Commit d21db0d
authored
fix(jfrog-oauth): fail when access_token is empty (#574)
## Summary
Fixes #72 - The `jfrog-oauth` module now fails with a clear error
message when the JFrog access token is empty, instead of silently
creating configurations with empty tokens.
## Changes
### 1. Added Precondition Validation (`main.tf`)
```hcl
lifecycle {
precondition {
condition = data.coder_external_auth.jfrog.access_token != ""
error_message = "JFrog access token is empty. Please authenticate with JFrog using external auth."
}
}
```
This ensures the module fails at **plan time** with a clear error when
users haven't authenticated via external auth.
### 2. Replaced `main.test.ts` with `jfrog-oauth.tftest.hcl`
**Why we removed the TypeScript tests:**
The TypeScript tests used `runTerraformApply()` which runs `terraform
apply` directly. This approach **cannot mock data sources** like
`coder_external_auth`. The Coder provider returns empty strings for
tokens by default when running outside a real Coder workspace.
With our new precondition, the TypeScript tests would always fail
because:
1. `terraform apply` runs → empty `access_token` from mock provider
2. Precondition check fails → "JFrog access token is empty"
3. Test fails before any assertions run
**The solution:** Terraform's native `.tftest.hcl` format supports
`override_data` blocks that can properly mock data sources:
```hcl
override_data {
target = data.coder_external_auth.jfrog
values = {
access_token = "valid-token-value" # or "" to test failure
}
}
```
### 3. Comprehensive Test Coverage
The new `jfrog-oauth.tftest.hcl` includes **12 tests** (up from 7):
| Test | What it validates |
|------|------------------|
| `test_required_vars` | Basic module works with required variables |
| `test_empty_access_token_fails` | **NEW:** Precondition rejects empty
tokens |
| `test_valid_access_token_succeeds` | Module works with valid token |
| `test_jfrog_url_validation` | **NEW:** URL must start with http(s)://
|
| `test_username_field_validation` | **NEW:** Must be "email" or
"username" |
| `test_with_npm_package_manager` | NPM config with scoped repos (script
content) |
| `test_configure_code_server` | **NEW:** IDE env vars created when
enabled |
| `test_go_proxy_env` | GOPROXY env value with multiple repos |
| `test_pypi_package_manager` | pip.conf with extra-index-url |
| `test_docker_package_manager` | register_docker commands for all repos
|
| `test_conda_package_manager` | .condarc channels configuration |
| `test_maven_package_manager` | settings.xml with servers and repos |
All package manager tests use `strcontains()` to verify the actual
script content matches expected configuration formats.
## Test Limitations (Acknowledged)
The tests verify **template rendering** but not **runtime execution**:
| ✅ What we test | ❌ What we don't test |
|----------------|----------------------|
| Configuration file formats | Script syntax errors at runtime |
| Variable interpolation | JFrog CLI compatibility |
| Precondition validation | Actual JFrog authentication |
| Script contains expected content | Commands execute successfully |
**Rationale:** The original TypeScript tests also only checked script
content (`toContain()`), not execution. Full execution testing would
require a mock JFrog server, which adds significant complexity for
limited benefit. The script is straightforward bash that configures
files and runs CLI commands.
## Testing
```bash
cd registry/coder/modules/jfrog-oauth
terraform test
# Success! 12 passed, 0 failed.
```
_Generated with [mux](https://github.com/coder/mux)_1 parent 392f6b1 commit d21db0d
File tree
4 files changed
+409
-191
lines changed- registry/coder/modules/jfrog-oauth
4 files changed
+409
-191
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
16 | 16 | | |
17 | 17 | | |
18 | 18 | | |
19 | | - | |
| 19 | + | |
20 | 20 | | |
21 | 21 | | |
22 | 22 | | |
| |||
57 | 57 | | |
58 | 58 | | |
59 | 59 | | |
60 | | - | |
| 60 | + | |
61 | 61 | | |
62 | 62 | | |
63 | 63 | | |
| |||
0 commit comments