diff --git a/core/cmd/app.go b/core/cmd/app.go index 3045e71c2a9..c2ba02fabcc 100644 --- a/core/cmd/app.go +++ b/core/cmd/app.go @@ -80,15 +80,20 @@ func NewApp(s *Shell) *cli.App { // logger instead. lggr, closeFn := logger.NewLogger() - cfg, err := opts.New() - if err != nil { - return err - } - s.Logger = lggr s.Registerer = prometheus.DefaultRegisterer // use the global DefaultRegisterer, should be safe since we only ever run one instance of the app per shell s.CloseLogger = closeFn - s.Config = cfg + + // Only create a new config from opts if one hasn't been pre-set. + // Tests pre-set s.Config with a txdb-wrapped driver for DB isolation; + // unconditionally overwriting it here causes DB writes to leak between tests. + if s.Config == nil { + cfg, err := opts.New() + if err != nil { + return err + } + s.Config = cfg + } if c.Bool("json") { s.Renderer = RendererJSON{Writer: os.Stdout} @@ -122,11 +127,11 @@ func NewApp(s *Shell) *cli.App { // Allow for initServerConfig to be called if the flag is provided. if c.Bool("applyInitServerConfig") { - cfg, err = initServerConfig(&opts, s.configFiles, s.secretsFiles) + serverCfg, err := initServerConfig(&opts, s.configFiles, s.secretsFiles) if err != nil { return err } - s.Config = cfg + s.Config = serverCfg } return nil diff --git a/core/cmd/shell_local_test.go b/core/cmd/shell_local_test.go index 37d674679fb..9afd6fd3da2 100644 --- a/core/cmd/shell_local_test.go +++ b/core/cmd/shell_local_test.go @@ -507,6 +507,15 @@ func TestShell_RemoveBlocks(t *testing.T) { func TestShell_BeforeNode(t *testing.T) { testutils.SkipShortDB(t) + + // Use a dedicated test database so subtests share state without leaking + // data to the shared test database. The "incorrect password" subtest relies + // on a key ring created by the "correct password" subtest to verify that + // decryption fails with the wrong password. + cfg, _ := heavyweight.FullTestDBV2(t, func(c *chainlink.Config, s *chainlink.Secrets) { + c.Insecure.OCRDevelopmentMode = nil + }) + tests := []struct { name string pwdfile string @@ -519,14 +528,6 @@ func TestShell_BeforeNode(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { - cfg := configtest.NewGeneralConfig(t, func(c *chainlink.Config, s *chainlink.Secrets) { - s.Password.Keystore = models.NewSecret("dummy") - c.EVM[0].Nodes[0].Name = ptr("fake") - c.EVM[0].Nodes[0].HTTPURL = commonconfig.MustParseURL("http://fake.com") - c.EVM[0].Nodes[0].WSURL = commonconfig.MustParseURL("WSS://fake.com/ws") - c.Insecure.OCRDevelopmentMode = nil - }) - shell := cmd.Shell{ Config: cfg, KeyStoreAuthenticator: cmd.TerminalKeyStoreAuthenticator{ @@ -577,6 +578,13 @@ func TestShell_BeforeNode(t *testing.T) { } func TestShell_RunNode_WithBeforeNode(t *testing.T) { + // Use a dedicated test database so subtests share state without leaking + // data to the shared test database. The "incorrect password" subtest relies + // on keystore entries from prior setup to verify decryption failure. + cfg, db := heavyweight.FullTestDBV2(t, func(c *chainlink.Config, s *chainlink.Secrets) { + c.Insecure.OCRDevelopmentMode = nil + }) + tests := []struct { name string pwdfile string @@ -588,16 +596,6 @@ func TestShell_RunNode_WithBeforeNode(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { - cfg := configtest.NewGeneralConfig(t, func(c *chainlink.Config, s *chainlink.Secrets) { - s.Password.Keystore = models.NewSecret("dummy") - c.EVM[0].Nodes[0].Name = ptr("fake") - c.EVM[0].Nodes[0].HTTPURL = commonconfig.MustParseURL("http://fake.com") - c.EVM[0].Nodes[0].WSURL = commonconfig.MustParseURL("WSS://fake.com/ws") - // seems to be needed for config validate - c.Insecure.OCRDevelopmentMode = nil - }) - - db := pgtest.NewSqlxDB(t) keyStore := cltest.NewKeyStore(t, db) authProviderORM := localauth.NewORM(db, time.Minute, logger.TestLogger(t), audit.NoopLogger)