Add test to show that libgit2 fails with self signed test

Signed-off-by: Philip Laine <philip.laine@gmail.com>

controllers/gitrepository_controller_test.go

@@ -86,6 +86,8 @@ var _ = Describe("GitRepositoryReconciler", func() {
 			expectStatus   metav1.ConditionStatus
 			expectMessage  string
 			expectRevision string
+
+			v2 bool
 		}
 
 		DescribeTable("Git references tests", func(t refTestCase) {
@@ -262,5 +264,65 @@ var _ = Describe("GitRepositoryReconciler", func() {
 				expectMessage: "git commit 'invalid' not found: object not found",
 			}),
 		)
+
+		DescribeTable("Git self signed cert tests", func(t refTestCase) {
+			err = gitServer.StartHTTPTLS(examplePublicKey, examplePrivateKey, exampleCA, "example.com")
+			defer gitServer.StopHTTP()
+			Expect(err).NotTo(HaveOccurred())
+
+			u, err := url.Parse(gitServer.HTTPAddress())
+			Expect(err).NotTo(HaveOccurred())
+			u.Path = path.Join(u.Path, fmt.Sprintf("repository-%s.git", randStringRunes(5)))
+
+			key := types.NamespacedName{
+				Name:      fmt.Sprintf("git-ref-test-%s", randStringRunes(5)),
+				Namespace: namespace.Name,
+			}
+			created := &sourcev1.GitRepository{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      key.Name,
+					Namespace: key.Namespace,
+				},
+				Spec: sourcev1.GitRepositorySpec{
+					URL:                        u.String(),
+					Interval:                   metav1.Duration{Duration: indexInterval},
+					Reference:                  t.reference,
+					GitProtocolV2Compatibility: t.v2,
+				},
+			}
+			Expect(k8sClient.Create(context.Background(), created)).Should(Succeed())
+			defer k8sClient.Delete(context.Background(), created)
+
+			got := &sourcev1.GitRepository{}
+			var cond metav1.Condition
+			Eventually(func() bool {
+				_ = k8sClient.Get(context.Background(), key, got)
+				for _, c := range got.Status.Conditions {
+					if c.Reason == t.waitForReason {
+						cond = c
+						return true
+					}
+				}
+				return false
+			}, timeout, interval).Should(BeTrue())
+
+			Expect(cond.Status).To(Equal(t.expectStatus))
+			Expect(cond.Message).To(ContainSubstring(t.expectMessage))
+			Expect(got.Status.Artifact == nil).To(Equal(t.expectRevision == ""))
+		},
+			Entry("self signed v1", refTestCase{
+				reference:     &sourcev1.GitRepositoryRef{Branch: "main"},
+				waitForReason: sourcev1.GitOperationFailedReason,
+				expectStatus:  metav1.ConditionFalse,
+				expectMessage: "x509: certificate signed by unknown authority",
+			}),
+			Entry("self signed v2", refTestCase{
+				reference:     &sourcev1.GitRepositoryRef{Branch: "main"},
+				waitForReason: sourcev1.GitOperationFailedReason,
+				expectStatus:  metav1.ConditionFalse,
+				expectMessage: "error: user rejected certificate",
+				v2:            true,
+			}),
+		)
 	})
 })

go.mod

@@ -4,6 +4,8 @@ go 1.15
 
 replace github.com/fluxcd/source-controller/api => ./api
 
+replace github.com/fluxcd/pkg/gittestserver => github.com/fluxcd/pkg/gittestserver v0.0.3-0.20201202222244-96033b836a6a
+
 require (
 	github.com/Masterminds/semver/v3 v3.1.0
 	github.com/blang/semver/v4 v4.0.0

go.sum

@@ -224,8 +224,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
 github.com/fluxcd/pkg/apis/meta v0.3.0/go.mod h1:wOzQQx8CdtUQCGaLzqGu4QgnNxYkI6/wvdvlovxWhF0=
 github.com/fluxcd/pkg/apis/meta v0.4.0 h1:JChqB9GGgorW9HWKxirTVV0rzrcLyzBaVjinmqZ0iHA=
 github.com/fluxcd/pkg/apis/meta v0.4.0/go.mod h1:wOzQQx8CdtUQCGaLzqGu4QgnNxYkI6/wvdvlovxWhF0=
-github.com/fluxcd/pkg/gittestserver v0.0.2 h1:11aKRVuuHiyeaicdN4wPNSMy/dUarQkrPrg0uUgDcTw=
-github.com/fluxcd/pkg/gittestserver v0.0.2/go.mod h1:GW8N9d1o8/+mXWnSzs02qCB5WlArWQHdMpDPf7b/GZg=
+github.com/fluxcd/pkg/gittestserver v0.0.3-0.20201202222244-96033b836a6a h1:fmfbt5VrEPUb4X0UI14a0K2FWr0iv/NRUadk8X35byc=
+github.com/fluxcd/pkg/gittestserver v0.0.3-0.20201202222244-96033b836a6a/go.mod h1:HWZaoib03fQeSsauCAN2iAFdr6bnjKQ+CFxMFD2mwDY=
 github.com/fluxcd/pkg/helmtestserver v0.0.1 h1:8RcLZdg7Zr9ZqyijsIIASjjMXQtF4UWP4Uds4iK2VJM=
 github.com/fluxcd/pkg/helmtestserver v0.0.1/go.mod h1:GR8LriiU7PqZSTH4Xe6Cimpig2VVPB29PeUXJjNJYfA=
 github.com/fluxcd/pkg/lockedfile v0.0.5 h1:C3T8wfdff1UY1bvplmCkGOLrdMWJHO8Q8+tdlEXJYzQ=