From 5d3a88b10aefdfc8c35cf5fdd751806f9ec46ef2 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 27 Mar 2026 15:23:02 +0000 Subject: [PATCH] =?UTF-8?q?test:=20connections=20=E2=80=94=20SSH=20tunnel?= =?UTF-8?q?=20extractSshConfig=20and=20MongoDB=20detectAuthMethod?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cover two untested areas in the warehouse connection layer: 1. extractSshConfig: zero prior coverage for the function that extracts SSH tunnel config and validates connection_string incompatibility. 2. detectAuthMethod MongoDB paths: newly added in #482 (MongoDB driver support) with no test coverage for the type-specific fallback branch. Co-Authored-By: Claude Opus 4.6 (1M context) https://claude.ai/code/session_01Wr8GYaTQDKpHV1UQDftUJr --- .../altimate/ssh-tunnel-and-registry.test.ts | 115 ++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 packages/opencode/test/altimate/ssh-tunnel-and-registry.test.ts diff --git a/packages/opencode/test/altimate/ssh-tunnel-and-registry.test.ts b/packages/opencode/test/altimate/ssh-tunnel-and-registry.test.ts new file mode 100644 index 000000000..c77487dcd --- /dev/null +++ b/packages/opencode/test/altimate/ssh-tunnel-and-registry.test.ts @@ -0,0 +1,115 @@ +import { describe, test, expect, beforeAll, afterAll } from "bun:test" + +// Disable telemetry to avoid side-effects +beforeAll(() => { process.env.ALTIMATE_TELEMETRY_DISABLED = "true" }) +afterAll(() => { delete process.env.ALTIMATE_TELEMETRY_DISABLED }) + +import { extractSshConfig, closeTunnel, getActiveTunnel } from "../../src/altimate/native/connections/ssh-tunnel" +import { detectAuthMethod } from "../../src/altimate/native/connections/registry" + +// --------------------------------------------------------------------------- +// extractSshConfig — pure function that extracts SSH tunnel config +// --------------------------------------------------------------------------- + +describe("extractSshConfig", () => { + test("returns null when no ssh_host is present", () => { + const result = extractSshConfig({ type: "postgres", host: "db.example.com", port: 5432 }) + expect(result).toBeNull() + }) + + test("extracts full SSH config with all fields", () => { + const result = extractSshConfig({ + type: "postgres", + host: "db.internal", + port: 5433, + ssh_host: "bastion.example.com", + ssh_port: 2222, + ssh_user: "deployer", + ssh_password: "secret", + }) + expect(result).toEqual({ + ssh_host: "bastion.example.com", + ssh_port: 2222, + ssh_user: "deployer", + ssh_password: "secret", + ssh_private_key: undefined, + host: "db.internal", + port: 5433, + }) + }) + + test("applies defaults for ssh_port, ssh_user, host, port", () => { + const result = extractSshConfig({ + type: "postgres", + ssh_host: "bastion.example.com", + }) + expect(result).not.toBeNull() + expect(result!.ssh_port).toBe(22) + expect(result!.ssh_user).toBe("root") + expect(result!.host).toBe("127.0.0.1") + expect(result!.port).toBe(5432) + }) + + test("throws when connection_string is used with SSH tunnel", () => { + expect(() => extractSshConfig({ + type: "postgres", + ssh_host: "bastion.example.com", + connection_string: "postgresql://user:pass@host:5432/db", + })).toThrow("Cannot use SSH tunnel with connection_string") + }) + + test("supports private key authentication", () => { + const result = extractSshConfig({ + type: "snowflake", + host: "db.internal", + port: 443, + ssh_host: "bastion.example.com", + ssh_private_key: "-----BEGIN OPENSSH PRIVATE KEY-----\nAAA...", + }) + expect(result).not.toBeNull() + expect(result!.ssh_private_key).toBe("-----BEGIN OPENSSH PRIVATE KEY-----\nAAA...") + expect(result!.ssh_password).toBeUndefined() + }) +}) + +// --------------------------------------------------------------------------- +// closeTunnel / getActiveTunnel — idempotent operations on empty state +// --------------------------------------------------------------------------- + +describe("SSH tunnel state management", () => { + test("closeTunnel is a no-op for non-existent tunnel and does not corrupt state", () => { + closeTunnel("nonexistent-tunnel-name") + expect(getActiveTunnel("nonexistent-tunnel-name")).toBeUndefined() + }) + + test("getActiveTunnel returns undefined for non-existent tunnel", () => { + expect(getActiveTunnel("nonexistent")).toBeUndefined() + }) +}) + +// --------------------------------------------------------------------------- +// detectAuthMethod — MongoDB-specific fallback paths (added in commit abcaa1d) +// +// Note: config.password triggers the generic "password" branch (line 226) +// BEFORE the type-specific MongoDB branch (line 229). These tests document +// the actual precedence behavior, not the MongoDB branch in isolation. +// --------------------------------------------------------------------------- + +describe("detectAuthMethod: MongoDB", () => { + test("mongodb without password falls through to MongoDB-specific branch returning 'connection_string'", () => { + expect(detectAuthMethod({ type: "mongodb" })).toBe("connection_string") + }) + + test("mongo alias without password falls through to MongoDB-specific branch returning 'connection_string'", () => { + expect(detectAuthMethod({ type: "mongo" })).toBe("connection_string") + }) + + test("mongodb with password is caught by the generic password check (precedence test)", () => { + // The generic `if (config.password)` fires before the MongoDB branch + expect(detectAuthMethod({ type: "mongodb", password: "secret" })).toBe("password") + }) + + test("mongodb with connection_string is caught by the generic connection_string check (precedence test)", () => { + expect(detectAuthMethod({ type: "mongodb", connection_string: "mongodb://localhost:27017" })).toBe("connection_string") + }) +})