Loading pkgs/by-name/ku/kubelogin/disable-nix-incompatible-test.patch 0 → 100644 +164 −0 Original line number Diff line number Diff line From 898fa9810041d5ecd7e9cd51408823742d01b51a Mon Sep 17 00:00:00 2001 From: Dean Eckert <dean.eckert@red-oak-consulting.com> Date: Fri, 7 Nov 2025 18:45:12 +0100 Subject: [PATCH] disabled TestSecureKeyStorage/GetSwPoPKeyPersistent_should_use_secure_storage_and_persist_keys, because it wont work in nix environments on darwin due to keychain access limitations Signed-off-by: Dean Eckert <dean.eckert@red-oak-consulting.com> --- pkg/internal/pop/cache/cache_test.go | 22 ++++++++++++++++++++++ pkg/internal/pop/poptoken_test.go | 5 +++++ 2 files changed, 27 insertions(+) diff --git a/pkg/internal/pop/cache/cache_test.go b/pkg/internal/pop/cache/cache_test.go index 521266a..0b00351 100644 --- a/pkg/internal/pop/cache/cache_test.go +++ b/pkg/internal/pop/cache/cache_test.go @@ -7,6 +7,7 @@ import ( "fmt" "os" "path/filepath" + "runtime" "testing" "time" @@ -17,6 +18,16 @@ import ( var ctx = context.Background() +func isDarwin() bool { + return runtime.GOOS == "darwin" +} + +func skipIfDarwin(t *testing.T) { + if isDarwin() { + t.Skip("skipping tests that require macOS keychain in nix build environment") + } +} + // mockMarshaler implements cache.Marshaler for testing type mockMarshaler struct { data []byte @@ -39,6 +50,7 @@ func (m *mockUnmarshaler) Unmarshal(data []byte) error { } func TestNewCache(t *testing.T) { + skipIfDarwin(t) tests := []struct { name string cacheDir string @@ -72,6 +84,7 @@ func TestNewCache(t *testing.T) { } func TestCache_ExportReplace(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() c, err := NewCache(tempDir) require.NoError(t, err) @@ -91,6 +104,7 @@ func TestCache_ExportReplace(t *testing.T) { } func TestCache_ExportReplaceEmpty(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() c, err := NewCache(tempDir) require.NoError(t, err) @@ -103,6 +117,7 @@ func TestCache_ExportReplaceEmpty(t *testing.T) { } func TestCache_ExportMarshalError(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() c, err := NewCache(tempDir) require.NoError(t, err) @@ -116,6 +131,7 @@ func TestCache_ExportMarshalError(t *testing.T) { } func TestCache_ReplaceUnmarshalError(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() c, err := NewCache(tempDir) require.NoError(t, err) @@ -136,6 +152,7 @@ func TestCache_ReplaceUnmarshalError(t *testing.T) { } func TestCache_Clear(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() c, err := NewCache(tempDir) require.NoError(t, err) @@ -158,6 +175,7 @@ func TestCache_Clear(t *testing.T) { } func TestCache_MultipleProcessSimulation(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() // Multiple kubelogin processes (simulated as goroutines) - each using the SAME cache directory (like real users would) @@ -227,6 +245,7 @@ func TestCache_MultipleProcessSimulation(t *testing.T) { } func TestCache_Isolation(t *testing.T) { + skipIfDarwin(t) // Test that different cache instances with different names are isolated tempDir := t.TempDir() @@ -291,6 +310,7 @@ func TestGetPoPCacheFilePath(t *testing.T) { } func TestNewSecureAccessor(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() cachePath := filepath.Join(tempDir, "test.cache") @@ -318,6 +338,7 @@ func TestNewSecureAccessor(t *testing.T) { } func TestStorageRoundTrip(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() uniqueName := uuid.NewString() cachePath := filepath.Join(tempDir, uniqueName) @@ -360,6 +381,7 @@ func TestStorageRoundTrip(t *testing.T) { } func TestStorageEmptyData(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() uniqueName := uuid.NewString() cachePath := filepath.Join(tempDir, uniqueName) diff --git a/pkg/internal/pop/poptoken_test.go b/pkg/internal/pop/poptoken_test.go index 9e40e5f..c444e51 100644 --- a/pkg/internal/pop/poptoken_test.go +++ b/pkg/internal/pop/poptoken_test.go @@ -5,6 +5,7 @@ import ( "crypto/rsa" "encoding/pem" "os" + "runtime" "strings" "testing" ) @@ -74,6 +75,9 @@ func TestSwPoPKey(t *testing.T) { } func TestSecureKeyStorage(t *testing.T) { + if runtime.GOOS == "darwin" { + t.Skip("skipping nix-incompatible test: GetSwPoPKeyPersistent should use secure storage and persist keys") + } // Create a temporary test directory testDir, err := os.MkdirTemp("", "kubelogin_secure_key_test") if err != nil { @@ -82,6 +86,7 @@ func TestSecureKeyStorage(t *testing.T) { defer os.RemoveAll(testDir) t.Run("GetSwPoPKeyPersistent should use secure storage and persist keys", func(t *testing.T) { + t.Skip("skipping nix-incompatible test: GetSwPoPKeyPersistent should use secure storage and persist keys") // Generate first key (should use secure storage) key1, err := GetSwPoPKeyPersistent(testDir) if err != nil { -- 2.51.0 pkgs/by-name/ku/kubelogin/package.nix +4 −0 Original line number Diff line number Diff line Loading @@ -19,6 +19,10 @@ buildGoModule rec { sha256 = "sha256-n9YkfK8QhGG4aGlU/SBtv59d05in1B8/mrsK4bDbjWo="; }; patches = [ ./disable-nix-incompatible-test.patch ]; vendorHash = "sha256-0tZ96t2Yeghe8xvEL9vjBS/gEUUIhyy61olqOlLD6q8="; ldflags = [ Loading Loading
pkgs/by-name/ku/kubelogin/disable-nix-incompatible-test.patch 0 → 100644 +164 −0 Original line number Diff line number Diff line From 898fa9810041d5ecd7e9cd51408823742d01b51a Mon Sep 17 00:00:00 2001 From: Dean Eckert <dean.eckert@red-oak-consulting.com> Date: Fri, 7 Nov 2025 18:45:12 +0100 Subject: [PATCH] disabled TestSecureKeyStorage/GetSwPoPKeyPersistent_should_use_secure_storage_and_persist_keys, because it wont work in nix environments on darwin due to keychain access limitations Signed-off-by: Dean Eckert <dean.eckert@red-oak-consulting.com> --- pkg/internal/pop/cache/cache_test.go | 22 ++++++++++++++++++++++ pkg/internal/pop/poptoken_test.go | 5 +++++ 2 files changed, 27 insertions(+) diff --git a/pkg/internal/pop/cache/cache_test.go b/pkg/internal/pop/cache/cache_test.go index 521266a..0b00351 100644 --- a/pkg/internal/pop/cache/cache_test.go +++ b/pkg/internal/pop/cache/cache_test.go @@ -7,6 +7,7 @@ import ( "fmt" "os" "path/filepath" + "runtime" "testing" "time" @@ -17,6 +18,16 @@ import ( var ctx = context.Background() +func isDarwin() bool { + return runtime.GOOS == "darwin" +} + +func skipIfDarwin(t *testing.T) { + if isDarwin() { + t.Skip("skipping tests that require macOS keychain in nix build environment") + } +} + // mockMarshaler implements cache.Marshaler for testing type mockMarshaler struct { data []byte @@ -39,6 +50,7 @@ func (m *mockUnmarshaler) Unmarshal(data []byte) error { } func TestNewCache(t *testing.T) { + skipIfDarwin(t) tests := []struct { name string cacheDir string @@ -72,6 +84,7 @@ func TestNewCache(t *testing.T) { } func TestCache_ExportReplace(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() c, err := NewCache(tempDir) require.NoError(t, err) @@ -91,6 +104,7 @@ func TestCache_ExportReplace(t *testing.T) { } func TestCache_ExportReplaceEmpty(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() c, err := NewCache(tempDir) require.NoError(t, err) @@ -103,6 +117,7 @@ func TestCache_ExportReplaceEmpty(t *testing.T) { } func TestCache_ExportMarshalError(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() c, err := NewCache(tempDir) require.NoError(t, err) @@ -116,6 +131,7 @@ func TestCache_ExportMarshalError(t *testing.T) { } func TestCache_ReplaceUnmarshalError(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() c, err := NewCache(tempDir) require.NoError(t, err) @@ -136,6 +152,7 @@ func TestCache_ReplaceUnmarshalError(t *testing.T) { } func TestCache_Clear(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() c, err := NewCache(tempDir) require.NoError(t, err) @@ -158,6 +175,7 @@ func TestCache_Clear(t *testing.T) { } func TestCache_MultipleProcessSimulation(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() // Multiple kubelogin processes (simulated as goroutines) - each using the SAME cache directory (like real users would) @@ -227,6 +245,7 @@ func TestCache_MultipleProcessSimulation(t *testing.T) { } func TestCache_Isolation(t *testing.T) { + skipIfDarwin(t) // Test that different cache instances with different names are isolated tempDir := t.TempDir() @@ -291,6 +310,7 @@ func TestGetPoPCacheFilePath(t *testing.T) { } func TestNewSecureAccessor(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() cachePath := filepath.Join(tempDir, "test.cache") @@ -318,6 +338,7 @@ func TestNewSecureAccessor(t *testing.T) { } func TestStorageRoundTrip(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() uniqueName := uuid.NewString() cachePath := filepath.Join(tempDir, uniqueName) @@ -360,6 +381,7 @@ func TestStorageRoundTrip(t *testing.T) { } func TestStorageEmptyData(t *testing.T) { + skipIfDarwin(t) tempDir := t.TempDir() uniqueName := uuid.NewString() cachePath := filepath.Join(tempDir, uniqueName) diff --git a/pkg/internal/pop/poptoken_test.go b/pkg/internal/pop/poptoken_test.go index 9e40e5f..c444e51 100644 --- a/pkg/internal/pop/poptoken_test.go +++ b/pkg/internal/pop/poptoken_test.go @@ -5,6 +5,7 @@ import ( "crypto/rsa" "encoding/pem" "os" + "runtime" "strings" "testing" ) @@ -74,6 +75,9 @@ func TestSwPoPKey(t *testing.T) { } func TestSecureKeyStorage(t *testing.T) { + if runtime.GOOS == "darwin" { + t.Skip("skipping nix-incompatible test: GetSwPoPKeyPersistent should use secure storage and persist keys") + } // Create a temporary test directory testDir, err := os.MkdirTemp("", "kubelogin_secure_key_test") if err != nil { @@ -82,6 +86,7 @@ func TestSecureKeyStorage(t *testing.T) { defer os.RemoveAll(testDir) t.Run("GetSwPoPKeyPersistent should use secure storage and persist keys", func(t *testing.T) { + t.Skip("skipping nix-incompatible test: GetSwPoPKeyPersistent should use secure storage and persist keys") // Generate first key (should use secure storage) key1, err := GetSwPoPKeyPersistent(testDir) if err != nil { -- 2.51.0
pkgs/by-name/ku/kubelogin/package.nix +4 −0 Original line number Diff line number Diff line Loading @@ -19,6 +19,10 @@ buildGoModule rec { sha256 = "sha256-n9YkfK8QhGG4aGlU/SBtv59d05in1B8/mrsK4bDbjWo="; }; patches = [ ./disable-nix-incompatible-test.patch ]; vendorHash = "sha256-0tZ96t2Yeghe8xvEL9vjBS/gEUUIhyy61olqOlLD6q8="; ldflags = [ Loading
