Kyle Isom
fde66be9c1
- internal/config: TOML config with env overrides (MCR_ prefix), required field validation, same-filesystem check, defaults - internal/db: SQLite via modernc.org/sqlite, WAL mode, 2 migrations (core registry tables + policy/audit), foreign key cascades - internal/db: audit log write/list with filtering and pagination - deploy/examples/mcr.toml: annotated example configuration - .golangci.yaml: disable fieldalignment (readability over micro-opt) - checkpoint skill copied from mcias Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
280 lines
5.5 KiB
Go
280 lines
5.5 KiB
Go
package config
|
|
|
|
import (
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
)
|
|
|
|
const validTOML = `
|
|
[server]
|
|
listen_addr = ":8443"
|
|
tls_cert = "/srv/mcr/certs/cert.pem"
|
|
tls_key = "/srv/mcr/certs/key.pem"
|
|
|
|
[database]
|
|
path = "/srv/mcr/mcr.db"
|
|
|
|
[storage]
|
|
layers_path = "/srv/mcr/layers"
|
|
uploads_path = "/srv/mcr/uploads"
|
|
|
|
[mcias]
|
|
server_url = "https://mcias.metacircular.net:8443"
|
|
service_name = "mcr"
|
|
tags = ["env:restricted"]
|
|
|
|
[log]
|
|
level = "debug"
|
|
`
|
|
|
|
func writeConfig(t *testing.T, content string) string {
|
|
t.Helper()
|
|
dir := t.TempDir()
|
|
path := filepath.Join(dir, "mcr.toml")
|
|
if err := os.WriteFile(path, []byte(content), 0600); err != nil {
|
|
t.Fatalf("write config: %v", err)
|
|
}
|
|
return path
|
|
}
|
|
|
|
func TestLoadValidConfig(t *testing.T) {
|
|
path := writeConfig(t, validTOML)
|
|
cfg, err := Load(path)
|
|
if err != nil {
|
|
t.Fatalf("Load: %v", err)
|
|
}
|
|
|
|
if cfg.Server.ListenAddr != ":8443" {
|
|
t.Fatalf("listen_addr: got %q, want %q", cfg.Server.ListenAddr, ":8443")
|
|
}
|
|
if cfg.MCIAS.ServiceName != "mcr" {
|
|
t.Fatalf("service_name: got %q, want %q", cfg.MCIAS.ServiceName, "mcr")
|
|
}
|
|
if len(cfg.MCIAS.Tags) != 1 || cfg.MCIAS.Tags[0] != "env:restricted" {
|
|
t.Fatalf("tags: got %v, want [env:restricted]", cfg.MCIAS.Tags)
|
|
}
|
|
if cfg.Log.Level != "debug" {
|
|
t.Fatalf("log.level: got %q, want %q", cfg.Log.Level, "debug")
|
|
}
|
|
}
|
|
|
|
func TestLoadDefaults(t *testing.T) {
|
|
path := writeConfig(t, validTOML)
|
|
cfg, err := Load(path)
|
|
if err != nil {
|
|
t.Fatalf("Load: %v", err)
|
|
}
|
|
|
|
if cfg.Server.ReadTimeout.Seconds() != 30 {
|
|
t.Fatalf("read_timeout: got %v, want 30s", cfg.Server.ReadTimeout)
|
|
}
|
|
if cfg.Server.WriteTimeout != 0 {
|
|
t.Fatalf("write_timeout: got %v, want 0", cfg.Server.WriteTimeout)
|
|
}
|
|
if cfg.Server.IdleTimeout.Seconds() != 120 {
|
|
t.Fatalf("idle_timeout: got %v, want 120s", cfg.Server.IdleTimeout)
|
|
}
|
|
if cfg.Server.ShutdownTimeout.Seconds() != 60 {
|
|
t.Fatalf("shutdown_timeout: got %v, want 60s", cfg.Server.ShutdownTimeout)
|
|
}
|
|
}
|
|
|
|
func TestLoadUploadsPathDefault(t *testing.T) {
|
|
toml := `
|
|
[server]
|
|
listen_addr = ":8443"
|
|
tls_cert = "/srv/mcr/certs/cert.pem"
|
|
tls_key = "/srv/mcr/certs/key.pem"
|
|
|
|
[database]
|
|
path = "/srv/mcr/mcr.db"
|
|
|
|
[storage]
|
|
layers_path = "/srv/mcr/layers"
|
|
|
|
[mcias]
|
|
server_url = "https://mcias.metacircular.net:8443"
|
|
`
|
|
path := writeConfig(t, toml)
|
|
cfg, err := Load(path)
|
|
if err != nil {
|
|
t.Fatalf("Load: %v", err)
|
|
}
|
|
|
|
want := filepath.Join(filepath.Dir("/srv/mcr/layers"), "uploads")
|
|
if cfg.Storage.UploadsPath != want {
|
|
t.Fatalf("uploads_path: got %q, want %q", cfg.Storage.UploadsPath, want)
|
|
}
|
|
}
|
|
|
|
func TestLoadMissingRequiredFields(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
toml string
|
|
want string
|
|
}{
|
|
{
|
|
name: "missing listen_addr",
|
|
toml: `
|
|
[server]
|
|
tls_cert = "/c"
|
|
tls_key = "/k"
|
|
[database]
|
|
path = "/d"
|
|
[storage]
|
|
layers_path = "/l"
|
|
[mcias]
|
|
server_url = "https://m"
|
|
`,
|
|
want: "server.listen_addr",
|
|
},
|
|
{
|
|
name: "missing tls_cert",
|
|
toml: `
|
|
[server]
|
|
listen_addr = ":8443"
|
|
tls_key = "/k"
|
|
[database]
|
|
path = "/d"
|
|
[storage]
|
|
layers_path = "/l"
|
|
[mcias]
|
|
server_url = "https://m"
|
|
`,
|
|
want: "server.tls_cert",
|
|
},
|
|
{
|
|
name: "missing database.path",
|
|
toml: `
|
|
[server]
|
|
listen_addr = ":8443"
|
|
tls_cert = "/c"
|
|
tls_key = "/k"
|
|
[storage]
|
|
layers_path = "/l"
|
|
[mcias]
|
|
server_url = "https://m"
|
|
`,
|
|
want: "database.path",
|
|
},
|
|
{
|
|
name: "missing storage.layers_path",
|
|
toml: `
|
|
[server]
|
|
listen_addr = ":8443"
|
|
tls_cert = "/c"
|
|
tls_key = "/k"
|
|
[database]
|
|
path = "/d"
|
|
[mcias]
|
|
server_url = "https://m"
|
|
`,
|
|
want: "storage.layers_path",
|
|
},
|
|
{
|
|
name: "missing mcias.server_url",
|
|
toml: `
|
|
[server]
|
|
listen_addr = ":8443"
|
|
tls_cert = "/c"
|
|
tls_key = "/k"
|
|
[database]
|
|
path = "/d"
|
|
[storage]
|
|
layers_path = "/l"
|
|
`,
|
|
want: "mcias.server_url",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
path := writeConfig(t, tt.toml)
|
|
_, err := Load(path)
|
|
if err == nil {
|
|
t.Fatal("expected error, got nil")
|
|
}
|
|
if got := err.Error(); !contains(got, tt.want) {
|
|
t.Fatalf("error %q does not mention %q", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestEnvOverride(t *testing.T) {
|
|
path := writeConfig(t, validTOML)
|
|
|
|
t.Setenv("MCR_SERVER_LISTEN_ADDR", ":9999")
|
|
t.Setenv("MCR_LOG_LEVEL", "warn")
|
|
|
|
cfg, err := Load(path)
|
|
if err != nil {
|
|
t.Fatalf("Load: %v", err)
|
|
}
|
|
|
|
if cfg.Server.ListenAddr != ":9999" {
|
|
t.Fatalf("listen_addr: got %q, want %q", cfg.Server.ListenAddr, ":9999")
|
|
}
|
|
if cfg.Log.Level != "warn" {
|
|
t.Fatalf("log.level: got %q, want %q", cfg.Log.Level, "warn")
|
|
}
|
|
}
|
|
|
|
func TestEnvOverrideDuration(t *testing.T) {
|
|
path := writeConfig(t, validTOML)
|
|
|
|
t.Setenv("MCR_SERVER_READ_TIMEOUT", "5s")
|
|
|
|
cfg, err := Load(path)
|
|
if err != nil {
|
|
t.Fatalf("Load: %v", err)
|
|
}
|
|
|
|
if cfg.Server.ReadTimeout.Seconds() != 5 {
|
|
t.Fatalf("read_timeout: got %v, want 5s", cfg.Server.ReadTimeout)
|
|
}
|
|
}
|
|
|
|
func TestSameFilesystemCheck(t *testing.T) {
|
|
dir := t.TempDir()
|
|
layersPath := filepath.Join(dir, "layers")
|
|
uploadsPath := filepath.Join(dir, "uploads")
|
|
|
|
// Both under the same tmpdir → same filesystem.
|
|
toml := `
|
|
[server]
|
|
listen_addr = ":8443"
|
|
tls_cert = "/srv/mcr/certs/cert.pem"
|
|
tls_key = "/srv/mcr/certs/key.pem"
|
|
|
|
[database]
|
|
path = "/srv/mcr/mcr.db"
|
|
|
|
[storage]
|
|
layers_path = "` + layersPath + `"
|
|
uploads_path = "` + uploadsPath + `"
|
|
|
|
[mcias]
|
|
server_url = "https://mcias.metacircular.net:8443"
|
|
`
|
|
path := writeConfig(t, toml)
|
|
_, err := Load(path)
|
|
if err != nil {
|
|
t.Fatalf("expected same-filesystem check to pass: %v", err)
|
|
}
|
|
}
|
|
|
|
func contains(s, substr string) bool {
|
|
return len(s) >= len(substr) && searchString(s, substr)
|
|
}
|
|
|
|
func searchString(s, substr string) bool {
|
|
for i := 0; i <= len(s)-len(substr); i++ {
|
|
if s[i:i+len(substr)] == substr {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|