diff --git a/pkg/node/identity_test.go b/pkg/node/identity_test.go index 3386149..5d9ba92 100644 --- a/pkg/node/identity_test.go +++ b/pkg/node/identity_test.go @@ -198,6 +198,61 @@ func TestIdentity_NodeManager_Good(t *testing.T) { }) } +func TestIdentity_NodeManager_Bad(t *testing.T) { + t.Run("GenerateIdentityOnNonWritablePath", func(t *testing.T) { + manager, err := NewNodeManagerWithPaths("/dev/null/private.key", "/dev/null/node.json") + if err != nil { + // Some systems reject the path at construction — both outcomes are acceptable + return + } + err = manager.GenerateIdentity("bad-node", RoleDual) + if err == nil { + t.Error("expected error when key path is non-writable") + } + }) + + t.Run("DeriveSharedSecretWithoutIdentity", func(t *testing.T) { + manager, err := NewNodeManagerWithPaths(t.TempDir()+"/key", t.TempDir()+"/cfg.json") + if err != nil { + t.Fatalf("failed to create node manager: %v", err) + } + _, err = manager.DeriveSharedSecret("dGVzdA==") // base64 "test" + if err == nil { + t.Error("expected error when identity not initialized") + } + }) +} + +func TestIdentity_NodeManager_Ugly(t *testing.T) { + t.Run("GenerateIdentityTwice", func(t *testing.T) { + manager, cleanup := setupTestNodeManager(t) + defer cleanup() + + if err := manager.GenerateIdentity("first", RoleDual); err != nil { + t.Fatalf("first GenerateIdentity failed: %v", err) + } + firstID := manager.GetIdentity().ID + + // Generating a second identity overwrites the first + if err := manager.GenerateIdentity("second", RoleWorker); err != nil { + t.Fatalf("second GenerateIdentity failed: %v", err) + } + secondID := manager.GetIdentity().ID + + if firstID == secondID { + t.Error("expected a different ID after regenerating identity") + } + }) + + t.Run("DeleteNonExistentIdentity", func(t *testing.T) { + manager, cleanup := setupTestNodeManager(t) + defer cleanup() + + // Delete without ever generating — must not panic + _ = manager.Delete() + }) +} + func TestIdentity_NodeRoles_Good(t *testing.T) { tests := []struct { role NodeRole