From e092d50e77e57532ee3685784a558f258928939b Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Mon, 11 May 2026 08:06:33 +0100 Subject: [PATCH] test: tighten qa credentials admin assertions --- .../src/qa-credentials-admin.runtime.test.ts | 51 +++++++++---------- 1 file changed, 25 insertions(+), 26 deletions(-) diff --git a/extensions/qa-lab/src/qa-credentials-admin.runtime.test.ts b/extensions/qa-lab/src/qa-credentials-admin.runtime.test.ts index e56e5146a27..358201dbab0 100644 --- a/extensions/qa-lab/src/qa-credentials-admin.runtime.test.ts +++ b/extensions/qa-lab/src/qa-credentials-admin.runtime.test.ts @@ -24,6 +24,17 @@ function requireFirstFetchInput(fetchImpl: ReturnType): RequestInf return input; } +async function expectQaCredentialAdminError(promise: Promise, code: string) { + const error = await promise.then( + () => undefined, + (err: unknown) => err, + ); + expect(error).toBeInstanceOf(QaCredentialAdminError); + const adminError = error as QaCredentialAdminError; + expect(adminError.name).toBe("QaCredentialAdminError"); + expect(adminError.code).toBe(code); +} + describe("qa credential admin runtime", () => { it("adds a credential set through the admin endpoint", async () => { const fetchImpl = vi.fn(async (_input: RequestInfo | URL, _init?: RequestInit) => @@ -75,20 +86,18 @@ describe("qa credential admin runtime", () => { }); it("rejects admin commands when maintainer secret is missing", async () => { - await expect( + await expectQaCredentialAdminError( listQaCredentialSets({ siteUrl: "https://first-schnauzer-821.convex.site", env: {}, fetchImpl: vi.fn(), }), - ).rejects.toMatchObject({ - name: "QaCredentialAdminError", - code: "MISSING_MAINTAINER_SECRET", - } satisfies Partial); + "MISSING_MAINTAINER_SECRET", + ); }); it("rejects non-https admin site URLs unless local insecure opt-in is enabled", async () => { - await expect( + await expectQaCredentialAdminError( listQaCredentialSets({ siteUrl: "http://qa-cred.example.convex.site", env: { @@ -96,10 +105,8 @@ describe("qa credential admin runtime", () => { }, fetchImpl: vi.fn(), }), - ).rejects.toMatchObject({ - name: "QaCredentialAdminError", - code: "INVALID_SITE_URL", - } satisfies Partial); + "INVALID_SITE_URL", + ); }); it("allows loopback http admin site URLs when OPENCLAW_QA_ALLOW_INSECURE_HTTP is enabled", async () => { @@ -126,7 +133,7 @@ describe("qa credential admin runtime", () => { }); it("rejects unsafe endpoint-prefix overrides", async () => { - await expect( + await expectQaCredentialAdminError( listQaCredentialSets({ siteUrl: "https://first-schnauzer-821.convex.site", endpointPrefix: "//evil.example", @@ -135,10 +142,8 @@ describe("qa credential admin runtime", () => { }, fetchImpl: vi.fn(), }), - ).rejects.toMatchObject({ - name: "QaCredentialAdminError", - code: "INVALID_ARGUMENT", - } satisfies Partial); + "INVALID_ARGUMENT", + ); }); it("surfaces broker error codes for remove", async () => { @@ -153,7 +158,7 @@ describe("qa credential admin runtime", () => { ), ); - await expect( + await expectQaCredentialAdminError( removeQaCredentialSet({ credentialId: "cred-1", siteUrl: "https://first-schnauzer-821.convex.site", @@ -162,10 +167,8 @@ describe("qa credential admin runtime", () => { }, fetchImpl, }), - ).rejects.toMatchObject({ - name: "QaCredentialAdminError", - code: "LEASE_ACTIVE", - } satisfies Partial); + "LEASE_ACTIVE", + ); }); it("lists credentials and forwards includePayload/status filters", async () => { @@ -246,11 +249,7 @@ describe("qa credential admin runtime", () => { expect(result.status).toBe("pass"); expect(JSON.stringify(result)).not.toContain("ci-secret"); expect(JSON.stringify(result)).not.toContain("maint-secret"); - expect(result.checks).toContainEqual( - expect.objectContaining({ - name: "broker admin/list", - status: "pass", - }), - ); + const brokerCheck = result.checks.find((check) => check.name === "broker admin/list"); + expect(brokerCheck?.status).toBe("pass"); }); });