use super::*;
use std::sync::Mutex;
static HOME_LOCK: Mutex<()> = Mutex::new(());
unsafe fn set_home(path: &std::path::Path) {
unsafe { std::env::set_var("HOME", path) };
}
unsafe fn restore_home(prev: Option<String>) {
unsafe {
match prev {
Some(h) => std::env::set_var("HOME", h),
None => std::env::remove_var("HOME"),
}
}
}
#[test]
fn resolve_secrets_in_cluster_config() {
let _lock = HOME_LOCK.lock().unwrap();
let dir = tempfile::tempdir().unwrap();
let prev_home = std::env::var("HOME").ok();
unsafe { set_home(dir.path()) };
let secrets_path = crate::secrets::default_path();
let mut store = crate::secrets::SecretStore::open(&secrets_path).unwrap();
store.set("MY_API_KEY", "sk-test-12345").unwrap();
drop(store);
let toml_path = dir.path().join("cluster.toml");
std::fs::write(
&toml_path,
r#"
[cluster]
name = "test"
[ai]
provider = "openai"
api_key = "${secrets.MY_API_KEY}"
model = "gpt-4"
"#,
)
.unwrap();
let config = ClusterConfig::load(&toml_path).unwrap();
unsafe { restore_home(prev_home) };
let ai = config.ai.unwrap();
assert_eq!(ai.api_key.as_deref(), Some("sk-test-12345"));
assert_eq!(ai.model.as_deref(), Some("gpt-4"));
}
#[test]
fn resolve_secrets_leaves_plain_values_intact() {
let _lock = HOME_LOCK.lock().unwrap();
let dir = tempfile::tempdir().unwrap();
let prev_home = std::env::var("HOME").ok();
unsafe { set_home(dir.path()) };
let secrets_path = crate::secrets::default_path();
let _store = crate::secrets::SecretStore::open(&secrets_path).unwrap();
let toml_path = dir.path().join("cluster.toml");
std::fs::write(
&toml_path,
r#"
[cluster]
name = "test"
[ai]
provider = "ollama"
endpoint = "http://localhost:11434"
"#,
)
.unwrap();
let config = ClusterConfig::load(&toml_path).unwrap();
unsafe { restore_home(prev_home) };
let ai = config.ai.unwrap();
assert_eq!(ai.endpoint.as_deref(), Some("http://localhost:11434"));
assert_eq!(ai.provider, "ollama");
}