vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 09:00:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bd20a920a2a3cbcf240954ee0db07c62d3ea2244
openclaw/src/secrets/runtime-request-secret-refs.test.ts
Vincent Koc 39f22ef8b3 test(secrets): share runtime snapshot fixtures
2026-04-12 03:37:08 +01:00

225 lines
7.1 KiB
TypeScript
Raw Blame History

import { describe, expect, it } from "vitest";
import {
asConfig,
loadAuthStoreWithProfiles,
setupSecretsRuntimeSnapshotTestHooks,
} from "./runtime.test-support.ts";
const { prepareSecretsRuntimeSnapshot } = setupSecretsRuntimeSnapshotTestHooks();
describe("secrets runtime snapshot request secret refs", () => {
it("can skip auth-profile SecretRef resolution when includeAuthStoreRefs is false", async () => {
const missingEnvVar = `OPENCLAW_MISSING_AUTH_PROFILE_SECRET_${Date.now()}`;
delete process.env[missingEnvVar];
const loadAuthStore = () =>
loadAuthStoreWithProfiles({
"custom:token": {
type: "token",
provider: "custom",
tokenRef: { source: "env", provider: "default", id: missingEnvVar },
},
});
await expect(
prepareSecretsRuntimeSnapshot({
config: asConfig({}),
env: {},
agentDirs: ["/tmp/openclaw-agent-main"],
loadAuthStore,
}),
).rejects.toThrow(`Environment variable "${missingEnvVar}" is missing or empty.`);
const snapshot = await prepareSecretsRuntimeSnapshot({
config: asConfig({}),
env: {},
includeAuthStoreRefs: false,
agentDirs: ["/tmp/openclaw-agent-main"],
loadAuthStore,
});
expect(snapshot.authStores).toEqual([]);
});
it("resolves model provider request secret refs for headers, auth, and tls material", async () => {
const config = asConfig({
models: {
providers: {
openai: {
baseUrl: "https://api.openai.com/v1",
request: {
headers: {
"X-Tenant": { source: "env", provider: "default", id: "OPENAI_PROVIDER_TENANT" },
},
auth: {
mode: "authorization-bearer",
token: { source: "env", provider: "default", id: "OPENAI_PROVIDER_TOKEN" },
},
proxy: {
mode: "explicit-proxy",
url: "http://proxy.example:8080",
tls: {
ca: { source: "env", provider: "default", id: "OPENAI_PROVIDER_PROXY_CA" },
},
},
tls: {
cert: { source: "env", provider: "default", id: "OPENAI_PROVIDER_CERT" },
key: { source: "env", provider: "default", id: "OPENAI_PROVIDER_KEY" },
},
},
models: [],
},
},
},
});
const snapshot = await prepareSecretsRuntimeSnapshot({
config,
env: {
OPENAI_PROVIDER_TENANT: "tenant-acme",
OPENAI_PROVIDER_TOKEN: "sk-provider-runtime", // pragma: allowlist secret
OPENAI_PROVIDER_PROXY_CA: "proxy-ca",
OPENAI_PROVIDER_CERT: "client-cert",
OPENAI_PROVIDER_KEY: "client-key",
},
agentDirs: ["/tmp/openclaw-agent-main"],
loadAuthStore: () => ({ version: 1, profiles: {} }),
});
expect(snapshot.config.models?.providers?.openai?.request).toEqual({
headers: {
"X-Tenant": "tenant-acme",
},
auth: {
mode: "authorization-bearer",
token: "sk-provider-runtime",
},
proxy: {
mode: "explicit-proxy",
url: "http://proxy.example:8080",
tls: {
ca: "proxy-ca",
},
},
tls: {
cert: "client-cert",
key: "client-key",
},
});
});
it("resolves media request secret refs for provider headers, auth, and tls material", async () => {
const snapshot = await prepareSecretsRuntimeSnapshot({
config: asConfig({
tools: {
media: {
models: [
{
provider: "openai",
model: "gpt-4o-mini-transcribe",
capabilities: ["audio"],
request: {
headers: {
"X-Shared-Tenant": {
source: "env",
provider: "default",
id: "MEDIA_SHARED_TENANT",
},
},
auth: {
mode: "header",
headerName: "x-shared-key",
value: {
source: "env",
provider: "default",
id: "MEDIA_SHARED_MODEL_KEY",
},
},
},
},
],
audio: {
enabled: true,
request: {
headers: {
"X-Tenant": { source: "env", provider: "default", id: "MEDIA_AUDIO_TENANT" },
},
auth: {
mode: "authorization-bearer",
token: { source: "env", provider: "default", id: "MEDIA_AUDIO_TOKEN" },
},
tls: {
cert: { source: "env", provider: "default", id: "MEDIA_AUDIO_CERT" },
},
},
models: [
{
provider: "deepgram",
request: {
auth: {
mode: "header",
headerName: "x-api-key",
value: { source: "env", provider: "default", id: "MEDIA_AUDIO_MODEL_KEY" },
},
proxy: {
mode: "explicit-proxy",
url: "http://proxy.example:8080",
tls: {
ca: { source: "env", provider: "default", id: "MEDIA_AUDIO_PROXY_CA" },
},
},
},
},
],
},
},
},
}),
env: {
MEDIA_SHARED_TENANT: "tenant-shared",
MEDIA_SHARED_MODEL_KEY: "shared-model-key", // pragma: allowlist secret
MEDIA_AUDIO_TENANT: "tenant-acme",
MEDIA_AUDIO_TOKEN: "audio-token", // pragma: allowlist secret
MEDIA_AUDIO_CERT: "client-cert",
MEDIA_AUDIO_MODEL_KEY: "model-key", // pragma: allowlist secret
MEDIA_AUDIO_PROXY_CA: "proxy-ca",
},
agentDirs: ["/tmp/openclaw-agent-main"],
loadAuthStore: () => ({ version: 1, profiles: {} }),
});
expect(snapshot.config.tools?.media?.audio?.request?.headers?.["X-Tenant"]).toBe("tenant-acme");
expect(snapshot.config.tools?.media?.audio?.request?.auth).toEqual({
mode: "authorization-bearer",
token: "audio-token",
});
expect(snapshot.config.tools?.media?.audio?.request?.tls).toEqual({
cert: "client-cert",
});
expect(snapshot.config.tools?.media?.models?.[0]?.request).toEqual({
headers: {
"X-Shared-Tenant": "tenant-shared",
},
auth: {
mode: "header",
headerName: "x-shared-key",
value: "shared-model-key",
},
});
expect(snapshot.config.tools?.media?.audio?.models?.[0]?.request).toEqual({
auth: {
mode: "header",
headerName: "x-api-key",
value: "model-key",
},
proxy: {
mode: "explicit-proxy",
url: "http://proxy.example:8080",
tls: {
ca: "proxy-ca",
},
},
});
});
});
Reference in New Issue View Git Blame Copy Permalink