Tests for Restricting user to use yarn v4 (#2866)

Author: fluxxBot

.github/workflows/npmTests.yml

@@ -41,4 +41,6 @@ jobs:
           RTLIC: ${{ secrets.RTLIC }}
 
       - name: Run npm tests
+        env:
+          YARN_IGNORE_NODE: 1
         run: go test -v github.com/jfrog/jfrog-cli --timeout 0 --test.npm

go.mod

@@ -189,8 +189,8 @@ require (
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
 
-replace github.com/jfrog/jfrog-cli-artifactory => github.com/jfrog/jfrog-cli-artifactory v0.1.13-0.20250219071539-9bcf054e67db
+replace github.com/jfrog/jfrog-cli-artifactory => github.com/jfrog/jfrog-cli-artifactory v0.1.13-0.20250221101554-05889536ad05
 
-replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250221065317-8f044fe71fea
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250221100045-5b6a23a37852
 
 replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20250221062042-87cb5136765e

go.sum

@@ -185,10 +185,10 @@ github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s=
 github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4=
 github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
-github.com/jfrog/jfrog-cli-artifactory v0.1.13-0.20250219071539-9bcf054e67db h1:I9ywkE/lXJ/1S/0h2jjEWiqIKzWiJszE0VrjoGsorLk=
-github.com/jfrog/jfrog-cli-artifactory v0.1.13-0.20250219071539-9bcf054e67db/go.mod h1:EzlrSRtRoEipL+8axXHfgoUgXEoHZMVA6cElS2xK1w8=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250221065317-8f044fe71fea h1:ahP9eFJOw5K3AehHytj1H9nPGpswYfb3paTTwcBtwHg=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250221065317-8f044fe71fea/go.mod h1:VAVY5umw94aXf+yGzKCoEqijeUjIUNv+ikJUeQkd9tw=
+github.com/jfrog/jfrog-cli-artifactory v0.1.13-0.20250221101554-05889536ad05 h1:UV9W1ZImGWLks4+w+zg9hMtySvEIU+WxO73lsO6NIyY=
+github.com/jfrog/jfrog-cli-artifactory v0.1.13-0.20250221101554-05889536ad05/go.mod h1:223EqxDx7Ogrj7zJZkKAoFuQJStC5qtPXjwsf+r6d/A=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250221100045-5b6a23a37852 h1:tz6j/XO+BDoemr2LvQHN16ZHEG6dHT+79A+O+AvxXfk=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250221100045-5b6a23a37852/go.mod h1:VAVY5umw94aXf+yGzKCoEqijeUjIUNv+ikJUeQkd9tw=
 github.com/jfrog/jfrog-cli-platform-services v1.7.0 h1:u0AOyG4JX3VT7xhEeA9gDpBgW8tYILONpQURtzR3FkI=
 github.com/jfrog/jfrog-cli-platform-services v1.7.0/go.mod h1:u3lMRG7XC8MeUy/OPkHkZnsgCMIi0br4sjk2/W1Pm8I=
 github.com/jfrog/jfrog-cli-security v1.15.0 h1:TYNIID231X/AivYtptDCF25JyH8qTQht6ISHRfwejL8=

npm_test.go

@@ -6,6 +6,7 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/utils"
 	"github.com/jfrog/jfrog-client-go/http/httpclient"
 	"github.com/stretchr/testify/require"
+	"gopkg.in/yaml.v2"
 	"net/http"
 	"os"
 	"os/exec"
@@ -669,7 +670,7 @@ func TestYarn(t *testing.T) {
 	testDataTarget := filepath.Join(tempDirPath, tests.Out, "yarn")
 	assert.NoError(t, biutils.CopyDir(testDataSource, testDataTarget, true, nil))
 
-	yarnProjectPath := filepath.Join(testDataTarget, "yarnproject")
+	yarnProjectPath := filepath.Join(testDataTarget, "yarnprojectV2")
 	assert.NoError(t, createConfigFileForTest([]string{yarnProjectPath}, tests.NpmRemoteRepo, "", t, project.Yarn, false))
 
 	wd, err := os.Getwd()
@@ -714,6 +715,169 @@ func TestYarn(t *testing.T) {
 	inttestutils.DeleteBuild(serverDetails.ArtifactoryUrl, tests.YarnBuildName, artHttpDetails)
 }
 
+func TestYarnSetVersion(t *testing.T) {
+	initNpmTest(t)
+	defer cleanNpmTest(t)
+
+	// Temporarily change the cache folder to a temporary folder - to make sure the cache is clean and dependencies will be downloaded from Artifactory
+	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
+	defer createTempDirCallback()
+
+	testDataSource := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "yarn")
+	testDataTarget := filepath.Join(tempDirPath, tests.Out, "yarn")
+	assert.NoError(t, biutils.CopyDir(testDataSource, testDataTarget, true, nil))
+
+	yarnProjectPath := filepath.Join(testDataTarget, "yarnprojectV2")
+	assert.NoError(t, createConfigFileForTest([]string{yarnProjectPath}, tests.NpmRemoteRepo, "", t, project.Yarn, false))
+
+	wd, err := os.Getwd()
+	assert.NoError(t, err, "Failed to get current dir")
+	chdirCallback := clientTestUtils.ChangeDirWithCallback(t, wd, yarnProjectPath)
+	defer chdirCallback()
+	cleanUpYarnGlobalFolder := clientTestUtils.SetEnvWithCallbackAndAssert(t, "YARN_GLOBAL_FOLDER", tempDirPath)
+	defer cleanUpYarnGlobalFolder()
+
+	// Add "localhost" to http whitelist
+	yarnExecPath, err := exec.LookPath("yarn")
+	assert.NoError(t, err)
+	// Get original http white list config
+	origWhitelist, err := yarn.ConfigGet("unsafeHttpWhitelist", yarnExecPath, true)
+	assert.NoError(t, err)
+	assert.NoError(t, yarn.ConfigSet("unsafeHttpWhitelist", "[\"localhost\"]", yarnExecPath, true))
+	defer func() {
+		// Restore original whitelist config
+		assert.NoError(t, yarn.ConfigSet("unsafeHttpWhitelist", origWhitelist, yarnExecPath, true))
+	}()
+
+	jfrogCli := coretests.NewJfrogCli(execMain, "jfrog", "")
+	err = jfrogCli.Exec("yarn", "set", "version", "3.2.1")
+	assert.NoError(t, err)
+	modifyExistingYarnRc(t, "3.2.1")
+}
+
+func TestYarnUpgradeToV4(t *testing.T) {
+	initNpmTest(t)
+	defer cleanNpmTest(t)
+
+	// Temporarily change the cache folder to a temporary folder - to make sure the cache is clean and dependencies will be downloaded from Artifactory
+	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
+	defer createTempDirCallback()
+
+	testDataSource := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "yarn")
+	testDataTarget := filepath.Join(tempDirPath, tests.Out, "yarn")
+	assert.NoError(t, biutils.CopyDir(testDataSource, testDataTarget, true, nil))
+
+	yarnProjectPath := filepath.Join(testDataTarget, "yarnprojectV2")
+	assert.NoError(t, createConfigFileForTest([]string{yarnProjectPath}, tests.NpmRemoteRepo, "", t, project.Yarn, false))
+
+	wd, err := os.Getwd()
+	assert.NoError(t, err, "Failed to get current dir")
+	chdirCallback := clientTestUtils.ChangeDirWithCallback(t, wd, yarnProjectPath)
+	defer chdirCallback()
+	cleanUpYarnGlobalFolder := clientTestUtils.SetEnvWithCallbackAndAssert(t, "YARN_GLOBAL_FOLDER", tempDirPath)
+	defer cleanUpYarnGlobalFolder()
+
+	// Add "localhost" to http whitelist
+	yarnExecPath, err := exec.LookPath("yarn")
+	assert.NoError(t, err)
+	// Get original http white list config
+	origWhitelist, err := yarn.ConfigGet("unsafeHttpWhitelist", yarnExecPath, true)
+	assert.NoError(t, err)
+	assert.NoError(t, yarn.ConfigSet("unsafeHttpWhitelist", "[\"localhost\"]", yarnExecPath, true))
+	defer func() {
+		// Restore original whitelist config
+		assert.NoError(t, yarn.ConfigSet("unsafeHttpWhitelist", origWhitelist, yarnExecPath, true))
+	}()
+
+	jfrogCli := coretests.NewJfrogCli(execMain, "jfrog", "")
+	err = jfrogCli.Exec("yarn", "set", "version", "4.0.1")
+	assert.Error(t, err)
+}
+
+func TestYarnInV4(t *testing.T) {
+	initNpmTest(t)
+	defer cleanNpmTest(t)
+
+	// Temporarily change the cache folder to a temporary folder - to make sure the cache is clean and dependencies will be downloaded from Artifactory
+	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
+	defer createTempDirCallback()
+
+	testDataSource := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "yarn")
+	testDataTarget := filepath.Join(tempDirPath, tests.Out, "yarn")
+	assert.NoError(t, biutils.CopyDir(testDataSource, testDataTarget, true, nil))
+
+	wd, err := os.Getwd()
+	assert.NoError(t, err, "Failed to get current dir")
+
+	yarnProjectPath := filepath.Join(testDataTarget, "yarnprojectV4")
+	assert.NoError(t, createConfigFileForTest([]string{yarnProjectPath}, tests.NpmRemoteRepo, "", t, project.Yarn, false))
+	chdirCallback := clientTestUtils.ChangeDirWithCallback(t, wd, yarnProjectPath)
+	defer chdirCallback()
+	cleanUpYarnGlobalFolder := clientTestUtils.SetEnvWithCallbackAndAssert(t, "YARN_GLOBAL_FOLDER", tempDirPath)
+	defer cleanUpYarnGlobalFolder()
+
+	jfrogCli := coretests.NewJfrogCli(execMain, "jfrog", "")
+	err = jfrogCli.Exec("yarn", "install")
+	assert.Error(t, err)
+}
+
+func TestYarnChangeVersionInV4(t *testing.T) {
+	initNpmTest(t)
+	defer cleanNpmTest(t)
+
+	// Temporarily change the cache folder to a temporary folder - to make sure the cache is clean and dependencies will be downloaded from Artifactory
+	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
+	defer createTempDirCallback()
+
+	testDataSource := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "yarn")
+	testDataTarget := filepath.Join(tempDirPath, tests.Out, "yarn")
+	assert.NoError(t, biutils.CopyDir(testDataSource, testDataTarget, true, nil))
+
+	yarnProjectPath := filepath.Join(testDataTarget, "yarnprojectV4")
+	assert.NoError(t, createConfigFileForTest([]string{yarnProjectPath}, tests.NpmRemoteRepo, "", t, project.Yarn, false))
+
+	wd, err := os.Getwd()
+	assert.NoError(t, err, "Failed to get current dir")
+	chdirCallback := clientTestUtils.ChangeDirWithCallback(t, wd, yarnProjectPath)
+	defer chdirCallback()
+	cleanUpYarnGlobalFolder := clientTestUtils.SetEnvWithCallbackAndAssert(t, "YARN_GLOBAL_FOLDER", tempDirPath)
+	defer cleanUpYarnGlobalFolder()
+
+	// Add "localhost" to http whitelist
+	yarnExecPath, err := exec.LookPath("yarn")
+	assert.NoError(t, err)
+
+	yarnrcPath := ".yarnrc.yml"
+	data, err := os.ReadFile(yarnrcPath)
+	assert.NoError(t, err)
+	// Parse YAML
+	var config = make(map[string]any)
+	err = yaml.Unmarshal(data, &config)
+	if err != nil {
+		assert.NoError(t, err)
+	}
+	config["unsafeHttpWhitelist"] = []string{"localhost"}
+	updatedYamlData, err := yaml.Marshal(&config)
+	assert.NoError(t, err)
+	err = os.WriteFile(yarnrcPath, updatedYamlData, 0644)
+	assert.NoError(t, err)
+
+	assert.NoError(t, err)
+	defer func() {
+		// Restore original whitelist config
+		assert.NoError(t, yarn.ConfigSet("unsafeHttpWhitelist", "[]", yarnExecPath, true))
+	}()
+
+	jfrogCli := coretests.NewJfrogCli(execMain, "jfrog", "")
+
+	err = jfrogCli.Exec("yarn", "set", "version", "3.2.1")
+	assert.NoError(t, err)
+	modifyExistingYarnRc(t, "3.2.1")
+
+	err = jfrogCli.Exec("yarn", "--version")
+	assert.NoError(t, err)
+}
+
 // Checks if the expected dependencies match the actual dependencies. Only the dependencies' IDs and scopes (not more than one scope) are compared.
 func equalDependenciesSlices(t *testing.T, expectedDependencies []expectedDependency, actualDependencies []buildinfo.Dependency) {
 	assert.Equal(t, len(expectedDependencies), len(actualDependencies))
@@ -733,6 +897,16 @@ func equalDependenciesSlices(t *testing.T, expectedDependencies []expectedDepend
 	}
 }
 
+func modifyExistingYarnRc(t *testing.T, version string) {
+	yarnConfig := make(map[string]any)
+	yarnRcPath := ".yarnrc.yml"
+	yarnConfig["yarnPath"] = ".yarn/releases/yarn-" + version + ".cjs"
+	updatedYamlData, err := yaml.Marshal(&yarnConfig)
+	assert.NoError(t, err)
+	err = os.WriteFile(yarnRcPath, updatedYamlData, 0644)
+	assert.NoError(t, err)
+}
+
 func isNpm7(npmVersion *version.Version) bool {
 	return npmVersion.Compare("7.0.0") <= 0
 }