github.com/jaylevin/jenkins-library@v1.230.4/pkg/cnbutils/privacy/privacy_test.go (about) 1 package privacy_test 2 3 import ( 4 "testing" 5 6 "github.com/SAP/jenkins-library/pkg/cnbutils/privacy" 7 "github.com/stretchr/testify/assert" 8 "github.com/stretchr/testify/require" 9 ) 10 11 func TestCnbPrivacy_FilterBuildpacks(t *testing.T) { 12 t.Parallel() 13 14 t.Run("allows paketo", func(t *testing.T) { 15 aliases := []string{ 16 "paketobuildpacks/nodejs:v1", 17 "docker.io/paketobuildpacks/nodejs:v1", 18 "index.docker.io/paketobuildpacks/nodejs:v1", 19 "gcr.io/paketo-buildpacks/nodejs:v1", 20 } 21 22 filtered := privacy.FilterBuildpacks(aliases) 23 24 require.Len(t, filtered, len(aliases)) 25 for i := range filtered { 26 assert.Equal(t, aliases[i], filtered[i]) 27 } 28 }) 29 30 t.Run("allows heroku", func(t *testing.T) { 31 aliases := []string{ 32 "public.ecr.aws/heroku-buildpacks/heroku-jvm-buildpack@sha256:3a8ee9ebf88e47c5e30bc5712fb2794380aed75552499f92bd6773ec446421ef", 33 } 34 35 filtered := privacy.FilterBuildpacks(aliases) 36 37 require.Len(t, filtered, len(aliases)) 38 for i := range filtered { 39 assert.Equal(t, aliases[i], filtered[i]) 40 } 41 }) 42 43 t.Run("allows google buildpacks", func(t *testing.T) { 44 aliases := []string{ 45 "gcr.io/buildpacks/java:latest", 46 "gcr.io/buildpacks/java", 47 } 48 49 filtered := privacy.FilterBuildpacks(aliases) 50 51 require.Len(t, filtered, len(aliases)) 52 for i := range filtered { 53 assert.Equal(t, aliases[i], filtered[i]) 54 } 55 }) 56 57 t.Run("filters others", func(t *testing.T) { 58 images := []string{ 59 "test/nodejs:v1", 60 "my-mirror.de/paketobuildpacks/nodejs:v1", 61 "gcr.io/my-project/paketo-buildpacks/nodejs:v1", 62 } 63 64 filtered := privacy.FilterBuildpacks(images) 65 66 require.Len(t, filtered, len(images)) 67 for _, image := range filtered { 68 assert.Equal(t, "<redacted>", image) 69 } 70 }) 71 72 t.Run("fails gracefully on parse error", func(t *testing.T) { 73 images := []string{ 74 "test/nodejs v1 spaces are not allowed", 75 } 76 77 filtered := privacy.FilterBuildpacks(images) 78 79 require.Len(t, filtered, len(images)) 80 for _, image := range filtered { 81 assert.Equal(t, "<error>", image) 82 } 83 }) 84 85 } 86 87 func TestCnbPrivacy_FilterEnv(t *testing.T) { 88 t.Parallel() 89 90 t.Run("copies only allow listed keys", func(t *testing.T) { 91 env := map[string]interface{}{ 92 "PRIVATE": "paketobuildpacks/nodejs:v1", 93 "BP_NODE_VERSION": "8", 94 "BP_JVM_VERSION": "11", 95 } 96 97 filteredEnv := privacy.FilterEnv(env) 98 99 assert.Equal(t, map[string]interface{}{ 100 "BP_NODE_VERSION": "8", 101 "BP_JVM_VERSION": "11", 102 }, filteredEnv) 103 }) 104 105 t.Run("works on nil map", func(t *testing.T) { 106 var env map[string]interface{} = nil 107 108 filteredEnv := privacy.FilterEnv(env) 109 110 assert.Empty(t, filteredEnv) 111 }) 112 } 113 114 func TestCnbPrivacy_FilterBuilder(t *testing.T) { 115 t.Parallel() 116 117 t.Run("allows paketo", func(t *testing.T) { 118 builder := []string{ 119 "paketobuildpacks/builder:tiny", 120 "paketobuildpacks/builder:base", 121 "paketobuildpacks/builder:full", 122 } 123 124 for _, b := range builder { 125 filteredBuilder := privacy.FilterBuilder(b) 126 assert.Equal(t, b, filteredBuilder) 127 } 128 129 }) 130 131 t.Run("filters unknown builders", func(t *testing.T) { 132 builder := "notpaketobuildpacks/builder:base" 133 134 filteredBuilder := privacy.FilterBuilder(builder) 135 136 assert.Equal(t, "<redacted>", filteredBuilder) 137 }) 138 139 }