fix(ci) Don't assert against env passed into spawn
#1473
Conversation
mrmicahcooper
changed the title
spawn
| @@ -59,18 +59,9 @@ describe('psql', () => { | |||
| }) | |||
|
|
|||
| it('runs psql', () => { | |||
| let cp = sandbox.mock(require('child_process')) | |||
There was a problem hiding this comment.
ensuring the we're passing the right env does seem valuable, and somebody may try to write a similar test in the future.
If we aren't worried about leaking postgres creds, maybe we could assert on a limited subset of env instead of abandoning it entirely?
// setup
const EXPECTED_ENV = Object.freeze({
PGAPPNAME: 'psql non-interactive'
PGSSLMODE: 'prefer',
PGUSER: 'jeff',
PGPASSWORD: 'pass',
PGDATABASE: 'mydb',
PGPORT: 5432,
PGHOST: 'localhost'
});
cp.mock('spawn').callsFake((commandName, args, opts) => {
expect(commandName).to.equal('psql');
expect(args).to.deep.equal(['-c', 'SELECT NOW();', '--set', 'sslmode=require']);
Object.entries(expectedEnv).forEach(([key, expectedValue]) => {
expect(opts.env[key]).to.equal(expectedValue);
});
expect(opts.encoding).to.equal('utf8');
expect(opts.stdio).to.deepEqual(['ignore, 'pipe', 'inherit']);
return {
/* redacted for brevity but everything from `.returns()` goes here */
stdout: {
}
}
}).once();then we would keep the cp.verify() as before
There was a problem hiding this comment.
I gave this a shot and the postgres creds are still hidden (I don't think they matter but still).
verify() doesn't work since that's a method on the mock but I was still able to safely keep the env assertions.
Thanks @fivetanley !
|
Overall, it's good to fix this test, but I wonder if we could avoid this for all tests in the future. If we had some kind of global spec helper that all the plugins could require before mocha starts, we could be paranoid about printing env variables in CI. We could override process.env before any tests runs to make sure that values are scrubbed: if (process.CI) {
let originalEnv = process.env;
const sanitizedEnv = Object.keys(originalEnv).reduce((memo, key) => {
memo[key] = `[[SCRUBBED IN CI]]`;
return memo;
}, {});
process.env = sanitizedEnv;
}We may want to allow a safelist of known safe keys that may need their actual value to be used and would be safe to print in the test. Not saying this PR should block on an implementation like this but I'm curious of any ways we could solve the problem in as many places as possible. |
mrmicahcooper
force-pushed
the
mc/hide-env-in-tests
branch
3 times, most recently
from
94f61bf
to
8f8063e
Compare
mrmicahcooper
force-pushed
the
mc/hide-env-in-tests
branch
from
8f8063e
to
f8dd088
Compare
When calling psql from a spawned process, we were strictly asserting that all args matched, including our own
process.env. So if a test failed, the failed assertion message would dump the env. This removes the assertion of the env and just tests that the proper flags were passed to thepsqlcommand.