feat(pam): add e2e tests for redis (#181)

saifsmailbox98 · web-flow · commit fedaa271606f · 2026-04-17T09:48:43.000+05:30
* feat(pam): add end-to-end tests for Redis resource

Add Redis PAM e2e tests covering no-auth, ACL user+password,
ACL over SSL, and multiple concurrent connections through the proxy.

Also regenerate the OpenAPI client from the latest backend spec,
which required removing the dropped RotationEnabled field from
the Postgres account creation test.

* docs: add Redis to PAM test examples in README

* fix(e2e): add missing DnsResolver field to ACME CA test helpers

The backend added a DnsResolver field to the ACME certificate authority
configuration. Update the agent test helpers to include it so the
regenerated client compiles.

* fix(e2e): use NODE_ENV=test for PAM tests to prevent EPIPE crashes

In development mode, the backend's global uncaughtException handler is
not registered. This causes intermittent EPIPE crashes during
bidirectional socket teardown in the gateway proxy, killing the backend
process and failing subsequent PAM SSH subtests.

Setting NODE_ENV=test enables the exception handler while keeping
test-appropriate behavior (relaxed host validation, no production
restrictions).

---------

Co-authored-by: saif &lt;11242541+saifsmailbox98@users.noreply.github.com&gt;
diff --git a/e2e/README.md b/e2e/README.md
@@ -187,19 +187,21 @@ cd e2e
 go test -v -timeout 30m -count=1 github.com/infisical/cli/e2e-tests/pam
 ```
 
-To run a specific test (e.g., only SSH or only Postgres):
+To run a specific test (e.g., only SSH, Postgres, or Redis):
 
 ```bash
 cd e2e
 go test -v -timeout 30m -count=1 -run TestPAM_SSH github.com/infisical/cli/e2e-tests/pam
 go test -v -timeout 30m -count=1 -run TestPAM_Postgres github.com/infisical/cli/e2e-tests/pam
+go test -v -timeout 5m -count=1 -run TestPAM_Redis github.com/infisical/cli/e2e-tests/pam
 ```
 
-To run a specific sub-test (e.g., only certificate auth within SSH):
+To run a specific sub-test (e.g., only certificate auth within SSH, or ACL over SSL within Redis):
 
 ```bash
 cd e2e
 go test -v -timeout 30m -count=1 -run TestPAM_SSH/certificate github.com/infisical/cli/e2e-tests/pam
+go test -v -timeout 5m -count=1 -run TestPAM_Redis/acl-over-ssl github.com/infisical/cli/e2e-tests/pam
 ```
 
 **Prerequisites:**
diff --git a/e2e/agent/agent_helpers.go b/e2e/agent/agent_helpers.go
@@ -302,12 +302,13 @@ func (h *CertAgentTestHelper) CreateAcmeCA(dnsConnectionID, directoryUrl string)
 			AccountEmail       string             `json:"accountEmail"`
 			DirectoryUrl       string             `json:"directoryUrl"`
 			DnsAppConnectionId openapi_types.UUID `json:"dnsAppConnectionId"`
-			DnsProviderConfig  struct {
+			DnsProviderConfig struct {
 				HostedZoneId string                                                                                `json:"hostedZoneId"`
 				Provider     client.CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider `json:"provider"`
 			} `json:"dnsProviderConfig"`
-			EabHmacKey *string `json:"eabHmacKey,omitempty"`
-			EabKid     *string `json:"eabKid,omitempty"`
+			DnsResolver *string `json:"dnsResolver,omitempty"`
+			EabHmacKey  *string `json:"eabHmacKey,omitempty"`
+			EabKid      *string `json:"eabKid,omitempty"`
 		}{
 			DnsAppConnectionId: uuid.MustParse(dnsConnectionID),
 			DnsProviderConfig: struct {
@@ -380,12 +381,13 @@ func (h *CertAgentTestHelper) CreateAcmeCARaw(name, dnsConnectionID, directoryUr
 			AccountEmail       string             `json:"accountEmail"`
 			DirectoryUrl       string             `json:"directoryUrl"`
 			DnsAppConnectionId openapi_types.UUID `json:"dnsAppConnectionId"`
-			DnsProviderConfig  struct {
+			DnsProviderConfig struct {
 				HostedZoneId string                                                                                `json:"hostedZoneId"`
 				Provider     client.CreateAcmeCertificateAuthorityV1JSONBodyConfigurationDnsProviderConfigProvider `json:"provider"`
 			} `json:"dnsProviderConfig"`
-			EabHmacKey *string `json:"eabHmacKey,omitempty"`
-			EabKid     *string `json:"eabKid,omitempty"`
+			DnsResolver *string `json:"dnsResolver,omitempty"`
+			EabHmacKey  *string `json:"eabHmacKey,omitempty"`
+			EabKid      *string `json:"eabKid,omitempty"`
 		}{
 			DnsAppConnectionId: uuid.MustParse(dnsConnectionID),
 			DnsProviderConfig: struct {
diff --git a/e2e/openapi-cfg.yaml b/e2e/openapi-cfg.yaml
@@ -36,3 +36,4 @@ output-options:
     - createPostgresPamAccount
     - createSshPamResource
     - createSshPamAccount
+    - createRedisPamAccount
diff --git a/e2e/packages/client/client.gen.go b/e2e/packages/client/client.gen.go
diff --git a/e2e/pam/pam_helpers.go b/e2e/pam/pam_helpers.go
@@ -52,6 +52,7 @@ func SetupPAMInfra(t *testing.T, ctx context.Context) *PAMTestInfra {
 	infisical := helpers.NewInfisicalService().
 		WithBackendEnvironment(types.NewMappingWithEquals([]string{
 			"ALLOW_INTERNAL_IP_CONNECTIONS=true",
+			"NODE_ENV=test",
 		})).
 		Up(t, ctx)
 
diff --git a/e2e/pam/postgres_test.go b/e2e/pam/postgres_test.go
@@ -95,9 +95,8 @@ func TestPAM_Postgres_ConnectToDatabase(t *testing.T) {
 	pgAcctResp, err := infra.ApiClient.CreatePostgresPamAccountWithResponse(
 		ctx,
 		client.CreatePostgresPamAccountJSONRequestBody{
-			ResourceId:      resourceId,
-			Name:            accountName,
-			RotationEnabled: false,
+			ResourceId: resourceId,
+			Name:       accountName,
 			Credentials: struct {
 				Password string `json:"password"`
 				Username string `json:"username"`
diff --git a/e2e/pam/redis_test.go b/e2e/pam/redis_test.go
