Update depguard rules to prevent importing test code outside tests #51001

rosstimothy · 2025-01-13T23:07:20Z

There is a lot of shared test code defined outside of _test.go files scattered through out the code base. Dead code detection in Go is not that great and cannot detect that these test helpers are only consumed in tests. While this doesn't remediate anything, it should hopeful avoid any future code from making it harder to separate test and production code.

strings build/teleport | rg testify
github.com/stretchr/testify/assert.init
github.com/stretchr/testify/assert.uint32Type
go:link.pkghashbytes.github.com/stretchr/testify/assert
github.com/stretchr/testify/assert.int64Type
github.com/stretchr/testify/assert.uintptrType
go:link.pkghashbytes.github.com/stretchr/testify/require
github.com/stretchr/testify/assert.stringType
github.com/stretchr/testify/assert.float32Type
github.com/stretchr/testify/assert.bytesType
github.com/stretchr/testify/assert.intType
go:link.pkghashbytes.github.com/stretchr/testify/assert/yaml
github.com/stretchr/testify/assert.float64Type
github.com/stretchr/testify/assert..inittask
github.com/stretchr/testify/assert.int32Type
github.com/stretchr/testify/assert.uint16Type
github.com/stretchr/testify/assert.int8Type
github.com/stretchr/testify/assert.uint64Type
github.com/stretchr/testify/assert.uintType
github.com/stretchr/testify/assert.uint8Type
go:link.pkghash.github.com/stretchr/testify/assert/yaml
github.com/stretchr/testify/assert.int16Type
go:link.pkghash.github.com/stretchr/testify/require
go:link.pkghash.github.com/stretchr/testify/assert
github.com/stretchr/testify/assert.timeType
dep     github.com/stretchr/testify     v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify/assert.init
github.com/stretchr/testify@v1.10.0/assert/assertion_compare.go
dep     github.com/stretchr/testify     v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=



strings build/teleport | rg testing
testing
*testing.T
*[]*testing.T
*testing.common
*testing.matcher
testingOnlyDidHRR
*testing.indenter
*func(*testing.T)
testingOnlyCurveID
*testing.filterMatch
*testing.testContext
*testing.chattyPrinter
*testing.highPrecisionTime
$*func(string, func(*testing.T)) bool
)*struct { F uintptr; X0 *testing.common }
+google.golang.org/protobuf/testing/protocmp
9*struct { F uintptr; X0 *testing.T; X1 func(*testing.T) }
<*func(*testing.T, types.SystemRole) (*state.Identity, error)
B*struct { F uintptr; X0 *testing.common; X1 []uintptr; X2 func() }
testing.init
testing.(*matcher).fullName
testing.(*matcher).fullName.deferwrap2
testing.(*matcher).fullName.deferwrap1
testing.(*matcher).unique
testing.parseSubtestNumber
testing.rewrite
testing.isSpace
testing.(*chattyPrinter).Updatef
testing.(*chattyPrinter).prefix
testing.(*chattyPrinter).Updatef.deferwrap1
testing.(*chattyPrinter).Printf
testing.(*chattyPrinter).Printf.deferwrap1
testing.(*common).frameSkip
testing.(*common).frameSkip.func1
testing.(*common).decorate
testing.(*common).flushToParent
testing.(*common).flushToParent.deferwrap2
testing.(*common).flushToParent.deferwrap1
testing.indenter.Write
testing.fmtDuration
testing.(*common).Name
testing.(*common).setRan
testing.(*common).setRan.deferwrap1
testing.(*common).Fail
testing.(*common).Fail.deferwrap1
testing.(*common).Failed
testing.(*common).Failed.deferwrap1
testing.(*common).FailNow
testing.(*common).checkFuzzFn
testing.(*common).logDepth
testing.(*common).logDepth.deferwrap2
testing.(*common).logDepth.deferwrap1
testing.(*common).Log
testing.(*common).log
testing.(*common).Logf
testing.(*common).Error
testing.(*common).Errorf
testing.(*common).Fatal
testing.(*common).Fatalf
testing.(*common).Skip
testing.(*common).Skipf
testing.(*common).SkipNow
testing.(*common).Skipped
testing.(*common).Skipped.deferwrap1
testing.(*common).Helper
testing.(*common).Helper.deferwrap1
testing.(*common).Cleanup
testing.(*common).Cleanup.deferwrap1
testing.(*common).Cleanup.func1
testing.(*common).Cleanup.func1.1
testing.(*common).Cleanup.func1.1.deferwrap1
testing.(*common).TempDir
testing.(*common).TempDir.func2
testing.removeAll
testing.(*common).Setenv
testing.(*common).Setenv.func2
testing.(*common).Setenv.func1
testing.(*common).runCleanup
testing.(*common).runCleanup.func2
testing.(*common).runCleanup.func1
testing.(*common).runCleanup.deferwrap1
testing.(*common).resetRaces
testing.(*common).checkRaces
testing.callerName
testing.pcToName
testing.(*T).Parallel
testing.highPrecisionTimeSince
testing.highPrecisionTimeNow
testing.(*T).Setenv
testing.tRunner
testing.tRunner.func2
testing.tRunner.func1
testing.tRunner.func1.2
testing.tRunner.func1.1
testing.(*T).Run
testing.shouldFailFast
testing.(*T).Run.gowrap1
testing.(*T).Deadline
testing.(*testContext).waitParallel
testing.(*testContext).release
testing.(*T).report
testing.(*common).TempDir.func1
type:.eq.testing.chattyPrinter
type:.eq.testing.testContext
testing.(*T).Cleanup
testing.(*T).Error
testing.(*T).Errorf
testing.(*T).Fail
testing.(*T).FailNow
testing.(*T).Failed
testing.(*T).Fatal
testing.(*T).Fatalf
testing.(*T).Helper
testing.(*T).Log
testing.(*T).Logf
testing.(*T).Name
testing.(*T).Skip
testing.(*T).SkipNow
testing.(*T).Skipf
testing.(*T).Skipped
testing.(*T).TempDir
testing.(*indenter).Write
testing.Testing
testing/fuzz.go
testing/match.go
testing/testing.go
testing/testing_other.go

Updates #51023.

.golangci.yml

codingllama · 2025-01-14T15:01:26Z

.golangci.yml

+          - '!**/lib/teleterm/gatewaytest/**'
+          - '!**/lib/utils/testhelpers.go'
+          - '!**/lib/utils/testutils/**'
+          - '!**/integration/appaccess/fixtures.go'


A few comments/notes:

Could integration/ and integrations/ get a full pass?

Dedicated packages for test helpers are a more robust solution to standalone files, as these are likely to be fully excluded from the complete binary.

We could use a testonly build tag for some of these, which is a stronger guarantee than depguard.

Could integration/ and integrations/ get a full pass?

Maybe integration/ but integrations are not tests, they are our plugins, and are imported directly into teleport.e.

these are likely to be fully excluded from the complete binary

I would not rely on Go's dead code removal to guarantee this.

We could use a testonly build tag for some of these

I thought about this but chasing tags in all the various ways we seem to run tests in CI seemed like a more involved task. This for now at least puts a halt to things until we can evaluate other options, including a build tag.

I would not rely on Go's dead code removal to guarantee this.

I think it does work on a per-package basis. A strings check for testenv does come up empty.

I thought about this but chasing tags in all the various ways we seem to run tests in CI seemed like a more involved task. This for now at least puts a halt to things until we can evaluate other options, including a build tag.

Yep, it's a bigger task for sure. Just throwing some ideas out there.

.golangci.yml

codingllama · 2025-01-14T15:02:47Z

.golangci.yml

+          - '!**/lib/utils/cli.go'
+          - '!**/lib/utils/testhelpers.go'
+          - '!**/lib/utils/testutils/**'
+          - '!**/tool/teleport/testenv/**'


Maybe add a depguard rule that only allows "testenv" imports for tests and other testenv packages? I think these are in the clear now, but might as well add the rule here.

There is a lot of shared test code defined outside of _test.go files scattered through out the code base. Dead code detection in Go is not that great and cannot detect that these test helpers are only consumed in tests. This results in testify code being included in production binaries: ```bash strings build/teleport | rg testify github.com/stretchr/testify/assert.init github.com/stretchr/testify/assert.uint32Type go:link.pkghashbytes.github.com/stretchr/testify/assert github.com/stretchr/testify/assert.int64Type github.com/stretchr/testify/assert.uintptrType go:link.pkghashbytes.github.com/stretchr/testify/require github.com/stretchr/testify/assert.stringType github.com/stretchr/testify/assert.float32Type github.com/stretchr/testify/assert.bytesType github.com/stretchr/testify/assert.intType go:link.pkghashbytes.github.com/stretchr/testify/assert/yaml github.com/stretchr/testify/assert.float64Type github.com/stretchr/testify/assert..inittask github.com/stretchr/testify/assert.int32Type github.com/stretchr/testify/assert.uint16Type github.com/stretchr/testify/assert.int8Type github.com/stretchr/testify/assert.uint64Type github.com/stretchr/testify/assert.uintType github.com/stretchr/testify/assert.uint8Type go:link.pkghash.github.com/stretchr/testify/assert/yaml github.com/stretchr/testify/assert.int16Type go:link.pkghash.github.com/stretchr/testify/require go:link.pkghash.github.com/stretchr/testify/assert github.com/stretchr/testify/assert.timeType dep github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify/assert.init github.com/stretchr/testify@v1.10.0/assert/assertion_compare.go dep github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= ``` While this doesn't remediate anything, it should hopeful avoid any future code from making it harder to separate test and production code.

rosstimothy added the no-changelog Indicates that a PR does not require a changelog entry label Jan 13, 2025

rosstimothy force-pushed the tross/testify_prod_code branch from e489716 to 4e0910a Compare January 13, 2025 23:18

rosstimothy marked this pull request as ready for review January 13, 2025 23:51

rosstimothy force-pushed the tross/testify_prod_code branch 3 times, most recently from d6e0845 to fc98b57 Compare January 14, 2025 14:35

rosstimothy requested review from codingllama and strideynet January 14, 2025 14:46

codingllama reviewed Jan 14, 2025

View reviewed changes

codingllama approved these changes Jan 14, 2025

View reviewed changes

strideynet approved these changes Jan 14, 2025

View reviewed changes

rosstimothy force-pushed the tross/testify_prod_code branch from 4e211ec to 6cb1db1 Compare January 14, 2025 18:36

rosstimothy enabled auto-merge January 14, 2025 18:37

rosstimothy added this pull request to the merge queue Jan 14, 2025

Merged via the queue into master with commit b5b8a03 Jan 14, 2025
41 checks passed

rosstimothy deleted the tross/testify_prod_code branch January 14, 2025 18:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update depguard rules to prevent importing test code outside tests #51001

Update depguard rules to prevent importing test code outside tests #51001

rosstimothy commented Jan 13, 2025 •

edited

Loading

codingllama Jan 14, 2025

rosstimothy Jan 14, 2025

codingllama Jan 14, 2025

codingllama Jan 14, 2025

Update depguard rules to prevent importing test code outside tests #51001

Update depguard rules to prevent importing test code outside tests #51001

Conversation

rosstimothy commented Jan 13, 2025 • edited Loading

codingllama Jan 14, 2025

Choose a reason for hiding this comment

rosstimothy Jan 14, 2025

Choose a reason for hiding this comment

codingllama Jan 14, 2025

Choose a reason for hiding this comment

codingllama Jan 14, 2025

Choose a reason for hiding this comment

rosstimothy commented Jan 13, 2025 •

edited

Loading