opal
opal copied to clipboard
permitio
fix test_repo_cloner_clone_remote_repo_ssh_url
Background
The test is checking that opal common can clone a private repo.
we sometimes need to clone a private repo when the policy code synced to opal is stored on a private git repo. the only way to authenticate to a private github repo is with SSH, and not with HTTPS.
cloning with HTTPS is done with a clone url like this: https://github.com/authorizon/fastapi_websocket_pubsub.git cloning with SSH is done with a clone url like this: [email protected]:authorizon/fastapi_websocket_pubsub.git
why the test is failing
when running in CI (github actions) if the repo is private or (currently) when running locally on a machine of a developer who does not have the private ssh key to this repo: https://github.com/authorizon/fastapi_websocket_pubsub
The test is failing on line: https://github.com/authorizon/opal/blob/380eed6812a5452935bb93f37f733690280550b2/opal_common/git/tests/repo_cloner_test.py#L111
in CI we do this, and although the clone is failing, the test expects to fail:
with pytest.raises(GitFailed):
# result =
RepoCloner(
repo_url=VALID_REPO_REMOTE_URL_SSH,
clone_path=target_path
).clone()
what we should do instead:
- open disposable private github repo
- create an ssh key pair with this command:
ssh-keygen -t rsa -b 4096 -m pem -C "<your email>"
creates to files (one with .pub ext which is the public key and one without ext which is the private key)
-
add the public key you creates as a deploy key on github (on the disposable repo settings)
-
the test needs to get the ssh key
RepoCloner(
repo_url=VALID_REPO_REMOTE_URL_SSH,
clone_path=target_path,
ssh_key=PRIVATE_SSH_KEY_FOR_TEST. <- can get from env var (default empty string)
).clone()
can test that works with
PRIVATE_SSH_KEY_FOR_TEST=
key contents should be the contents of the private ssh key file, but with newlines encoded as _
in ipython
x = """ <contents> """
x.replace('\n', '_')
