package agentidp import ( "context" "encoding/json" "net/http" "net/http/httptest" "testing" ) var mockCred = Credential{ CredentialID: "cred-1", ClientID: "uuid-1", Status: "active", CreatedAt: "2026-01-01T00:00:00Z", } var mockCredWithSecret = CredentialWithSecret{ Credential: mockCred, ClientSecret: "sk_live_abc", } var mockPaginatedCreds = PaginatedCredentials{ Data: []Credential{mockCred}, Total: 1, Page: 1, Limit: 20, } func TestCredentialClient_GenerateCredential(t *testing.T) { srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost || r.URL.Path != "/api/v1/agents/uuid-1/credentials" { t.Errorf("unexpected: %s %s", r.Method, r.URL.Path) } w.Header().Set("Content-Type", "application/json") w.WriteHeader(201) _ = json.NewEncoder(w).Encode(mockCredWithSecret) })) defer srv.Close() client := newCredentialClient(srv.URL, staticToken, &http.Client{}) cred, err := client.GenerateCredential(context.Background(), "uuid-1") if err != nil { t.Fatalf("unexpected error: %v", err) } if cred.ClientSecret != "sk_live_abc" { t.Errorf("expected sk_live_abc, got %q", cred.ClientSecret) } if cred.CredentialID != "cred-1" { t.Errorf("expected cred-1, got %q", cred.CredentialID) } } func TestCredentialClient_ListCredentials(t *testing.T) { srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodGet || r.URL.Path != "/api/v1/agents/uuid-1/credentials" { t.Errorf("unexpected: %s %s", r.Method, r.URL.Path) } w.Header().Set("Content-Type", "application/json") _ = json.NewEncoder(w).Encode(mockPaginatedCreds) })) defer srv.Close() client := newCredentialClient(srv.URL, staticToken, &http.Client{}) result, err := client.ListCredentials(context.Background(), "uuid-1", 0, 0) if err != nil { t.Fatalf("unexpected error: %v", err) } if result.Total != 1 { t.Errorf("expected total 1, got %d", result.Total) } } func TestCredentialClient_RotateCredential(t *testing.T) { srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { expectedPath := "/api/v1/agents/uuid-1/credentials/cred-1/rotate" if r.Method != http.MethodPost || r.URL.Path != expectedPath { t.Errorf("unexpected: %s %s", r.Method, r.URL.Path) } w.Header().Set("Content-Type", "application/json") _ = json.NewEncoder(w).Encode(mockCredWithSecret) })) defer srv.Close() client := newCredentialClient(srv.URL, staticToken, &http.Client{}) cred, err := client.RotateCredential(context.Background(), "uuid-1", "cred-1") if err != nil { t.Fatalf("unexpected error: %v", err) } if cred.ClientSecret != "sk_live_abc" { t.Errorf("expected sk_live_abc, got %q", cred.ClientSecret) } } func TestCredentialClient_RevokeCredential(t *testing.T) { revokedAt := "2026-01-02T00:00:00Z" revoked := Credential{ CredentialID: "cred-1", ClientID: "uuid-1", Status: "revoked", CreatedAt: "2026-01-01T00:00:00Z", RevokedAt: &revokedAt, } srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodDelete { t.Errorf("expected DELETE, got %s", r.Method) } w.Header().Set("Content-Type", "application/json") _ = json.NewEncoder(w).Encode(revoked) })) defer srv.Close() client := newCredentialClient(srv.URL, staticToken, &http.Client{}) cred, err := client.RevokeCredential(context.Background(), "uuid-1", "cred-1") if err != nil { t.Fatalf("unexpected error: %v", err) } if cred.Status != "revoked" { t.Errorf("expected revoked, got %q", cred.Status) } } func TestCredentialClient_Error_Propagated(t *testing.T) { srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") w.WriteHeader(404) _ = json.NewEncoder(w).Encode(map[string]string{ "code": "AgentNotFoundError", "message": "Not found.", }) })) defer srv.Close() client := newCredentialClient(srv.URL, staticToken, &http.Client{}) _, err := client.GenerateCredential(context.Background(), "bad-id") if err == nil { t.Fatal("expected error, got nil") } apiErr, ok := err.(*AgentIdPError) if !ok { t.Fatalf("expected *AgentIdPError, got %T", err) } if apiErr.HTTPStatus != 404 { t.Errorf("expected 404, got %d", apiErr.HTTPStatus) } }