test: share gateway password inactive assertion

2026-05-06 08:40:44 +00:00 · 2026-04-20 22:21:17 +01:00
parent 3349cc5ea0
commit 382201acf0
1 changed files with 35 additions and 41 deletions
--- a/src/secrets/runtime-gateway-local-surfaces.test.ts
+++ b/src/secrets/runtime-gateway-local-surfaces.test.ts
@@ -3,6 +3,22 @@ import { asConfig, setupSecretsRuntimeSnapshotTestHooks } from "./runtime.test-s

 const { prepareSecretsRuntimeSnapshot } = setupSecretsRuntimeSnapshotTestHooks();

+async function expectInactiveGatewayPassword(config: unknown): Promise<void> {
+  const snapshot = await prepareSecretsRuntimeSnapshot({
+    config: asConfig(config),
+    env: {},
+    agentDirs: ["/tmp/openclaw-agent-main"],
+    loadAuthStore: () => ({ version: 1, profiles: {} }),
+  });
+
+  expect(snapshot.config.gateway?.auth?.password).toEqual({
+    source: "env",
+    provider: "default",
+    id: "GATEWAY_PASSWORD_REF",
+  });
+  expect(snapshot.warnings.map((warning) => warning.path)).toContain("gateway.auth.password");
+}
+
 describe("secrets runtime gateway local surfaces", () => {
  it("treats gateway.remote refs as inactive when local auth credentials are configured", async () => {
    const snapshot = await prepareSecretsRuntimeSnapshot({
@@ -124,53 +140,29 @@ describe("secrets runtime gateway local surfaces", () => {
  });

  it("treats gateway.auth.password ref as inactive when auth mode is trusted-proxy", async () => {
-    const snapshot = await prepareSecretsRuntimeSnapshot({
-      config: asConfig({
-        gateway: {
-          auth: {
-            mode: "trusted-proxy",
-            password: { source: "env", provider: "default", id: "GATEWAY_PASSWORD_REF" },
-          },
+    await expectInactiveGatewayPassword({
+      gateway: {
+        auth: {
+          mode: "trusted-proxy",
+          password: { source: "env", provider: "default", id: "GATEWAY_PASSWORD_REF" },
        },
-      }),
-      env: {},
-      agentDirs: ["/tmp/openclaw-agent-main"],
-      loadAuthStore: () => ({ version: 1, profiles: {} }),
+      },
    });
-
-    expect(snapshot.config.gateway?.auth?.password).toEqual({
-      source: "env",
-      provider: "default",
-      id: "GATEWAY_PASSWORD_REF",
-    });
-    expect(snapshot.warnings.map((warning) => warning.path)).toContain("gateway.auth.password");
  });

  it("treats gateway.auth.password ref as inactive when remote token is configured", async () => {
-    const snapshot = await prepareSecretsRuntimeSnapshot({
-      config: asConfig({
-        gateway: {
-          mode: "local",
-          auth: {
-            password: { source: "env", provider: "default", id: "GATEWAY_PASSWORD_REF" },
-          },
-          remote: {
-            enabled: true,
-            token: "remote-token",
-          },
+    await expectInactiveGatewayPassword({
+      gateway: {
+        mode: "local",
+        auth: {
+          password: { source: "env", provider: "default", id: "GATEWAY_PASSWORD_REF" },
        },
-      }),
-      env: {},
-      agentDirs: ["/tmp/openclaw-agent-main"],
-      loadAuthStore: () => ({ version: 1, profiles: {} }),
+        remote: {
+          enabled: true,
+          token: "remote-token",
+        },
+      },
    });
-
-    expect(snapshot.config.gateway?.auth?.password).toEqual({
-      source: "env",
-      provider: "default",
-      id: "GATEWAY_PASSWORD_REF",
-    });
-    expect(snapshot.warnings.map((warning) => warning.path)).toContain("gateway.auth.password");
  });

  it.each(["none", "trusted-proxy"] as const)(
@@ -180,7 +172,9 @@ describe("secrets runtime gateway local surfaces", () => {
        config: asConfig({
          gateway: {
            mode: "local",
-            auth: { mode },
+            auth: {
+              mode,
+            },
            remote: {
              enabled: true,
              token: { source: "env", provider: "default", id: "REMOTE_GATEWAY_TOKEN_REF" },