TestCheckNoAuthsidecarBuild_Set verifies that deploying a plain build into a sandbox that expects sidecar isolation fails loudly at startup instead of silently leaking credentials through the env provider path.
(t *testing.T)
| 28 | // a sandbox that expects sidecar isolation fails loudly at startup instead |
| 29 | // of silently leaking credentials through the env provider path. |
| 30 | func TestCheckNoAuthsidecarBuild_Set(t *testing.T) { |
| 31 | var stderr bytes.Buffer |
| 32 | env := func(k string) string { |
| 33 | if k == envvars.CliAuthProxy { |
| 34 | return "http://127.0.0.1:16384" |
| 35 | } |
| 36 | return "" |
| 37 | } |
| 38 | code := checkNoAuthsidecarBuild(env, &stderr) |
| 39 | if code == 0 { |
| 40 | t.Fatal("expected non-zero exit code when AUTH_PROXY is set") |
| 41 | } |
| 42 | msg := stderr.String() |
| 43 | for _, want := range []string{ |
| 44 | envvars.CliAuthProxy, |
| 45 | "authsidecar", // build-tag name must appear so operators can act on it |
| 46 | "rebuild", |
| 47 | } { |
| 48 | if !strings.Contains(msg, want) { |
| 49 | t.Errorf("stderr message missing %q; got:\n%s", want, msg) |
| 50 | } |
| 51 | } |
| 52 | } |
nothing calls this directly
no test coverage detected