The Docker Awakening Gateway includes a comprehensive test suite written in pure Go, using only the standard library (testing, net/http/httptest). No external testing frameworks or dependencies are required.
# Run all tests with verbose output and race detector
go test -v -race ./gateway/...
# Run only security tests
go test -v -race -run "TestValidateOrigin|TestRateLimiter|TestTrustedProxy|TestServerClientIP" ./gateway/...
# Run only config tests
go test -v -race -run "TestApplyDefaults|TestValidate|TestBuildHostIndex|TestLoadConfig" ./gateway/...
# Short summary (no verbose)
go test -race ./gateway/...
[!TIP] The -race flag enables Go’s built-in race detector. All tests are designed to pass under race detection, ensuring thread-safety of the security primitives and concurrent state management.
File Target Tests Sub-tests security_test.goCSRF, rate limiter, trusted proxy 10 26 config_test.goYAML loading, defaults, validation, host index 7 22 discovery_test.goConfig merging, conflict resolution, thread-safety 3 10 server_test.goRouting, WebSocket detection, proxy headers, request ID 5 21 docker_test.goLog header stripping, network name joining 2 8 manager_test.goState lifecycle, activity tracking, per-container locks 4 11 Total 31 ~98
security_test.go) Test What it verifies TestValidateOriginCSRF: same-origin ✅, cross-origin ❌, no Origin ✅, malformed ❌ TestRateLimiter_AllowFirst request allowed, duplicate blocked, different IP allowed, post-interval allowed TestRateLimiter_EvictStale100 IPs inserted → all evicted after becoming stale TestRateLimiter_EvictStale_KeepsFreshStale IP evicted, fresh IP preserved TestRateLimiter_StartCleanupBackground cleanup goroutine + context cancellation TestParseTrustedProxiesValid CIDRs parsed, invalid skipped, empty returns nil TestIsTrustedProxyIP in range, out of range, empty, malformed, loopback TestServerClientIPXFF with/without trusted proxy, XFF chain extraction
config_test.go) Test What it verifies TestApplyDefaultsAll default values applied; explicit values never overridden TestValidateMissing fields, duplicates, empty config, multi-container configs TestBuildHostIndexO(1) lookup, empty hosts excluded, unknown hosts return nil TestLoadConfig_*Missing file, invalid YAML, valid parse, validation failure
discovery_test.go) Test What it verifies TestMergeConfigs8 conflict scenarios: static wins, name/host dedup, empty configs TestMergeConfigs_ConcurrentAccessThread-safety of merge under concurrent access TestMergeConfigs_PreservesFieldsAll container fields survive the merge unchanged
server_test.go) Test What it verifies TestIsWebSocketRequestUpgrade detection, case sensitivity, partial headers TestSetForwardedHeadersXFF append, X-Real-IP preservation, X-Forwarded-Proto/Host TestRequestIDPrefix format, hex suffix, uniqueness TestMetricsResponseWriterStatus code capture, default 200, proxy to underlying writer TestResolveConfigHost matching, port stripping, query param fallback
docker_test.go) Test What it verifies TestStripDockerLogHeadersSingle/multi frame, empty input, truncated frames TestJoinNetworkNamesNil map handling
manager_test.go) Test What it verifies TestStartStateLifecycleunknown → starting → running → failed transitions TestRecordActivityVisibility, timestamp ordering TestGetLockSame name → same mutex, different names → different mutexes TestStartState_ConcurrentAccessRace-free concurrent state reads/writes
Test files have zero impact on the production Docker image:
Go toolchain : Files ending in _test.go are automatically excluded from go build..dockerignore*_test.go from the Docker build context. Follow these conventions:
Table-driven tests — Use []struct{} with t.Run() for each case.Standard library only — Use t.Errorf / t.Fatalf, no external assertion libraries.Race-safe — All tests must pass with -race.Naming — Test<FunctionName> or Test<FunctionName>_<Scenario>.File naming — Place tests in gateway/<source>_test.go matching the source file.