145 lines
4.7 KiB
Go
145 lines
4.7 KiB
Go
package secretstore
|
|
|
|
import (
|
|
"errors"
|
|
"path/filepath"
|
|
"strings"
|
|
"testing"
|
|
|
|
"forge.lclr.dev/AI/mcp-framework/manifest"
|
|
)
|
|
|
|
func TestDescribeRuntimeReturnsDeclaredAndEffectivePolicies(t *testing.T) {
|
|
desc, err := DescribeRuntime(DescribeRuntimeOptions{
|
|
ServiceName: "graylog-mcp",
|
|
LookupEnv: func(string) (string, bool) { return "", false },
|
|
ExecutableResolver: func() (string, error) {
|
|
return filepath.Join(string(filepath.Separator), "opt", "graylog-mcp", "bin", "graylog-mcp"), nil
|
|
},
|
|
ManifestLoader: func(startDir string) (manifest.File, string, error) {
|
|
return manifest.File{
|
|
SecretStore: manifest.SecretStore{BackendPolicy: string(BackendEnvOnly)},
|
|
}, filepath.Join(startDir, manifest.DefaultFile), nil
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("DescribeRuntime returned error: %v", err)
|
|
}
|
|
|
|
if desc.ManifestSource == "" {
|
|
t.Fatal("ManifestSource should not be empty")
|
|
}
|
|
if desc.DeclaredPolicy != BackendEnvOnly {
|
|
t.Fatalf("DeclaredPolicy = %q, want %q", desc.DeclaredPolicy, BackendEnvOnly)
|
|
}
|
|
if desc.EffectivePolicy != BackendEnvOnly {
|
|
t.Fatalf("EffectivePolicy = %q, want %q", desc.EffectivePolicy, BackendEnvOnly)
|
|
}
|
|
if desc.DisplayName == "" {
|
|
t.Fatal("DisplayName should not be empty")
|
|
}
|
|
if !desc.Ready {
|
|
t.Fatalf("Ready = %v, want true", desc.Ready)
|
|
}
|
|
if desc.ReadyError != nil {
|
|
t.Fatalf("ReadyError = %v, want nil", desc.ReadyError)
|
|
}
|
|
}
|
|
|
|
func TestDescribeRuntimeDoesNotProbeBitwardenByDefault(t *testing.T) {
|
|
withBitwardenRunner(t, func(command string, stdin []byte, args ...string) ([]byte, error) {
|
|
return nil, errors.New("unexpected bitwarden invocation")
|
|
})
|
|
|
|
desc, err := DescribeRuntime(DescribeRuntimeOptions{
|
|
ServiceName: "graylog-mcp",
|
|
Shell: "fish",
|
|
ExecutableResolver: func() (string, error) {
|
|
return filepath.Join(string(filepath.Separator), "opt", "graylog-mcp", "bin", "graylog-mcp"), nil
|
|
},
|
|
ManifestLoader: func(startDir string) (manifest.File, string, error) {
|
|
return manifest.File{
|
|
SecretStore: manifest.SecretStore{BackendPolicy: string(BackendBitwardenCLI)},
|
|
}, filepath.Join(startDir, manifest.DefaultFile), nil
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("DescribeRuntime returned error: %v", err)
|
|
}
|
|
|
|
if desc.DeclaredPolicy != BackendBitwardenCLI {
|
|
t.Fatalf("DeclaredPolicy = %q, want %q", desc.DeclaredPolicy, BackendBitwardenCLI)
|
|
}
|
|
if desc.EffectivePolicy != BackendBitwardenCLI {
|
|
t.Fatalf("EffectivePolicy = %q, want %q", desc.EffectivePolicy, BackendBitwardenCLI)
|
|
}
|
|
if !desc.Ready {
|
|
t.Fatalf("Ready = %v, want true without readiness probe", desc.Ready)
|
|
}
|
|
if desc.ReadyError != nil {
|
|
t.Fatalf("ReadyError = %v, want nil without readiness probe", desc.ReadyError)
|
|
}
|
|
}
|
|
|
|
func TestPreflightFromManifestReturnsTypedStatusAndRemediation(t *testing.T) {
|
|
withBitwardenRunner(t, func(command string, stdin []byte, args ...string) ([]byte, error) {
|
|
switch {
|
|
case len(args) == 1 && args[0] == "--version":
|
|
return []byte("2026.1.0\n"), nil
|
|
case len(args) == 1 && args[0] == "status":
|
|
return []byte(`{"status":"locked"}`), nil
|
|
default:
|
|
return nil, errors.New("unexpected bitwarden invocation")
|
|
}
|
|
})
|
|
|
|
report, err := PreflightFromManifest(PreflightOptions{
|
|
ServiceName: "graylog-mcp",
|
|
Shell: "fish",
|
|
ExecutableResolver: func() (string, error) {
|
|
return filepath.Join(string(filepath.Separator), "opt", "graylog-mcp", "bin", "graylog-mcp"), nil
|
|
},
|
|
ManifestLoader: func(startDir string) (manifest.File, string, error) {
|
|
return manifest.File{
|
|
SecretStore: manifest.SecretStore{BackendPolicy: string(BackendBitwardenCLI)},
|
|
}, filepath.Join(startDir, manifest.DefaultFile), nil
|
|
},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("PreflightFromManifest returned error: %v", err)
|
|
}
|
|
|
|
if report.Status != PreflightStatusFail {
|
|
t.Fatalf("Status = %q, want %q", report.Status, PreflightStatusFail)
|
|
}
|
|
if !strings.Contains(strings.ToLower(report.Summary), "locked") {
|
|
t.Fatalf("Summary = %q, want lock hint", report.Summary)
|
|
}
|
|
if !strings.Contains(report.Remediation, "set -x BW_SESSION (bw unlock --raw)") {
|
|
t.Fatalf("Remediation = %q, want fish remediation", report.Remediation)
|
|
}
|
|
}
|
|
|
|
func TestFormatBackendStatusIncludesDeclaredEffectiveAndReadiness(t *testing.T) {
|
|
line := FormatBackendStatus(RuntimeDescription{
|
|
ManifestSource: "/opt/graylog-mcp/mcp.toml",
|
|
DeclaredPolicy: BackendBitwardenCLI,
|
|
EffectivePolicy: BackendBitwardenCLI,
|
|
DisplayName: "Bitwarden CLI",
|
|
Ready: false,
|
|
ReadyError: ErrBWLocked,
|
|
})
|
|
|
|
for _, needle := range []string{
|
|
"declared=bitwarden-cli",
|
|
"effective=bitwarden-cli",
|
|
"display=Bitwarden CLI",
|
|
"ready=false",
|
|
"source=/opt/graylog-mcp/mcp.toml",
|
|
"error=",
|
|
} {
|
|
if !strings.Contains(line, needle) {
|
|
t.Fatalf("line = %q, want substring %q", line, needle)
|
|
}
|
|
}
|
|
}
|