From 3bbba0b56b196816efb815176c9c772574c764d4 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Fri, 12 Sep 2025 10:30:10 -0500 Subject: [PATCH] tests no longer need sudo + separate out base command and top level command for jail --- Makefile | 4 ++-- cli/cli.go | 35 ++++++++++++++++++++++++----------- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index de4010b..85b2124 100644 --- a/Makefile +++ b/Makefile @@ -40,14 +40,14 @@ build-all: .PHONY: test test: @echo "Running tests..." - sudo go test -v -race ./... + go test -v -race ./... @echo "✓ All tests passed!" # Run tests with coverage (needs sudo for E2E tests) .PHONY: test-coverage test-coverage: @echo "Running tests with coverage..." - sudo go test -v -race -coverprofile=coverage.out ./... + go test -v -race -coverprofile=coverage.out ./... go tool cover -html=coverage.out -o coverage.html @echo "✓ Coverage report generated: coverage.html" diff --git a/cli/cli.go b/cli/cli.go index 88ee226..de39881 100644 --- a/cli/cli.go +++ b/cli/cli.go @@ -28,23 +28,36 @@ type Config struct { // NewCommand creates and returns the root serpent command func NewCommand() *serpent.Command { - var config Config - - return &serpent.Command{ - Use: "jail [flags] -- command [args...]", - Short: "Monitor and restrict HTTP/HTTPS requests from processes", - Long: `jail creates an isolated network environment for the target process, -intercepting all HTTP/HTTPS traffic through a transparent proxy that enforces -user-defined rules. - -Examples: + // To make the top level jail command, we just make some minor changes to the base command + cmd := BaseCommand() + cmd.Use = "jail [flags] -- command [args...]" // Add the flags and args pieces to usage. + + // Add example usage to the long description. This is different from usage as a subcommand because it + // may be called something different when used as a subcommand / there will be a leading binary (i.e. `coder jail` vs. `jail`). + cmd.Long += `Examples: # Allow only requests to github.com jail --allow "github.com" -- curl https://github.com # Monitor all requests to specific domains (allow only those) jail --allow "github.com/api/issues/*" --allow "GET,HEAD github.com" -- npm install - # Block everything by default (implicit)`, + # Block everything by default (implicit)` + + return cmd +} + +// Base command returns the jail serpent command without the information involved in making it the +// *top level* serpent command. We are creating this split to make it easier to integrate into the coder +// cli without introducing sources of drift. +func BaseCommand() *serpent.Command { + var config Config + + return &serpent.Command{ + Use: "jail -- command", + Short: "Monitor and restrict HTTP/HTTPS requests from processes", + Long: `creates an isolated network environment for the target process, +intercepting all HTTP/HTTPS traffic through a transparent proxy that enforces +user-defined rules.`, Options: serpent.OptionSet{ { Name: "allow",