fix(context): move HTTP timeout to validateContext, add unit tests

moonming · moonming · commit 69c5178d0c36 · 2026-03-27T15:38:05.000+08:00
Remove global 30s timeout from NewAuthenticatedClient() that was
killing long-running CI operations (config dump ~55s, config sync
~166s). Apply a dedicated 10s timeout only inside validateContext().

Add --skip-validation to E2E context tests using fake localhost:7443
since they test context management, not server connectivity.

Add 10 unit tests for validateContext() and createRun() covering
success, auth errors, unreachable servers, gateway group validation,
and --skip-validation flag.
diff --git a/pkg/api/client.go b/pkg/api/client.go
@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"time"
 )
 
 // Client is a thin wrapper around net/http for the API7 EE Admin API.
@@ -33,7 +32,6 @@ func NewAuthenticatedClient(apiKey string, tlsSkipVerify bool, caCert string) *h
 	}
 	return &http.Client{
 		Transport: transport,
-		Timeout:   30 * time.Second,
 	}
 }
 
diff --git a/pkg/cmd/context/create/create.go b/pkg/cmd/context/create/create.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"time"
 
 	"github.com/spf13/cobra"
 
@@ -58,6 +59,7 @@ func NewCmd(f *cmd.Factory) *cobra.Command {
 
 func validateContext(ctx config.Context) error {
 	httpClient := api.NewAuthenticatedClient(ctx.Token, ctx.TLSSkipVerify, ctx.CACert)
+	httpClient.Timeout = 10 * time.Second
 	client := api.NewClient(httpClient, ctx.Server)
 
 	// Test connectivity with lightweight API call
diff --git a/pkg/cmd/context/create/create_test.go b/pkg/cmd/context/create/create_test.go
@@ -0,0 +1,219 @@
+package create
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/api7/a7/internal/config"
+	cmd "github.com/api7/a7/pkg/cmd"
+	"github.com/api7/a7/pkg/iostreams"
+)
+
+func TestValidateContext_Success(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, "/api/gateway_groups", r.URL.Path)
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte(`{"total":1,"list":[{"id":"default","name":"default"}]}`))
+	}))
+	defer srv.Close()
+
+	err := validateContext(config.Context{
+		Server: srv.URL,
+		Token:  "valid-token",
+	})
+	require.NoError(t, err)
+}
+
+func TestValidateContext_InvalidToken(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusUnauthorized)
+		_, _ = w.Write([]byte(`{"error_msg":"invalid token"}`))
+	}))
+	defer srv.Close()
+
+	err := validateContext(config.Context{
+		Server: srv.URL,
+		Token:  "bad-token",
+	})
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "authentication failed: invalid token")
+}
+
+func TestValidateContext_PermissionDenied(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusForbidden)
+		_, _ = w.Write([]byte(`{"error_msg":"forbidden"}`))
+	}))
+	defer srv.Close()
+
+	err := validateContext(config.Context{
+		Server: srv.URL,
+		Token:  "restricted-token",
+	})
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "permission denied")
+}
+
+func TestValidateContext_ServerError(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusInternalServerError)
+		_, _ = w.Write([]byte(`{"error_msg":"internal error"}`))
+	}))
+	defer srv.Close()
+
+	err := validateContext(config.Context{
+		Server: srv.URL,
+		Token:  "some-token",
+	})
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "server error")
+}
+
+func TestValidateContext_UnreachableServer(t *testing.T) {
+	err := validateContext(config.Context{
+		Server: "https://127.0.0.1:1",
+		Token:  "some-token",
+	})
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "cannot connect to server")
+}
+
+func TestValidateContext_GatewayGroupNotFound(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case "/api/gateway_groups":
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write([]byte(`{"total":0,"list":[]}`))
+		case "/api/gateway_groups/nonexistent":
+			w.WriteHeader(http.StatusNotFound)
+			_, _ = w.Write([]byte(`{"error_msg":"not found"}`))
+		default:
+			w.WriteHeader(http.StatusNotFound)
+		}
+	}))
+	defer srv.Close()
+
+	err := validateContext(config.Context{
+		Server:       srv.URL,
+		Token:        "valid-token",
+		GatewayGroup: "nonexistent",
+	})
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), `gateway group "nonexistent" not found`)
+}
+
+func TestValidateContext_GatewayGroupExists(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case "/api/gateway_groups":
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write([]byte(`{"total":1,"list":[{"id":"default","name":"default"}]}`))
+		case "/api/gateway_groups/default":
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write([]byte(`{"id":"default","name":"default"}`))
+		default:
+			w.WriteHeader(http.StatusNotFound)
+		}
+	}))
+	defer srv.Close()
+
+	err := validateContext(config.Context{
+		Server:       srv.URL,
+		Token:        "valid-token",
+		GatewayGroup: "default",
+	})
+	require.NoError(t, err)
+}
+
+func TestValidateContext_VerifiesAPIKeyHeader(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Header.Get("X-API-KEY") != "expected-token" {
+			w.WriteHeader(http.StatusUnauthorized)
+			_, _ = w.Write([]byte(`{"error_msg":"invalid token"}`))
+			return
+		}
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte(`{"total":0,"list":[]}`))
+	}))
+	defer srv.Close()
+
+	err := validateContext(config.Context{
+		Server: srv.URL,
+		Token:  "expected-token",
+	})
+	require.NoError(t, err)
+
+	err = validateContext(config.Context{
+		Server: srv.URL,
+		Token:  "wrong-token",
+	})
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "authentication failed")
+}
+
+func TestCreateRun_SkipValidation(t *testing.T) {
+	cfgPath := fmt.Sprintf("%s/config.yaml", t.TempDir())
+	cfg := config.NewFileConfigWithPath(cfgPath)
+
+	opts := &Options{
+		Config: func() (config.Config, error) {
+			return cfg, nil
+		},
+		Name:           "test-ctx",
+		Server:         "https://127.0.0.1:1",
+		Token:          "fake-token",
+		SkipValidation: true,
+	}
+
+	ios, _, _, _ := iostreams.Test()
+	f := &cmd.Factory{
+		IOStreams: ios,
+		Config: func() (config.Config, error) {
+			return cfg, nil
+		},
+	}
+
+	err := createRun(opts, f)
+	require.NoError(t, err)
+
+	saved, err := cfg.GetContext("test-ctx")
+	require.NoError(t, err)
+	assert.Equal(t, "https://127.0.0.1:1", saved.Server)
+	assert.Equal(t, "fake-token", saved.Token)
+}
+
+func TestCreateRun_ValidationFails(t *testing.T) {
+	cfgPath := fmt.Sprintf("%s/config.yaml", t.TempDir())
+	cfg := config.NewFileConfigWithPath(cfgPath)
+
+	opts := &Options{
+		Config: func() (config.Config, error) {
+			return cfg, nil
+		},
+		Name:           "test-ctx",
+		Server:         "https://127.0.0.1:1",
+		Token:          "fake-token",
+		SkipValidation: false,
+	}
+
+	ios, _, _, _ := iostreams.Test()
+	f := &cmd.Factory{
+		IOStreams: ios,
+		Config: func() (config.Config, error) {
+			return cfg, nil
+		},
+	}
+
+	err := createRun(opts, f)
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "validation failed")
+	assert.Contains(t, err.Error(), "cannot connect to server")
+
+	_, getErr := cfg.GetContext("test-ctx")
+	assert.Error(t, getErr)
+}
diff --git a/test/e2e/context_test.go b/test/e2e/context_test.go
@@ -20,6 +20,7 @@ func TestContext_CreateAndUse(t *testing.T) {
 		"--token", "test123",
 		"--gateway-group", "default",
 		"--tls-skip-verify",
+		"--skip-validation",
 	)
 	require.NoError(t, err, stderr)
 
@@ -33,6 +34,7 @@ func TestContext_CreateAndUse(t *testing.T) {
 		"--token", "test123",
 		"--gateway-group", "default",
 		"--tls-skip-verify",
+		"--skip-validation",
 	)
 	require.NoError(t, err, stderr)
 
@@ -47,9 +49,9 @@ func TestContext_CreateAndUse(t *testing.T) {
 func TestContext_List(t *testing.T) {
 	env := []string{"A7_CONFIG_DIR=" + t.TempDir()}
 
-	_, stderr, err := runA7WithEnv(env, "context", "create", "local", "--server", "https://localhost:7443")
+	_, stderr, err := runA7WithEnv(env, "context", "create", "local", "--server", "https://localhost:7443", "--skip-validation")
 	require.NoError(t, err, stderr)
-	_, stderr, err = runA7WithEnv(env, "context", "create", "staging", "--server", "https://localhost:7443")
+	_, stderr, err = runA7WithEnv(env, "context", "create", "staging", "--server", "https://localhost:7443", "--skip-validation")
 	require.NoError(t, err, stderr)
 
 	stdout, stderr, err := runA7WithEnv(env, "context", "list")
@@ -66,9 +68,9 @@ func TestContext_List(t *testing.T) {
 func TestContext_Delete(t *testing.T) {
 	env := []string{"A7_CONFIG_DIR=" + t.TempDir()}
 
-	_, stderr, err := runA7WithEnv(env, "context", "create", "ctx-to-delete", "--server", "https://localhost:7443")
+	_, stderr, err := runA7WithEnv(env, "context", "create", "ctx-to-delete", "--server", "https://localhost:7443", "--skip-validation")
 	require.NoError(t, err, stderr)
-	_, stderr, err = runA7WithEnv(env, "context", "create", "staging", "--server", "https://localhost:7443")
+	_, stderr, err = runA7WithEnv(env, "context", "create", "staging", "--server", "https://localhost:7443", "--skip-validation")
 	require.NoError(t, err, stderr)
 
 	_, stderr, err = runA7WithEnv(env, "context", "delete", "ctx-to-delete")
@@ -83,10 +85,10 @@ func TestContext_Delete(t *testing.T) {
 func TestContext_CreateDuplicate(t *testing.T) {
 	env := []string{"A7_CONFIG_DIR=" + t.TempDir()}
 
-	_, stderr, err := runA7WithEnv(env, "context", "create", "local", "--server", "https://localhost:7443")
+	_, stderr, err := runA7WithEnv(env, "context", "create", "local", "--server", "https://localhost:7443", "--skip-validation")
 	require.NoError(t, err, stderr)
 
-	_, stderr, err = runA7WithEnv(env, "context", "create", "local", "--server", "https://localhost:7443")
+	_, stderr, err = runA7WithEnv(env, "context", "create", "local", "--server", "https://localhost:7443", "--skip-validation")
 	require.Error(t, err)
 	assert.Contains(t, stderr, "already exists")
 }
@@ -102,7 +104,7 @@ func TestContext_UseNonExistent(t *testing.T) {
 func TestContext_DeleteActive(t *testing.T) {
 	env := []string{"A7_CONFIG_DIR=" + t.TempDir()}
 
-	_, stderr, err := runA7WithEnv(env, "context", "create", "local", "--server", "https://localhost:7443")
+	_, stderr, err := runA7WithEnv(env, "context", "create", "local", "--server", "https://localhost:7443", "--skip-validation")
 	require.NoError(t, err, stderr)
 
 	_, stderr, err = runA7WithEnv(env, "context", "delete", "local")
@@ -124,6 +126,7 @@ func TestContext_CreateWithCACert(t *testing.T) {
 		"--token", "test123",
 		"--gateway-group", "default",
 		"--ca-cert", fakeCA,
+		"--skip-validation",
 	)
 	require.NoError(t, err, stderr)
 }

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,6 @@ import (`
`7`	`7`	`"fmt"`
`8`	`8`	`"io"`
`9`	`9`	`"net/http"`
`10`		`- "time"`
`11`	`10`	`)`
`12`	`11`
`13`	`12`	`// Client is a thin wrapper around net/http for the API7 EE Admin API.`
`@@ -33,7 +32,6 @@ func NewAuthenticatedClient(apiKey string, tlsSkipVerify bool, caCert string) *h`
`33`	`32`	`}`
`34`	`33`	`return &http.Client{`
`35`	`34`	`Transport: transport,`
`36`		`- Timeout: 30 * time.Second,`
`37`	`35`	`}`
`38`	`36`	`}`
`39`	`37`