Add example environment configuration and Docker Compose setup
CI / Go Tests (push) Failing after 9s
CI / Build (push) Successful in 9s
Format / gofmt (push) Successful in 7s
Release Artifacts / Validate release tag (push) Successful in 1s
Release Artifacts / Build and release executables (push) Failing after 8s
Release Artifacts / Build and release Docker image (push) Has been skipped
CI / Go Tests (push) Failing after 9s
CI / Build (push) Successful in 9s
Format / gofmt (push) Successful in 7s
Release Artifacts / Validate release tag (push) Successful in 1s
Release Artifacts / Build and release executables (push) Failing after 8s
Release Artifacts / Build and release Docker image (push) Has been skipped
- Introduced a new `.env.example` file to provide a template for environment variables used by the Scratchbox server. - Added a `docker-compose.example.yml` file to facilitate easy deployment of the Scratchbox service with Docker. - Updated `docker-entrypoint.sh` to enforce environment variable settings for server configuration. - Removed the generation of a config key file from the workflow, simplifying the configuration process. - Adjusted the README.md to reflect changes in configuration management and usage instructions.
This commit is contained in:
+147
-25
@@ -76,7 +76,6 @@ func TestLoadParsesConfiguredFields(t *testing.T) {
|
||||
tmp := t.TempDir()
|
||||
dataDir := filepath.Join(tmp, "store")
|
||||
configPath := filepath.Join(tmp, "config.yaml")
|
||||
keyPath := filepath.Join(tmp, "scratchbox.key")
|
||||
content := `
|
||||
server:
|
||||
listen_addr: "127.0.0.1:9090"
|
||||
@@ -98,7 +97,6 @@ limits:
|
||||
storage:
|
||||
data_dir: "` + dataDir + `"
|
||||
cleanup_interval: "45s"
|
||||
encryption_key_file: "` + filepath.Base(keyPath) + `"
|
||||
security:
|
||||
allowed_ips:
|
||||
- "127.0.0.1"
|
||||
@@ -122,9 +120,6 @@ security:
|
||||
if err := os.WriteFile(configPath, []byte(content), 0o644); err != nil {
|
||||
t.Fatalf("WriteFile() error = %v", err)
|
||||
}
|
||||
if err := os.WriteFile(keyPath, []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\n"), 0o600); err != nil {
|
||||
t.Fatalf("WriteFile(key) error = %v", err)
|
||||
}
|
||||
|
||||
cfg, err := Load(configPath)
|
||||
if err != nil {
|
||||
@@ -176,8 +171,8 @@ security:
|
||||
if len(cfg.Storage.EncryptionKeyBytes) != 32 {
|
||||
t.Fatalf("EncryptionKeyBytes length = %d, want 32", len(cfg.Storage.EncryptionKeyBytes))
|
||||
}
|
||||
if cfg.Storage.EncryptionKeyBytes[0] != 0 {
|
||||
t.Fatalf("EncryptionKeyBytes[0] = %d, want 0", cfg.Storage.EncryptionKeyBytes[0])
|
||||
if _, err := os.Stat(filepath.Join(dataDir, dataDirEncryptionKeyFilename)); err != nil {
|
||||
t.Fatalf("expected data-dir key file to exist: %v", err)
|
||||
}
|
||||
if !cfg.Security.TrustProxyHeaders {
|
||||
t.Fatalf("TrustProxyHeaders = false, want true")
|
||||
@@ -362,20 +357,6 @@ func TestValidateRejectsInvalidValues(t *testing.T) {
|
||||
},
|
||||
wantErr: "storage.cleanup_interval",
|
||||
},
|
||||
{
|
||||
name: "encryption key file required",
|
||||
mutate: func(cfg *Config) {
|
||||
cfg.Storage.EncryptionKeyFile = " "
|
||||
},
|
||||
wantErr: "storage.encryption_key_file is required",
|
||||
},
|
||||
{
|
||||
name: "encryption key bytes invalid length",
|
||||
mutate: func(cfg *Config) {
|
||||
cfg.Storage.EncryptionKeyBytes = []byte("short")
|
||||
},
|
||||
wantErr: "storage.encryption_key_file must decode to 32 bytes",
|
||||
},
|
||||
{
|
||||
name: "invalid ui rate limit rpm",
|
||||
mutate: func(cfg *Config) {
|
||||
@@ -447,20 +428,161 @@ storage:
|
||||
t.Fatalf("WriteFile(valid config) error = %v", err)
|
||||
}
|
||||
_, err = Load(validConfigPath)
|
||||
if err == nil || !strings.Contains(err.Error(), "read storage.encryption_key_file") {
|
||||
t.Fatalf("Load() error = %v, want missing key file error", err)
|
||||
if err != nil {
|
||||
t.Fatalf("Load() error = %v, want nil", err)
|
||||
}
|
||||
|
||||
keyPath := filepath.Join(tmp, "config.key")
|
||||
keyPath := filepath.Join(tmp, "store", dataDirEncryptionKeyFilename)
|
||||
if err := os.WriteFile(keyPath, []byte("not-base64"), 0o600); err != nil {
|
||||
t.Fatalf("WriteFile(invalid key) error = %v", err)
|
||||
}
|
||||
_, err = Load(validConfigPath)
|
||||
if err == nil || !strings.Contains(err.Error(), "storage.encryption_key_file invalid: invalid base64") {
|
||||
if err == nil || !strings.Contains(err.Error(), "storage encryption key setup failed") {
|
||||
t.Fatalf("Load() error = %v, want invalid key base64 error", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestLoadFailsWhenKeyMissingAndDataFilesExist(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tmp := t.TempDir()
|
||||
dataDir := filepath.Join(tmp, "store")
|
||||
scratchesDir := filepath.Join(dataDir, "scratches")
|
||||
if err := os.MkdirAll(scratchesDir, 0o755); err != nil {
|
||||
t.Fatalf("MkdirAll() error = %v", err)
|
||||
}
|
||||
if err := os.WriteFile(filepath.Join(scratchesDir, "existing-scratch"), []byte("payload"), 0o600); err != nil {
|
||||
t.Fatalf("WriteFile() error = %v", err)
|
||||
}
|
||||
|
||||
configPath := filepath.Join(tmp, "config.yaml")
|
||||
configRaw := `
|
||||
storage:
|
||||
data_dir: "` + dataDir + `"
|
||||
cleanup_interval: "10s"
|
||||
`
|
||||
if err := os.WriteFile(configPath, []byte(configRaw), 0o644); err != nil {
|
||||
t.Fatalf("WriteFile(config) error = %v", err)
|
||||
}
|
||||
|
||||
_, err := Load(configPath)
|
||||
if err == nil || !strings.Contains(err.Error(), "refusing to generate missing") {
|
||||
t.Fatalf("Load() error = %v, want missing-key safety error", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestLoadFromEnvParsesConfiguredFields(t *testing.T) {
|
||||
dataDir := filepath.Join(t.TempDir(), "store")
|
||||
|
||||
t.Setenv("SCRATCHBOX_SERVER_LISTEN_ADDR", "127.0.0.1:19090")
|
||||
t.Setenv("SCRATCHBOX_SERVER_READ_HEADER_TIMEOUT", "6s")
|
||||
t.Setenv("SCRATCHBOX_SERVER_READ_TIMEOUT", "20s")
|
||||
t.Setenv("SCRATCHBOX_SERVER_WRITE_TIMEOUT", "40s")
|
||||
t.Setenv("SCRATCHBOX_SERVER_IDLE_TIMEOUT", "80s")
|
||||
t.Setenv("SCRATCHBOX_SERVER_MAX_HEADER_BYTES", "2097152")
|
||||
t.Setenv("SCRATCHBOX_SERVER_ACCESS_LOG_ENABLED", "false")
|
||||
t.Setenv("SCRATCHBOX_SERVER_ACCESS_LOG_FILE_PATH", "/tmp/access.log")
|
||||
t.Setenv("SCRATCHBOX_SERVER_ACCESS_LOG_MAX_SIZE", "4MiB")
|
||||
t.Setenv("SCRATCHBOX_SERVER_ACCESS_LOG_MAX_BACKUPS", "8")
|
||||
|
||||
t.Setenv("SCRATCHBOX_LIMITS_MAX_UPLOAD_SIZE", "8MiB")
|
||||
t.Setenv("SCRATCHBOX_LIMITS_DEFAULT_TTL", "30m")
|
||||
t.Setenv("SCRATCHBOX_LIMITS_RAW_CACHE_MAX_SIZE", "64MiB")
|
||||
t.Setenv("SCRATCHBOX_LIMITS_RAW_CACHE_MAX_ENTRIES", "16")
|
||||
|
||||
t.Setenv("SCRATCHBOX_STORAGE_DATA_DIR", dataDir)
|
||||
t.Setenv("SCRATCHBOX_STORAGE_CLEANUP_INTERVAL", "15s")
|
||||
|
||||
t.Setenv("SCRATCHBOX_SECURITY_ALLOWED_IPS", "127.0.0.1,10.0.0.0/8")
|
||||
t.Setenv("SCRATCHBOX_SECURITY_TRUST_PROXY_HEADERS", "true")
|
||||
t.Setenv("SCRATCHBOX_SECURITY_TRUSTED_PROXY_IPS", "10.0.0.0/8")
|
||||
t.Setenv("SCRATCHBOX_SECURITY_RATE_LIMIT_UI_ENABLED", "true")
|
||||
t.Setenv("SCRATCHBOX_SECURITY_RATE_LIMIT_UI_REQUESTS_PER_MINUTE", "50")
|
||||
t.Setenv("SCRATCHBOX_SECURITY_RATE_LIMIT_UI_BURST", "20")
|
||||
t.Setenv("SCRATCHBOX_SECURITY_RATE_LIMIT_API_READ_ENABLED", "true")
|
||||
t.Setenv("SCRATCHBOX_SECURITY_RATE_LIMIT_API_READ_REQUESTS_PER_MINUTE", "60")
|
||||
t.Setenv("SCRATCHBOX_SECURITY_RATE_LIMIT_API_READ_BURST", "30")
|
||||
t.Setenv("SCRATCHBOX_SECURITY_RATE_LIMIT_API_WRITE_ENABLED", "true")
|
||||
t.Setenv("SCRATCHBOX_SECURITY_RATE_LIMIT_API_WRITE_REQUESTS_PER_MINUTE", "40")
|
||||
t.Setenv("SCRATCHBOX_SECURITY_RATE_LIMIT_API_WRITE_BURST", "12")
|
||||
|
||||
cfg, err := LoadFromEnv()
|
||||
if err != nil {
|
||||
t.Fatalf("LoadFromEnv() error = %v", err)
|
||||
}
|
||||
|
||||
if cfg.Server.ListenAddr != "127.0.0.1:19090" {
|
||||
t.Fatalf("ListenAddr = %q, want %q", cfg.Server.ListenAddr, "127.0.0.1:19090")
|
||||
}
|
||||
if cfg.Server.ReadHeaderTimeoutDur != 6*time.Second {
|
||||
t.Fatalf("ReadHeaderTimeoutDur = %s, want 6s", cfg.Server.ReadHeaderTimeoutDur)
|
||||
}
|
||||
if cfg.Server.ReadTimeoutDur != 20*time.Second {
|
||||
t.Fatalf("ReadTimeoutDur = %s, want 20s", cfg.Server.ReadTimeoutDur)
|
||||
}
|
||||
if cfg.Server.WriteTimeoutDur != 40*time.Second {
|
||||
t.Fatalf("WriteTimeoutDur = %s, want 40s", cfg.Server.WriteTimeoutDur)
|
||||
}
|
||||
if cfg.Server.IdleTimeoutDur != 80*time.Second {
|
||||
t.Fatalf("IdleTimeoutDur = %s, want 80s", cfg.Server.IdleTimeoutDur)
|
||||
}
|
||||
if cfg.Server.MaxHeaderBytes != 2*1024*1024 {
|
||||
t.Fatalf("MaxHeaderBytes = %d, want %d", cfg.Server.MaxHeaderBytes, 2*1024*1024)
|
||||
}
|
||||
if cfg.Server.AccessLog.Enabled {
|
||||
t.Fatalf("AccessLog.Enabled = %v, want false", cfg.Server.AccessLog.Enabled)
|
||||
}
|
||||
if cfg.Limits.MaxUploadSizeBytes != 8*1024*1024 {
|
||||
t.Fatalf("MaxUploadSizeBytes = %d, want %d", cfg.Limits.MaxUploadSizeBytes, int64(8*1024*1024))
|
||||
}
|
||||
if cfg.Limits.DefaultTTLDuration != 30*time.Minute {
|
||||
t.Fatalf("DefaultTTLDuration = %s, want 30m", cfg.Limits.DefaultTTLDuration)
|
||||
}
|
||||
if cfg.Limits.RawCacheMaxBytes != 64*1024*1024 {
|
||||
t.Fatalf("RawCacheMaxBytes = %d, want %d", cfg.Limits.RawCacheMaxBytes, int64(64*1024*1024))
|
||||
}
|
||||
if cfg.Limits.RawCacheMaxEntries != 16 {
|
||||
t.Fatalf("RawCacheMaxEntries = %d, want 16", cfg.Limits.RawCacheMaxEntries)
|
||||
}
|
||||
if cfg.Storage.DataDir != dataDir {
|
||||
t.Fatalf("DataDir = %q, want %q", cfg.Storage.DataDir, dataDir)
|
||||
}
|
||||
if cfg.Storage.CleanupIntervalParsed != 15*time.Second {
|
||||
t.Fatalf("CleanupIntervalParsed = %s, want 15s", cfg.Storage.CleanupIntervalParsed)
|
||||
}
|
||||
if len(cfg.Storage.EncryptionKeyBytes) != 32 {
|
||||
t.Fatalf("EncryptionKeyBytes length = %d, want 32", len(cfg.Storage.EncryptionKeyBytes))
|
||||
}
|
||||
if len(cfg.Security.AllowedPrefixes) != 2 {
|
||||
t.Fatalf("AllowedPrefixes len = %d, want 2", len(cfg.Security.AllowedPrefixes))
|
||||
}
|
||||
if len(cfg.Security.TrustedProxyPrefixes) != 1 {
|
||||
t.Fatalf("TrustedProxyPrefixes len = %d, want 1", len(cfg.Security.TrustedProxyPrefixes))
|
||||
}
|
||||
if !cfg.Security.TrustProxyHeaders {
|
||||
t.Fatalf("TrustProxyHeaders = false, want true")
|
||||
}
|
||||
if cfg.Security.RateLimitUI.RequestsPerMinute != 50 || cfg.Security.RateLimitUI.Burst != 20 {
|
||||
t.Fatalf("unexpected rate_limit_ui values: %+v", cfg.Security.RateLimitUI)
|
||||
}
|
||||
if cfg.Security.RateLimitAPIRead.RequestsPerMinute != 60 || cfg.Security.RateLimitAPIRead.Burst != 30 {
|
||||
t.Fatalf("unexpected rate_limit_api_read values: %+v", cfg.Security.RateLimitAPIRead)
|
||||
}
|
||||
if cfg.Security.RateLimitAPIWrite.RequestsPerMinute != 40 || cfg.Security.RateLimitAPIWrite.Burst != 12 {
|
||||
t.Fatalf("unexpected rate_limit_api_write values: %+v", cfg.Security.RateLimitAPIWrite)
|
||||
}
|
||||
}
|
||||
|
||||
func TestLoadFromEnvRejectsInvalidBool(t *testing.T) {
|
||||
t.Setenv("SCRATCHBOX_STORAGE_DATA_DIR", filepath.Join(t.TempDir(), "store"))
|
||||
t.Setenv("SCRATCHBOX_SERVER_ACCESS_LOG_ENABLED", "not-bool")
|
||||
|
||||
_, err := LoadFromEnv()
|
||||
if err == nil || !strings.Contains(err.Error(), "SCRATCHBOX_SERVER_ACCESS_LOG_ENABLED invalid bool") {
|
||||
t.Fatalf("LoadFromEnv() error = %v, want invalid bool env error", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseAllowedPrefixesTrimsAndParses(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user