From 6a1ba52ad59bce7a162e3c3bf2a96d0500c852d9 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Fri, 13 Mar 2026 17:54:11 +0000 Subject: [PATCH] refactor: share gateway probe auth warnings --- src/gateway/probe-auth.test.ts | 130 ++++++++++++++++----------------- 1 file changed, 63 insertions(+), 67 deletions(-) diff --git a/src/gateway/probe-auth.test.ts b/src/gateway/probe-auth.test.ts index 314702c33db..bbf034c882f 100644 --- a/src/gateway/probe-auth.test.ts +++ b/src/gateway/probe-auth.test.ts @@ -5,10 +5,21 @@ import { resolveGatewayProbeAuthWithSecretInputs, } from "./probe-auth.js"; +function expectUnresolvedProbeTokenWarning(cfg: OpenClawConfig) { + const result = resolveGatewayProbeAuthSafe({ + cfg, + mode: "local", + env: {} as NodeJS.ProcessEnv, + }); + + expect(result.auth).toEqual({}); + expect(result.warning).toContain("gateway.auth.token"); + expect(result.warning).toContain("unresolved"); +} + describe("resolveGatewayProbeAuthSafe", () => { - it.each([ - { - name: "returns probe auth credentials when available", + it("returns probe auth credentials when available", () => { + const result = resolveGatewayProbeAuthSafe({ cfg: { gateway: { auth: { @@ -16,65 +27,56 @@ describe("resolveGatewayProbeAuthSafe", () => { }, }, } as OpenClawConfig, - mode: "local" as const, + mode: "local", env: {} as NodeJS.ProcessEnv, - expected: { + }); + + expect(result).toEqual({ + auth: { + token: "token-value", + password: undefined, + }, + }); + }); + + it("returns warning and empty auth when token SecretRef is unresolved", () => { + expectUnresolvedProbeTokenWarning({ + gateway: { auth: { - token: "token-value", - password: undefined, + mode: "token", + token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" }, }, }, - }, - { - name: "returns warning and empty auth when a local token SecretRef is unresolved", - cfg: { - gateway: { - auth: { - mode: "token", - token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" }, - }, + secrets: { + providers: { + default: { source: "env" }, }, - secrets: { - providers: { - default: { source: "env" }, - }, - }, - } as OpenClawConfig, - mode: "local" as const, - env: {} as NodeJS.ProcessEnv, - expected: { - auth: {}, - warningIncludes: ["gateway.auth.token", "unresolved"], }, - }, - { - name: "does not fall through to remote token when the local SecretRef is unresolved", - cfg: { - gateway: { - mode: "local", - auth: { - mode: "token", - token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" }, - }, - remote: { - token: "remote-token", - }, + } as OpenClawConfig); + }); + + it("does not fall through to remote token when local token SecretRef is unresolved", () => { + expectUnresolvedProbeTokenWarning({ + gateway: { + mode: "local", + auth: { + mode: "token", + token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" }, }, - secrets: { - providers: { - default: { source: "env" }, - }, + remote: { + token: "remote-token", }, - } as OpenClawConfig, - mode: "local" as const, - env: {} as NodeJS.ProcessEnv, - expected: { - auth: {}, - warningIncludes: ["gateway.auth.token", "unresolved"], }, - }, - { - name: "ignores unresolved local token SecretRefs in remote mode", + secrets: { + providers: { + default: { source: "env" }, + }, + }, + } as OpenClawConfig); + }); + + it("ignores unresolved local token SecretRef in remote mode when remote-only auth is requested", () => { + const result = resolveGatewayProbeAuthSafe({ cfg: { gateway: { mode: "remote", @@ -92,22 +94,16 @@ describe("resolveGatewayProbeAuthSafe", () => { }, }, } as OpenClawConfig, - mode: "remote" as const, + mode: "remote", env: {} as NodeJS.ProcessEnv, - expected: { - auth: { - token: undefined, - password: undefined, - }, - }, - }, - ])("$name", ({ cfg, mode, env, expected }) => { - const result = resolveGatewayProbeAuthSafe({ cfg, mode, env }); + }); - expect(result.auth).toEqual(expected.auth); - for (const fragment of expected.warningIncludes ?? []) { - expect(result.warning).toContain(fragment); - } + expect(result).toEqual({ + auth: { + token: undefined, + password: undefined, + }, + }); }); });