Testing in Go: Clean Tests Using t.Cleanup

栏目: IT技术 · 发布时间: 4年前

内容简介:Go v1.14 ships with improvements across different aspects of the language. Two of them are brand newThe introduction of these methods will make it easier for our tests to clean up after themselves. This was always achievable through the careful composition

Go v1.14 ships with improvements across different aspects of the language. Two of them are brand new t.Cleanup , and b.Cleanup methods, added to the testing package.

The introduction of these methods will make it easier for our tests to clean up after themselves. This was always achievable through the careful composition of (sub)tests and helper functions, but since Go 1.14, the testing package will ship with one right way to do that.

Let's explore through a scenario, one very common in web development, how these methods work, and how to put them in use.

In this article, we will focus on the t.Cleanup function , but the points made here apply to the b.Cleanup function too.

Vulnerable Authentication

A web service that we own has an authentication middleware that uses HTTP Basic Authentication. The middleware takes the Authorization header values of an HTTP request using the BasicAuth helper method and authenticates the request. Depending on the authentication result, it will return an error response or let the request go through.

The AuthMiddleware authorization middleware:

type AuthMiddleware struct {
	db *gorm.DB
}

func (am *AuthMiddleware) Validate(username, password string) bool {
	var u User

	if err := am.db.Where("username = ? AND password = ?", username, password).First(&u).Error; err != nil {
		return false
	}

	return true
}

func (am *AuthMiddleware) Middleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if u, p, ok := r.BasicAuth(); ok && am.Validate(u, p) {
			next.ServeHTTP(w, r)
		} else {
			http.Error(w, "Forbidden", http.StatusForbidden)
		}
	})
}

The AuthMiddleware is a struct that has a db attribute of the type *gorm.DB , which, in fact, is a Gorm database connection pool. The Validate method of the middleware will check the validity of the authorization credentials sent by the client. (Yes, this is a very dumb and vulnerable service - stores plain text passwords in the database. No, you should never keep your customers’ passwords in plain text.)

To do that, it uses the Request.BasicAuth method that returns the username and password provided in the request's Authorization header. Then, we invoke the Validate method with u (the username) and p (the password) as arguments, that returns a bool .

When the request successfully authorized, the response of the endpoint will be returned. If the request does not supply proper HTTP Basic Authentication credentials, or the supplied credentials are invalid, it will return an HTTP 403 Forbidden error.

The simplistic server that builds the router and mounts the handler and the middleware:

func main() {
	db, err := gorm.Open("sqlite3", "./cleanups.db")
	if err != nil {
		log.Fatal(err)
	}
	defer db.Close()

	aum := &AuthMiddleware{db}
	r := mux.NewRouter()
	r.Use(aum.Middleware)
	r.HandleFunc("/foo", func(w http.ResponseWriter, r *http.Request) {
                io.WriteString(w, "6 x 9 = 42\n")
	})

	log.Fatal(http.ListenAndServe(":8888", r))
}

The main function opens a Gorm connection to an SQLite3 database, builds a mux router, and mounts a handler at the /foo URI. Then, it mounts the router on a server and starts listening on 127.0.0.1:8888 .

So, a sensible question would be, how can we test such a middleware? Since there is a database connection in play here, we have to make sure the database contains the actual username and password we want to send in the test.

Testing the Vulnerable Authentication

Given that the authorization middleware expects a database connection, testing it can be a messy exercise. To test it, we will have to open a database connection (to a test database) and then use it to initialize a test server that mounts the router. Then, we have to send requests to that same server and run our assertions on its response body and status.

Let's take a stab at it:

package main

import (
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
	"net/http/httptest"
	"os"
	"strings"
	"testing"

	"github.com/jinzhu/gorm"
)

func TestServer(t *testing.T) {
	db, err := gorm.Open("sqlite3", "./cleanups_test.db")
	if err != nil {
		t.Fatal(err)
	}
	defer db.Close()

	r := Router(db)

	tcs := []struct {
		name           string
		username       string
		password       string
		responseBody   string
		responseStatus int
	}{
		{
			name:           "with invalid username-password combo",
			username:       "jane",
			password:       "doe",
			responseBody:   "Forbidden",
			responseStatus: http.StatusForbidden,
		},
		{
			name:           "with valid username-password combo",
			username:       "jane",
			password:       "doe123",
			responseBody:   "6 x 9 = 42",
			responseStatus: http.StatusOK,
		},
	}

	ts := httptest.NewServer(r)
	defer ts.Close()
	client := ts.Client()

	req, err := http.NewRequest("GET", fmt.Sprintf("%s/foo", ts.URL), nil)
	if err != nil {
		t.Fatal(err)
	}

	for _, tc := range tcs {
		t.Run(tc.name, func(t *testing.T) {
			req.SetBasicAuth(tc.username, tc.password)

			res, err := client.Do(req)
			if err != nil {
				t.Fatal(err)
			}
			defer res.Body.Close()

			response, err := ioutil.ReadAll(res.Body)
			if err != nil {
				t.Errorf(err)
			}

			if res.StatusCode != tc.responseStatus {
				t.Errorf("Want '%d', got '%d'", tc.responseStatus, res.StatusCode)
			}

			if strings.TrimSpace(string(response)) != tc.responseBody {
				t.Errorf("Want '%s', got '%s'", tc.responseBody, string(response))
			}
		})
	}
}

We first open a database connection to a test database and pass the connection as an argument to the Router function. In the second highlighted block, we mount the returned router from the Router function on the test HTTP server. Also, we create a client for the server that we will use to send requests to the server.

We then build a new request for the server, and in the next highlighted block, we attach the username and the password of the test case to the request using the Request.SetBasicAuth method .

We send the request to the HTTP server using the client.Do method , and get a response back. We then parse the response and do our assertions on the status code of the response and the contents of the body.

If we ran this test, it would fail. Why? Although the test setup is correct, the test database is empty. When we send a request to the HTTP server, it will try to validate the credentials our test sends, and it will find an empty database:

$ go test ./... -v -count=1
=== RUN   TestServer
    TestServer: server_test.go:17: no such table: users

(/app/server_test.go:16)
[2020-02-16 17:29:26]  no such table: users
--- FAIL: TestServer (0.01s)
FAIL
FAIL	github.com/fteem/go-playground/testing-in-go-cleanup	0.015s
FAIL

This means our test is missing an initial seed of test data, where we create the users table and put some records in it so we can use them in the test.

Adding data and cleaning it up, the old way

The widely-approved approach to seeding the test database is to insert some records before running the test and then remove them once the test is done. The benefit being that the database will always be empty after the tests are done running, without the need to recreate the database and its tables every time we run the tests. Precisely what our failing tests need.

Achieving this in the most idiomatic way is by using a cleanup closure that is returned by the function that inserts the data. Usually, the returning cleanup function “pattern” looks like this:

func createUser(t *testing.T, db *gorm.DB) func() {
	user := User{Username: "jane", Password: "doe123"}
	if err := db.Create(&user).Error; err != nil {
		t.Fatal(err)
	}

	return func() {
		db.Delete(&user)
	}
}

func TestServer(t *testing.T) {
	db, err := gorm.Open("sqlite3", "./cleanups_test.db")
	if err != nil {
		t.Fatal(err)
	}
	defer db.Close()

	cleanup := createUser(t, db)
	defer cleanup()

	r := Router(db)

	tcs := []struct {
		name           string
		username       string
		password       string
		responseBody   string responseStatus int
	}{
		{
			name:           "with invalid username-password combo",
			username:       "jane",
			password:       "doe",
			responseBody:   "Forbidden",
			responseStatus: http.StatusForbidden,
		},
		{
			name:           "with valid username-password combo",
			username:       "jane",
			password:       "doe123",
			responseBody:   "6 x 9 = 42",
			responseStatus: http.StatusOK,
		},
	}

	ts := httptest.NewServer(r)
	defer ts.Close()
	client := ts.Client()

	req, err := http.NewRequest("GET", fmt.Sprintf("%s/foo", ts.URL), nil)
	if err != nil {
		t.Fatal(err)
	}

	for _, tc := range tcs {
		t.Run(tc.name, func(t *testing.T) {
			req.SetBasicAuth(tc.username, tc.password)

			res, err := client.Do(req)
			if err != nil {
				t.Fatal(err)
			}
			defer res.Body.Close()

			response, err := ioutil.ReadAll(res.Body)
			if err != nil {
				t.Error(err)
			}

			if res.StatusCode != tc.responseStatus {
				t.Errorf("Want '%d', got '%d'", tc.responseStatus, res.StatusCode)
			}

			if strings.TrimSpace(string(response)) != tc.responseBody {
				t.Errorf("Want '%s', got '%s'", tc.responseBody, string(response))
			}
		})
	}
}

The createUser function takes a database connection as an argument and uses it to insert a new User in the users table. After that, it will return a closure that, when invoked, will remove the added user.

The reason we pass the testing.T pointer to the createUser function is to be able to fail the test if the database cannot be opened for writing. We check the db.Error field on the Gorm database connection pool for any errors and invoke the t.Fatal function, if we hit any errors.

(You can read more about the behavior of t.Fatal in my article on the topic .)

In the test itself, we invoke createUser with the test database connection and the testing.T pointer. The return value of createUser is a function which we store in the cleanup variable. Then, we defer the invocation of cleanup to happen at the exit of the test function. Using cleanup , we can remove the data from the test database before exiting the tests.

While the approach above works and it's idiomatic Go, it has a few downsides worth mentioning:

  • It works fine for one test case, but if the test file has many tests that modify the state of the test database, they will get contaminated with cleanup-like functions.
  • Adding to the above point, imagine tests where we have to clean up other things, such as processes, files, or open sockets. That will lead to a substantial increase in cleanup-closures pollution.
  • It adds cognitive overhead when reading the code, which otherwise is a straightforward testing code
  • The definition of the cleanup function is buried in the createUser function, visually separated from the test function that uses/invokes it. A reader of the test file can experience difficulty navigating the functions and putting the pieces together

Because of these reasons, the Go authors decided to add a t.Cleanup function to the testing package. The change was merged on November 4, 2019 – right on time to get into the v1.14 release.

Let's explore how t.Cleanup can make our life easier.

Adding data and cleaning it up, using t.Cleanup

With the t.Cleanup , and b.Cleanup methods, we get better control to cleaning up after our tests. t.Cleanup registers a function to be called when the test and all its subtests complete. This means that even if our tests run as subtests, which is the case in our example, the cleanup will only happen after all the subtests are done.

Here's the reworked version of our tests:

func createUser(t *testing.T, db *gorm.DB) {
	user := User{Username: "jane", Password: "doe123"}
	if err := db.Create(&user).Error; err != nil {
		t.Fatal(err)
	}

	t.Cleanup(func() {
		db.Delete(&user)
	})
}

func TestServer(t *testing.T) {
	db, err := gorm.Open("sqlite3", "./cleanups_test.db")
	if err != nil {
		t.Fatal(err)
	}
	defer db.Close()

	createUser(t, db)

	r := Router(db)

    // Snipped for brewity...
}

While the code change is small, there is a substantial difference between the new and the old versions.

The most significant difference lies in the fact that the createUser function takes care of its clean up now. The invoker function ( TestServer ) does not need to worry about the cleanup of the data added in the database – we know that the createUser will remove the data. Most importantly, it will remove the data just in time – once all of the subtests are done.

Having t.Cleanup , and b.Cleanup in the standard library does not stop us from using the old way using composition and returning cleanup callbacks – it is still a valid way to clean up any state or files that our tests might create. But, using the new t.Cleanup & b.Cleanup functions things get a bit easier: there's now a way to do just that, and the standard library supports it.

And having the Go v1 compatibility promise in mind – it is here to stay.


以上所述就是小编给大家介绍的《Testing in Go: Clean Tests Using t.Cleanup》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Wireshark网络分析就这么简单

Wireshark网络分析就这么简单

林沛满 / 人民邮电出版社 / 2014-11-6 / 39.00

Wireshark可能是世界上最好的开源网络包分析器,能在多种平台上(比如Windows、Linux和Mac)抓取和分析网络包,在IT业界有着广泛的应用。 《Wireshark网络分析就这么简单》采用诙谐风趣的手法,由浅入深地用Wireshark分析了常见的网络协议,读者在学习Wireshark的同时,也会在不知不觉中理解这些协议。作者还通过身边发生的一些真实案例,分享了Wireshark的......一起来看看 《Wireshark网络分析就这么简单》 这本书的介绍吧!

随机密码生成器
随机密码生成器

多种字符组合密码

Base64 编码/解码
Base64 编码/解码

Base64 编码/解码

Markdown 在线编辑器
Markdown 在线编辑器

Markdown 在线编辑器