@tetrascience-npm/ts-connectors-sdk 3.2.0 → 4.0.0-beta.182.1

package/dist/test/tdp-client.test.js

@@ -53,6 +53,8 @@ const lib_storage_1 = require("@aws-sdk/lib-storage");
 const node_http_handler_1 = require("@smithy/node-http-handler");
 const aws_sdk_client_mock_1 = require("aws-sdk-client-mock");
 const axios_1 = __importDefault(require("axios"));
+const https_proxy_agent_1 = require("https-proxy-agent");
+const proxy_agent_1 = require("proxy-agent");
 const constants_1 = require("../src/constants");
 const uuid_1 = require("uuid");
 const manifest = __importStar(require("../src/manifest"));
@@ -77,6 +79,14 @@ jest.mock('@aws-sdk/lib-storage', () => ({
 describe('TDPClient', () => {
     const axiosCreateSpy = jest.spyOn(axios_1.default, 'create');
     beforeEach(() => {
+        // Delete CONNECTOR_TOKEN to prevent Logger from enabling CloudWatch buffering.
+        // When CloudWatch is enabled, Logger creates in-memory buffers and recurring timers
+        // that are never cleaned up between tests, causing memory leaks.
+        delete process.env.CONNECTOR_TOKEN;
+        // Delete OUTBOUND_COMMAND_QUEUE to prevent test behavior from varying based on environment.
+        // When set, this can trigger different code paths or resource allocation patterns
+        // that may accumulate memory across tests.
+        delete process.env.OUTBOUND_COMMAND_QUEUE;
         sqsClientMock.reset();
         s3ClientMock.reset();
         mockUploadFileRequestSchemaParse.mockReset();
@@ -131,11 +141,16 @@ describe('TDPClient', () => {
                 connectorId: 'test-connector-id',
                 tdpEndpoint: 'https://tdp.example.com',
             });
-            const createProxyNodeHttpHandlerSpy = jest
-                .spyOn(tdpClient, 'createProxyNodeHttpHandler')
-                .mockReturnValue(new node_http_handler_1.NodeHttpHandler());
+            const mockHandlers = {
+                s3Handler: new node_http_handler_1.NodeHttpHandler(),
+                sqsHandler: new node_http_handler_1.NodeHttpHandler(),
+                genericHandler: new node_http_handler_1.NodeHttpHandler(),
+            };
+            const createProxyAWSNodeHttpHandlersSpy = jest
+                .spyOn(tdpClient, 'createProxyAWSNodeHttpHandlers')
+                .mockReturnValue(mockHandlers);
             yield tdpClient.init();
-            expect(createProxyNodeHttpHandlerSpy).toHaveBeenCalled();
+            expect(createProxyAWSNodeHttpHandlersSpy).toHaveBeenCalled();
             expect(tdpClient['awsClientProvider']).toBeInstanceOf(src_1.AwsRefreshClientProvider);
             expect(tdpClient['authTokenProvider']).toBeInstanceOf(src_1.UserSuppliedAuthTokenProvider);
             expect(tdpClient['authTokenProvider']).toEqual(expect.objectContaining({
@@ -197,7 +212,12 @@ describe('TDPClient', () => {
                 connectorId: 'test-connector-id',
                 tdpEndpoint: 'https://tdp.example.com',
             });
-            jest.spyOn(tdpClient, 'createProxyNodeHttpHandler').mockReturnValue(new node_http_handler_1.NodeHttpHandler());
+            const mockHandlers = {
+                s3Handler: new node_http_handler_1.NodeHttpHandler(),
+                sqsHandler: new node_http_handler_1.NodeHttpHandler(),
+                genericHandler: new node_http_handler_1.NodeHttpHandler(),
+            };
+            jest.spyOn(tdpClient, 'createProxyAWSNodeHttpHandlers').mockReturnValue(mockHandlers);
             yield tdpClient.init();
             // First, should load local certs for AWS bootstrap
             expect(loadCertificatesFromLocalVolumeSpy).toHaveBeenCalled();
@@ -206,6 +226,57 @@ describe('TDPClient', () => {
             // AWS should be initialized
             expect(tdpClient['isAwsInitialized']).toBe(true);
         }));
+        it('should store deployment certificates on the instance during Priority 1 init', () => __awaiter(void 0, void 0, void 0, function* () {
+            jest.spyOn(certificates, 'loadCertificatesFromLocalVolume').mockResolvedValue(['local-deploy-cert']);
+            const tdpClient = new src_1.TDPClient({
+                orgSlug: 'test-org',
+                awsRegion: 'us-west-2',
+                connectorId: 'test-connector-id',
+                tdpEndpoint: 'https://tdp.example.com',
+                authToken: 'direct-auth-token',
+            });
+            yield tdpClient.init();
+            expect(tdpClient.tdpDeploymentCertificates).toEqual(['local-deploy-cert']);
+        }));
+        it('should store deployment certificates on the instance during Priority 2 init (full S3 load)', () => __awaiter(void 0, void 0, void 0, function* () {
+            process.env.CONNECTOR_TOKEN = 'test-connector-token';
+            process.env.SKIP_CLOUDWATCH = 'true';
+            jest.spyOn(certificates, 'loadCertificatesFromLocalVolume').mockResolvedValue(['local-cert']);
+            jest.spyOn(certificates, 'loadTdpCertificates').mockResolvedValue(['s3-full-cert']);
+            const tdpClient = new src_1.TDPClient({
+                orgSlug: 'test-org',
+                awsRegion: 'us-west-2',
+                connectorId: 'test-connector-id',
+                tdpEndpoint: 'https://tdp.example.com',
+            });
+            jest.spyOn(tdpClient, 'createProxyAWSNodeHttpHandlers').mockReturnValue({
+                s3Handler: new node_http_handler_1.NodeHttpHandler(),
+                sqsHandler: new node_http_handler_1.NodeHttpHandler(),
+                genericHandler: new node_http_handler_1.NodeHttpHandler(),
+            });
+            yield tdpClient.init();
+            // Should have the full S3 load, not just local certs
+            expect(tdpClient.tdpDeploymentCertificates).toEqual(['s3-full-cert']);
+        }));
+        it('should store empty deployment certificates when no certs are found', () => __awaiter(void 0, void 0, void 0, function* () {
+            jest.spyOn(certificates, 'loadCertificatesFromLocalVolume').mockResolvedValue([]);
+            const tdpClient = new src_1.TDPClient({
+                orgSlug: 'test-org',
+                awsRegion: 'us-west-2',
+                connectorId: 'test-connector-id',
+                tdpEndpoint: 'https://tdp.example.com',
+                authToken: 'direct-auth-token',
+            });
+            yield tdpClient.init();
+            expect(tdpClient.tdpDeploymentCertificates).toEqual([]);
+        }));
+        it('should return empty deployment certificates before init is called', () => {
+            const tdpClient = new src_1.TDPClient({
+                orgSlug: 'test-org',
+                tdpEndpoint: 'https://tdp.example.com',
+            });
+            expect(tdpClient.tdpDeploymentCertificates).toEqual([]);
+        });
         it('should initialize AwsEnvClientProvider and AwsSecretAuthTokenProvider for AWS env flow (Priority 3)', () => __awaiter(void 0, void 0, void 0, function* () {
             // Clear CONNECTOR_TOKEN to trigger Priority 3 path
             delete process.env.CONNECTOR_TOKEN;
@@ -217,7 +288,12 @@ describe('TDPClient', () => {
                 tdpEndpoint: 'https://tdp.example.com',
                 jwtTokenParameter: '/test/jwt-param',
             });
-            jest.spyOn(tdpClient, 'createProxyNodeHttpHandler').mockReturnValue(new node_http_handler_1.NodeHttpHandler());
+            const mockHandlers = {
+                s3Handler: new node_http_handler_1.NodeHttpHandler(),
+                sqsHandler: new node_http_handler_1.NodeHttpHandler(),
+                genericHandler: new node_http_handler_1.NodeHttpHandler(),
+            };
+            jest.spyOn(tdpClient, 'createProxyAWSNodeHttpHandlers').mockReturnValue(mockHandlers);
             yield tdpClient.init();
             // Should use AwsEnvClientProvider
             expect(tdpClient['awsClientProvider']).toBeInstanceOf(src_1.AwsEnvClientProvider);
@@ -228,6 +304,41 @@ describe('TDPClient', () => {
             // JWT should be retrieved from SSM
             expect(tdpClient['jwt']).toBe('jwt-secret');
         }));
+        it('should only initialize AWS once when concurrent operations trigger lazy init', () => __awaiter(void 0, void 0, void 0, function* () {
+            delete process.env.CONNECTOR_TOKEN;
+            jest.spyOn(certificates, 'loadCertificatesFromLocalVolume').mockResolvedValue([]);
+            const tdpClient = new src_1.TDPClient({
+                orgSlug: 'test-org',
+                awsRegion: 'us-west-2',
+                connectorId: 'test-connector-id',
+                tdpEndpoint: 'https://tdp.example.com',
+                authToken: 'direct-auth-token',
+            });
+            const mockHandlers = {
+                s3Handler: new node_http_handler_1.NodeHttpHandler(),
+                sqsHandler: new node_http_handler_1.NodeHttpHandler(),
+                genericHandler: new node_http_handler_1.NodeHttpHandler(),
+            };
+            jest.spyOn(tdpClient, 'createProxyAWSNodeHttpHandlers').mockReturnValue(mockHandlers);
+            yield tdpClient.init();
+            // Verify AWS is NOT initialized yet (deferred due to authToken)
+            expect(tdpClient['isAwsInitialized']).toBe(false);
+            expect(tdpClient['awsClientProvider']).toBeUndefined();
+            // Spy on the private doInitAws method to count invocations
+            const doInitAwsSpy = jest.spyOn(tdpClient, 'doInitAws');
+            // Trigger multiple concurrent calls to assertAwsInitialized (simulating concurrent uploads)
+            const concurrentCalls = [
+                tdpClient.assertAwsInitialized(),
+                tdpClient.assertAwsInitialized(),
+                tdpClient.assertAwsInitialized(),
+            ];
+            yield Promise.all(concurrentCalls);
+            // doInitAws should only be called once despite concurrent calls
+            expect(doInitAwsSpy).toHaveBeenCalledTimes(1);
+            // AWS should now be initialized
+            expect(tdpClient['isAwsInitialized']).toBe(true);
+            expect(tdpClient['awsClientProvider']).toBeInstanceOf(src_1.AwsEnvClientProvider);
+        }));
         it('should use custom authTokenProvider when provided in AWS env flow', () => __awaiter(void 0, void 0, void 0, function* () {
             delete process.env.CONNECTOR_TOKEN;
             jest.spyOn(certificates, 'loadTdpCertificates').mockResolvedValue([]);
@@ -239,7 +350,12 @@ describe('TDPClient', () => {
                 tdpEndpoint: 'https://tdp.example.com',
                 authTokenProvider: customAuthTokenProvider,
             });
-            jest.spyOn(tdpClient, 'createProxyNodeHttpHandler').mockReturnValue(new node_http_handler_1.NodeHttpHandler());
+            const mockHandlers = {
+                s3Handler: new node_http_handler_1.NodeHttpHandler(),
+                sqsHandler: new node_http_handler_1.NodeHttpHandler(),
+                genericHandler: new node_http_handler_1.NodeHttpHandler(),
+            };
+            jest.spyOn(tdpClient, 'createProxyAWSNodeHttpHandlers').mockReturnValue(mockHandlers);
             yield tdpClient.init();
             // Should use the custom auth token provider
             expect(tdpClient['authTokenProvider']).toBe(customAuthTokenProvider);
@@ -916,6 +1032,55 @@ describe('TDPClient', () => {
                 ],
             });
         }));
+        it('should include TDP deployment certificates when includeAdditionalCertificates is true', () => {
+            const client = new src_1.TDPClient();
+            client._tdpDeploymentCertificates = ['deploy-cert-1', 'deploy-cert-2'];
+            jest.spyOn(client, 'certificates', 'get').mockImplementation(() => []);
+            client.assertProxyInitialized = jest.fn(() => true);
+            client.logger = { debug: jest.fn(), info: jest.fn() };
+            client.createProxyAgentsForBaseUrl({
+                baseUrl: 'https://example.com',
+                includeAdditionalCertificates: true,
+            });
+            expect(client.logger.info).toHaveBeenCalledWith('Using 2 TDP deployment certificates');
+        });
+        it('should include TDP deployment certificates when includeAdditionalCertificates is a string array', () => {
+            const client = new src_1.TDPClient();
+            client._tdpDeploymentCertificates = ['deploy-cert-1'];
+            jest.spyOn(client, 'certificates', 'get').mockImplementation(() => []);
+            client.assertProxyInitialized = jest.fn(() => true);
+            client.logger = { debug: jest.fn(), info: jest.fn() };
+            client.createProxyAgentsForBaseUrl({
+                baseUrl: 'https://example.com',
+                includeAdditionalCertificates: ['extra-cert'],
+            });
+            expect(client.logger.info).toHaveBeenCalledWith('Using 1 TDP deployment certificates');
+            expect(client.logger.info).toHaveBeenCalledWith('Using 1 additional certificates');
+        });
+        it('should NOT include TDP deployment certificates when includeAdditionalCertificates is false', () => {
+            const client = new src_1.TDPClient();
+            client._tdpDeploymentCertificates = ['deploy-cert-1'];
+            client.assertProxyInitialized = jest.fn(() => true);
+            client.logger = { debug: jest.fn(), info: jest.fn() };
+            client.createProxyAgentsForBaseUrl({
+                baseUrl: 'https://example.com',
+                includeAdditionalCertificates: false,
+            });
+            expect(client.logger.info).not.toHaveBeenCalledWith(expect.stringContaining('TDP deployment certificates'));
+        });
+        it('should handle empty deployment certificates gracefully', () => {
+            const client = new src_1.TDPClient();
+            // _tdpDeploymentCertificates defaults to [] in constructor
+            jest.spyOn(client, 'certificates', 'get').mockImplementation(() => []);
+            client.assertProxyInitialized = jest.fn(() => true);
+            client.logger = { debug: jest.fn(), info: jest.fn() };
+            client.createProxyAgentsForBaseUrl({
+                baseUrl: 'https://example.com',
+                includeAdditionalCertificates: true,
+            });
+            // Should not log deployment certs when there are none
+            expect(client.logger.info).not.toHaveBeenCalledWith(expect.stringContaining('TDP deployment certificates'));
+        });
     });
     describe('sanitizeConfig', () => {
         it("removes risky keys like headers, data, and auth from the config's axios config", () => {
@@ -1233,6 +1398,14 @@ describe('TDPClient', () => {
                 tdpClient.createAxiosInstanceWithCertificatesAndHeaders(tdpEndpoint, orgSlug, jwt, certificates);
                 expect(tdpClient.createProxyAgentsForBaseUrl).toHaveBeenCalledWith(expect.objectContaining({ includeAdditionalCertificates: certificates }));
             });
+            it('should use includeAdditionalCertificates: true when certificates param is omitted', () => {
+                tdpClient.createAxiosInstanceWithCertificatesAndHeaders(tdpEndpoint, orgSlug, jwt);
+                expect(tdpClient.createProxyAgentsForBaseUrl).toHaveBeenCalledWith(expect.objectContaining({ includeAdditionalCertificates: true }));
+            });
+            it('should use includeAdditionalCertificates: true when certificates param is undefined', () => {
+                tdpClient.createAxiosInstanceWithCertificatesAndHeaders(tdpEndpoint, orgSlug, jwt, undefined);
+                expect(tdpClient.createProxyAgentsForBaseUrl).toHaveBeenCalledWith(expect.objectContaining({ includeAdditionalCertificates: true }));
+            });
             it('should set the correct headers', () => {
                 const axiosCreateSpy = jest.spyOn(axios_1.default, 'create');
                 tdpClient.createAxiosInstanceWithCertificatesAndHeaders(tdpEndpoint, orgSlug, jwt, certificates);
@@ -1314,5 +1487,175 @@ describe('TDPClient', () => {
             }));
         }));
     });
+    describe('AWS Timeout Configuration', () => {
+        it('should create three separate handlers for S3, SQS, and generic AWS services', () => __awaiter(void 0, void 0, void 0, function* () {
+            const tdpClient = new src_1.TDPClient({
+                orgSlug: 'tetrascience',
+                awsRegion: 'us-east-2',
+                connectorId: 'test-connector-id',
+                authTokenProvider: new src_1.PredefinedAuthTokenProvider('test-token'),
+            });
+            yield tdpClient.init();
+            const handlers = tdpClient.createProxyAWSNodeHttpHandlers();
+            expect(handlers).toHaveProperty('s3Handler');
+            expect(handlers).toHaveProperty('sqsHandler');
+            expect(handlers).toHaveProperty('genericHandler');
+            expect(handlers.s3Handler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+            expect(handlers.sqsHandler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+            expect(handlers.genericHandler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+        }));
+        it('should configure handlers with appropriate timeout values', () => __awaiter(void 0, void 0, void 0, function* () {
+            const tdpClient = new src_1.TDPClient({
+                orgSlug: 'tetrascience',
+                awsRegion: 'us-east-2',
+                connectorId: 'test-connector-id',
+                authTokenProvider: new src_1.PredefinedAuthTokenProvider('test-token'),
+            });
+            yield tdpClient.init();
+            const handlers = tdpClient.createProxyAWSNodeHttpHandlers();
+            // Verify all three handlers are created
+            expect(handlers.s3Handler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+            expect(handlers.sqsHandler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+            expect(handlers.genericHandler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+            // Verify that the handlers are distinct instances (not the same object)
+            expect(handlers.s3Handler).not.toBe(handlers.sqsHandler);
+            expect(handlers.s3Handler).not.toBe(handlers.genericHandler);
+            expect(handlers.sqsHandler).not.toBe(handlers.genericHandler);
+            // Note: The actual timeout values are configured in createProxyAWSNodeHttpHandlers():
+            // - S3 handler: connectionTimeout: 10000ms, socketTimeout: 10000ms
+            // - SQS handler: requestTimeout: 20000ms, throwOnRequestTimeout: true
+            // - Generic handler: requestTimeout: 120000ms, throwOnRequestTimeout: true
+            //
+            // These values are not publicly accessible from the NodeHttpHandler instances,
+            // but the timeout behavior is tested in the integration tests (api-tests/aws-timeout.test.ts).
+        }));
+    });
+    describe('createAwsClient()', () => {
+        it('should throw if called before init()', () => {
+            const tdpClient = new src_1.TDPClient({
+                orgSlug: 'tetrascience',
+                awsRegion: 'us-east-2',
+                connectorId: 'test-connector-id',
+                authTokenProvider: new src_1.PredefinedAuthTokenProvider('test-token'),
+            });
+            expect(() => tdpClient.createAwsClient(s3.S3Client)).toThrow('AWS not initialized. Call init() first.');
+        });
+        it('should return a client of the requested type with the configured region', () => __awaiter(void 0, void 0, void 0, function* () {
+            const tdpClient = new src_1.TDPClient({
+                orgSlug: 'tetrascience',
+                awsRegion: 'us-east-2',
+                connectorId: 'test-connector-id',
+                authTokenProvider: new src_1.PredefinedAuthTokenProvider('test-token'),
+            });
+            yield tdpClient.init();
+            const client = tdpClient.createAwsClient(s3.S3Client);
+            expect(client).toBeInstanceOf(s3.S3Client);
+        }));
+        it('should apply overrides when provided', () => __awaiter(void 0, void 0, void 0, function* () {
+            const tdpClient = new src_1.TDPClient({
+                orgSlug: 'tetrascience',
+                awsRegion: 'us-east-2',
+                connectorId: 'test-connector-id',
+                authTokenProvider: new src_1.PredefinedAuthTokenProvider('test-token'),
+            });
+            yield tdpClient.init();
+            const client = tdpClient.createAwsClient(s3.S3Client, { region: 'eu-west-1' });
+            expect(client).toBeInstanceOf(s3.S3Client);
+            yield expect(client.config.region()).resolves.toBe('eu-west-1');
+        }));
+        it('should not pass credentials when using AwsEnvClientProvider', () => __awaiter(void 0, void 0, void 0, function* () {
+            const tdpClient = new src_1.TDPClient({
+                orgSlug: 'tetrascience',
+                awsRegion: 'us-east-2',
+                connectorId: 'test-connector-id',
+                authTokenProvider: new src_1.PredefinedAuthTokenProvider('test-token'),
+            });
+            yield tdpClient.init();
+            expect(tdpClient['awsClientProvider']).toBeInstanceOf(src_1.AwsEnvClientProvider);
+            expect(tdpClient['awsClientProvider'].getCredentialsProvider()).toBeUndefined();
+        }));
+    });
+    describe('IAM_PROXY support', () => {
+        let tdpClient;
+        beforeEach(() => __awaiter(void 0, void 0, void 0, function* () {
+            delete process.env.IAM_PROXY;
+            tdpClient = new src_1.TDPClient({
+                orgSlug: 'tetrascience',
+                awsRegion: 'us-east-2',
+                connectorId: 'test-connector-id',
+                authTokenProvider: new src_1.PredefinedAuthTokenProvider('test-token'),
+            });
+            yield tdpClient.init();
+        }));
+        afterEach(() => {
+            delete process.env.IAM_PROXY;
+        });
+        it('should use ProxyAgent when IAM_PROXY is not set', () => __awaiter(void 0, void 0, void 0, function* () {
+            const handlers = tdpClient.createProxyAWSNodeHttpHandlers();
+            expect(handlers.s3Handler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+            expect(handlers.sqsHandler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+            expect(handlers.genericHandler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+            // configProvider resolves synchronously for plain-object options
+            const s3Config = yield handlers.s3Handler.configProvider;
+            expect(s3Config.httpAgent).toBeInstanceOf(proxy_agent_1.ProxyAgent);
+            expect(s3Config.httpsAgent).toBeInstanceOf(proxy_agent_1.ProxyAgent);
+            const sqsConfig = yield handlers.sqsHandler.configProvider;
+            expect(sqsConfig.httpAgent).toBeInstanceOf(proxy_agent_1.ProxyAgent);
+            expect(sqsConfig.httpsAgent).toBeInstanceOf(proxy_agent_1.ProxyAgent);
+            const genericConfig = yield handlers.genericHandler.configProvider;
+            expect(genericConfig.httpAgent).toBeInstanceOf(proxy_agent_1.ProxyAgent);
+            expect(genericConfig.httpsAgent).toBeInstanceOf(proxy_agent_1.ProxyAgent);
+        }));
+        it('should use HttpsProxyAgent when IAM_PROXY is set', () => __awaiter(void 0, void 0, void 0, function* () {
+            process.env.IAM_PROXY = 'http://iam-proxy.example.com:8080';
+            const handlers = tdpClient.createProxyAWSNodeHttpHandlers();
+            expect(handlers.s3Handler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+            expect(handlers.sqsHandler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+            expect(handlers.genericHandler).toBeInstanceOf(node_http_handler_1.NodeHttpHandler);
+            const s3Config = yield handlers.s3Handler.configProvider;
+            expect(s3Config.httpAgent).toBeInstanceOf(https_proxy_agent_1.HttpsProxyAgent);
+            expect(s3Config.httpsAgent).toBeInstanceOf(https_proxy_agent_1.HttpsProxyAgent);
+            const sqsConfig = yield handlers.sqsHandler.configProvider;
+            expect(sqsConfig.httpAgent).toBeInstanceOf(https_proxy_agent_1.HttpsProxyAgent);
+            expect(sqsConfig.httpsAgent).toBeInstanceOf(https_proxy_agent_1.HttpsProxyAgent);
+            const genericConfig = yield handlers.genericHandler.configProvider;
+            expect(genericConfig.httpAgent).toBeInstanceOf(https_proxy_agent_1.HttpsProxyAgent);
+            expect(genericConfig.httpsAgent).toBeInstanceOf(https_proxy_agent_1.HttpsProxyAgent);
+        }));
+        it('should not use HttpsProxyAgent when IAM_PROXY is unset', () => __awaiter(void 0, void 0, void 0, function* () {
+            delete process.env.IAM_PROXY;
+            const handlers = tdpClient.createProxyAWSNodeHttpHandlers();
+            const s3Config = yield handlers.s3Handler.configProvider;
+            expect(s3Config.httpAgent).not.toBeInstanceOf(https_proxy_agent_1.HttpsProxyAgent);
+            expect(s3Config.httpsAgent).not.toBeInstanceOf(https_proxy_agent_1.HttpsProxyAgent);
+            expect(s3Config.httpAgent).toBeInstanceOf(proxy_agent_1.ProxyAgent);
+            expect(s3Config.httpsAgent).toBeInstanceOf(proxy_agent_1.ProxyAgent);
+        }));
+    });
+    describe('shouldRejectUnauthorized', () => {
+        const envBackup = process.env;
+        afterEach(() => {
+            process.env = Object.assign({}, envBackup);
+        });
+        it('should be importable from the public SDK API', () => {
+            expect(typeof src_1.shouldRejectUnauthorized).toBe('function');
+        });
+        it('should return true when NODE_TLS_REJECT_UNAUTHORIZED is not set', () => {
+            delete process.env.NODE_TLS_REJECT_UNAUTHORIZED;
+            expect((0, src_1.shouldRejectUnauthorized)()).toBe(true);
+        });
+        it('should return false when NODE_TLS_REJECT_UNAUTHORIZED is "0"', () => {
+            process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+            expect((0, src_1.shouldRejectUnauthorized)()).toBe(false);
+        });
+        it('should return false when NODE_TLS_REJECT_UNAUTHORIZED is "false"', () => {
+            process.env.NODE_TLS_REJECT_UNAUTHORIZED = 'false';
+            expect((0, src_1.shouldRejectUnauthorized)()).toBe(false);
+        });
+        it('should return true when NODE_TLS_REJECT_UNAUTHORIZED is "1"', () => {
+            process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1';
+            expect((0, src_1.shouldRejectUnauthorized)()).toBe(true);
+        });
+    });
 });
 //# sourceMappingURL=tdp-client.test.js.map