Remove testhelper.TestRoot global

client/client_test.go

@@ -25,7 +25,7 @@ var (
 )
 
 func TestClients(t *testing.T) {
-	testhelper.PrepareTestRootDir(t)
+	testRoot := testhelper.PrepareTestRootDir(t)
 
 	testCases := []struct {
 		desc            string
@@ -58,7 +58,7 @@ func TestClients(t *testing.T) {
 		},
 		{
 			desc:   "Https client",
-			caFile: path.Join(testhelper.TestRoot, "certs/valid/server.crt"),
+			caFile: path.Join(testRoot, "certs/valid/server.crt"),
 			server: func(t *testing.T, handlers []testserver.TestRequestHandler) string {
 				return testserver.StartHttpsServer(t, handlers, "")
 			},
@@ -66,7 +66,7 @@ func TestClients(t *testing.T) {
 		},
 		{
 			desc:   "Secret with newlines",
-			caFile: path.Join(testhelper.TestRoot, "certs/valid/server.crt"),
+			caFile: path.Join(testRoot, "certs/valid/server.crt"),
 			server: func(t *testing.T, handlers []testserver.TestRequestHandler) string {
 				return testserver.StartHttpsServer(t, handlers, "")
 			},

client/httpsclient_test.go

@@ -15,6 +15,8 @@ import (
 
 //go:generate openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 -out ../internal/testhelper/testdata/testroot/certs/client/server.crt -keyout ../internal/testhelper/testdata/testroot/certs/client/key.pem -subj "/C=US/ST=California/L=San Francisco/O=GitLab/OU=GitLab-Shell/CN=localhost"
 func TestSuccessfulRequests(t *testing.T) {
+	testRoot := testhelper.PrepareTestRootDir(t)
+
 	testCases := []struct {
 		desc                                        string
 		caFile, caPath                              string
@@ -22,25 +24,25 @@ func TestSuccessfulRequests(t *testing.T) {
 	}{
 		{
 			desc:   "Valid CaFile",
-			caFile: path.Join(testhelper.TestRoot, "certs/valid/server.crt"),
+			caFile: path.Join(testRoot, "certs/valid/server.crt"),
 		},
 		{
 			desc:   "Valid CaPath",
-			caPath: path.Join(testhelper.TestRoot, "certs/valid"),
-			caFile: path.Join(testhelper.TestRoot, "certs/valid/server.crt"),
+			caPath: path.Join(testRoot, "certs/valid"),
+			caFile: path.Join(testRoot, "certs/valid/server.crt"),
 		},
 		{
 			desc:   "Invalid cert with self signed cert option enabled",
-			caFile: path.Join(testhelper.TestRoot, "certs/valid/server.crt"),
+			caFile: path.Join(testRoot, "certs/valid/server.crt"),
 		},
 		{
 			desc:   "Client certs with CA",
-			caFile: path.Join(testhelper.TestRoot, "certs/valid/server.crt"),
+			caFile: path.Join(testRoot, "certs/valid/server.crt"),
 			// Run the command "go generate httpsclient_test.go" to
 			// regenerate the following test fixtures:
-			clientCAPath:   path.Join(testhelper.TestRoot, "certs/client/server.crt"),
-			clientCertPath: path.Join(testhelper.TestRoot, "certs/client/server.crt"),
-			clientKeyPath:  path.Join(testhelper.TestRoot, "certs/client/key.pem"),
+			clientCAPath:   path.Join(testRoot, "certs/client/server.crt"),
+			clientCertPath: path.Join(testRoot, "certs/client/server.crt"),
+			clientKeyPath:  path.Join(testRoot, "certs/client/key.pem"),
 		},
 	}
 
@@ -63,6 +65,8 @@ func TestSuccessfulRequests(t *testing.T) {
 }
 
 func TestFailedRequests(t *testing.T) {
+	testRoot := testhelper.PrepareTestRootDir(t)
+
 	testCases := []struct {
 		desc                   string
 		caFile                 string
@@ -72,17 +76,17 @@ func TestFailedRequests(t *testing.T) {
 	}{
 		{
 			desc:          "Invalid CaFile",
-			caFile:        path.Join(testhelper.TestRoot, "certs/invalid/server.crt"),
+			caFile:        path.Join(testRoot, "certs/invalid/server.crt"),
 			expectedError: "Internal API unreachable",
 		},
 		{
 			desc:                   "Missing CaFile",
-			caFile:                 path.Join(testhelper.TestRoot, "certs/invalid/missing.crt"),
+			caFile:                 path.Join(testRoot, "certs/invalid/missing.crt"),
 			expectedCaFileNotFound: true,
 		},
 		{
 			desc:          "Invalid CaPath",
-			caPath:        path.Join(testhelper.TestRoot, "certs/invalid"),
+			caPath:        path.Join(testRoot, "certs/invalid"),
 			expectedError: "Internal API unreachable",
 		},
 		{
@@ -108,8 +112,6 @@ func TestFailedRequests(t *testing.T) {
 }
 
 func setupWithRequests(t *testing.T, caFile, caPath, clientCAPath, clientCertPath, clientKeyPath string) (*GitlabNetClient, error) {
-	testhelper.PrepareTestRootDir(t)
-
 	requests := []testserver.TestRequestHandler{
 		{
 			Path: "/api/v4/internal/hello",

client/testserver/testserver.go

@@ -95,8 +95,10 @@ func StartRetryHttpServer(t *testing.T, handlers []TestRequestHandler) string {
 func StartHttpsServer(t *testing.T, handlers []TestRequestHandler, clientCAPath string) string {
 	t.Helper()
 
-	crt := path.Join(testhelper.TestRoot, "certs/valid/server.crt")
-	key := path.Join(testhelper.TestRoot, "certs/valid/server.key")
+	testRoot := testhelper.PrepareTestRootDir(t)
+
+	crt := path.Join(testRoot, "certs/valid/server.crt")
+	key := path.Join(testRoot, "certs/valid/server.key")
 
 	server := httptest.NewUnstartedServer(buildHandler(handlers))
 	cer, err := tls.LoadX509KeyPair(crt, key)

cmd/gitlab-sshd/acceptance_test.go

@@ -141,9 +141,9 @@ func startGitOverHTTPServer(t *testing.T) string {
 }
 
 func buildAllowedResponse(t *testing.T, filename string) string {
-	testhelper.PrepareTestRootDir(t)
+	testRoot := testhelper.PrepareTestRootDir(t)
 
-	body, err := os.ReadFile(filepath.Join(testhelper.TestRoot, filename))
+	body, err := os.ReadFile(filepath.Join(testRoot, filename))
 	require.NoError(t, err)
 
 	response := strings.Replace(string(body), "GITALY_REPOSITORY", testRepo, 1)

internal/config/config_test.go

@@ -63,9 +63,9 @@ func TestCustomPrometheusMetrics(t *testing.T) {
 }
 
 func TestNewFromDir(t *testing.T) {
-	testhelper.PrepareTestRootDir(t)
+	testRoot := testhelper.PrepareTestRootDir(t)
 
-	cfg, err := NewFromDir(testhelper.TestRoot)
+	cfg, err := NewFromDir(testRoot)
 	require.NoError(t, err)
 
 	require.Equal(t, 10*time.Second, time.Duration(cfg.Server.GracePeriod))

internal/gitlabnet/accessverifier/client_test.go

@@ -243,8 +243,8 @@ type testResponse struct {
 
 func responseBody(t *testing.T, name string) []byte {
 	t.Helper()
-	testhelper.PrepareTestRootDir(t)
-	body, err := os.ReadFile(path.Join(testhelper.TestRoot, "responses", name))
+	testRoot := testhelper.PrepareTestRootDir(t)
+	body, err := os.ReadFile(path.Join(testRoot, "responses", name))
 	require.NoError(t, err)
 	return body
 }

internal/sshd/server_config_test.go

@@ -31,20 +31,20 @@ func TestNewServerConfigWithoutHosts(t *testing.T) {
 }
 
 func TestHostKeyAndCerts(t *testing.T) {
-	testhelper.PrepareTestRootDir(t)
+	testRoot := testhelper.PrepareTestRootDir(t)
 
 	srvCfg := config.ServerConfig{
 		Listen:                  "127.0.0.1",
 		ConcurrentSessionsLimit: 1,
 		HostKeyFiles: []string{
-			path.Join(testhelper.TestRoot, "certs/valid/server.key"),
+			path.Join(testRoot, "certs/valid/server.key"),
 		},
 		HostCertFiles: []string{
-			path.Join(testhelper.TestRoot, "certs/valid/server-cert.pub"),
-			path.Join(testhelper.TestRoot, "certs/valid/server2-cert.pub"),
-			path.Join(testhelper.TestRoot, "certs/invalid/server-cert.pub"),
-			path.Join(testhelper.TestRoot, "certs/invalid-path.key"),
-			path.Join(testhelper.TestRoot, "certs/invalid/server.crt"),
+			path.Join(testRoot, "certs/valid/server-cert.pub"),
+			path.Join(testRoot, "certs/valid/server2-cert.pub"),
+			path.Join(testRoot, "certs/invalid/server-cert.pub"),
+			path.Join(testRoot, "certs/invalid-path.key"),
+			path.Join(testRoot, "certs/invalid/server.crt"),
 		},
 	}
 
@@ -57,7 +57,7 @@ func TestHostKeyAndCerts(t *testing.T) {
 	require.Len(t, cfg.hostKeyToCertMap, 1)
 
 	// Check that the entry is pointing to the server's public key
-	data, err := os.ReadFile(path.Join(testhelper.TestRoot, "certs/valid/server.pub"))
+	data, err := os.ReadFile(path.Join(testRoot, "certs/valid/server.pub"))
 	require.NoError(t, err)
 
 	publicKey, _, _, _, err := ssh.ParseAuthorizedKey(data)
@@ -77,7 +77,7 @@ func TestFailedAuthorizedKeysClient(t *testing.T) {
 }
 
 func TestUserKeyHandling(t *testing.T) {
-	testhelper.PrepareTestRootDir(t)
+	testRoot := testhelper.PrepareTestRootDir(t)
 
 	validRSAKey := rsaPublicKey(t)
 
@@ -101,9 +101,9 @@ func TestUserKeyHandling(t *testing.T) {
 		Listen:                  "127.0.0.1",
 		ConcurrentSessionsLimit: 1,
 		HostKeyFiles: []string{
-			path.Join(testhelper.TestRoot, "certs/valid/server.key"),
-			path.Join(testhelper.TestRoot, "certs/invalid-path.key"),
-			path.Join(testhelper.TestRoot, "certs/invalid/server.crt"),
+			path.Join(testRoot, "certs/valid/server.key"),
+			path.Join(testRoot, "certs/invalid-path.key"),
+			path.Join(testRoot, "certs/invalid/server.crt"),
 		},
 	}
 
@@ -154,7 +154,7 @@ func TestUserKeyHandling(t *testing.T) {
 }
 
 func TestUserCertificateHandling(t *testing.T) {
-	testhelper.PrepareTestRootDir(t)
+	testRoot := testhelper.PrepareTestRootDir(t)
 
 	validUserCert := userCert(t, ssh.UserCert, time.Now().Add(time.Hour))
 
@@ -178,9 +178,9 @@ func TestUserCertificateHandling(t *testing.T) {
 		Listen:                  "127.0.0.1",
 		ConcurrentSessionsLimit: 1,
 		HostKeyFiles: []string{
-			path.Join(testhelper.TestRoot, "certs/valid/server.key"),
-			path.Join(testhelper.TestRoot, "certs/invalid-path.key"),
-			path.Join(testhelper.TestRoot, "certs/invalid/server.crt"),
+			path.Join(testRoot, "certs/valid/server.key"),
+			path.Join(testRoot, "certs/invalid-path.key"),
+			path.Join(testRoot, "certs/invalid/server.crt"),
 		},
 	}
 

internal/sshd/sshd_test.go

@@ -411,7 +411,7 @@ func setupServerWithContext(t *testing.T, cfg *config.Config, ctx context.Contex
 		},
 	}
 
-	testhelper.PrepareTestRootDir(t)
+	testRoot := testhelper.PrepareTestRootDir(t)
 
 	url := testserver.StartSocketHttpServer(t, requests)
 
@@ -425,7 +425,7 @@ func setupServerWithContext(t *testing.T, cfg *config.Config, ctx context.Contex
 	cfg.User = user
 	cfg.Server.Listen = serverUrl
 	cfg.Server.ConcurrentSessionsLimit = 1
-	cfg.Server.HostKeyFiles = []string{path.Join(testhelper.TestRoot, "certs/valid/server.key")}
+	cfg.Server.HostKeyFiles = []string{path.Join(testRoot, "certs/valid/server.key")}
 
 	s, err := NewServer(cfg)
 	require.NoError(t, err)
@@ -439,11 +439,13 @@ func setupServerWithContext(t *testing.T, cfg *config.Config, ctx context.Contex
 }
 
 func clientConfig(t *testing.T) *ssh.ClientConfig {
-	keyRaw, err := os.ReadFile(path.Join(testhelper.TestRoot, "certs/valid/server_authorized_key"))
+	testRoot := testhelper.PrepareTestRootDir(t)
+
+	keyRaw, err := os.ReadFile(path.Join(testRoot, "certs/valid/server_authorized_key"))
 	pKey, _, _, _, err := ssh.ParseAuthorizedKey(keyRaw)
 	require.NoError(t, err)
 
-	key, err := os.ReadFile(path.Join(testhelper.TestRoot, "certs/client/key.pem"))
+	key, err := os.ReadFile(path.Join(testRoot, "certs/client/key.pem"))
 	require.NoError(t, err)
 	signer, err := ssh.ParsePrivateKey(key)
 	require.NoError(t, err)

internal/testhelper/testhelper.go

@@ -11,10 +11,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-var (
-	TestRoot, _ = os.MkdirTemp("", "test-gitlab-shell")
-)
-
 func TempEnv(env map[string]string) func() {
 	var original = make(map[string]string)
 	for key, value := range env {
@@ -29,24 +25,28 @@ func TempEnv(env map[string]string) func() {
 	}
 }
 
-func PrepareTestRootDir(t *testing.T) {
+func PrepareTestRootDir(t *testing.T) string {
 	t.Helper()
 
-	require.NoError(t, os.MkdirAll(TestRoot, 0700))
+	testRoot, err := os.MkdirTemp("", "root")
+	require.NoError(t, err)
+	require.NoError(t, os.MkdirAll(testRoot, 0700))
 
-	t.Cleanup(func() { require.NoError(t, os.RemoveAll(TestRoot)) })
+	t.Cleanup(func() { require.NoError(t, os.RemoveAll(testRoot)) })
 
-	require.NoError(t, copyTestData())
+	require.NoError(t, copyTestData(testRoot))
 
 	oldWd, err := os.Getwd()
 	require.NoError(t, err)
 
 	t.Cleanup(func() { os.Chdir(oldWd) })
 
-	require.NoError(t, os.Chdir(TestRoot))
+	require.NoError(t, os.Chdir(testRoot))
+
+	return testRoot
 }
 
-func copyTestData() error {
+func copyTestData(testRoot string) error {
 	testDataDir, err := getTestDataDir()
 	if err != nil {
 		return err
@@ -54,7 +54,7 @@ func copyTestData() error {
 
 	testdata := path.Join(testDataDir, "testroot")
 
-	return copy.Copy(testdata, TestRoot)
+	return copy.Copy(testdata, testRoot)
 }
 
 func getTestDataDir() (string, error) {