Files
dns-autoresolver/internal/service/service_test.go
T
vasyansk 879e9e14b1 fix(api): surface real provider error on apply/check instead of generic internal error
resolve (shared by Check/Apply) and Apply now wrap GetRecords/ApplyChanges
failures in service.ErrProviderUnavailable, matching ZoneRecords' existing
behavior. handleApply/handleCheck use errors.Is against it to return 502
with the real provider message (e.g. Selectel's 409 conflict body) instead
of masking every failure as a generic 500 "internal error"; non-provider
errors (decrypt/db/loader) are unaffected.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
2026-07-05 15:53:27 +07:00

249 lines
9.9 KiB
Go

package service
import (
"context"
"errors"
"testing"
"github.com/google/uuid"
"github.com/vasyakrg/dns-autoresolver/internal/crypto"
"github.com/vasyakrg/dns-autoresolver/internal/diff"
"github.com/vasyakrg/dns-autoresolver/internal/model"
"github.com/vasyakrg/dns-autoresolver/internal/provider"
"github.com/vasyakrg/dns-autoresolver/internal/provider/registry"
"github.com/vasyakrg/dns-autoresolver/internal/store/dto"
)
func testCipher(t *testing.T) *crypto.Cipher {
t.Helper()
key := make([]byte, 32)
c, err := crypto.NewCipher(key)
if err != nil {
t.Fatal(err)
}
return c
}
// fakeProvider records applied changesets and returns canned zone records.
type fakeProvider struct {
actual []model.Record
applied diff.Changeset
getErr error // when set, GetRecords fails with this error
applyErr error // when set, ApplyChanges fails with this error
}
func (fakeProvider) Name() string { return "selectel" }
func (fakeProvider) ListZones(context.Context, provider.Credentials) ([]provider.Zone, error) {
return nil, nil
}
func (f *fakeProvider) GetRecords(context.Context, provider.Credentials, string) ([]model.Record, error) {
if f.getErr != nil {
return nil, f.getErr
}
return f.actual, nil
}
func (f *fakeProvider) ApplyChanges(_ context.Context, _ provider.Credentials, _ string, cs diff.Changeset) error {
if f.applyErr != nil {
return f.applyErr
}
f.applied = cs
return nil
}
func (fakeProvider) Validate(context.Context, provider.Credentials) error { return nil }
type fakeLoader struct{ ref DomainRef }
func (l fakeLoader) LoadDomain(context.Context, uuid.UUID, uuid.UUID) (DomainRef, error) {
return l.ref, nil
}
// LoadZone mirrors LoadDomain's provider-access fields but — unlike
// LoadDomain — never errors on a missing template, matching the real
// store.LoadZone contract.
func (l fakeLoader) LoadZone(context.Context, uuid.UUID, uuid.UUID) (ZoneRef, error) {
return ZoneRef{ZoneID: l.ref.ZoneID, Provider: l.ref.Provider, SecretEnc: l.ref.SecretEnc}, nil
}
type nopRecorder struct{}
func (nopRecorder) SaveCheckRun(context.Context, uuid.UUID, diff.Changeset) error { return nil }
func setup(t *testing.T, actual []model.Record, tmpl dto.TemplateDoc) (*DomainService, *fakeProvider) {
fp := &fakeProvider{actual: actual}
reg := registry.New()
reg.Register(fp)
cipher := testCipher(t)
enc, _ := cipher.Encrypt([]byte("secret"))
loader := fakeLoader{ref: DomainRef{ZoneID: "z1", ZoneName: "example.com.", Provider: "selectel", SecretEnc: enc, Template: tmpl}}
return New(loader, nopRecorder{}, reg, cipher), fp
}
func TestCheckProducesDiff(t *testing.T) {
actual := []model.Record{{Type: model.A, Name: "a.example.com.", TTL: 300, Values: []string{"9.9.9.9"}}}
tmpl := dto.TemplateDoc{Records: []dto.RecordDTO{
{Type: "A", Name: "a.example.com.", TTL: 300, Values: []string{"1.1.1.1"}}, // update
}}
svc, _ := setup(t, actual, tmpl)
cs, err := svc.Check(context.Background(), uuid.New(), uuid.New())
if err != nil {
t.Fatal(err)
}
if len(cs.Updates()) != 1 || cs.Updates()[0].Kind != diff.Update {
t.Fatalf("expected 1 update, got %+v", cs.Updates())
}
}
// TestCheckMaterializesDomainNamePlaceholder covers the tmpl.Materialize
// wiring in resolve: a template record using {{domain_name}} in its name and
// values must be diffed against the zone using the actual zone name (without
// trailing dot) substituted in, so a template reused across domains reports
// in-sync rather than spurious add/delete pairs.
func TestCheckMaterializesDomainNamePlaceholder(t *testing.T) {
actual := []model.Record{
{Type: model.TXT, Name: "_dmarc.example.com.", TTL: 600, Values: []string{"v=DMARC1; p=quarantine"}},
}
tmpl := dto.TemplateDoc{Records: []dto.RecordDTO{
{Type: "TXT", Name: "_dmarc.{{domain_name}}.", TTL: 600, Values: []string{"v=DMARC1; p=quarantine"}},
}}
svc, _ := setup(t, actual, tmpl)
cs, err := svc.Check(context.Background(), uuid.New(), uuid.New())
if err != nil {
t.Fatal(err)
}
if len(cs.Updates()) != 0 || len(cs.Prunes()) != 0 {
t.Fatalf("expected placeholder materialized against zone name to be in sync, got updates=%+v prunes=%+v", cs.Updates(), cs.Prunes())
}
}
// TestZoneRecordsReadsProviderDirectly covers the no-template zone-viewing
// path: ZoneRecords must return the provider's live records with no diff
// and no template involved (loader's Template field is left zero-valued).
func TestZoneRecordsReadsProviderDirectly(t *testing.T) {
actual := []model.Record{
{Type: model.A, Name: "a.example.com.", TTL: 300, Values: []string{"1.1.1.1"}},
{Type: model.NS, Name: "example.com.", TTL: 3600, Values: []string{"ns1.example.com."}},
}
svc, _ := setup(t, actual, dto.TemplateDoc{})
recs, err := svc.ZoneRecords(context.Background(), uuid.New(), uuid.New())
if err != nil {
t.Fatal(err)
}
if len(recs) != 2 {
t.Fatalf("expected 2 records straight from the provider, got %+v", recs)
}
}
// TestApplySelectsByKeyAndOrdersPrunesBeforeUpdates covers the two goals of
// selective apply: (1) only diffs whose key is present in the request are
// applied, and (2) when both an update and a prune are selected, the prune
// (Delete) must land BEFORE the update in the applied Changeset — this is the
// regression guard for the provider rejecting an Add/Update whose name still
// conflicts with an existing record (e.g. a CNAME cannot be created while an
// A on the same name still exists).
func TestApplySelectsByKeyAndOrdersPrunesBeforeUpdates(t *testing.T) {
// zone: a needs updating (9.9.9.9 -> 1.1.1.1), b is an extra record not in
// the template (prune candidate).
actual := []model.Record{
{Type: model.A, Name: "a.example.com.", TTL: 300, Values: []string{"9.9.9.9"}},
{Type: model.A, Name: "b.example.com.", TTL: 300, Values: []string{"2.2.2.2"}},
}
tmpl := dto.TemplateDoc{Records: []dto.RecordDTO{
{Type: "A", Name: "a.example.com.", TTL: 300, Values: []string{"1.1.1.1"}}, // update
}}
const updKey = "A a.example.com."
const pruneKey = "A b.example.com."
// Only the prune selected -> only the delete is applied.
svc, fp := setup(t, actual, tmpl)
if _, err := svc.Apply(context.Background(), uuid.New(), uuid.New(), ApplyRequest{Prunes: []string{pruneKey}}); err != nil {
t.Fatal(err)
}
if len(fp.applied.Diffs) != 1 || fp.applied.Diffs[0].Kind != diff.Delete {
t.Fatalf("expected only the selected prune applied, got %+v", fp.applied.Diffs)
}
// Only the update selected -> only the update is applied.
svc2, fp2 := setup(t, actual, tmpl)
if _, err := svc2.Apply(context.Background(), uuid.New(), uuid.New(), ApplyRequest{Updates: []string{updKey}}); err != nil {
t.Fatal(err)
}
if len(fp2.applied.Diffs) != 1 || fp2.applied.Diffs[0].Kind != diff.Update {
t.Fatalf("expected only the selected update applied, got %+v", fp2.applied.Diffs)
}
// Nothing selected -> nothing applied.
svc3, fp3 := setup(t, actual, tmpl)
if _, err := svc3.Apply(context.Background(), uuid.New(), uuid.New(), ApplyRequest{}); err != nil {
t.Fatal(err)
}
if len(fp3.applied.Diffs) != 0 {
t.Fatalf("expected nothing applied when nothing is selected, got %+v", fp3.applied.Diffs)
}
// CRITICAL: both selected -> the prune (Delete) must be applied FIRST,
// the update SECOND. Regressing this order reintroduces the
// CNAME/A-conflict bug where the provider rejects the update because the
// stale conflicting record hasn't been deleted yet.
svc4, fp4 := setup(t, actual, tmpl)
if _, err := svc4.Apply(context.Background(), uuid.New(), uuid.New(), ApplyRequest{Updates: []string{updKey}, Prunes: []string{pruneKey}}); err != nil {
t.Fatal(err)
}
if len(fp4.applied.Diffs) != 2 {
t.Fatalf("expected both selected diffs applied, got %+v", fp4.applied.Diffs)
}
if fp4.applied.Diffs[0].Kind != diff.Delete {
t.Fatalf("expected prune (Delete) FIRST in applied order, got %+v", fp4.applied.Diffs)
}
if fp4.applied.Diffs[1].Kind != diff.Update {
t.Fatalf("expected update SECOND in applied order, got %+v", fp4.applied.Diffs)
}
}
// TestApplyWrapsProviderError covers the fix: a failure from the provider's
// ApplyChanges call (e.g. Selectel rejecting a change with a 409 conflict)
// must be wrapped in ErrProviderUnavailable so the API layer can tell it
// apart from a local resolution failure and surface the real provider
// message instead of a generic "internal error".
func TestApplyWrapsProviderError(t *testing.T) {
actual := []model.Record{{Type: model.A, Name: "a.example.com.", TTL: 300, Values: []string{"9.9.9.9"}}}
tmpl := dto.TemplateDoc{Records: []dto.RecordDTO{
{Type: "A", Name: "a.example.com.", TTL: 300, Values: []string{"1.1.1.1"}},
}}
svc, fp := setup(t, actual, tmpl)
fp.applyErr = errors.New("selectel POST /zones/z1/rrset: 409: conflicting CNAME record exists")
_, err := svc.Apply(context.Background(), uuid.New(), uuid.New(), ApplyRequest{Updates: []string{"A a.example.com."}})
if err == nil {
t.Fatal("expected error, got nil")
}
if !errors.Is(err, ErrProviderUnavailable) {
t.Fatalf("expected error to wrap ErrProviderUnavailable, got %v", err)
}
msg := ProviderMessage(err)
if msg != "selectel POST /zones/z1/rrset: 409: conflicting CNAME record exists" {
t.Fatalf("expected clean provider message, got %q", msg)
}
}
// TestResolveWrapsProviderError covers the resolve helper shared by Check and
// Apply: a GetRecords failure from the provider must also be wrapped in
// ErrProviderUnavailable, mirroring ZoneRecords' existing behavior.
func TestResolveWrapsProviderError(t *testing.T) {
svc, fp := setup(t, nil, dto.TemplateDoc{})
fp.getErr = errors.New("selectel GET /zones/z1/rrset: 503: upstream unavailable")
_, err := svc.Check(context.Background(), uuid.New(), uuid.New())
if err == nil {
t.Fatal("expected error, got nil")
}
if !errors.Is(err, ErrProviderUnavailable) {
t.Fatalf("expected error to wrap ErrProviderUnavailable, got %v", err)
}
msg := ProviderMessage(err)
if msg != "selectel GET /zones/z1/rrset: 503: upstream unavailable" {
t.Fatalf("expected clean provider message, got %q", msg)
}
}