Skip to content

Commit 9927e48

Browse files
matifalimatifali
committed
fix(jfrog-oauth): fail when access_token is empty
Add a lifecycle precondition to the coder_script resource that validates the JFrog access token is not empty. This prevents the module from silently creating configurations with empty tokens when users haven't authenticated via external auth. Changes: - Add precondition check on data.coder_external_auth.jfrog.access_token - Replace main.test.ts with jfrog-oauth.tftest.hcl for proper data mocking - Add comprehensive tests for the new validation and existing functionality Fixes #72
1 parent 392f6b1 commit 9927e48

File tree

3 files changed

+198
-189
lines changed

3 files changed

+198
-189
lines changed

registry/coder/modules/jfrog-oauth/jfrog-oauth.tftest.hcl

Lines changed: 191 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,191 @@
1+
# Test for jfrog-oauth module
2+
3+
run "test_required_vars" {
4+
command = plan
5+
6+
variables {
7+
agent_id = "test-agent-id"
8+
jfrog_url = "https://example.jfrog.io"
9+
package_managers = {}
10+
}
11+
12+
# Mock external auth with valid access token for basic test
13+
override_data {
14+
target = data.coder_external_auth.jfrog
15+
values = {
16+
access_token = "valid-token-value"
17+
}
18+
}
19+
}
20+
21+
run "test_empty_access_token_fails" {
22+
command = plan
23+
24+
variables {
25+
agent_id = "test-agent-id"
26+
jfrog_url = "https://example.jfrog.io"
27+
package_managers = {}
28+
}
29+
30+
# Mock external auth with empty access token
31+
override_data {
32+
target = data.coder_external_auth.jfrog
33+
values = {
34+
access_token = ""
35+
}
36+
}
37+
38+
expect_failures = [
39+
resource.coder_script.jfrog
40+
]
41+
}
42+
43+
run "test_valid_access_token_succeeds" {
44+
command = plan
45+
46+
variables {
47+
agent_id = "test-agent-id"
48+
jfrog_url = "https://example.jfrog.io"
49+
package_managers = {}
50+
}
51+
52+
# Mock external auth with valid access token
53+
override_data {
54+
target = data.coder_external_auth.jfrog
55+
values = {
56+
access_token = "valid-token-value"
57+
}
58+
}
59+
60+
# Verify the script resource is created
61+
assert {
62+
condition = resource.coder_script.jfrog.agent_id == "test-agent-id"
63+
error_message = "coder_script agent_id should match the input variable"
64+
}
65+
66+
assert {
67+
condition = resource.coder_script.jfrog.display_name == "jfrog"
68+
error_message = "coder_script display_name should be 'jfrog'"
69+
}
70+
}
71+
72+
run "test_jfrog_url_validation" {
73+
command = plan
74+
75+
variables {
76+
agent_id = "test-agent-id"
77+
jfrog_url = "invalid-url"
78+
package_managers = {}
79+
}
80+
81+
override_data {
82+
target = data.coder_external_auth.jfrog
83+
values = {
84+
access_token = "valid-token-value"
85+
}
86+
}
87+
88+
expect_failures = [
89+
var.jfrog_url
90+
]
91+
}
92+
93+
run "test_username_field_validation" {
94+
command = plan
95+
96+
variables {
97+
agent_id = "test-agent-id"
98+
jfrog_url = "https://example.jfrog.io"
99+
username_field = "invalid"
100+
package_managers = {}
101+
}
102+
103+
override_data {
104+
target = data.coder_external_auth.jfrog
105+
values = {
106+
access_token = "valid-token-value"
107+
}
108+
}
109+
110+
expect_failures = [
111+
var.username_field
112+
]
113+
}
114+
115+
run "test_with_npm_package_manager" {
116+
command = plan
117+
118+
variables {
119+
agent_id = "test-agent-id"
120+
jfrog_url = "https://example.jfrog.io"
121+
package_managers = {
122+
npm = ["global-npm-repo"]
123+
}
124+
}
125+
126+
override_data {
127+
target = data.coder_external_auth.jfrog
128+
values = {
129+
access_token = "valid-token-value"
130+
}
131+
}
132+
133+
assert {
134+
condition = resource.coder_script.jfrog.run_on_start == true
135+
error_message = "coder_script should run on start"
136+
}
137+
}
138+
139+
run "test_configure_code_server" {
140+
command = plan
141+
142+
variables {
143+
agent_id = "test-agent-id"
144+
jfrog_url = "https://example.jfrog.io"
145+
configure_code_server = true
146+
package_managers = {}
147+
}
148+
149+
override_data {
150+
target = data.coder_external_auth.jfrog
151+
values = {
152+
access_token = "valid-token-value"
153+
}
154+
}
155+
156+
# When configure_code_server is true, env vars should be created
157+
assert {
158+
condition = length(resource.coder_env.jfrog_ide_url) == 1
159+
error_message = "coder_env.jfrog_ide_url should be created when configure_code_server is true"
160+
}
161+
162+
assert {
163+
condition = length(resource.coder_env.jfrog_ide_access_token) == 1
164+
error_message = "coder_env.jfrog_ide_access_token should be created when configure_code_server is true"
165+
}
166+
}
167+
168+
run "test_go_proxy_env" {
169+
command = plan
170+
171+
variables {
172+
agent_id = "test-agent-id"
173+
jfrog_url = "https://example.jfrog.io"
174+
package_managers = {
175+
go = ["go-repo"]
176+
}
177+
}
178+
179+
override_data {
180+
target = data.coder_external_auth.jfrog
181+
values = {
182+
access_token = "valid-token-value"
183+
}
184+
}
185+
186+
# When go package manager is configured, GOPROXY env should be set
187+
assert {
188+
condition = length(resource.coder_env.goproxy) == 1
189+
error_message = "coder_env.goproxy should be created when go package manager is configured"
190+
}
191+
}

registry/coder/modules/jfrog-oauth/main.test.ts

Lines changed: 0 additions & 189 deletions
This file was deleted.

registry/coder/modules/jfrog-oauth/main.tf

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -163,6 +163,13 @@ resource "coder_script" "jfrog" {
163163
}
164164
))
165165
run_on_start = true
166+
167+
lifecycle {
168+
precondition {
169+
condition = data.coder_external_auth.jfrog.access_token != ""
170+
error_message = "JFrog access token is empty. Please authenticate with JFrog using external auth."
171+
}
172+
}
166173
}
167174

168175
resource "coder_env" "jfrog_ide_url" {

0 commit comments

Comments
 (0)