felhom-agent/internal/config/config_test.go

package config

import (
	"os"
	"path/filepath"
	"strings"
	"testing"
)

func TestRedactedMasksSecret(t *testing.T) {
	c := Default()
	c.Proxmox.Token = "felhom-agent@pve!agent=b6547d9d-08ec-4f22-beb8-a551dc2cd69d"
	got := c.Redacted().Proxmox.Token
	if strings.Contains(got, "b6547d9d") {
		t.Fatalf("secret leaked in redacted token: %q", got)
	}
	if !strings.HasPrefix(got, "felhom-agent@pve!agent=") {
		t.Errorf("redacted token lost its public prefix: %q", got)
	}
	// The original must be untouched (Redacted returns a copy).
	if !strings.Contains(c.Proxmox.Token, "b6547d9d") {
		t.Errorf("Redacted mutated the original config")
	}
}

func TestValidate(t *testing.T) {
	c := Default()
	c.Proxmox.Node = "demo-felhom"
	c.Proxmox.Token = "felhom-agent@pve!agent=secret"
	if err := c.Validate(); err != nil {
		t.Fatalf("valid config rejected: %v", err)
	}
	c.Proxmox.Token = "no-bang-no-eq"
	if err := c.Validate(); err == nil {
		t.Errorf("malformed token accepted")
	}
}

func TestRedactedMasksHubKey(t *testing.T) {
	c := Default()
	c.Hub.APIKey = "hub-secret-abcdef"
	if got := c.Redacted().Hub.APIKey; got == "hub-secret-abcdef" || got == "" {
		t.Fatalf("hub key not masked: %q", got)
	}
	if !strings.Contains(c.Hub.APIKey, "abcdef") {
		t.Error("Redacted mutated the original hub key")
	}
}

func TestHubConfigValidate(t *testing.T) {
	base := HubConfig{URL: "https://hub.felhom.eu", HostID: "h1", APIKey: "k"}
	if err := base.Validate(); err != nil {
		t.Fatalf("valid hub config rejected: %v", err)
	}
	bad := []HubConfig{
		{HostID: "h", APIKey: "k"},                              // no URL
		{URL: "https://x", APIKey: "k"},                         // no host
		{URL: "https://x", HostID: "h"},                         // no key
		{URL: "http://hub.felhom.eu", HostID: "h", APIKey: "k"}, // http non-loopback
		{URL: "ftp://x", HostID: "h", APIKey: "k"},              // bad scheme
	}
	for i, h := range bad {
		if err := h.Validate(); err == nil {
			t.Errorf("case %d: expected validation error for %+v", i, h)
		}
	}
	// http is allowed for loopback (tests).
	if err := (HubConfig{URL: "http://127.0.0.1:8443", HostID: "h", APIKey: "k"}).Validate(); err != nil {
		t.Errorf("http loopback should be allowed: %v", err)
	}
}

func TestHubEnvOverlayAndDefaults(t *testing.T) {
	t.Setenv("FELHOM_AGENT_HUB_URL", "https://hub.example")
	t.Setenv("FELHOM_AGENT_HUB_HOST_ID", "env-host")
	t.Setenv("FELHOM_AGENT_HUB_API_KEY", "env-key")
	t.Setenv("FELHOM_AGENT_HUB_POLL_SECONDS", "120")
	cfg, err := Load("")
	if err != nil {
		t.Fatal(err)
	}
	if cfg.Hub.URL != "https://hub.example" || cfg.Hub.HostID != "env-host" || cfg.Hub.APIKey != "env-key" {
		t.Errorf("hub env overlay failed: %+v", cfg.Hub)
	}
	if cfg.Hub.PollSeconds != 120 {
		t.Errorf("poll seconds = %d, want 120", cfg.Hub.PollSeconds)
	}
	// withDefaults fills zero timeout.
	if (HubConfig{}).WithDefaults().TimeoutSeconds != 30 {
		t.Error("WithDefaults should set TimeoutSeconds=30")
	}
}

func TestLoadFileThenEnvOverride(t *testing.T) {
	dir := t.TempDir()
	path := filepath.Join(dir, "agent.json")
	if err := os.WriteFile(path, []byte(`{"proxmox":{"node":"file-node","token":"u@pve!t=filesecret"}}`), 0o600); err != nil {
		t.Fatal(err)
	}
	t.Setenv("FELHOM_AGENT_PROXMOX_NODE", "env-node")
	cfg, err := Load(path)
	if err != nil {
		t.Fatalf("Load: %v", err)
	}
	if cfg.Proxmox.Node != "env-node" {
		t.Errorf("env did not override node: %q", cfg.Proxmox.Node)
	}
	if cfg.Proxmox.Token != "u@pve!t=filesecret" {
		t.Errorf("token from file lost: %q", cfg.Proxmox.Token)
	}
	if cfg.Proxmox.Endpoint != "https://127.0.0.1:8006" {
		t.Errorf("default endpoint lost: %q", cfg.Proxmox.Endpoint)
	}
}