Skip to content

[testify-expert] Improve Test Quality: pkg/constants/permissions_policy_test.go #44100

Description

@github-actions

Overview

File: pkg/constants/permissions_policy_test.go
Source pair: pkg/constants/constants.go
Test count: 2 functions
LOC: 108

Strengths

  • TestNoRawOctalPermissionLiteralsInOSCalls is a well-designed repo-wide policy enforcement test using AST inspection — it catches accidental raw octal literals in os.* calls across the entire pkg/ tree.
  • Correct use of t.Fatalf to abort early on setup failures (e.g. runtime.Caller failure, parse errors).

Prioritized Improvements

1. 🔴 Missing tests — high-value coverage gaps

The policy walker only covers pkg/ but not cmd/. If raw octal literals were introduced in cmd/, they would go undetected.

Additionally, TestPermissionConstantsValues only tests the constant values but not their fs.FileMode type — no test verifies that these constants are actually of type fs.FileMode (vs untyped int). Also missing:

  • No test for newly added constants (e.g., DirPermExecutable if added later) — the current test fails silently if a constant is removed, because it only checks existing ones by name.
  • No test that cmd/ directory is also free of raw octal literals.

2. 🟡 Testify assertion upgrades

TestPermissionConstantsValues uses raw if/t.Fatalf guards instead of testify assertions, unlike sibling tests (spec_test.go, constants_test.go) which use assert/require. This creates an inconsistency in the package's test style.

Before / After: TestPermissionConstantsValues

Before:

func TestPermissionConstantsValues(t *testing.T) {
    if FilePermSensitive != 0o600 {
        t.Fatalf("FilePermSensitive = %v, want 0o600", FilePermSensitive)
    }
    if FilePermPublic != 0o644 {
        t.Fatalf("FilePermPublic = %v, want 0o644", FilePermPublic)
    }
    // ...
}

After (table-driven + testify):

func TestPermissionConstantsValues(t *testing.T) {
    tests := []struct {
        name string
        got  fs.FileMode
        want fs.FileMode
    }{
        {"FilePermSensitive", FilePermSensitive, 0o600},
        {"FilePermPublic", FilePermPublic, 0o644},
        {"FilePermExecutable", FilePermExecutable, 0o755},
        {"DirPermSensitive", DirPermSensitive, 0o750},
        {"DirPermPublic", DirPermPublic, 0o755},
    }
    for _, tt := range tests {
        t.Run(tt.name, func(t *testing.T) {
            assert.Equal(t, tt.want, tt.got)
        })
    }
}

This surfaces which specific constant failed instead of stopping at the first failure.

3. 🟡 Extend policy walker to cmd/ directory

The walker in TestNoRawOctalPermissionLiteralsInOSCalls calls filepath.Walk(pkgRoot, ...) but omits cmd/. If cmd/ grows and uses raw file permission literals, it bypasses the check.

Before / After: walker scope

Before:

pkgRoot := filepath.Join(repoRoot, "pkg")
// walks only pkg/

After:

dirs := []string{
    filepath.Join(repoRoot, "pkg"),
    filepath.Join(repoRoot, "cmd"),
}
for _, root := range dirs {
    err := filepath.Walk(root, walker)
    require.NoError(t, err, "failed to walk %s", root)
}

4. 🟢 Organization / readability

  • The test file does not import testify, so it cannot use require.NoError. The t.Fatalf pattern is acceptable for now, but a require import aligns it with the rest of the package test suite.
  • Consider splitting the large inline ast.Inspect closure into a named helper (checkFileForRawOctalPerms) for better readability and testability.

Acceptance Checklist

  • TestPermissionConstantsValues refactored to table-driven using assert.Equal
  • TestNoRawOctalPermissionLiteralsInOSCalls extended to also walk cmd/ directory
  • Testify (assert/require) imports added to the file
  • All existing behaviour preserved — no regression
  • make test-unit passes

Generated by 🧪 Daily Testify Uber Super Expert · 45.9 AIC · ⌖ 13 AIC · ⊞ 5.1K ·

  • expires on Jul 9, 2026, 10:41 AM UTC-08:00

Metadata

Metadata

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions