Opt out Https everywhere in packages.config restore scenarios in all NuGet tools #5356
Conversation
test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/RestoreCommandTests.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/RestoreCommandTests.cs
Show resolved
Hide resolved
test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/RestoreCommandTests.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/RestoreCommandTests.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Clients.Tests/NuGet.CommandLine.Test/NuGetInstallCommandTest.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/RestoreCommandTests.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Clients.Tests/NuGet.CommandLine.Test/NuGetInstallCommandTest.cs
Outdated
Show resolved
Hide resolved
| [Theory] | ||
| [InlineData("true")] | ||
| [InlineData("TRUE")] | ||
| public async Task UpdateCommand_WithHttpSourceAndTrueAllowInsecureConnections_NoWarns(string allowInsecureConnections) |
There was a problem hiding this comment.
This and the following test look mostly the same. In an effort to dedupe code, you could have one test that parameterizes this. Also consider this feedback elsewhere.
[Theory]
[InlineData("true", true])
[InlineData("TRUE", true])
[InlineData("false", false])
[InlineData("FALSE", false])
[InlineData("invalid", false])
...
public async Task UpdateCommand_WhenAllowInsecureConnectionsIsSet_WarnsAppropriately(string allowInsecureConnectionsValue, bool allowInsecureConnectionsValue)
{
...
const string warning = "You are running the 'update' operation with an 'http' source";
if (allowInsecureConnections)
{
r.AllOutput.Should().NotContain(warning, because: r.AllOutput);
}
else
{
r.AllOutput.Should().Contain(warning, because: r.AllOutput);
}
}There was a problem hiding this comment.
Thanks @dtivel ! There are also comments suggesting differently: #5343 (comment)
So I think people might have different preferences.
There was a problem hiding this comment.
I wouldn't view it as a difference in preferences. The spirit of the comment is to deduplicate code.
I showed one path to deduplication. Even with the other approach, which is also fine, you can still deduplicate code by extracting reusable code into helper methods.
There was a problem hiding this comment.
+1 to what @dtivel suggested.
There was a problem hiding this comment.
The point I was making in the comment you linked is that Setup had many branches, making it hard to understand the path to a test failure. I think the proposal here is to extract setup helper methods, which is OK to consider, and a different topic, really. I did this in my recent PR (eg, SetupUIServiceWithPackageSearchMetadata) which had MUCH more complicated Setup, .so it's hard to say it's needed in your PR.
Another viewpoint I don't see in this thread, but which has been expressed in my PR reviews, is that deduping a few lines of code isn't necessarily making it easier for the reader. There's a bit of an art to it.
I'd say spend just a little effort (<30 minutes?) to see if you can extract methods that saves more than 3-4 lines or so per test. Sometimes you need to return objects and pass them around, and end up with nearly the same setup code. Given, there are 1000+ lines of tests in this file with far more complicated duplicated code, we may want to separately come up with a guideline as a Team, then apply that decision to new tests, and refactor old tests.
There was a problem hiding this comment.
I agree that it would be good to have a guideline as a Team so we will have a consistent standard to follow.
Otherwise, we will have to keep addressing different comments and that is not efficient.
There are many existing tests have the same setup without deduplication: RestoreCommand_VerifyMinClientVersionV2SourceAsync and RestoreCommand_VerifyMinClientVersionV3SourceAsync
So it's not clear when shall we deduplicate code and when shall we keep duplicate code to make test easy to understand.
heng-liu
force-pushed
the
dev-hengliu-optoutHttpWarning-packagesConfigRestore
branch
from
f4b8f9f to
324c440
Compare
|
Thanks all for reviewing! |
| @@ -430,6 +430,7 @@ | |||
| <comment>{0} - package id</comment> | |||
| </data> | |||
| <data name="Warning_HttpServerUsage" xml:space="preserve"> | |||
| <value>You are running the '{0}' operation with an 'http' source, '{1}'. Support for 'http' sources will be removed in a future version.</value> | |||
| <value>You are running the '{0}' operation with an 'HTTP' source, '{1}'. Non-HTTPS access will be removed in a future version. Consider migrating to an 'HTTPS' source.</value> | |||
There was a problem hiding this comment.
I don't think this aligns to the new plan. You should check with @JonDouglas on what the message should be.
There was a problem hiding this comment.
Thanks @aortiz-msft ! There are 5 Warning_HttpServerUsage in our codebase: https://github.com/search?q=repo%3ANuGet%2FNuGet.Client%20name%3D%22Warning_HttpServerUsage%22&type=code
And only one of the 5 is different. That's why I made this change to make all of them the same.
Hi @JonDouglas , could you help advise if this change is needed? Thanks!
There was a problem hiding this comment.
@aortiz-msft could you point reviewers to what plan you're referring to?
There was a problem hiding this comment.
test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/RestoreCommandTests.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Clients.Tests/NuGet.CommandLine.Test/NuGetInstallCommandTest.cs
Outdated
Show resolved
Hide resolved
| [Theory] | ||
| [InlineData("true")] | ||
| [InlineData("TRUE")] | ||
| public async Task UpdateCommand_WithHttpSourceAndTrueAllowInsecureConnections_NoWarns(string allowInsecureConnections) |
There was a problem hiding this comment.
+1 to what @dtivel suggested.
| [InlineData("", true)] | ||
| [InlineData("true", false)] | ||
| [InlineData("TRUE", false)] | ||
| public async Task Restore_WithHttpSourceAndFalseAllowInsecureConnections_WarnsCorrectly(string allowInsecureConnections, bool hasHttpWarning) |
There was a problem hiding this comment.
Suggestion: isHttpWarningExpected?
| [InlineData("", true)] | ||
| [InlineData("true", false)] | ||
| [InlineData("TRUE", false)] | ||
| public async Task UpdateCommand_WithHttpSourceAndAllowInsecureConnections_WarnsCorrectly(string allowInsecureConnections, bool hasHttpWarning) |
| [InlineData("", true)] | ||
| [InlineData("true", false)] | ||
| [InlineData("TRUE", false)] | ||
| public async Task MsbuildRestore_PackagesConfigDependency_WithHttpSourceAndAllowInsecureConnections_WarnsCorrectly(string allowInsecureConnections, bool hasHttpWarning) |
heng-liu
changed the title
heng-liu
deleted the
dev-hengliu-optoutHttpWarning-packagesConfigRestore
branch
Bug
Fixes:NuGet/Home#12788
Regression? Last working version:
Description
When
allowInsecureConnectionsproperty inpackageSourcessection is set to true in NuGet.Config files, suppress warnings for HTTP sources in packages.config restore scenarios(including install and update) in all NuGet tools.The PRs enable the HTTP warnings in those scenarios are:
#4583
#4633
PR Checklist
PR has a meaningful title
PR has a linked issue.
Described changes
Tests
Documentation