Skip to content

Commit 6f8cd0a

Browse files
bbrksbbrks
committed
Improve test
1 parent ca68ef3 commit 6f8cd0a

File tree

1 file changed

+24
-4
lines changed

1 file changed

+24
-4
lines changed

rest/config_flags_test.go

Lines changed: 24 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -172,7 +172,7 @@ func countFields(cfg interface{}) (fields int) {
172172
return fields
173173
}
174174

175-
// Ensure disabled flags error and are not wired into StartupConfig
175+
// TestDisabledFlagsErrorAndDoNotMutateConfig ensures disabled flags error and values are not wired into StartupConfig.
176176
func TestDisabledFlagsErrorAndDoNotMutateConfig(t *testing.T) {
177177
fs := flag.NewFlagSet("test", flag.ContinueOnError)
178178
config := NewEmptyStartupConfig()
@@ -191,9 +191,6 @@ func TestDisabledFlagsErrorAndDoNotMutateConfig(t *testing.T) {
191191

192192
// And none should have modified the config
193193
assert.Equal(t, "", config.Bootstrap.Password)
194-
// Not set by this test
195-
assert.Nil(t, config.DatabaseCredentials)
196-
assert.Nil(t, config.BucketCredentials)
197194
}
198195

199196
// Validate x509-only JSON for per-db and per-bucket flags
@@ -232,3 +229,26 @@ func TestPerCredsFlagsX509Only(t *testing.T) {
232229
assert.Contains(t, err.Error(), "database_credentials")
233230
assert.Contains(t, err.Error(), "bucket_credentials")
234231
}
232+
233+
// TestPerCredsFlagsRejectBasicAuthWithHelpfulError ensures that per-db and per-bucket flags reject username/password and return clear X.509-only errors.
234+
func TestPerCredsFlagsRejectBasicAuthWithHelpfulError(t *testing.T) {
235+
fs := flag.NewFlagSet("test", flag.ContinueOnError)
236+
config := NewEmptyStartupConfig()
237+
flags := registerConfigFlags(&config, fs)
238+
239+
// Provide username/password in JSON for both flags
240+
err := fs.Parse([]string{
241+
"-database_credentials", `{"db1":{"username":"u","password":"p"}}`,
242+
"-bucket_credentials", `{"bucket":{"username":"u","password":"p"}}`,
243+
})
244+
require.NoError(t, err)
245+
246+
err = fillConfigWithFlags(fs, flags)
247+
require.Error(t, err)
248+
// Check flag names are present
249+
assert.Contains(t, err.Error(), "database_credentials")
250+
assert.Contains(t, err.Error(), "bucket_credentials")
251+
// Check helpful X.509-only guidance present
252+
assert.Contains(t, err.Error(), "only X.509 cert/key paths are supported")
253+
assert.Contains(t, err.Error(), "username/password are not allowed")
254+
}

0 commit comments

Comments
 (0)