Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: share gateway probe auth warnings

Browse Source
This commit is contained in:
Peter Steinberger 2026-03-13 17:54:11 +00:00
parent 07dacec904
commit 6a1ba52ad5
1 changed files with 63 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
src/gateway/probe-auth.test.ts
View File

@ -5,10 +5,21 @@ import {
resolveGatewayProbeAuthWithSecretInputs,
} from "./probe-auth.js";
function expectUnresolvedProbeTokenWarning(cfg: OpenClawConfig) {
const result = resolveGatewayProbeAuthSafe({
cfg,
mode: "local",
env: {} as NodeJS.ProcessEnv,
});
expect(result.auth).toEqual({});
expect(result.warning).toContain("gateway.auth.token");
expect(result.warning).toContain("unresolved");
}
describe("resolveGatewayProbeAuthSafe", () => {
it.each([
{
name: "returns probe auth credentials when available",
it("returns probe auth credentials when available", () => {
const result = resolveGatewayProbeAuthSafe({
cfg: {
gateway: {
auth: {
@ -16,65 +27,56 @@ describe("resolveGatewayProbeAuthSafe", () => {
},
},
} as OpenClawConfig,
mode: "local" as const,
mode: "local",
env: {} as NodeJS.ProcessEnv,
expected: {
});
expect(result).toEqual({
auth: {
token: "token-value",
password: undefined,
},
});
});
it("returns warning and empty auth when token SecretRef is unresolved", () => {
expectUnresolvedProbeTokenWarning({
gateway: {
auth: {
token: "token-value",
password: undefined,
mode: "token",
token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" },
},
},
},
{
name: "returns warning and empty auth when a local token SecretRef is unresolved",
cfg: {
gateway: {
auth: {
mode: "token",
token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" },
},
secrets: {
providers: {
default: { source: "env" },
},
secrets: {
providers: {
default: { source: "env" },
},
},
} as OpenClawConfig,
mode: "local" as const,
env: {} as NodeJS.ProcessEnv,
expected: {
auth: {},
warningIncludes: ["gateway.auth.token", "unresolved"],
},
},
{
name: "does not fall through to remote token when the local SecretRef is unresolved",
cfg: {
gateway: {
mode: "local",
auth: {
mode: "token",
token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" },
},
remote: {
token: "remote-token",
},
} as OpenClawConfig);
});
it("does not fall through to remote token when local token SecretRef is unresolved", () => {
expectUnresolvedProbeTokenWarning({
gateway: {
mode: "local",
auth: {
mode: "token",
token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" },
},
secrets: {
providers: {
default: { source: "env" },
},
remote: {
token: "remote-token",
},
} as OpenClawConfig,
mode: "local" as const,
env: {} as NodeJS.ProcessEnv,
expected: {
auth: {},
warningIncludes: ["gateway.auth.token", "unresolved"],
},
},
{
name: "ignores unresolved local token SecretRefs in remote mode",
secrets: {
providers: {
default: { source: "env" },
},
},
} as OpenClawConfig);
});
it("ignores unresolved local token SecretRef in remote mode when remote-only auth is requested", () => {
const result = resolveGatewayProbeAuthSafe({
cfg: {
gateway: {
mode: "remote",
@ -92,22 +94,16 @@ describe("resolveGatewayProbeAuthSafe", () => {
},
},
} as OpenClawConfig,
mode: "remote" as const,
mode: "remote",
env: {} as NodeJS.ProcessEnv,
expected: {
auth: {
token: undefined,
password: undefined,
},
},
},
])("$name", ({ cfg, mode, env, expected }) => {
const result = resolveGatewayProbeAuthSafe({ cfg, mode, env });
});
expect(result.auth).toEqual(expected.auth);
for (const fragment of expected.warningIncludes ?? []) {
expect(result.warning).toContain(fragment);
}
expect(result).toEqual({
auth: {
token: undefined,
password: undefined,
},
});
});
});