(t *testing.T) { ignoreDifferencesOnResourceUpdates: true`, })) overrides, err = settingsManager.GetIgnoreResourceUpdatesOverrides() - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, overrides["admissionregistration.k8s.io/MutatingWebhookConfiguration"]) assert.Equal(t, v1alpha1.ResourceOverride{ @@ -551,18 +551,18 @@ func TestGetIgnoreResourceUpdatesOverrides(t *testing.T) { func TestConvertToOverrideKey(t *testing.T) { key, err := convertToOverrideKey("cert-manager.io_Certificate") - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "cert-manager.io/Certificate", key) key, err = convertToOverrideKey("Certificate") - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "Certificate", key) _, err = convertToOverrideKey("") - assert.Error(t, err) + require.Error(t, err) _, err = convertToOverrideKey("_") - assert.NoError(t, err) + require.NoError(t, err) } func TestGetResourceCompareOptions(t *testing.T) { @@ -572,7 +572,7 @@ func TestGetResourceCompareOptions(t *testing.T) { "resource.compareoptions": "ignoreAggregatedRoles: true", }) compareOptions, err := settingsManager.GetResourceCompareOptions() - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, compareOptions.IgnoreAggregatedRoles) } @@ -582,7 +582,7 @@ func TestGetResourceCompareOptions(t *testing.T) { "resource.compareoptions": "ignoreAggregatedRoles: false", }) compareOptions, err := settingsManager.GetResourceCompareOptions() - assert.NoError(t, err) + require.NoError(t, err) assert.False(t, compareOptions.IgnoreAggregatedRoles) } @@ -592,7 +592,7 @@ func TestGetResourceCompareOptions(t *testing.T) { "resource.compareoptions": "ignoreDifferencesOnResourceUpdates: true", }) compareOptions, err := settingsManager.GetResourceCompareOptions() - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, compareOptions.IgnoreDifferencesOnResourceUpdates) } @@ -602,7 +602,7 @@ func TestGetResourceCompareOptions(t *testing.T) { "resource.compareoptions": "ignoreDifferencesOnResourceUpdates: false", }) compareOptions, err := settingsManager.GetResourceCompareOptions() - assert.NoError(t, err) + require.NoError(t, err) assert.False(t, compareOptions.IgnoreDifferencesOnResourceUpdates) } @@ -613,7 +613,7 @@ func TestGetResourceCompareOptions(t *testing.T) { }) compareOptions, err := settingsManager.GetResourceCompareOptions() defaultOptions := GetDefaultDiffOptions() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, defaultOptions.IgnoreAggregatedRoles, compareOptions.IgnoreAggregatedRoles) assert.Equal(t, defaultOptions.IgnoreDifferencesOnResourceUpdates, compareOptions.IgnoreDifferencesOnResourceUpdates) } @@ -623,7 +623,7 @@ func TestGetResourceCompareOptions(t *testing.T) { _, settingsManager := fixtures(map[string]string{}) compareOptions, err := settingsManager.GetResourceCompareOptions() defaultOptions := GetDefaultDiffOptions() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, defaultOptions.IgnoreAggregatedRoles, compareOptions.IgnoreAggregatedRoles) assert.Equal(t, defaultOptions.IgnoreDifferencesOnResourceUpdates, compareOptions.IgnoreDifferencesOnResourceUpdates) } @@ -635,7 +635,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) { settings, err := settingsManager.GetKustomizeSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.Empty(t, settings.BuildOptions) assert.Empty(t, settings.Versions) }) @@ -647,7 +647,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) { options, err := settingsManager.GetKustomizeSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "foo", options.BuildOptions) assert.Equal(t, []KustomizeVersion{{Name: "v3.2.1", Path: "somePath"}}, options.Versions) }) @@ -665,7 +665,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) { got, err := settingsManager.GetKustomizeSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "--global true", got.BuildOptions) want := &KustomizeSettings{ BuildOptions: "--global true", @@ -695,7 +695,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) { }) got, err := settingsManager.GetKustomizeSettings() - assert.ErrorContains(t, err, "found duplicate kustomize version: v3.2.1") + require.ErrorContains(t, err, "found duplicate kustomize version: v3.2.1") assert.Empty(t, got) }) @@ -705,7 +705,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) { }) got, err := settingsManager.GetKustomizeSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.Empty(t, got) }) } @@ -724,14 +724,12 @@ func TestKustomizeSettings_GetOptions(t *testing.T) { _, err := settings.GetOptions(v1alpha1.ApplicationSource{ Kustomize: &v1alpha1.ApplicationSourceKustomize{Version: "v4"}, }) - assert.Error(t, err) + require.Error(t, err) }) t.Run("DefaultBuildOptions", func(t *testing.T) { ver, err := settings.GetOptions(v1alpha1.ApplicationSource{}) - if !assert.NoError(t, err) { - return - } + require.NoError(t, err) assert.Equal(t, "", ver.BinaryPath) assert.Equal(t, "--opt1 val1", ver.BuildOptions) }) @@ -740,9 +738,7 @@ func TestKustomizeSettings_GetOptions(t *testing.T) { ver, err := settings.GetOptions(v1alpha1.ApplicationSource{ Kustomize: &v1alpha1.ApplicationSourceKustomize{Version: "v2"}, }) - if !assert.NoError(t, err) { - return - } + require.NoError(t, err) assert.Equal(t, "path_v2", ver.BinaryPath) assert.Equal(t, "", ver.BuildOptions) }) @@ -751,9 +747,7 @@ func TestKustomizeSettings_GetOptions(t *testing.T) { ver, err := settings.GetOptions(v1alpha1.ApplicationSource{ Kustomize: &v1alpha1.ApplicationSourceKustomize{Version: "v3"}, }) - if !assert.NoError(t, err) { - return - } + require.NoError(t, err) assert.Equal(t, "path_v3", ver.BinaryPath) assert.Equal(t, "--opt2 val2", ver.BuildOptions) }) @@ -764,7 +758,7 @@ func TestGetGoogleAnalytics(t *testing.T) { "ga.trackingid": "123", }) ga, err := settingsManager.GetGoogleAnalytics() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "123", ga.TrackingID) assert.True(t, ga.AnonymizeUsers) } @@ -773,7 +767,7 @@ func TestSettingsManager_GetHelp(t *testing.T) { t.Run("Default", func(t *testing.T) { _, settingsManager := fixtures(nil) h, err := settingsManager.GetHelp() - assert.NoError(t, err) + require.NoError(t, err) assert.Empty(t, h.ChatURL) assert.Empty(t, h.ChatText) }) @@ -783,7 +777,7 @@ func TestSettingsManager_GetHelp(t *testing.T) { "help.chatText": "bar", }) h, err := settingsManager.GetHelp() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "foo", h.ChatURL) assert.Equal(t, "bar", h.ChatText) }) @@ -792,7 +786,7 @@ func TestSettingsManager_GetHelp(t *testing.T) { "help.chatUrl": "foo", }) h, err := settingManager.GetHelp() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "foo", h.ChatURL) assert.Equal(t, "Chat now!", h.ChatText) }) @@ -801,7 +795,7 @@ func TestSettingsManager_GetHelp(t *testing.T) { "help.chatText": "bar", }) h, err := settingManager.GetHelp() - assert.NoError(t, err) + require.NoError(t, err) assert.Empty(t, h.ChatURL) assert.Empty(t, h.ChatText) }) @@ -812,7 +806,7 @@ func TestSettingsManager_GetHelp(t *testing.T) { "help.download.unsupported": "nowhere", }) h, err := settingsManager.GetHelp() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, map[string]string{"darwin-amd64": "amd64-path", "linux-s390x": "s390x-path"}, h.BinaryURLs) }) } @@ -845,7 +839,7 @@ func TestSettingsManager_GetSettings(t *testing.T) { ) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") s, err := settingsManager.GetSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, time.Hour*24, s.UserSessionDuration) }) t.Run("UserSessionDurationInvalidFormat", func(t *testing.T) { @@ -877,7 +871,7 @@ func TestSettingsManager_GetSettings(t *testing.T) { ) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") s, err := settingsManager.GetSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, time.Hour*24, s.UserSessionDuration) }) t.Run("UserSessionDurationProvided", func(t *testing.T) { @@ -909,7 +903,7 @@ func TestSettingsManager_GetSettings(t *testing.T) { ) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") s, err := settingsManager.GetSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, time.Hour*10, s.UserSessionDuration) }) } @@ -944,7 +938,7 @@ func TestGetOIDCConfig(t *testing.T) { ) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") settings, err := settingsManager.GetSettings() - assert.NoError(t, err) + require.NoError(t, err) oidcConfig := settings.OIDCConfig() assert.NotNil(t, oidcConfig) @@ -964,10 +958,10 @@ func TestRedirectURL(t *testing.T) { for given, expected := range cases { settings := ArgoCDSettings{URL: given} redirectURL, err := settings.RedirectURL() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, expected[0], redirectURL) dexRedirectURL, err := settings.DexRedirectURL() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, expected[1], dexRedirectURL) } } @@ -988,7 +982,7 @@ func Test_validateExternalURL(t *testing.T) { if tt.errMsg != "" { assert.EqualError(t, err, tt.errMsg) } else { - assert.NoError(t, err) + require.NoError(t, err) } }) } @@ -1024,7 +1018,7 @@ func TestGetOIDCSecretTrim(t *testing.T) { ) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") settings, err := settingsManager.GetSettings() - assert.NoError(t, err) + require.NoError(t, err) oidcConfig := settings.OIDCConfig() assert.NotNil(t, oidcConfig) @@ -1080,7 +1074,7 @@ func Test_GetTLSConfiguration(t *testing.T) { ) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") settings, err := settingsManager.GetSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, settings.CertificateIsExternal) assert.NotNil(t, settings.Certificate) assert.Contains(t, getCNFromCertificate(settings.Certificate), "localhost") @@ -1128,7 +1122,7 @@ func Test_GetTLSConfiguration(t *testing.T) { ) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") settings, err := settingsManager.GetSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.True(t, settings.CertificateIsExternal) assert.NotNil(t, settings.Certificate) assert.Contains(t, getCNFromCertificate(settings.Certificate), "localhost") @@ -1173,7 +1167,7 @@ func Test_GetTLSConfiguration(t *testing.T) { ) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") settings, err := settingsManager.GetSettings() - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "could not read from secret") assert.NotNil(t, settings) }) @@ -1209,7 +1203,7 @@ func Test_GetTLSConfiguration(t *testing.T) { ) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") settings, err := settingsManager.GetSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.False(t, settings.CertificateIsExternal) assert.NotNil(t, settings.Certificate) assert.Contains(t, getCNFromCertificate(settings.Certificate), "Argo CD E2E") @@ -1221,21 +1215,21 @@ func TestDownloadArgoCDBinaryUrls(t *testing.T) { "help.download.darwin-amd64": "some-url", }) argoCDCM, err := settingsManager.getConfigMap() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "some-url", argoCDCM.Data["help.download.darwin-amd64"]) _, settingsManager = fixtures(map[string]string{ "help.download.linux-s390x": "some-url", }) argoCDCM, err = settingsManager.getConfigMap() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "some-url", argoCDCM.Data["help.download.linux-s390x"]) _, settingsManager = fixtures(map[string]string{ "help.download.unsupported": "some-url", }) argoCDCM, err = settingsManager.getConfigMap() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "some-url", argoCDCM.Data["help.download.unsupported"]) } @@ -1289,7 +1283,7 @@ requestedIDTokenClaims: {"groups": {"essential": true}}`, settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") settings, err := settingsManager.GetSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, "mywebhooksecret", settings.WebhookGitHubSecret) oidcConfig := settings.OIDCConfig() @@ -1416,7 +1410,7 @@ func TestGetHelmSettings(t *testing.T) { settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") helmSettings, err := settingsManager.GetHelmSettings() - assert.NoError(t, err) + require.NoError(t, err) assert.ElementsMatch(t, tc.expected, helmSettings.ValuesFileSchemes) }) diff --git a/util/tls/tls_test.go b/util/tls/tls_test.go index b0038f1847abb..69f7f7f60ef7f 100644 --- a/util/tls/tls_test.go +++ b/util/tls/tls_test.go @@ -125,19 +125,19 @@ func TestGetTLSVersionByString(t *testing.T) { t.Run("Valid versions", func(t *testing.T) { for k, v := range tlsVersionByString { r, err := getTLSVersionByString(k) - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, v, r) } }) t.Run("Invalid versions", func(t *testing.T) { _, err := getTLSVersionByString("1.4") - assert.Error(t, err) + require.Error(t, err) }) t.Run("Empty versions", func(t *testing.T) { r, err := getTLSVersionByString("") - assert.NoError(t, err) + require.NoError(t, err) assert.Equal(t, uint16(0), r) }) } @@ -147,7 +147,7 @@ func TestGetTLSCipherSuitesByString(t *testing.T) { for _, s := range tls.CipherSuites() { t.Run(fmt.Sprintf("Test for valid suite %s", s.Name), func(t *testing.T) { ids, err := getTLSCipherSuitesByString(s.Name) - assert.NoError(t, err) + require.NoError(t, err) assert.Len(t, ids, 1) assert.Equal(t, s.ID, ids[0]) suites = append(suites, s.Name) @@ -156,14 +156,14 @@ func TestGetTLSCipherSuitesByString(t *testing.T) { t.Run("Test colon separated list", func(t *testing.T) { ids, err := getTLSCipherSuitesByString(strings.Join(suites, ":")) - assert.NoError(t, err) + require.NoError(t, err) assert.Len(t, ids, len(suites)) }) suites = append([]string{"invalid"}, suites...) t.Run("Test invalid values", func(t *testing.T) { _, err := getTLSCipherSuitesByString(strings.Join(suites, ":")) - assert.Error(t, err) + require.Error(t, err) }) } @@ -187,21 +187,21 @@ func TestGenerate(t *testing.T) { t.Run("Invalid: No hosts specified", func(t *testing.T) { opts := CertOptions{Hosts: []string{}, Organization: "Acme", ValidFrom: time.Now(), ValidFor: 10 * time.Hour} _, _, err := generate(opts) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "hosts not supplied") }) t.Run("Invalid: No organization specified", func(t *testing.T) { opts := CertOptions{Hosts: []string{"localhost"}, Organization: "", ValidFrom: time.Now(), ValidFor: 10 * time.Hour} _, _, err := generate(opts) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "organization not supplied") }) t.Run("Invalid: Unsupported curve specified", func(t *testing.T) { opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme", ECDSACurve: "Curve?", ValidFrom: time.Now(), ValidFor: 10 * time.Hour} _, _, err := generate(opts) - assert.Error(t, err) + require.Error(t, err) assert.Contains(t, err.Error(), "Unrecognized elliptic curve") }) @@ -209,17 +209,17 @@ func TestGenerate(t *testing.T) { t.Run(fmt.Sprintf("Create certificate with curve %s", curve), func(t *testing.T) { opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme", ECDSACurve: curve} _, _, err := generate(opts) - assert.NoError(t, err) + require.NoError(t, err) }) } t.Run("Create certificate with default options", func(t *testing.T) { opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme"} certBytes, privKey, err := generate(opts) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, privKey) cert, err := x509.ParseCertificate(certBytes) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, cert) assert.Len(t, cert.DNSNames, 1) assert.Equal(t, "localhost", cert.DNSNames[0]) @@ -230,10 +230,10 @@ func TestGenerate(t *testing.T) { t.Run("Create certificate with IP ", func(t *testing.T) { opts := CertOptions{Hosts: []string{"localhost", "127.0.0.1"}, Organization: "Acme"} certBytes, privKey, err := generate(opts) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, privKey) cert, err := x509.ParseCertificate(certBytes) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, cert) assert.Len(t, cert.DNSNames, 1) assert.Equal(t, "localhost", cert.DNSNames[0]) @@ -245,10 +245,10 @@ func TestGenerate(t *testing.T) { t.Run("Create certificate with specific validity timeframe", func(t *testing.T) { opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme", ValidFrom: time.Now().Add(1 * time.Hour)} certBytes, privKey, err := generate(opts) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, privKey) cert, err := x509.ParseCertificate(certBytes) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, cert) assert.GreaterOrEqual(t, (time.Now().Unix())+int64(1*time.Hour), cert.NotBefore.Unix()) }) @@ -258,10 +258,10 @@ func TestGenerate(t *testing.T) { validFrom, validFor := time.Now(), 365*24*time.Hour*time.Duration(year) opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme", ValidFrom: validFrom, ValidFor: validFor} certBytes, privKey, err := generate(opts) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, privKey) cert, err := x509.ParseCertificate(certBytes) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, cert) t.Logf("certificate expiration time %s", cert.NotAfter) assert.Equal(t, validFrom.Unix()+int64(validFor.Seconds()), cert.NotAfter.Unix()) @@ -273,7 +273,7 @@ func TestGeneratePEM(t *testing.T) { t.Run("Invalid - PEM creation failure", func(t *testing.T) { opts := CertOptions{Hosts: nil, Organization: "Acme"} cert, key, err := generatePEM(opts) - assert.Error(t, err) + require.Error(t, err) assert.Nil(t, cert) assert.Nil(t, key) }) @@ -281,7 +281,7 @@ func TestGeneratePEM(t *testing.T) { t.Run("Create PEM from certficate options", func(t *testing.T) { opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme"} cert, key, err := generatePEM(opts) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, cert) assert.NotNil(t, key) }) @@ -289,7 +289,7 @@ func TestGeneratePEM(t *testing.T) { t.Run("Create X509KeyPair", func(t *testing.T) { opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme"} cert, err := GenerateX509KeyPair(opts) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, cert) }) } @@ -297,7 +297,7 @@ func TestGeneratePEM(t *testing.T) { func TestGetTLSConfigCustomizer(t *testing.T) { t.Run("Valid TLS customization", func(t *testing.T) { cfunc, err := getTLSConfigCustomizer(DefaultTLSMinVersion, DefaultTLSMaxVersion, DefaultTLSCipherSuite) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, cfunc) config := tls.Config{} cfunc(&config) @@ -307,7 +307,7 @@ func TestGetTLSConfigCustomizer(t *testing.T) { t.Run("Valid TLS customization - No cipher customization for TLSv1.3 only with default ciphers", func(t *testing.T) { cfunc, err := getTLSConfigCustomizer("1.3", "1.3", DefaultTLSCipherSuite) - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, cfunc) config := tls.Config{} cfunc(&config) @@ -318,7 +318,7 @@ func TestGetTLSConfigCustomizer(t *testing.T) { t.Run("Valid TLS customization - No cipher customization for TLSv1.3 only with custom ciphers", func(t *testing.T) { cfunc, err := getTLSConfigCustomizer("1.3", "1.3", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256") - assert.NoError(t, err) + require.NoError(t, err) assert.NotNil(t, cfunc) config := tls.Config{} cfunc(&config) @@ -329,25 +329,25 @@ func TestGetTLSConfigCustomizer(t *testing.T) { t.Run("Invalid TLS customization - Min version higher than max version", func(t *testing.T) { cfunc, err := getTLSConfigCustomizer("1.3", "1.2", DefaultTLSCipherSuite) - assert.Error(t, err) + require.Error(t, err) assert.Nil(t, cfunc) }) t.Run("Invalid TLS customization - Invalid min version given", func(t *testing.T) { cfunc, err := getTLSConfigCustomizer("2.0", "1.2", DefaultTLSCipherSuite) - assert.Error(t, err) + require.Error(t, err) assert.Nil(t, cfunc) }) t.Run("Invalid TLS customization - Invalid max version given", func(t *testing.T) { cfunc, err := getTLSConfigCustomizer("1.2", "2.0", DefaultTLSCipherSuite) - assert.Error(t, err) + require.Error(t, err) assert.Nil(t, cfunc) }) t.Run("Invalid TLS customization - Unknown cipher suite given", func(t *testing.T) { cfunc, err := getTLSConfigCustomizer("1.3", "1.2", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:invalid") - assert.Error(t, err) + require.Error(t, err) assert.Nil(t, cfunc) }) } diff --git a/util/webhook/webhook_test.go b/util/webhook/webhook_test.go index b6beb0f979df8..2e00e599fce40 100644 --- a/util/webhook/webhook_test.go +++ b/util/webhook/webhook_test.go @@ -29,6 +29,7 @@ import ( "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -80,7 +81,7 @@ func TestGitHubCommitEvent(t *testing.T) { req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) req.Header.Set("X-GitHub-Event", "push") eventJSON, err := os.ReadFile("testdata/github-commit-event.json") - assert.NoError(t, err) + require.NoError(t, err) req.Body = io.NopCloser(bytes.NewReader(eventJSON)) w := httptest.NewRecorder() h.Handler(w, req) @@ -96,7 +97,7 @@ func TestAzureDevOpsCommitEvent(t *testing.T) { req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) req.Header.Set("X-Vss-Activityid", "abc") eventJSON, err := os.ReadFile("testdata/azuredevops-git-push-event.json") - assert.NoError(t, err) + require.NoError(t, err) req.Body = io.NopCloser(bytes.NewReader(eventJSON)) w := httptest.NewRecorder() h.Handler(w, req) @@ -151,7 +152,7 @@ func TestGitHubCommitEvent_MultiSource_Refresh(t *testing.T) { req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) req.Header.Set("X-GitHub-Event", "push") eventJSON, err := os.ReadFile("testdata/github-commit-event.json") - assert.NoError(t, err) + require.NoError(t, err) req.Body = io.NopCloser(bytes.NewReader(eventJSON)) w := httptest.NewRecorder() h.Handler(w, req) @@ -232,7 +233,7 @@ func TestGitHubCommitEvent_AppsInOtherNamespaces(t *testing.T) { req := httptest.NewRequest("POST", "/api/webhook", nil) req.Header.Set("X-GitHub-Event", "push") eventJSON, err := os.ReadFile("testdata/github-commit-event.json") - assert.NoError(t, err) + require.NoError(t, err) req.Body = io.NopCloser(bytes.NewReader(eventJSON)) w := httptest.NewRecorder() h.Handler(w, req) @@ -264,7 +265,7 @@ func TestGitHubTagEvent(t *testing.T) { req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) req.Header.Set("X-GitHub-Event", "push") eventJSON, err := os.ReadFile("testdata/github-tag-event.json") - assert.NoError(t, err) + require.NoError(t, err) req.Body = io.NopCloser(bytes.NewReader(eventJSON)) w := httptest.NewRecorder() h.Handler(w, req) @@ -280,7 +281,7 @@ func TestGitHubPingEvent(t *testing.T) { req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) req.Header.Set("X-GitHub-Event", "ping") eventJSON, err := os.ReadFile("testdata/github-ping-event.json") - assert.NoError(t, err) + require.NoError(t, err) req.Body = io.NopCloser(bytes.NewReader(eventJSON)) w := httptest.NewRecorder() h.Handler(w, req) @@ -296,7 +297,7 @@ func TestBitbucketServerRepositoryReferenceChangedEvent(t *testing.T) { req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) req.Header.Set("X-Event-Key", "repo:refs_changed") eventJSON, err := os.ReadFile("testdata/bitbucket-server-event.json") - assert.NoError(t, err) + require.NoError(t, err) req.Body = io.NopCloser(bytes.NewReader(eventJSON)) w := httptest.NewRecorder() h.Handler(w, req) @@ -328,7 +329,7 @@ func TestGogsPushEvent(t *testing.T) { req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) req.Header.Set("X-Gogs-Event", "push") eventJSON, err := os.ReadFile("testdata/gogs-event.json") - assert.NoError(t, err) + require.NoError(t, err) req.Body = io.NopCloser(bytes.NewReader(eventJSON)) w := httptest.NewRecorder() h.Handler(w, req) @@ -344,7 +345,7 @@ func TestGitLabPushEvent(t *testing.T) { req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) req.Header.Set("X-Gitlab-Event", "Push Hook") eventJSON, err := os.ReadFile("testdata/gitlab-event.json") - assert.NoError(t, err) + require.NoError(t, err) req.Body = io.NopCloser(bytes.NewReader(eventJSON)) w := httptest.NewRecorder() h.Handler(w, req) @@ -360,7 +361,7 @@ func TestGitLabSystemEvent(t *testing.T) { req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) req.Header.Set("X-Gitlab-Event", "System Hook") eventJSON, err := os.ReadFile("testdata/gitlab-event.json") - assert.NoError(t, err) + require.NoError(t, err) req.Body = io.NopCloser(bytes.NewReader(eventJSON)) w := httptest.NewRecorder() h.Handler(w, req) @@ -596,7 +597,7 @@ func Test_getWebUrlRegex(t *testing.T) { t.Run(testCopy.name, func(t *testing.T) { t.Parallel() regexp, err := getWebUrlRegex(testCopy.webURL) - assert.NoError(t, err) + require.NoError(t, err) if matches := regexp.MatchString(testCopy.repo); matches != testCopy.shouldMatch { t.Errorf("sourceRevisionHasChanged() = %v, want %v", matches, testCopy.shouldMatch) }