wolfictl
wolfictl copied to clipboard
wolfi-dev
testing: when using multiple yaml updaters on a file, the content is appended per update
Description
When using two updaters on a file on my unit tests, I got both changes appended (the whole doc is appended at the end) instead of replaced into the specified section in the file or yaml root.
I could only reproduce this issue when using the testing fwk. When I use my code on a file (real testing, not using the testing fwk), it works 'fine'.
Here I called over the same index file the packageUpdater and the pipelineUpdater in my unit test:
pipelineSectionUpdater := NewPipelineSectionUpdater(func(cfg config.Configuration) ([]config.Pipeline, error) {
pipes := cfg.Pipeline
pipes[1].With["deps"] = "golang/[email protected] k8s.io/[email protected]"
return pipes, nil
})
packageSectionUpdater := NewPackageSectionUpdater(func(cfg config.Configuration) (config.Package, error) {
p := cfg.Package
p.Epoch++
return p, nil
})
s := index.Select().WhereName("blah")
err = s.Update(packageSectionUpdater)
require.NoError(t, err)
err = s.Update(pipelineSectionUpdater)
require.NoError(t, err)
if diff := fsys.DiffAll(); diff != "" {
t.Errorf("unexpected file modification results (-want, +got):\n%s", diff)
}
This produced the following output:
package:
name: blah
version: "7"
epoch: 1
pipeline:
- uses: fetch
with:
expected-sha256: 060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda
uri: https://github.com/lathiat/avahi/releases/download/v${{package.version}}/avahi-${{package.version}}.tar.gz
- uses: go/bump
with:
deps: github.com/x/[email protected]
- uses: patch
with:
patches: CVE-2021-3468.patch
subpackages:
- name: alsa-lib-dev
pipeline:
- uses: split/dev
dependencies:
runtime:
- alsa-lib
# Generated by
package:
name: blah
version: "7"
epoch: 1
pipeline:
- uses: fetch
with:
expected-sha256: 060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda
uri: https://github.com/lathiat/avahi/releases/download/v${{package.version}}/avahi-${{package.version}}.tar.gz
- uses: go/bump
with:
deps: golang/[email protected] k8s.io/[email protected]
- uses: patch
with:
patches: CVE-2021-3468.patch
subpackages:
- name: alsa-lib-dev
pipeline:
- uses: split/dev
dependencies:
runtime:
- alsa-lib
This is independent of the type of updaters. You can run s.Update(packageUpdater) twice and you'll get the result appended instead of just replacing the section package. When I debugged the code I found the yaml section replacement is done correctly so there must be somewhere else the error.
Thanks @hectorj2f! IIRC, I hadn't included multiple updates at once when I was designing the tester implementation — but now that we're going to use this more, and especially beyond the advisory files, we should absolutely support it. Good find!
