CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-02 03:35:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

test(setup-gbrain): unit tests for gstack-gbrain-supabase-provision via mock API

Browse Source 
22 tests covering D21 HTTP error suite (401/403/402/409/429/5xx) and
happy paths for all four subcommands. Every test spins up a Bun.serve
mock server bound to SUPABASE_API_BASE so nothing hits the real API.

Uses Bun.spawn (async) rather than spawnSync because spawnSync blocks
the Bun event loop, which prevents Bun.serve mocks from responding —
calls would hit curl's own timeout instead of round-tripping.

Verifies: POST body contains organization_slug (not organization_id)
and no `plan` field, bearer-token auth header, retry-on-429 with
eventual success, exit-8 on persistent 5xx after max retries, wait
succeeds on ACTIVE_HEALTHY, exits 7 on INIT_FAILED, exits 6 with
--resume-provision hint on timeout, pooler-url builds URL locally
from db_user/host/port/name + DB_PASS (not response connection_string
template), handles array pooler responses.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-04-24 00:01:18 -07:00
parent a8cc0d2465
commit d52da0bd08
1 changed files with 425 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/gbrain-supabase-provision.test.ts
+425
View File
@@ -0,0 +1,425 @@
/**
* gstack-gbrain-supabase-provision — Supabase Management API wrapper.
*
* All tests run against a per-test local mock HTTP server (Bun.serve)
* that returns fixture responses. Never hits the real Supabase API, never
* requires a live PAT.
*
* Covers the D21 HTTP error suite (401/403/402/409/429/5xx), the happy
* path for each subcommand (list-orgs, create, wait, pooler-url), the
* verified schema corrections (POST /v1/projects with organization_slug,
* GET /config/database/pooler), PAT + DB_PASS env-var discipline, retry
* + backoff on transient errors, pooler URL construction using the
* generated DB_PASS (not the API response's templated connection_string).
*/
import { describe, test, expect, afterEach } from 'bun:test';
import * as path from 'path';
const ROOT = path.resolve(import.meta.dir, '..');
const BIN = path.join(ROOT, 'bin', 'gstack-gbrain-supabase-provision');
// Minimal PATH that finds jq/curl but excludes user bins.
const SAFE_PATH = '/usr/bin:/bin:/usr/sbin:/sbin:/opt/homebrew/bin:/usr/local/bin';
type Handler = (req: Request) => Response | Promise<Response>;
interface MockServer {
url: string;
close: () => void;
requests: Array<{ method: string; path: string; body?: string }>;
}
function startMock(routes: Record<string, Handler>): MockServer {
const requests: MockServer['requests'] = [];
const server = Bun.serve({
port: 0,
async fetch(req) {
const u = new URL(req.url);
const key = `${req.method} ${u.pathname}`;
// Log method+path only. Handlers that need the body read it themselves;
// Response bodies can only be consumed once.
requests.push({ method: req.method, path: u.pathname });
const handler = routes[key] || routes[`${req.method} *`];
if (!handler) {
return new Response(
JSON.stringify({ message: `no mock for ${key}` }),
{ status: 404, headers: { 'content-type': 'application/json' } }
);
}
return handler(req);
},
});
const base = `http://localhost:${server.port}`;
return {
url: base,
close: () => server.stop(true),
requests,
};
}
async function runBin(
args: string[],
env: Record<string, string> = {}
): Promise<{ stdout: string; stderr: string; status: number }> {
// Use Bun.spawn (async) rather than spawnSync. spawnSync blocks the Bun
// event loop, which prevents Bun.serve mocks from responding — every
// HTTP call would hit curl's timeout instead of round-tripping.
const proc = Bun.spawn([BIN, ...args], {
env: { PATH: SAFE_PATH, ...env },
stdout: 'pipe',
stderr: 'pipe',
});
const [stdout, stderr, status] = await Promise.all([
new Response(proc.stdout).text(),
new Response(proc.stderr).text(),
proc.exited,
]);
return { stdout: stdout.trim(), stderr: stderr.trim(), status };
}
function jsonResp(body: any, status = 200): Response {
return new Response(JSON.stringify(body), {
status,
headers: { 'content-type': 'application/json' },
});
}
let mock: MockServer;
afterEach(() => {
if (mock) mock.close();
});
describe('list-orgs', () => {
test('happy path: returns orgs from GET /v1/organizations', async () => {
mock = startMock({
'GET /v1/organizations': () =>
jsonResp([
{ id: 'deprec-1', slug: 'acme', name: 'Acme Inc' },
{ id: 'deprec-2', slug: 'personal', name: 'Personal' },
]),
});
const r = await runBin(['list-orgs', '--json'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test_pat',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(0);
const j = JSON.parse(r.stdout);
expect(j.orgs).toEqual([
{ slug: 'acme', name: 'Acme Inc' },
{ slug: 'personal', name: 'Personal' },
]);
});
test('sends Authorization: Bearer <PAT> header', async () => {
let authHeader = '';
mock = startMock({
'GET /v1/organizations': (req) => {
authHeader = req.headers.get('authorization') || '';
return jsonResp([]);
},
});
await runBin(['list-orgs', '--json'], {
SUPABASE_ACCESS_TOKEN: 'sbp_expected_pat_xxx',
SUPABASE_API_BASE: mock.url,
});
expect(authHeader).toBe('Bearer sbp_expected_pat_xxx');
});
test('exits 3 with auth error when SUPABASE_ACCESS_TOKEN is missing', async () => {
const r = await runBin(['list-orgs']);
expect(r.status).toBe(3);
expect(r.stderr).toContain('SUPABASE_ACCESS_TOKEN is not set');
});
test('exits 3 on 401 Unauthorized', async () => {
mock = startMock({
'GET /v1/organizations': () => jsonResp({ message: 'Invalid JWT' }, 401),
});
const r = await runBin(['list-orgs'], {
SUPABASE_ACCESS_TOKEN: 'sbp_bad',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(3);
expect(r.stderr).toContain('401 Unauthorized');
});
test('exits 3 on 403 Forbidden', async () => {
mock = startMock({
'GET /v1/organizations': () => jsonResp({ message: 'Forbidden' }, 403),
});
const r = await runBin(['list-orgs'], {
SUPABASE_ACCESS_TOKEN: 'sbp_noperm',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(3);
expect(r.stderr).toContain('403 Forbidden');
});
});
describe('create', () => {
test('happy path: POST /v1/projects with organization_slug, no `plan` field', async () => {
let sentBody: any = null;
mock = startMock({
'POST /v1/projects': async (req) => {
sentBody = JSON.parse(await req.text());
return jsonResp({
id: 'deprec',
ref: 'abcdefghijklmnopqrst',
organization_slug: 'acme',
name: 'gbrain',
region: 'us-east-1',
created_at: '2026-04-23T00:00:00Z',
status: 'COMING_UP',
}, 201);
},
});
const r = await runBin(['create', 'gbrain', 'us-east-1', 'acme', '--json'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
DB_PASS: 'generated-secret-pw',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(0);
const j = JSON.parse(r.stdout);
expect(j.ref).toBe('abcdefghijklmnopqrst');
expect(j.status).toBe('COMING_UP');
// Verify the request body had the right shape
expect(sentBody.name).toBe('gbrain');
expect(sentBody.region).toBe('us-east-1');
expect(sentBody.organization_slug).toBe('acme');
expect(sentBody.db_pass).toBe('generated-secret-pw');
// Critical: no `plan` field, since it's ignored server-side per OpenAPI
expect(sentBody.plan).toBeUndefined();
});
test('passes desired_instance_size when --instance-size flag is used', async () => {
let sentBody: any = null;
mock = startMock({
'POST /v1/projects': async (req) => {
sentBody = JSON.parse(await req.text());
return jsonResp({ ref: 'r', status: 'COMING_UP' }, 201);
},
});
await runBin(['create', 'gbrain', 'us-east-1', 'acme', '--instance-size', 'small', '--json'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
DB_PASS: 'pw',
SUPABASE_API_BASE: mock.url,
});
expect(sentBody.desired_instance_size).toBe('small');
});
test('exits 4 on 402 Payment Required (quota)', async () => {
mock = startMock({
'POST /v1/projects': () => jsonResp({ message: 'project limit reached' }, 402),
});
const r = await runBin(['create', 'gbrain', 'us-east-1', 'acme'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
DB_PASS: 'pw',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(4);
expect(r.stderr).toContain('402 Payment Required');
expect(r.stderr).toContain('quota exceeded');
});
test('exits 5 on 409 Conflict (duplicate name)', async () => {
mock = startMock({
'POST /v1/projects': () => jsonResp({ message: 'conflict' }, 409),
});
const r = await runBin(['create', 'gbrain', 'us-east-1', 'acme'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
DB_PASS: 'pw',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(5);
expect(r.stderr).toContain('409 Conflict');
expect(r.stderr).toContain('duplicate project name');
});
test('fails when DB_PASS is missing', async () => {
const r = await runBin(['create', 'gbrain', 'us-east-1', 'acme'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
});
expect(r.status).toBe(2);
expect(r.stderr).toContain('DB_PASS env var is required');
});
test('missing positional args rejected with exit 2', async () => {
const r = await runBin(['create', 'gbrain'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
DB_PASS: 'pw',
});
expect(r.status).toBe(2);
expect(r.stderr).toContain('missing');
});
test('retries on 429 rate limit with backoff and eventually succeeds', async () => {
let count = 0;
mock = startMock({
'POST /v1/projects': () => {
count += 1;
if (count < 2) return jsonResp({ message: 'too many requests' }, 429);
return jsonResp({ ref: 'r', status: 'COMING_UP' }, 201);
},
});
const r = await runBin(['create', 'gbrain', 'us-east-1', 'acme', '--json'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
DB_PASS: 'pw',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(0);
expect(count).toBe(2);
}, 15000);
test('exits 8 on persistent 5xx after max retries', async () => {
let count = 0;
mock = startMock({
'POST /v1/projects': () => {
count += 1;
return jsonResp({ message: 'internal server error' }, 502);
},
});
const r = await runBin(['create', 'gbrain', 'us-east-1', 'acme'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
DB_PASS: 'pw',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(8);
expect(r.stderr).toContain('502');
expect(count).toBeGreaterThanOrEqual(3);
}, 30000);
});
describe('wait', () => {
test('happy path: polls until ACTIVE_HEALTHY', async () => {
let count = 0;
mock = startMock({
'GET /v1/projects/abc': () => {
count += 1;
if (count < 2) return jsonResp({ ref: 'abc', status: 'COMING_UP' });
return jsonResp({ ref: 'abc', status: 'ACTIVE_HEALTHY' });
},
});
const r = await runBin(['wait', 'abc', '--timeout', '30', '--json'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(0);
const j = JSON.parse(r.stdout);
expect(j.status).toBe('ACTIVE_HEALTHY');
expect(j.ref).toBe('abc');
}, 30000);
test('exits 7 on terminal INIT_FAILED state', async () => {
mock = startMock({
'GET /v1/projects/abc': () => jsonResp({ ref: 'abc', status: 'INIT_FAILED' }),
});
const r = await runBin(['wait', 'abc', '--timeout', '10'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(7);
expect(r.stderr).toContain('INIT_FAILED');
});
test('exits 6 on timeout with resume-provision hint', async () => {
// Stay in COMING_UP forever.
mock = startMock({
'GET /v1/projects/abc': () => jsonResp({ ref: 'abc', status: 'COMING_UP' }),
});
const r = await runBin(['wait', 'abc', '--timeout', '0'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(6);
expect(r.stderr).toContain('wait timed out');
expect(r.stderr).toContain('--resume-provision abc');
}, 15000);
});
describe('pooler-url', () => {
const REF = 'abcdefghijklmnopqrst';
const POOLER_OK = {
db_user: `postgres.${REF}`,
db_host: 'aws-0-us-east-1.pooler.supabase.com',
db_port: 6543,
db_name: 'postgres',
pool_mode: 'session',
connection_string:
'postgresql://postgres.abcdefghijklmnopqrst:[PASSWORD]@aws-0-us-east-1.pooler.supabase.com:6543/postgres',
};
test('constructs URL from db_user/host/port/name + DB_PASS (not response connection_string)', async () => {
mock = startMock({
[`GET /v1/projects/${REF}/config/database/pooler`]: () => jsonResp(POOLER_OK),
});
const r = await runBin(['pooler-url', REF, '--json'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
DB_PASS: 'my-real-password',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(0);
const j = JSON.parse(r.stdout);
expect(j.pooler_url).toBe(
`postgresql://postgres.${REF}:my-real-password@aws-0-us-east-1.pooler.supabase.com:6543/postgres`
);
// The API's templated connection_string is NOT what we output.
expect(j.pooler_url).not.toContain('[PASSWORD]');
});
test('handles array response by preferring session pool_mode entry', async () => {
mock = startMock({
[`GET /v1/projects/${REF}/config/database/pooler`]: () =>
jsonResp([
{ ...POOLER_OK, pool_mode: 'transaction', db_port: 6543 },
{ ...POOLER_OK, pool_mode: 'session', db_port: 5432 },
]),
});
const r = await runBin(['pooler-url', REF, '--json'], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
DB_PASS: 'pw',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(0);
const j = JSON.parse(r.stdout);
// Picked session entry with port 5432 (for this fixture)
expect(j.pooler_url).toContain(':5432/postgres');
});
test('fails cleanly when pooler config is missing required fields', async () => {
mock = startMock({
[`GET /v1/projects/${REF}/config/database/pooler`]: () =>
jsonResp({ identifier: 'x', pool_mode: 'session' }),
});
const r = await runBin(['pooler-url', REF], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
DB_PASS: 'pw',
SUPABASE_API_BASE: mock.url,
});
expect(r.status).toBe(2);
expect(r.stderr).toContain('missing pooler config fields');
});
test('requires DB_PASS to construct URL', async () => {
const r = await runBin(['pooler-url', REF], {
SUPABASE_ACCESS_TOKEN: 'sbp_test',
});
expect(r.status).toBe(2);
expect(r.stderr).toContain('DB_PASS env var is required');
});
});
describe('general', () => {
test('unknown subcommand exits 2', async () => {
const r = await runBin(['nope']);
expect(r.status).toBe(2);
expect(r.stderr).toContain('unknown subcommand');
});
test('no args prints usage and exits 2', async () => {
const r = await runBin([]);
expect(r.status).toBe(2);
expect(r.stderr).toContain('usage');
});
});