helm-gitea/unittests/bash/tests/init-containers/config/config_environment.bats

#!/usr/bin/env bats

function setup() {
  PROJECT_ROOT="$(git rev-parse --show-toplevel)"
  TEST_ROOT="$PROJECT_ROOT/unittests/bash"
  load "$TEST_ROOT/test_helper/common-setup"
  common_setup

  export GITEA_APP_INI="$BATS_TEST_TMPDIR/app.ini"
  export TMP_EXISTING_ENVS_FILE="$BATS_TEST_TMPDIR/existing-envs"
  export ENV_TO_INI_MOUNT_POINT="$BATS_TEST_TMPDIR/env-to-ini-mounts"
  export GITEA_EDIT_INI_EXPECTED=0
  export PATH="$BATS_TEST_TMPDIR/bin:$PATH"

  mkdir -p "$BATS_TEST_TMPDIR/bin"
  cat >"$BATS_TEST_TMPDIR/bin/gitea" <<'EOF'
#!/usr/bin/env bash
set -euo pipefail

case "$*" in
  'generate secret INTERNAL_TOKEN')
    echo 'mocked-internal-token'
    ;;
  'generate secret SECRET_KEY')
    echo 'mocked-secret-key'
    ;;
  'generate secret JWT_SECRET')
    echo 'mocked-jwt-secret'
    ;;
  'generate secret LFS_JWT_SECRET')
    echo 'mocked-lfs-jwt-secret'
    ;;
  "config edit-ini --apply-env --config $GITEA_APP_INI --out $GITEA_APP_INI")
    if [ "$GITEA_EDIT_INI_EXPECTED" -eq 1 ]; then
      echo 'Stubbed gitea config edit-ini was called!'
      exit 0
    fi

    echo 'Unexpected gitea config edit-ini invocation' >&2
    exit 127
    ;;
  *)
    echo "Unexpected gitea invocation: $*" >&2
    exit 127
    ;;
esac
EOF
  chmod +x "$BATS_TEST_TMPDIR/bin/gitea"
}

function teardown() {
  :
}

function expect_gitea_config_edit_ini_call() {
  export GITEA_EDIT_INI_EXPECTED=1
}

function execute_test_script() {
  currentEnvsBefore=$(env | sort)
  source $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh
  local exitCode=$?
  currentEnvsAfter=$(env | sort)

  # diff as unified +/- output without context before/after
  diff --unified=0 <(echo "$currentEnvsBefore") <(echo "$currentEnvsAfter")

  exit $exitCode
}

function write_mounted_file() {
  # either "inlines" or "additionals"
  scope="${1}"
  file="${2}"
  content="${3}"

  mkdir -p "$ENV_TO_INI_MOUNT_POINT/$scope/..data/"
  echo "${content}" > "$ENV_TO_INI_MOUNT_POINT/$scope/..data/$file"
  ln -sf "$ENV_TO_INI_MOUNT_POINT/$scope/..data/$file" "$ENV_TO_INI_MOUNT_POINT/$scope/$file"
}

@test "works as expected when nothing is configured" {
  expect_gitea_config_edit_ini_call
  run $PROJECT_ROOT/scripts/init-containers/config/config_environment.sh

  assert_success
  assert_line '...Initial secrets generated'
  assert_line 'Reloading preset envs...'
  assert_line '=== All configuration sources loaded ==='
  assert_line 'Stubbed gitea config edit-ini was called!'
}

@test "exports initial secrets" {
  expect_gitea_config_edit_ini_call
  run execute_test_script

  assert_success
  assert_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret'
  assert_line '+GITEA__SECURITY__INTERNAL_TOKEN=mocked-internal-token'
  assert_line '+GITEA__SECURITY__SECRET_KEY=mocked-secret-key'
  assert_line '+GITEA__SERVER__LFS_JWT_SECRET=mocked-lfs-jwt-secret'
}

@test "does NOT export initial secrets when app.ini already exists" {
  expect_gitea_config_edit_ini_call
  touch $GITEA_APP_INI

  run execute_test_script

  assert_success
  assert_line --partial 'An app.ini file already exists.'
  refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret'
  refute_line '+GITEA__SECURITY__INTERNAL_TOKEN=mocked-internal-token'
  refute_line '+GITEA__SECURITY__SECRET_KEY=mocked-secret-key'
  refute_line '+GITEA__SERVER__LFS_JWT_SECRET=mocked-lfs-jwt-secret'
}

@test "ensures that preset environment variables take precedence over auto-generated ones" {
  expect_gitea_config_edit_ini_call
  export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret"

  run execute_test_script

  assert_success
  refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret'
}

@test "ensures that preset environment variables take precedence over mounted ones" {
  expect_gitea_config_edit_ini_call
  export GITEA__OAUTH2__JWT_SECRET="pre-defined-jwt-secret"
  write_mounted_file "inlines" "oauth2" "$(cat << EOF
JWT_SECRET=inline-jwt-secret
EOF
)"

  run execute_test_script

  assert_success
  refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret'
  refute_line '+GITEA__OAUTH2__JWT_SECRET=inline-jwt-secret'
}

@test "ensures that additionals take precedence over inlines" {
  expect_gitea_config_edit_ini_call
  write_mounted_file "inlines" "oauth2" "$(cat << EOF
JWT_SECRET=inline-jwt-secret
EOF
)"
  write_mounted_file "additionals" "oauth2" "$(cat << EOF
JWT_SECRET=additional-jwt-secret
EOF
)"

  run execute_test_script

  assert_success
  refute_line '+GITEA__OAUTH2__JWT_SECRET=mocked-jwt-secret'
  refute_line '+GITEA__OAUTH2__JWT_SECRET=inline-jwt-secret'
  assert_line '+GITEA__OAUTH2__JWT_SECRET=additional-jwt-secret'
}

@test "ensures that dotted/dashed sections are properly masked" {
  expect_gitea_config_edit_ini_call
  write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF
WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
EOF
)"

  run execute_test_script

  assert_success
  assert_line '+GITEA__REPOSITORY_0X2E_PULL_0X2D_REQUEST__WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]'
}

###############################################################
##### THIS IS A BUG, BUT I WANT IT TO BE COVERED BY TESTS #####
###############################################################
@test "ensures uppercase section and setting names (🐞)" {
  expect_gitea_config_edit_ini_call
  export GITEA__oauth2__JwT_Secret="pre-defined-jwt-secret"
  write_mounted_file "inlines" "repository.pull-request" "$(cat << EOF
WORK_IN_progress_PREFIXES=WIP:,[WIP]
EOF
)"

  run execute_test_script

  assert_success
  assert_line '+GITEA__REPOSITORY_0X2E_PULL_0X2D_REQUEST__WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]'
  assert_line '+GITEA__OAUTH2__JWT_SECRET=pre-defined-jwt-secret'
}

@test "treats top-level configuration as section-less" {
  expect_gitea_config_edit_ini_call
  write_mounted_file "inlines" "_generals_" "$(cat << EOF
APP_NAME=Hello top-level configuration
RUN_MODE=dev
EOF
)"

  run execute_test_script

  assert_success
  assert_line '+GITEA____APP_NAME=Hello top-level configuration'
  assert_line '+GITEA____RUN_MODE=dev'
}

@test "fails on invalid setting" {
  write_mounted_file "inlines" "_generals_" "$(cat << EOF
some random invalid string
EOF
)"

  run execute_test_script

  assert_failure
}

@test "treats empty setting name as invalid setting" {
  write_mounted_file "inlines" "_generals_" "$(cat << EOF
=value
EOF
)"

  run execute_test_script

  assert_failure
}