test(secrets): reuse auth runtime fixtures

2026-05-06 07:00:43 +00:00 · 2026-04-12 03:54:26 +01:00
parent 5c0e093b38
commit 2185dcf136
3 changed files with 31 additions and 70 deletions
--- a/src/secrets/runtime-auth-profiles-oauth-policy.test.ts
+++ b/src/secrets/runtime-auth-profiles-oauth-policy.test.ts
@@ -1,7 +1,11 @@
 import { describe, expect, it } from "vitest";
-import type { AuthProfileStore } from "../agents/auth-profiles.js";
 import type { OpenClawConfig } from "../config/config.js";
-import { prepareSecretsRuntimeSnapshot } from "./runtime.js";
+import {
+  loadAuthStoreWithProfiles,
+  setupSecretsRuntimeSnapshotTestHooks,
+} from "./runtime.test-support.ts";
+
+const { prepareSecretsRuntimeSnapshot } = setupSecretsRuntimeSnapshotTestHooks();

 function withAuthProfileMode(mode: "api_key" | "oauth" | "token"): OpenClawConfig {
  return {
@@ -23,16 +27,13 @@ function withAuthProfileMode(mode: "api_key" | "oauth" | "token"): OpenClawConfi

 describe("secrets runtime oauth auth-profile SecretRef policy", () => {
  it("fails startup snapshot when oauth mode profile uses token SecretRef", async () => {
-    const store: AuthProfileStore = {
-      version: 1,
-      profiles: {
-        "anthropic:default": {
-          type: "token",
-          provider: "anthropic",
-          tokenRef: { source: "env", provider: "default", id: "ANTHROPIC_TOKEN" },
-        },
+    const store = loadAuthStoreWithProfiles({
+      "anthropic:default": {
+        type: "token",
+        provider: "anthropic",
+        tokenRef: { source: "env", provider: "default", id: "ANTHROPIC_TOKEN" },
      },
-    };
+    });

    await expect(
      prepareSecretsRuntimeSnapshot({
@@ -46,16 +47,13 @@ describe("secrets runtime oauth auth-profile SecretRef policy", () => {
  });

  it("keeps token SecretRef support when the profile mode is token", async () => {
-    const store: AuthProfileStore = {
-      version: 1,
-      profiles: {
-        "anthropic:default": {
-          type: "token",
-          provider: "anthropic",
-          tokenRef: { source: "env", provider: "default", id: "ANTHROPIC_TOKEN" },
-        },
+    const store = loadAuthStoreWithProfiles({
+      "anthropic:default": {
+        type: "token",
+        provider: "anthropic",
+        tokenRef: { source: "env", provider: "default", id: "ANTHROPIC_TOKEN" },
      },
-    };
+    });

    const snapshot = await prepareSecretsRuntimeSnapshot({
      config: withAuthProfileMode("token"),
--- a/src/secrets/runtime-auth-store-inline-refs.test.ts
+++ b/src/secrets/runtime-auth-store-inline-refs.test.ts
@@ -1,35 +1,18 @@
-import { afterEach, beforeAll, describe, expect, it } from "vitest";
-import type { AuthProfileStore } from "../agents/auth-profiles.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { clearConfigCache, clearRuntimeConfigSnapshot } from "../config/config.js";
+import { describe, expect, it } from "vitest";
+import { activateSecretsRuntimeSnapshot } from "./runtime.js";
 import {
-  activateSecretsRuntimeSnapshot,
-  clearSecretsRuntimeSnapshot,
-  prepareSecretsRuntimeSnapshot,
-} from "./runtime.js";
+  asConfig,
+  loadAuthStoreWithProfiles,
+  setupSecretsRuntimeSnapshotTestHooks,
+} from "./runtime.test-support.ts";

 const EMPTY_LOADABLE_PLUGIN_ORIGINS = new Map();
-
-function loadAuthStoreWithProfiles(profiles: AuthProfileStore["profiles"]): AuthProfileStore {
-  return {
-    version: 1,
-    profiles,
-  };
-}
+const { prepareSecretsRuntimeSnapshot } = setupSecretsRuntimeSnapshotTestHooks();

 describe("secrets runtime snapshot inline auth-store refs", () => {
-  beforeAll(() => {});
-
-  afterEach(() => {
-    clearSecretsRuntimeSnapshot();
-    clearRuntimeConfigSnapshot();
-    clearConfigCache();
-  });
-
  it("normalizes inline SecretRef object on token to tokenRef", async () => {
-    const config: OpenClawConfig = { models: {}, secrets: {} };
    const snapshot = await prepareSecretsRuntimeSnapshot({
-      config,
+      config: asConfig({ models: {}, secrets: {} }),
      env: { MY_TOKEN: "resolved-token-value" },
      agentDirs: ["/tmp/openclaw-agent-main"],
      loadablePluginOrigins: EMPTY_LOADABLE_PLUGIN_ORIGINS,
@@ -53,9 +36,8 @@ describe("secrets runtime snapshot inline auth-store refs", () => {
  });

  it("normalizes inline SecretRef object on key to keyRef", async () => {
-    const config: OpenClawConfig = { models: {}, secrets: {} };
    const snapshot = await prepareSecretsRuntimeSnapshot({
-      config,
+      config: asConfig({ models: {}, secrets: {} }),
      env: { MY_KEY: "resolved-key-value" },
      agentDirs: ["/tmp/openclaw-agent-main"],
      loadablePluginOrigins: EMPTY_LOADABLE_PLUGIN_ORIGINS,
@@ -79,9 +61,8 @@ describe("secrets runtime snapshot inline auth-store refs", () => {
  });

  it("keeps explicit keyRef when inline key SecretRef is also present", async () => {
-    const config: OpenClawConfig = { models: {}, secrets: {} };
    const snapshot = await prepareSecretsRuntimeSnapshot({
-      config,
+      config: asConfig({ models: {}, secrets: {} }),
      env: {
        PRIMARY_KEY: "primary-key-value",
        SHADOW_KEY: "shadow-key-value",
--- a/src/secrets/runtime.test.ts
+++ b/src/secrets/runtime.test.ts
@@ -1,28 +1,10 @@
-import { afterEach, beforeAll, describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
-
-function asConfig(value: unknown): OpenClawConfig {
-  return value as OpenClawConfig;
-}
+import { describe, expect, it } from "vitest";
+import { asConfig, setupSecretsRuntimeSnapshotTestHooks } from "./runtime.test-support.ts";

 const EMPTY_LOADABLE_PLUGIN_ORIGINS = new Map();
-let clearConfigCache: typeof import("../config/config.js").clearConfigCache;
-let clearRuntimeConfigSnapshot: typeof import("../config/config.js").clearRuntimeConfigSnapshot;
-let clearSecretsRuntimeSnapshot: typeof import("./runtime.js").clearSecretsRuntimeSnapshot;
-let prepareSecretsRuntimeSnapshot: typeof import("./runtime.js").prepareSecretsRuntimeSnapshot;
+const { prepareSecretsRuntimeSnapshot } = setupSecretsRuntimeSnapshotTestHooks();

 describe("secrets runtime snapshot", () => {
-  beforeAll(async () => {
-    ({ clearConfigCache, clearRuntimeConfigSnapshot } = await import("../config/config.js"));
-    ({ clearSecretsRuntimeSnapshot, prepareSecretsRuntimeSnapshot } = await import("./runtime.js"));
-  });
-
-  afterEach(() => {
-    clearSecretsRuntimeSnapshot();
-    clearRuntimeConfigSnapshot();
-    clearConfigCache();
-  });
-
  it("resolves sandbox ssh secret refs for active ssh backends", async () => {
    const snapshot = await prepareSecretsRuntimeSnapshot({
      config: asConfig({