test: deflake session extend config side-effect (#3950)

.golangci.yml

@@ -25,3 +25,9 @@ run:
   skip-files:
     - ".+_test.go"
     - "corpx/faker.go"
+
+issues:
+  exclude:
+    - "Set is deprecated: use context-based WithConfigValue instead"
+    - "SetDefaultIdentitySchemaFromRaw is deprecated: Use context-based WithDefaultIdentitySchemaFromRaw instead"
+    - "SetDefaultIdentitySchema is deprecated: Use context-based WithDefaultIdentitySchema instead"

cipher/cipher_test.go

@@ -9,6 +9,8 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/ory/x/configx"
+
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
@@ -18,10 +20,11 @@ import (
 	"github.com/ory/kratos/internal"
 )
 
+var goodSecret = []string{"secret-thirty-two-character-long"}
+
 func TestCipher(t *testing.T) {
 	ctx := context.Background()
-	cfg, reg := internal.NewFastRegistryWithMocks(t)
-	goodSecret := []string{"secret-thirty-two-character-long"}
+	_, reg := internal.NewFastRegistryWithMocks(t, configx.WithValue(config.ViperKeySecretsDefault, goodSecret))
 
 	ciphers := []cipher.Cipher{
 		cipher.NewCryptAES(reg),
@@ -30,82 +33,71 @@ func TestCipher(t *testing.T) {
 
 	for _, c := range ciphers {
 		t.Run(fmt.Sprintf("cipher=%T", c), func(t *testing.T) {
+			t.Parallel()
 
 			t.Run("case=all_work", func(t *testing.T) {
-				cfg.MustSet(ctx, config.ViperKeySecretsCipher, goodSecret)
-				testAllWork(t, c, cfg)
+				t.Parallel()
+
+				testAllWork(ctx, t, c)
 			})
 
 			t.Run("case=encryption_failed", func(t *testing.T) {
-				// unset secret
-				err := cfg.Set(ctx, config.ViperKeySecretsCipher, []string{})
-				require.NoError(t, err)
+				t.Parallel()
+
+				ctx := config.WithConfigValue(ctx, config.ViperKeySecretsCipher, []string{""})
 
 				// secret have to be set
-				_, err = c.Encrypt(context.Background(), []byte("not-empty"))
+				_, err := c.Encrypt(ctx, []byte("not-empty"))
 				require.Error(t, err)
+				var hErr *herodot.DefaultError
+				require.ErrorAs(t, err, &hErr)
+				assert.Equal(t, "Unable to encrypt message because no cipher secrets were configured.", hErr.Reason())
 
-				// unset secret
-				err = cfg.Set(ctx, config.ViperKeySecretsCipher, []string{"bad-length"})
-				require.NoError(t, err)
+				ctx = config.WithConfigValue(ctx, config.ViperKeySecretsCipher, []string{"bad-length"})
 
 				// bad secret length
-				_, err = c.Encrypt(context.Background(), []byte("not-empty"))
-				if e, ok := err.(*herodot.DefaultError); ok {
-					t.Logf("reason contains: %s", e.Reason())
-				}
-				t.Logf("err type %T contains: %s", err, err.Error())
-				require.Error(t, err)
+				_, err = c.Encrypt(ctx, []byte("not-empty"))
+				require.ErrorAs(t, err, &hErr)
+				assert.Equal(t, "Unable to encrypt message because no cipher secrets were configured.", hErr.Reason())
 			})
 
 			t.Run("case=decryption_failed", func(t *testing.T) {
-				// set secret
-				err := cfg.Set(ctx, config.ViperKeySecretsCipher, goodSecret)
-				require.NoError(t, err)
+				t.Parallel()
 
-				//
-				_, err = c.Decrypt(context.Background(), hex.EncodeToString([]byte("bad-data")))
+				_, err := c.Decrypt(ctx, hex.EncodeToString([]byte("bad-data")))
 				require.Error(t, err)
 
-				_, err = c.Decrypt(context.Background(), "not-empty")
+				_, err = c.Decrypt(ctx, "not-empty")
 				require.Error(t, err)
 
-				// unset secret
-				err = cfg.Set(ctx, config.ViperKeySecretsCipher, []string{})
-				require.NoError(t, err)
-
-				_, err = c.Decrypt(context.Background(), "not-empty")
+				_, err = c.Decrypt(config.WithConfigValue(ctx, config.ViperKeySecretsCipher, []string{""}), "not-empty")
 				require.Error(t, err)
 			})
 		})
 	}
+
 	c := cipher.NewNoop(reg)
 	t.Run(fmt.Sprintf("cipher=%T", c), func(t *testing.T) {
-		cfg.MustSet(ctx, config.ViperKeySecretsCipher, goodSecret)
-		testAllWork(t, c, cfg)
+		t.Parallel()
+		testAllWork(ctx, t, c)
 	})
 }
 
-func testAllWork(t *testing.T, c cipher.Cipher, cfg *config.Config) {
-	ctx := context.Background()
-
-	goodSecret := []string{"secret-thirty-two-character-long"}
-	cfg.MustSet(ctx, config.ViperKeySecretsCipher, goodSecret)
-
+func testAllWork(ctx context.Context, t *testing.T, c cipher.Cipher) {
 	message := "my secret message!"
 
-	encryptedSecret, err := c.Encrypt(context.Background(), []byte(message))
+	encryptedSecret, err := c.Encrypt(ctx, []byte(message))
 	require.NoError(t, err)
 
-	decryptedSecret, err := c.Decrypt(context.Background(), encryptedSecret)
+	decryptedSecret, err := c.Decrypt(ctx, encryptedSecret)
 	require.NoError(t, err, "encrypted", encryptedSecret)
 	assert.Equal(t, message, string(decryptedSecret))
 
 	// data to encrypt return blank result
-	_, err = c.Encrypt(context.Background(), []byte(""))
+	_, err = c.Encrypt(ctx, []byte(""))
 	require.NoError(t, err)
 
 	// empty encrypted data return blank
-	_, err = c.Decrypt(context.Background(), "")
+	_, err = c.Decrypt(ctx, "")
 	require.NoError(t, err)
 }

cmd/courier/watch_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/ory/kratos/internal"
+	"github.com/ory/x/configx"
 )
 
 func TestStartCourier(t *testing.T) {
@@ -27,10 +28,9 @@ func TestStartCourier(t *testing.T) {
 
 	t.Run("case=with metrics", func(t *testing.T) {
 		ctx, cancel := context.WithCancel(context.Background())
-		_, r := internal.NewFastRegistryWithMocks(t)
 		port, err := freeport.GetFreePort()
 		require.NoError(t, err)
-		r.Config().Set(ctx, "expose-metrics-port", port)
+		_, r := internal.NewFastRegistryWithMocks(t, configx.WithValue("expose-metrics-port", port))
 		go StartCourier(ctx, r)
 		time.Sleep(time.Second)
 		res, err := http.Get("http://" + r.Config().MetricsListenOn(ctx) + "/metrics/prometheus")

cmd/hashers/argon2/root.go

@@ -9,6 +9,8 @@ import (
 	"reflect"
 	"strings"
 
+	"github.com/ory/x/contextx"
+
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 
@@ -70,6 +72,7 @@ func configProvider(cmd *cobra.Command, flagConf *argon2Config) (*argon2Config,
 		cmd.Context(),
 		l,
 		cmd.ErrOrStderr(),
+		&contextx.Default{},
 		configx.WithFlags(cmd.Flags()),
 		configx.SkipValidation(),
 		configx.WithContext(cmd.Context()),

courier/template/load_template_test.go

@@ -182,7 +182,7 @@ func TestLoadTextTemplate(t *testing.T) {
 		})
 
 		t.Run("case=disallowed resources", func(t *testing.T) {
-			require.NoError(t, reg.Config().GetProvider(ctx).Set(config.ViperKeyClientHTTPNoPrivateIPRanges, true))
+			require.NoError(t, reg.Config().Set(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true))
 			reg.HTTPClient(ctx).RetryMax = 1
 			reg.HTTPClient(ctx).RetryWaitMax = time.Millisecond
 

driver/config/config.go

@@ -367,13 +367,13 @@ func (s Schemas) FindSchemaByID(id string) (*Schema, error) {
 	return nil, errors.Errorf("unable to find identity schema with id: %s", id)
 }
 
-func MustNew(t testing.TB, l *logrusx.Logger, stdOutOrErr io.Writer, opts ...configx.OptionModifier) *Config {
-	p, err := New(context.TODO(), l, stdOutOrErr, opts...)
+func MustNew(t testing.TB, l *logrusx.Logger, stdOutOrErr io.Writer, ctxer contextx.Contextualizer, opts ...configx.OptionModifier) *Config {
+	p, err := New(context.TODO(), l, stdOutOrErr, ctxer, opts...)
 	require.NoError(t, err)
 	return p
 }
 
-func New(ctx context.Context, l *logrusx.Logger, stdOutOrErr io.Writer, opts ...configx.OptionModifier) (*Config, error) {
+func New(ctx context.Context, l *logrusx.Logger, stdOutOrErr io.Writer, ctxer contextx.Contextualizer, opts ...configx.OptionModifier) (*Config, error) {
 	var c *Config
 
 	opts = append([]configx.OptionModifier{
@@ -402,7 +402,7 @@ func New(ctx context.Context, l *logrusx.Logger, stdOutOrErr io.Writer, opts ...
 
 	l.UseConfig(p)
 
-	c = NewCustom(l, p, stdOutOrErr, &contextx.Default{})
+	c = NewCustom(l, p, stdOutOrErr, ctxer)
 
 	if !p.SkipValidation() {
 		if err := c.validateIdentitySchemas(ctx); err != nil {
@@ -518,12 +518,14 @@ func (p *Config) cors(ctx context.Context, prefix string) (cors.Options, bool) {
 	})
 }
 
+// Deprecatd: use context-based WithConfigValue instead
 func (p *Config) Set(ctx context.Context, key string, value interface{}) error {
-	return p.GetProvider(ctx).Set(key, value)
+	return p.p.Set(key, value)
 }
 
+// Deprecated: use context-based WithConfigValue instead
 func (p *Config) MustSet(ctx context.Context, key string, value interface{}) {
-	if err := p.GetProvider(ctx).Set(key, value); err != nil {
+	if err := p.p.Set(key, value); err != nil {
 		p.l.WithError(err).Fatalf("Unable to set \"%s\" to \"%s\".", key, value)
 	}
 }
@@ -859,7 +861,7 @@ func (p *Config) SecretsCipher(ctx context.Context) [][32]byte {
 	result := make([][32]byte, len(cleanSecrets))
 	for n, s := range secrets {
 		for k, v := range []byte(s) {
-			result[n][k] = byte(v)
+			result[n][k] = v
 		}
 	}
 	return result