npm - @pagopa/dx-cli - Versions diffs - 0.22.4 → 0.23.1 - Mend

@pagopa/dx-cli 0.22.4 → 0.23.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (104) hide show

package/dist/adapters/pagopa-technology/__tests__/authorization.test.js DELETED Viewed

@@ -1,548 +0,0 @@
-/**
- * Tests for the PagoPA technology authorization adapter.
- */
-import { describe, expect, it } from "vitest";
-import { mock } from "vitest-mock-extended";
-import { AuthorizationResult, InvalidAuthorizationFileFormatError, requestAuthorizationInputSchema, } from "../../../domain/authorization.js";
-import { FileNotFoundError, PullRequest, } from "../../../domain/github.js";
-import { DEFAULT_GROUP_SPECS, makeAzureAdGroupName as makeGroupName, } from "../azure-authorization-config.js";
-import { makeAzureAuthorizationService as makeAuthorizationService } from "../azure-authorization.js";
-const makeEnv = () => {
-    const gitHubService = mock();
-    const authorizationService = makeAuthorizationService(gitHubService);
-    return {
-        authorizationService,
-        gitHubService,
-    };
-};
-const makeSampleInput = () => requestAuthorizationInputSchema.parse({
-    bootstrapIdentityId: "test-bootstrap-identity-id",
-    envShort: "d",
-    prefix: "test",
-    repoName: "test-repo",
-    subscriptionName: "test-subscription",
-});
-const FILE_PATH = "src/azure-subscriptions/subscriptions/test-subscription/terraform.tfvars.json";
-// eslint-disable-next-line max-lines-per-function
-describe("PagoPA AuthorizationService", () => {
-    // eslint-disable-next-line max-lines-per-function
-    describe("happy path", () => {
-        it("should create a pull request when all steps succeed", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            const originalContent = JSON.stringify({ directory_readers: { service_principals_name: [] } }, null, 2);
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.getFileContent.mockResolvedValue({
-                content: originalContent,
-                sha: "original-sha-123",
-            });
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/42"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            const authResult = result._unsafeUnwrap();
-            expect(authResult).toBeInstanceOf(AuthorizationResult);
-            expect(authResult.url).toBe("https://github.com/pagopa/eng-azure-authorization/pull/42");
-            expect(gitHubService.getFileContent).toHaveBeenCalledWith({
-                owner: "pagopa",
-                path: FILE_PATH,
-                ref: "main",
-                repo: "eng-azure-authorization",
-            });
-            expect(gitHubService.createBranch).toHaveBeenCalledWith({
-                branchName: "feats/add-test-repo-test-subscription-bootstrap-identity",
-                fromRef: "main",
-                owner: "pagopa",
-                repo: "eng-azure-authorization",
-            });
-            expect(gitHubService.updateFile).toHaveBeenCalledWith(expect.objectContaining({
-                branch: "feats/add-test-repo-test-subscription-bootstrap-identity",
-                message: "Add bootstrap identity and AD groups for test-subscription",
-                owner: "pagopa",
-                path: FILE_PATH,
-                repo: "eng-azure-authorization",
-                sha: "original-sha-123",
-            }));
-            expect(gitHubService.createPullRequest).toHaveBeenCalledWith({
-                base: "main",
-                body: "This PR adds the bootstrap identity `test-bootstrap-identity-id` to the directory readers and configures AD groups for subscription `test-subscription`.",
-                head: "feats/add-test-repo-test-subscription-bootstrap-identity",
-                owner: "pagopa",
-                repo: "eng-azure-authorization",
-                title: "Add bootstrap identity and AD groups for test-subscription",
-            });
-        });
-        it("should add all default AD groups when none exist", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            const originalContent = JSON.stringify({ directory_readers: { service_principals_name: [] } }, null, 2);
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.getFileContent.mockResolvedValue({
-                content: originalContent,
-                sha: "sha-groups-1",
-            });
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/50"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            const updateCall = gitHubService.updateFile.mock.calls[0][0];
-            const updatedParsed = JSON.parse(updateCall.content);
-            expect(updatedParsed.groups).toHaveLength(DEFAULT_GROUP_SPECS.length);
-            for (const spec of DEFAULT_GROUP_SPECS) {
-                const groupName = makeGroupName("test", "d", spec.groupName);
-                const found = updatedParsed.groups.find((g) => g.name === groupName);
-                expect(found).toBeDefined();
-                expect(found.roles).toEqual(spec.roles);
-                expect(found.members).toEqual([]);
-            }
-        });
-        it("should preserve existing members and add missing groups", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            const originalContent = JSON.stringify({
-                directory_readers: { service_principals_name: [] },
-                groups: [
-                    {
-                        members: ["alice@pagopa.it"],
-                        name: "test-d-adgroup-admin",
-                        roles: ["Owner"],
-                    },
-                ],
-            }, null, 2);
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.getFileContent.mockResolvedValue({
-                content: originalContent,
-                sha: "sha-groups-2",
-            });
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/51"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            const updateCall = gitHubService.updateFile.mock.calls[0][0];
-            const updatedParsed = JSON.parse(updateCall.content);
-            // All default groups should be present
-            expect(updatedParsed.groups).toHaveLength(DEFAULT_GROUP_SPECS.length);
-            // Admin group should preserve existing member
-            const adminGroup = updatedParsed.groups.find((g) => g.name === "test-d-adgroup-admin");
-            expect(adminGroup.members).toContain("alice@pagopa.it");
-        });
-        it("should update roles on existing group while preserving members", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            const originalContent = JSON.stringify({
-                directory_readers: { service_principals_name: [] },
-                groups: [
-                    {
-                        // externals normally gets "Owner" but file has "Reader"
-                        members: ["bob@pagopa.it"],
-                        name: "test-d-adgroup-externals",
-                        roles: ["Reader"],
-                    },
-                ],
-            }, null, 2);
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.getFileContent.mockResolvedValue({
-                content: originalContent,
-                sha: "sha-groups-3",
-            });
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/52"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            const updateCall = gitHubService.updateFile.mock.calls[0][0];
-            const updatedParsed = JSON.parse(updateCall.content);
-            const externalsGroup = updatedParsed.groups.find((g) => g.name === "test-d-adgroup-externals");
-            // Roles updated to default
-            expect(externalsGroup.roles).toEqual(["Owner"]);
-            // Members preserved
-            expect(externalsGroup.members).toContain("bob@pagopa.it");
-        });
-        it("should preserve custom (non-default) groups", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            const originalContent = JSON.stringify({
-                directory_readers: { service_principals_name: [] },
-                groups: [
-                    {
-                        members: ["carol@pagopa.it"],
-                        name: "test-d-adgroup-custom-team",
-                        roles: ["Contributor"],
-                    },
-                ],
-            }, null, 2);
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.getFileContent.mockResolvedValue({
-                content: originalContent,
-                sha: "sha-groups-4",
-            });
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/53"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            const updateCall = gitHubService.updateFile.mock.calls[0][0];
-            const updatedParsed = JSON.parse(updateCall.content);
-            // Custom group preserved
-            const customGroup = updatedParsed.groups.find((g) => g.name === "test-d-adgroup-custom-team");
-            expect(customGroup).toBeDefined();
-            expect(customGroup.members).toContain("carol@pagopa.it");
-            // All defaults also present
-            expect(updatedParsed.groups).toHaveLength(DEFAULT_GROUP_SPECS.length + 1);
-        });
-        it("should preserve existing fields in the JSON file", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            const originalContent = JSON.stringify({
-                directory_readers: {
-                    service_principals_name: ["existing-identity"],
-                    some_other_field: "keep-me",
-                },
-                entra_groups: {
-                    readers: ["reader-group"],
-                },
-                other_top_level: true,
-            }, null, 2);
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.getFileContent.mockResolvedValue({
-                content: originalContent,
-                sha: "sha-789",
-            });
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/44"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            const updateCall = gitHubService.updateFile.mock.calls[0][0];
-            const updatedParsed = JSON.parse(updateCall.content);
-            // Identity added
-            expect(updatedParsed.directory_readers.service_principals_name).toContain("test-bootstrap-identity-id");
-            // Extra fields preserved
-            expect(updatedParsed.directory_readers.some_other_field).toBe("keep-me");
-            expect(updatedParsed.entra_groups).toEqual({ readers: ["reader-group"] });
-            expect(updatedParsed.other_top_level).toBe(true);
-            // All default groups added
-            expect(updatedParsed.groups).toHaveLength(DEFAULT_GROUP_SPECS.length);
-        });
-        it("should append identity to an existing non-empty list", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            const originalContent = JSON.stringify({
-                directory_readers: {
-                    service_principals_name: ["existing-identity"],
-                },
-            }, null, 2);
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.getFileContent.mockResolvedValue({
-                content: originalContent,
-                sha: "sha-456",
-            });
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/43"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            const updateCall = gitHubService.updateFile.mock.calls[0][0];
-            const updatedParsed = JSON.parse(updateCall.content);
-            expect(updatedParsed.directory_readers.service_principals_name).toContain("test-bootstrap-identity-id");
-            expect(updatedParsed.directory_readers.service_principals_name).toContain("existing-identity");
-        });
-        it("should use identity-only messages when groups are already correct", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            // Groups already correct, but identity is missing
-            const allGroups = DEFAULT_GROUP_SPECS.map((spec) => ({
-                members: [],
-                name: makeGroupName("test", "d", spec.groupName),
-                roles: [...spec.roles],
-            }));
-            const originalContent = JSON.stringify({
-                directory_readers: { service_principals_name: [] },
-                groups: allGroups,
-            }, null, 2);
-            gitHubService.getFileContent.mockResolvedValue({
-                content: originalContent,
-                sha: "sha-identity-only",
-            });
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/60"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            expect(gitHubService.updateFile).toHaveBeenCalledWith(expect.objectContaining({
-                message: "Add bootstrap identity for test-subscription",
-            }));
-            expect(gitHubService.createPullRequest).toHaveBeenCalledWith(expect.objectContaining({
-                body: "This PR adds the bootstrap identity `test-bootstrap-identity-id` to the directory readers for subscription `test-subscription`.",
-                title: "Add bootstrap identity for test-subscription",
-            }));
-        });
-        it("should use groups-only messages when identity already exists", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            // Identity present, no groups yet
-            const originalContent = JSON.stringify({
-                directory_readers: {
-                    service_principals_name: ["test-bootstrap-identity-id"],
-                },
-            }, null, 2);
-            gitHubService.getFileContent.mockResolvedValue({
-                content: originalContent,
-                sha: "sha-groups-only",
-            });
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/61"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            expect(gitHubService.updateFile).toHaveBeenCalledWith(expect.objectContaining({
-                message: "Configure AD groups for test-subscription",
-            }));
-            expect(gitHubService.createPullRequest).toHaveBeenCalledWith(expect.objectContaining({
-                body: "This PR configures AD groups for subscription `test-subscription`.",
-                title: "Configure AD groups for test-subscription",
-            }));
-        });
-        it("should preserve original group order and append missing defaults at end", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            // Start with custom group + one default group (externals) in deliberate order
-            const originalContent = JSON.stringify({
-                directory_readers: { service_principals_name: [] },
-                groups: [
-                    {
-                        members: ["carol@pagopa.it"],
-                        name: "test-d-adgroup-custom-team",
-                        roles: ["Contributor"],
-                    },
-                    {
-                        members: ["alice@pagopa.it"],
-                        name: "test-d-adgroup-externals",
-                        roles: ["Owner"],
-                    },
-                ],
-            }, null, 2);
-            gitHubService.getFileContent.mockResolvedValue({
-                content: originalContent,
-                sha: "sha-order",
-            });
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/62"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            const updateCall = gitHubService.updateFile.mock.calls[0][0];
-            const updatedParsed = JSON.parse(updateCall.content);
-            const groupNames = updatedParsed.groups.map((g) => g.name);
-            // Original groups preserve their order
-            expect(groupNames[0]).toBe("test-d-adgroup-custom-team");
-            expect(groupNames[1]).toBe("test-d-adgroup-externals");
-            // Missing defaults appended after existing groups
-            expect(groupNames.length).toBe(DEFAULT_GROUP_SPECS.length + 1);
-        });
-        it("should preserve extra fields on group entries through round-trip", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            // Group with extra metadata field
-            const originalContent = JSON.stringify({
-                directory_readers: { service_principals_name: [] },
-                groups: [
-                    {
-                        members: ["alice@pagopa.it"],
-                        metadata: { created_by: "automation" },
-                        name: "test-d-adgroup-admin",
-                        roles: ["Owner"],
-                    },
-                ],
-            }, null, 2);
-            gitHubService.getFileContent.mockResolvedValue({
-                content: originalContent,
-                sha: "sha-extra-fields",
-            });
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/63"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            const updateCall = gitHubService.updateFile.mock.calls[0][0];
-            const updatedParsed = JSON.parse(updateCall.content);
-            const adminGroup = updatedParsed.groups.find((g) => g.name === "test-d-adgroup-admin");
-            // Extra field preserved
-            expect(adminGroup.metadata).toEqual({ created_by: "automation" });
-            // Members preserved
-            expect(adminGroup.members).toContain("alice@pagopa.it");
-        });
-    });
-    // eslint-disable-next-line max-lines-per-function
-    describe("error handling", () => {
-        it("should return error when file is not found", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            gitHubService.getFileContent.mockRejectedValue(new FileNotFoundError(FILE_PATH));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isErr()).toBe(true);
-            const error = result._unsafeUnwrapErr();
-            expect(error.message).toContain("Unable to get");
-            expect(error.message).toContain("terraform.tfvars.json");
-            expect(gitHubService.createBranch).not.toHaveBeenCalled();
-            expect(gitHubService.updateFile).not.toHaveBeenCalled();
-        });
-        it("should upsert groups and create PR when identity already exists", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            // Identity already present, no groups yet
-            const content = JSON.stringify({
-                directory_readers: {
-                    service_principals_name: ["test-bootstrap-identity-id"],
-                },
-            }, null, 2);
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.getFileContent.mockResolvedValue({
-                content,
-                sha: "sha-123",
-            });
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/55"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            const authResult = result._unsafeUnwrap();
-            expect(authResult.url).toBe("https://github.com/pagopa/eng-azure-authorization/pull/55");
-            // Identity must NOT be duplicated
-            const updateCall = gitHubService.updateFile.mock.calls[0][0];
-            const updatedParsed = JSON.parse(updateCall.content);
-            expect(updatedParsed.directory_readers.service_principals_name).toHaveLength(1);
-            expect(updatedParsed.directory_readers.service_principals_name).toContain("test-bootstrap-identity-id");
-            // All default groups must be created
-            expect(updatedParsed.groups).toHaveLength(DEFAULT_GROUP_SPECS.length);
-        });
-        it("should skip update and PR when identity exists and groups are already correct", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            // Build a file where the identity is present and all groups are already correct
-            const allGroups = DEFAULT_GROUP_SPECS.map((spec) => ({
-                members: [],
-                name: makeGroupName("test", "d", spec.groupName),
-                roles: [...spec.roles],
-            }));
-            const content = JSON.stringify({
-                directory_readers: {
-                    service_principals_name: ["test-bootstrap-identity-id"],
-                },
-                groups: allGroups,
-            }, null, 2);
-            gitHubService.getFileContent.mockResolvedValue({
-                content,
-                sha: "sha-noop",
-            });
-            const result = await authorizationService.requestAuthorization(input);
-            // Should succeed as a no-op (no PR created)
-            expect(result.isOk()).toBe(true);
-            expect(result._unsafeUnwrap().url).toBeUndefined();
-            // Branch, file update, and PR must not be touched
-            expect(gitHubService.createBranch).not.toHaveBeenCalled();
-            expect(gitHubService.updateFile).not.toHaveBeenCalled();
-            expect(gitHubService.createPullRequest).not.toHaveBeenCalled();
-        });
-        it("should update group roles and create PR when identity exists with wrong roles", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            // Identity present, but externals group has wrong roles
-            const content = JSON.stringify({
-                directory_readers: {
-                    service_principals_name: ["test-bootstrap-identity-id"],
-                },
-                groups: [
-                    {
-                        members: ["bob@pagopa.it"],
-                        name: "test-d-adgroup-externals",
-                        roles: ["Reader"],
-                    },
-                ],
-            }, null, 2);
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.getFileContent.mockResolvedValue({
-                content,
-                sha: "sha-roles",
-            });
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockResolvedValue(new PullRequest("https://github.com/pagopa/eng-azure-authorization/pull/56"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isOk()).toBe(true);
-            expect(result._unsafeUnwrap().url).toBe("https://github.com/pagopa/eng-azure-authorization/pull/56");
-            const updateCall = gitHubService.updateFile.mock.calls[0][0];
-            const updatedParsed = JSON.parse(updateCall.content);
-            const externalsGroup = updatedParsed.groups.find((g) => g.name === "test-d-adgroup-externals");
-            expect(externalsGroup.roles).toEqual(["Owner"]);
-            // Member preserved
-            expect(externalsGroup.members).toContain("bob@pagopa.it");
-            // Identity not duplicated
-            expect(updatedParsed.directory_readers.service_principals_name).toHaveLength(1);
-        });
-        it("should return error when file content is not valid JSON", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            gitHubService.getFileContent.mockResolvedValue({
-                content: "not valid json {{",
-                sha: "sha-123",
-            });
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isErr()).toBe(true);
-            expect(result._unsafeUnwrapErr()).toBeInstanceOf(InvalidAuthorizationFileFormatError);
-            expect(gitHubService.createBranch).not.toHaveBeenCalled();
-            expect(gitHubService.updateFile).not.toHaveBeenCalled();
-        });
-        it("should return error when JSON is missing expected keys", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            gitHubService.getFileContent.mockResolvedValue({
-                content: JSON.stringify({ unexpected_key: {} }),
-                sha: "sha-123",
-            });
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isErr()).toBe(true);
-            expect(result._unsafeUnwrapErr()).toBeInstanceOf(InvalidAuthorizationFileFormatError);
-            expect(gitHubService.createBranch).not.toHaveBeenCalled();
-            expect(gitHubService.updateFile).not.toHaveBeenCalled();
-        });
-        it("should return error when branch creation fails", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            const content = JSON.stringify({ directory_readers: { service_principals_name: [] } }, null, 2);
-            gitHubService.getFileContent.mockResolvedValue({
-                content,
-                sha: "sha-123",
-            });
-            gitHubService.createBranch.mockRejectedValue(new Error("Failed to create branch: branch already exists"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isErr()).toBe(true);
-            expect(result._unsafeUnwrapErr().message).toContain("Unable to create branch");
-            expect(gitHubService.updateFile).not.toHaveBeenCalled();
-        });
-        it("should return error when file update fails", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            const content = JSON.stringify({ directory_readers: { service_principals_name: [] } }, null, 2);
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.getFileContent.mockResolvedValue({
-                content,
-                sha: "sha-123",
-            });
-            gitHubService.updateFile.mockRejectedValue(new Error("Failed to update file: conflict"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isErr()).toBe(true);
-            expect(result._unsafeUnwrapErr().message).toContain("Unable to update");
-            expect(gitHubService.createPullRequest).not.toHaveBeenCalled();
-        });
-        it("should return error when PR creation fails", async () => {
-            const { authorizationService, gitHubService } = makeEnv();
-            const input = makeSampleInput();
-            const content = JSON.stringify({ directory_readers: { service_principals_name: [] } }, null, 2);
-            gitHubService.createBranch.mockResolvedValue(undefined);
-            gitHubService.getFileContent.mockResolvedValue({
-                content,
-                sha: "sha-123",
-            });
-            gitHubService.updateFile.mockResolvedValue(undefined);
-            gitHubService.createPullRequest.mockRejectedValue(new Error("Failed to create pull request"));
-            const result = await authorizationService.requestAuthorization(input);
-            expect(result.isErr()).toBe(true);
-            expect(result._unsafeUnwrapErr().message).toContain("Unable to create pull request");
-        });
-    });
-});

package/dist/adapters/plop/__tests__/run-actions.test.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/dist/adapters/plop/__tests__/run-actions.test.js DELETED Viewed

@@ -1,68 +0,0 @@
-/**
- * Tests for the internal `runActions` helper that coordinates plop's
- * generator execution and surfaces meaningful error messages (CES-1923).
- */
-import { describe, expect, it } from "vitest";
-import { mock } from "vitest-mock-extended";
-import { runActions } from "../index.js";
-const makeGenerator = (result) => {
-    const generator = mock();
-    generator.runActions.mockResolvedValue(result);
-    return generator;
-};
-describe("runActions", () => {
-    it("resolves silently when there are no failures", async () => {
-        const generator = makeGenerator({ changes: [], failures: [] });
-        await expect(runActions(generator, {})).resolves.toBeUndefined();
-    });
-    it("ignores 'Aborted due to previous action failure' entries", async () => {
-        const generator = makeGenerator({
-            changes: [],
-            failures: [
-                {
-                    error: "Aborted due to previous action failure",
-                    path: "",
-                    type: "add",
-                },
-            ],
-        });
-        await expect(runActions(generator, {})).resolves.toBeUndefined();
-    });
-    it("surfaces the original failure message (no more 'undefined')", async () => {
-        const generator = makeGenerator({
-            changes: [],
-            failures: [
-                {
-                    error: "Failed to create the key vault: quota exceeded",
-                    path: "",
-                    type: "initCloudAccounts",
-                },
-            ],
-        });
-        await expect(runActions(generator, {})).rejects.toThrow(/initCloudAccounts.*Failed to create the key vault: quota exceeded/);
-    });
-    it("aggregates multiple failures into the thrown message", async () => {
-        const generator = makeGenerator({
-            changes: [],
-            failures: [
-                { error: "Missing template", path: "", type: "add" },
-                {
-                    error: "Aborted due to previous action failure",
-                    path: "",
-                    type: "modify",
-                },
-                { error: "Permission denied", path: "", type: "initCloudAccounts" },
-            ],
-        });
-        await expect(runActions(generator, {})).rejects.toThrow(/add: Missing template.*initCloudAccounts: Permission denied/s);
-    });
-    it("falls back to 'unknown error' when plop provides no error string", async () => {
-        const generator = makeGenerator({
-            changes: [],
-            failures: [
-                { error: undefined, path: "", type: "add" },
-            ],
-        });
-        await expect(runActions(generator, {})).rejects.toThrow(/unknown error/);
-    });
-});

package/dist/adapters/plop/actions/__tests__/init-cloud-accounts.test.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};