I just started to try the go cerbos client (https://github.com/cerbos/cerbos-sdk-go) and noticed that I often get timeouts in my tests. I think it’s because LaunchCerbosServer() waits for the docker image and the health check but doesn’t try to connect to the server which leads to flaky tests on my machine (macos + colima) because the grpc connection cannot be established As a workaround I use this:

func waitForCerbos(t *testing.T, c *cerbos.GRPCClient) {
	assert.Eventually(t, func() bool {
		ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
		defer cancel()
		_, err := c.ServerInfo(ctx)
		return err == nil
	}, 10*time.Second, 100*time.Millisecond)
}

The test server is started with:

s, err := testutil.LaunchCerbosServer(ctx, testutil.LaunchConf{
		PolicyDir: policyPath,
	})

Any ideas or maybe I’m missing something?

Hey, the healthcheck does connect to the server. It's "smart" enough to know how to check Cerbos is running based on the configuration file so we delegate to that instead of trying to duplicate that logic. I am not familiar with Colima but it could be a restriction or limitation in the API that's causing the healthcheck to fail. Sounds like you're already using

NewCerbosServerLauncher

with your own readiness check. If that works, that's absolutely fine too. The

LaunchCerbosServer

function is just for convenience anyway.

Hi Charith, thanks for the quick response, happy new year 🙂 I’m using LaunchCerbosServer + my own readiness check (to ensure connections to the container are working). From what I can see the IsHealthy() func checks the container state and executes a health check from within the container. Seems related to: https://github.com/abiosoft/colima/issues/71

Happy new year, Jan. Thanks for the issue link. As I suspected, since Colima is an abstraction layer over container runtimes, there's bound to be some edge cases where things don't quite work as expected. Until that gets resolved, I'd suggest using a test helper function like the following one.

func LaunchCerbosServer(t *testing.T, launchConf testutil.LaunchConf) *cerbos.GRPCClient {
	t.Helper()

	launcher, err := testutil.NewCerbosServerLauncher()
	require.NoError(t, err)

	server, err := launcher.Launch(launchConf)
	require.NoError(t, err)

	t.Cleanup(func() { _ = server.Stop() })

	client, err := cerbos.New("passthrough:///"+server.GRPCAddr(), cerbos.WithPlaintext())
	require.NoError(t, err)

	require.EventuallyWithT(t, func(c *assert.CollectT) {
		ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond)
		defer cancel()

		_, err := client.ServerInfo(ctx)
		assert.NoError(c, err)
	}, 10*time.Second, 150*time.Millisecond)

	return client
}