0f79bce948
Adds main_test.go for each of the 6 cmd binaries that lacked them
(storaged already had main_test.go; that's where the pattern came
from). Each test file focuses on the cmd-specific surface — route
mounts, body caps, decode/validation paths — without re-testing
internal package logic that's covered elsewhere.
cmd/catalogd/main_test.go — 6 funcs
TestRoutesMounted: chi.Walk asserts /catalog/{register,manifest/*,list}
TestHandleRegister_BodyTooLarge: 5 MiB body → 4xx
TestHandleRegister_MalformedJSON: 400
TestHandleRegister_EmptyName_400: ErrEmptyName surfaces as 400
TestHandleGetManifest_404 + TestHandleList_EmptyShape
cmd/embedd/main_test.go — 8 funcs
stubProvider implements embed.Provider deterministically
TestRoutesMounted, MalformedJSON_400, EmptyTextRejected_400 (per
scrum O-W3), UpstreamError_502 (provider error → 502, not 500),
HappyPath_ProviderEcho, BodyTooLarge (4xx range), TestItoa
(covers the no-strconv helper)
cmd/gateway/main_test.go — 4 funcs
TestMustParseUpstream_HappyPaths: 3 valid URLs
TestMustParseUpstream_FailureExits: re-execs the test binary in a
subprocess with env flag (standard pattern for testing os.Exit
callers); subprocess invokes mustParseUpstream("127.0.0.1:3211")
[missing scheme]; expects exit non-zero. Same pattern for garbage.
TestUpstreamConfigKeys_DocumentedShape: locks the 6 _url keys
cmd/ingestd/main_test.go — 7 funcs
Stubs both storaged and catalogd via httptest.Server so the cmd
layer can be exercised without bringing the full chain up.
TestHandleIngest_MissingNameQueryParam: 400 with "name" in body
TestHandleIngest_MalformedMultipart: 400
TestHandleIngest_MissingFormFile: 400 (valid multipart, wrong field)
TestHandleIngest_BodyTooLarge: 4xx
TestEscapeKeyPath: 6-case URL-escape table (apostrophe, space, etc.)
TestParquetKeyPath_Format: locks the datasets/<n>/<fp>.parquet shape
per scrum C-DRIFT (any rename breaks idempotent re-ingest)
cmd/queryd/main_test.go — 6 funcs
Tests pre-DB paths (decode, body cap, empty SQL); db.QueryContext
itself needs DuckDB so it's covered by GOLAKE-040 in the proof
harness, not unit tests. handlers.db = nil here is intentional.
TestHandleSQL_EmptySQL_400: 3 cases (empty, whitespace, mixed-WS)
TestMaxSQLBodyBytes_Reasonable: locks the 64 KiB constant in a
sane range so a refactor can't blow it open
TestPrimaryBucket_Constant: locks "primary" — secrets lookup uses
this; rename = silent secret-resolution failure at boot
cmd/vectord/main_test.go — 14 funcs
All 6 routes verified mounted. handlers.persist = nil = pure
in-memory mode; persistence is GOLAKE-070 in the proof harness.
Coverage of every error branch in handleCreate/Add/Search/Delete:
missing index → 404, dim mismatch → 400, empty items → 400,
empty id → 400, malformed JSON → 400, body too large → 4xx,
happy create → 201, happy list → 200.
One real finding caught during writing:
Body-cap rejection is sometimes 413 (typed MaxBytesError survives
unwrap) and sometimes 400 (decoder wraps it as a generic decode
error). Both are valid client-error contracts; the contract isn't
"exactly 413" but "fails loud as 4xx, never silent 200 or 5xx."
Tests assert 4xx range. The proof harness's
proof_assert_status_4xx already had this shape — just bringing
the unit tests in line with it.
Verified:
go test -count=1 -short ./cmd/... — all 7 packages green
just verify — vet + test + 9 smokes 35s
Closes audit risk R-005 (6/7 cmd/main.go untested). Combined with
the proof harness's wiring coverage, every cmd-level handler now
has both unit-test and integration-test coverage of the wiring
layer. R-005 → CLOSED.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
119 lines
3.3 KiB
Go
119 lines
3.3 KiB
Go
package main
|
|
|
|
import (
|
|
"bytes"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
)
|
|
|
|
// Closes R-005 for queryd: cmd-level tests for the /sql handler's
|
|
// pre-DB paths (decode, body cap, empty SQL). The actual SQL execution
|
|
// path needs DuckDB so it lives in the smoke chain + proof harness.
|
|
//
|
|
// We construct handlers with a nil *sql.DB — the tests only exercise
|
|
// paths that return early before db.QueryContext. Tests that would
|
|
// reach the db are covered by GOLAKE-040 in the proof harness.
|
|
|
|
func mountedRouter() chi.Router {
|
|
h := &handlers{db: nil}
|
|
r := chi.NewRouter()
|
|
h.register(r)
|
|
return r
|
|
}
|
|
|
|
func TestRoutesMounted(t *testing.T) {
|
|
r := mountedRouter()
|
|
found := false
|
|
chi.Walk(r, func(method, route string, _ http.Handler, _ ...func(http.Handler) http.Handler) error {
|
|
if method == "POST" && route == "/sql" {
|
|
found = true
|
|
}
|
|
return nil
|
|
})
|
|
if !found {
|
|
t.Error("POST /sql not mounted")
|
|
}
|
|
}
|
|
|
|
func TestHandleSQL_BodyTooLarge(t *testing.T) {
|
|
// 4xx range — see embedd's TestHandleEmbed_BodyTooLarge for the
|
|
// 413-vs-400 detail. The contract is "client error, fails loud."
|
|
r := mountedRouter()
|
|
srv := httptest.NewServer(r)
|
|
defer srv.Close()
|
|
|
|
big := bytes.Repeat([]byte("x"), maxSQLBodyBytes+1024)
|
|
resp, err := http.Post(srv.URL+"/sql", "application/json", bytes.NewReader(big))
|
|
if err != nil {
|
|
t.Fatalf("POST: %v", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
if resp.StatusCode < 400 || resp.StatusCode >= 500 {
|
|
t.Errorf("expected 4xx on oversize, got %d", resp.StatusCode)
|
|
}
|
|
}
|
|
|
|
func TestHandleSQL_MalformedJSON_400(t *testing.T) {
|
|
r := mountedRouter()
|
|
srv := httptest.NewServer(r)
|
|
defer srv.Close()
|
|
|
|
resp, err := http.Post(srv.URL+"/sql", "application/json", strings.NewReader("not json"))
|
|
if err != nil {
|
|
t.Fatalf("POST: %v", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
if resp.StatusCode != http.StatusBadRequest {
|
|
t.Errorf("expected 400 on malformed, got %d", resp.StatusCode)
|
|
}
|
|
}
|
|
|
|
func TestHandleSQL_EmptySQL_400(t *testing.T) {
|
|
r := mountedRouter()
|
|
srv := httptest.NewServer(r)
|
|
defer srv.Close()
|
|
|
|
cases := []string{
|
|
`{"sql":""}`,
|
|
`{"sql":" "}`,
|
|
`{"sql":"\n\t \n"}`,
|
|
}
|
|
for _, body := range cases {
|
|
t.Run(body, func(t *testing.T) {
|
|
resp, err := http.Post(srv.URL+"/sql", "application/json", strings.NewReader(body))
|
|
if err != nil {
|
|
t.Fatalf("POST: %v", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
if resp.StatusCode != http.StatusBadRequest {
|
|
t.Errorf("expected 400 on empty/whitespace SQL, got %d", resp.StatusCode)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestMaxSQLBodyBytes_Reasonable(t *testing.T) {
|
|
// SQL strings shouldn't be huge — 64 KiB is generous for queryd
|
|
// (DuckDB statements above 64 KiB are pathological). Locking the
|
|
// constant prevents an accidental refactor from blowing this open.
|
|
if maxSQLBodyBytes < 16<<10 {
|
|
t.Errorf("maxSQLBodyBytes=%d below sane SQL minimum (16 KiB)", maxSQLBodyBytes)
|
|
}
|
|
if maxSQLBodyBytes > 1<<20 {
|
|
t.Errorf("maxSQLBodyBytes=%d above sane SQL maximum (1 MiB)", maxSQLBodyBytes)
|
|
}
|
|
}
|
|
|
|
func TestPrimaryBucket_Constant(t *testing.T) {
|
|
// Locks the logical bucket name — secrets provider lookup keys
|
|
// against this. Refactor that flips this would silently fail
|
|
// secret resolution for queryd at startup.
|
|
if primaryBucket != "primary" {
|
|
t.Errorf("primaryBucket = %q, want %q", primaryBucket, "primary")
|
|
}
|
|
}
|