feat: Move some validation to the config.

jamesiarmes · jamesiarmes · commit 40fa119edaef · 2025-05-29T13:48:18.000-04:00
diff --git a/hyperproof/lib/cfa_security_controls/hyperproof/clients/hyperproof.rb b/hyperproof/lib/cfa_security_controls/hyperproof/clients/hyperproof.rb
@@ -124,10 +124,6 @@ def conn
         #
         # @return [String] The authentication token.
         def auth_token
-          unless config.hyperproof_client_id && config.hyperproof_client_secret
-            raise Unauthorized, 'Missing Hyperproof credentials'
-          end
-
           response = Faraday.post(
             'https://accounts.hyperproof.app/oauth/token',
             {
diff --git a/hyperproof/spec/spec_helper.rb b/hyperproof/spec/spec_helper.rb
@@ -13,23 +13,27 @@
   end
 end
 
-# Include the gem.
+# Include the gem and test helpers.
 require_relative '../lib/cfa-security-controls-hyperproof'
+require_relative 'support/helpers'
 
 RSpec.configure do |config|
   # Keep the original $stderr and $stdout so that we can suppress output during
   # tests.
   original_stderr = $stderr
   original_stdout = $stdout
 
+  config.include Helpers::Config
+
   config.before do
     # Clear the configuration before each test.
-    CfaSecurityControls::Hyperproof.instance_variable_set(:@config, nil)
-
+    stub_const('ENV', default_config_env)
+    clear_config
+    allow(File).to receive(:exist?).and_call_original
   end
 
   config.before(:all) do
-    # Suppress output.
+    # Suppress logger output.
     $stderr = File.new(File::NULL, 'w')
     $stdout = File.new(File::NULL, 'w')
   end
diff --git a/hyperproof/spec/support/helpers.rb b/hyperproof/spec/support/helpers.rb
@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative 'helpers/config'
diff --git a/hyperproof/spec/support/helpers/config.rb b/hyperproof/spec/support/helpers/config.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Helpers
+  # Test helpers for system configuration.
+  module Config
+    # Clear the current configuration.
+    def clear_config
+      CfaSecurityControls::Hyperproof.instance_variable_set(:@config, nil)
+    end
+
+    # Default configuration environment variables.
+    #
+    # This is useful for tests that need to override the environment, but need
+    # the configuration to be valid.
+    #
+    # @return [Hash] A hash of environment variables.
+    def default_config_env
+      {
+        'APTIBLE_PASSWORD' => 'aptible_password',
+        'APTIBLE_USERNAME' => 'aptible_username',
+        'HYPERPROOF_CLIENT_ID' => 'hyperproof_client_id',
+        'HYPERPROOF_CLIENT_SECRET' => 'hyperproof_client_secret'
+      }
+    end
+
+    # Force the configuration to be valid without actually validating it.
+    #
+    # This is useful for tests that need to run without a valid configuration
+    # but still want to avoid validation errors.
+    #
+    # rubocop:disable RSpec/AnyInstance
+    def force_valid_config
+      allow_any_instance_of(CfaSecurityControls::Hyperproof::Config).to \
+        receive(:validate!).and_return(true)
+    end
+    # rubocop:enable RSpec/AnyInstance
+
+    # Set the configuration for the system.
+    #
+    # @param options [Hash] Options to set in the configuration.
+    # @return [CfaSecurityControls::Hyperproof::Config] The configuration object.
+    def set_config(options = {})
+      config = CfaSecurityControls::Hyperproof::Config.new(options)
+      CfaSecurityControls::Hyperproof.config(config)
+      config
+    end
+  end
+end
diff --git a/hyperproof/spec/unit/cfa_security_controls/hyperproof/clients/aptible_spec.rb b/hyperproof/spec/unit/cfa_security_controls/hyperproof/clients/aptible_spec.rb
@@ -13,7 +13,6 @@
     before do
       allow(File).to receive(:exist?).with(described_class::TOKEN_FILE).and_return(true)
       allow(File).to receive(:read).with(described_class::TOKEN_FILE).and_return(sso_token_data)
-      stub_const('ENV', {})
       allow(Aptible::Api::Database).to receive(:all).and_return(databases)
     end
 
@@ -26,7 +25,10 @@
     context 'when no valid credentials are found' do
       before do
         allow(File).to receive(:exist?).with(described_class::TOKEN_FILE).and_return(false)
-        stub_const('ENV', {})
+        stub_const('ENV', default_config_env.merge(
+                            'APTIBLE_USERNAME' => nil,
+                            'APTIBLE_PASSWORD' => nil
+                          ))
       end
 
       it 'raises an error' do
@@ -38,10 +40,10 @@
       let(:token) { instance_double(Aptible::Auth::Token) }
 
       before do
-        stub_const('ENV', {
-                     'APTIBLE_USERNAME' => 'rspec',
-                     'APTIBLE_PASSWORD' => 'rspecPassw0rd!'
-                   })
+        stub_const('ENV', default_config_env.merge(
+                            'APTIBLE_USERNAME' => 'rspec',
+                            'APTIBLE_PASSWORD' => 'rspecPassw0rd!'
+                          ))
         allow(Aptible::Auth::Token).to receive(:create).and_return(token)
       end
 
@@ -54,7 +56,11 @@
       before do
         allow(File).to receive(:exist?).with(described_class::TOKEN_FILE).and_return(true)
         allow(File).to receive(:read).with(described_class::TOKEN_FILE).and_return(sso_token_data)
-        stub_const('ENV', {})
+
+        stub_const('ENV', default_config_env.merge(
+                            'APTIBLE_USERNAME' => nil,
+                            'APTIBLE_PASSWORD' => nil
+                          ))
       end
 
       it 'returns the sso token' do
@@ -99,10 +105,10 @@
     let(:username) { 'rspec' }
 
     before do
-      env = {}
-      env['APTIBLE_USERNAME'] = username if username
-      env['APTIBLE_PASSWORD'] = password if password
-      stub_const('ENV', env)
+      stub_const('ENV', default_config_env.merge(
+                          'APTIBLE_USERNAME' => username,
+                          'APTIBLE_PASSWORD' => password
+                        ))
     end
 
     context 'when no username is set' do
diff --git a/hyperproof/spec/unit/cfa_security_controls/hyperproof/clients/hyperproof_spec.rb b/hyperproof/spec/unit/cfa_security_controls/hyperproof/clients/hyperproof_spec.rb
@@ -125,13 +125,6 @@
   end
 
   describe '#auth_token' do
-    before do
-      stub_const('ENV', {
-                   'HYPERPROOF_CLIENT_ID' => 'client_id',
-                   'HYPERPROOF_CLIENT_SECRET' => 'client_secret'
-                 })
-    end
-
     context 'when the credentials are invalid' do
       let(:response) do
         conn.post('/oauth/token')
@@ -175,14 +168,15 @@
 
     context 'when no credentials are provided' do
       before do
-        stub_const('ENV', {})
+        stub_const('ENV', default_config_env.merge(
+                            'HYPERPROOF_CLIENT_ID' => nil,
+                            'HYPERPROOF_CLIENT_SECRET' => nil
+                          ))
       end
 
       it 'raises an error' do
-        expect { client.send(:auth_token) }.to raise_error(
-          CfaSecurityControls::Hyperproof::Clients::Hyperproof::Unauthorized,
-          'Missing Hyperproof credentials'
-        )
+        expect { client.send(:auth_token) }.to \
+          raise_error(ConfigSL::ValidationError)
       end
     end
   end

Original file line number	Diff line number	Diff line change
`@@ -124,10 +124,6 @@ def conn`
`124`	`124`	`#`
`125`	`125`	`# @return [String] The authentication token.`
`126`	`126`	`def auth_token`
`127`		`- unless config.hyperproof_client_id && config.hyperproof_client_secret`
`128`		`- raise Unauthorized, 'Missing Hyperproof credentials'`
`129`		`- end`
`130`		`-`
`131`	`127`	`response = Faraday.post(`
`132`	`128`	`'https://accounts.hyperproof.app/oauth/token',`
`133`	`129`	`{`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# frozen_string_literal: true`
	`2`	`+`
	`3`	`+require_relative 'helpers/config'`