ax(node): add Bad and Ugly test categories for TestIdentity_NodeManager

AX Principle 10 requires all three categories (Good, Bad, Ugly) per test group. identity_test.go had TestIdentity_NodeManager_Good with no Bad or Ugly counterparts. Adds error-path tests for non-writable paths and uninitialised identity, plus edge cases for double-generation and delete-before-generate. Co-Authored-By: Charon <charon@lethean.io>
2026-04-02 12:12:22 +01:00 · 2026-04-02 12:12:22 +01:00 · d812ad92de
commit d812ad92de
parent 15f45b9fbc
1 changed files with 55 additions and 0 deletions
--- a/pkg/node/identity_test.go
+++ b/pkg/node/identity_test.go
@ -198,6 +198,61 @@ func TestIdentity_NodeManager_Good(t *testing.T) {
 	})
 }

+func TestIdentity_NodeManager_Bad(t *testing.T) {
+	t.Run("GenerateIdentityOnNonWritablePath", func(t *testing.T) {
+		manager, err := NewNodeManagerWithPaths("/dev/null/private.key", "/dev/null/node.json")
+		if err != nil {
+			// Some systems reject the path at construction — both outcomes are acceptable
+			return
+		}
+		err = manager.GenerateIdentity("bad-node", RoleDual)
+		if err == nil {
+			t.Error("expected error when key path is non-writable")
+		}
+	})
+
+	t.Run("DeriveSharedSecretWithoutIdentity", func(t *testing.T) {
+		manager, err := NewNodeManagerWithPaths(t.TempDir()+"/key", t.TempDir()+"/cfg.json")
+		if err != nil {
+			t.Fatalf("failed to create node manager: %v", err)
+		}
+		_, err = manager.DeriveSharedSecret("dGVzdA==") // base64 "test"
+		if err == nil {
+			t.Error("expected error when identity not initialized")
+		}
+	})
+}
+
+func TestIdentity_NodeManager_Ugly(t *testing.T) {
+	t.Run("GenerateIdentityTwice", func(t *testing.T) {
+		manager, cleanup := setupTestNodeManager(t)
+		defer cleanup()
+
+		if err := manager.GenerateIdentity("first", RoleDual); err != nil {
+			t.Fatalf("first GenerateIdentity failed: %v", err)
+		}
+		firstID := manager.GetIdentity().ID
+
+		// Generating a second identity overwrites the first
+		if err := manager.GenerateIdentity("second", RoleWorker); err != nil {
+			t.Fatalf("second GenerateIdentity failed: %v", err)
+		}
+		secondID := manager.GetIdentity().ID
+
+		if firstID == secondID {
+			t.Error("expected a different ID after regenerating identity")
+		}
+	})
+
+	t.Run("DeleteNonExistentIdentity", func(t *testing.T) {
+		manager, cleanup := setupTestNodeManager(t)
+		defer cleanup()
+
+		// Delete without ever generating — must not panic
+		_ = manager.Delete()
+	})
+}
+
 func TestIdentity_NodeRoles_Good(t *testing.T) {
 	tests := []struct {
 		role     NodeRole