vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-13 01:40:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: tighten gateway auth surface assertions

Browse Source
This commit is contained in:
Peter Steinberger
2026-05-09 22:58:55 +01:00
parent 8e47cd5344
commit 0e53a2b49b
1 changed files with 20 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/secrets/runtime-gateway-auth-surfaces.test.ts
View File

@@ -15,6 +15,15 @@ function evaluate(config: OpenClawConfig, env: NodeJS.ProcessEnv = EMPTY_ENV) {
});
}
function expectGatewayState(
state: { active: boolean; hasSecretRef: boolean; reason: string },
expected: { active: boolean; hasSecretRef: boolean; reason: string },
) {
expect(state.hasSecretRef).toBe(expected.hasSecretRef);
expect(state.active).toBe(expected.active);
expect(state.reason).toBe(expected.reason);
}
describe("evaluateGatewayAuthSurfaceStates", () => {
it("marks gateway.auth.token active when token mode is explicit", () => {
const states = evaluate({
@@ -26,7 +35,7 @@ describe("evaluateGatewayAuthSurfaceStates", () => {
},
} as OpenClawConfig);
expect(states["gateway.auth.token"]).toMatchObject({
expectGatewayState(states["gateway.auth.token"], {
hasSecretRef: true,
active: true,
reason: 'gateway.auth.mode is "token".',
@@ -46,7 +55,7 @@ describe("evaluateGatewayAuthSurfaceStates", () => {
{ OPENCLAW_GATEWAY_TOKEN: "env-token" } as NodeJS.ProcessEnv,
);
expect(states["gateway.auth.token"]).toMatchObject({
expectGatewayState(states["gateway.auth.token"], {
hasSecretRef: true,
active: false,
reason: "gateway token env var is configured.",
@@ -63,7 +72,7 @@ describe("evaluateGatewayAuthSurfaceStates", () => {
},
} as OpenClawConfig);
expect(states["gateway.auth.token"]).toMatchObject({
expectGatewayState(states["gateway.auth.token"], {
hasSecretRef: true,
active: false,
reason: 'gateway.auth.mode is "password".',
@@ -80,7 +89,7 @@ describe("evaluateGatewayAuthSurfaceStates", () => {
},
} as OpenClawConfig);
expect(states["gateway.auth.password"]).toMatchObject({
expectGatewayState(states["gateway.auth.password"], {
hasSecretRef: true,
active: true,
reason: 'gateway.auth.mode is "password".',
@@ -97,7 +106,7 @@ describe("evaluateGatewayAuthSurfaceStates", () => {
},
} as OpenClawConfig);
expect(states["gateway.auth.password"]).toMatchObject({
expectGatewayState(states["gateway.auth.password"], {
hasSecretRef: true,
active: true,
reason: "no token source can win, so password auth can win.",
@@ -116,7 +125,7 @@ describe("evaluateGatewayAuthSurfaceStates", () => {
{ OPENCLAW_GATEWAY_TOKEN: "env-token" } as NodeJS.ProcessEnv,
);
expect(states["gateway.auth.password"]).toMatchObject({
expectGatewayState(states["gateway.auth.password"], {
hasSecretRef: true,
active: false,
reason: "gateway token env var is configured.",
@@ -133,7 +142,7 @@ describe("evaluateGatewayAuthSurfaceStates", () => {
},
} as OpenClawConfig);
expect(states["gateway.remote.token"]).toMatchObject({
expectGatewayState(states["gateway.remote.token"], {
hasSecretRef: true,
active: true,
reason: "local token auth can win and no env/auth token is configured.",
@@ -152,7 +161,7 @@ describe("evaluateGatewayAuthSurfaceStates", () => {
},
} as OpenClawConfig);
expect(states["gateway.remote.token"]).toMatchObject({
expectGatewayState(states["gateway.remote.token"], {
hasSecretRef: true,
active: false,
reason: 'token auth cannot win with gateway.auth.mode="password".',
@@ -173,7 +182,7 @@ describe("evaluateGatewayAuthSurfaceStates", () => {
},
} as OpenClawConfig);
expect(states["gateway.remote.token"]).toMatchObject({
expectGatewayState(states["gateway.remote.token"], {
hasSecretRef: true,
active: false,
reason: "gateway.auth.token is configured.",
@@ -208,7 +217,7 @@ describe("evaluateGatewayAuthSurfaceStates", () => {
},
} as OpenClawConfig);
expect(states["gateway.remote.password"]).toMatchObject({
expectGatewayState(states["gateway.remote.password"], {
hasSecretRef: true,
active: false,
reason: 'password auth cannot win with gateway.auth.mode="token".',
@@ -228,7 +237,7 @@ describe("evaluateGatewayAuthSurfaceStates", () => {
},
} as OpenClawConfig);
expect(states["gateway.remote.password"]).toMatchObject({
expectGatewayState(states["gateway.remote.password"], {
hasSecretRef: true,
active: false,
reason: "remote password fallback is not active.",