d30dc28b8c
* Secrets: harden exec SecretRef validation and reload LKG coverage * Tests: harden exec fast-exit stdin regression case * Tests: align lifecycle daemon test formatting with oxfmt 0.36
35 lines
1.4 KiB
TypeScript
35 lines
1.4 KiB
TypeScript
import AjvPkg from "ajv";
|
|
import { describe, expect, it } from "vitest";
|
|
import {
|
|
INVALID_EXEC_SECRET_REF_IDS,
|
|
VALID_EXEC_SECRET_REF_IDS,
|
|
} from "../../test-utils/secret-ref-test-vectors.js";
|
|
import { SecretInputSchema, SecretRefSchema } from "./schema/primitives.js";
|
|
|
|
describe("gateway protocol SecretRef schema", () => {
|
|
const Ajv = AjvPkg as unknown as new (opts?: object) => import("ajv").default;
|
|
const ajv = new Ajv({ allErrors: true, strict: false });
|
|
const validateSecretRef = ajv.compile(SecretRefSchema);
|
|
const validateSecretInput = ajv.compile(SecretInputSchema);
|
|
|
|
it("accepts valid source-specific refs", () => {
|
|
expect(validateSecretRef({ source: "env", provider: "default", id: "OPENAI_API_KEY" })).toBe(
|
|
true,
|
|
);
|
|
expect(
|
|
validateSecretRef({ source: "file", provider: "filemain", id: "/providers/openai/apiKey" }),
|
|
).toBe(true);
|
|
for (const id of VALID_EXEC_SECRET_REF_IDS) {
|
|
expect(validateSecretRef({ source: "exec", provider: "vault", id }), id).toBe(true);
|
|
expect(validateSecretInput({ source: "exec", provider: "vault", id }), id).toBe(true);
|
|
}
|
|
});
|
|
|
|
it("rejects invalid exec refs", () => {
|
|
for (const id of INVALID_EXEC_SECRET_REF_IDS) {
|
|
expect(validateSecretRef({ source: "exec", provider: "vault", id }), id).toBe(false);
|
|
expect(validateSecretInput({ source: "exec", provider: "vault", id }), id).toBe(false);
|
|
}
|
|
});
|
|
});
|