MCPcopy Index your code
hub / github.com/docker/docker-agent / TestProviderAPIKeyEnvVars

Function TestProviderAPIKeyEnvVars

pkg/config/auto_test.go:1055–1092  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

1053func (e *stubPullError) ModelPullErrorSummary() string { return e.summary }
1054
1055func TestProviderAPIKeyEnvVars(t *testing.T) {
1056 t.Parallel()
1057
1058 vars := ProviderAPIKeyEnvVars()
1059
1060 // Sorted and deduplicated for reproducibility.
1061 assert.True(t, slices.IsSorted(vars), "env vars must be sorted, got %v", vars)
1062 assert.Equal(t, slices.Compact(slices.Clone(vars)), vars, "env vars must be deduplicated")
1063
1064 // The dedicated single-secret model API keys must be present.
1065 for _, name := range []string{
1066 "OPENAI_API_KEY",
1067 "ANTHROPIC_API_KEY",
1068 "GOOGLE_API_KEY",
1069 "MISTRAL_API_KEY",
1070 "OPENROUTER_API_KEY",
1071 "XAI_API_KEY",
1072 "NEBIUS_API_KEY",
1073 } {
1074 assert.Contains(t, vars, name)
1075 }
1076
1077 // Non-secret detection/mode flags and multi-variable credential sets must
1078 // never be exposed as forwardable API keys.
1079 for _, name := range []string{
1080 "GOOGLE_GENAI_USE_VERTEXAI",
1081 "GEMINI_API_KEY",
1082 "AWS_ACCESS_KEY_ID",
1083 "AWS_PROFILE",
1084 "AWS_ROLE_ARN",
1085 "AWS_BEARER_TOKEN_BEDROCK",
1086 } {
1087 assert.NotContains(t, vars, name)
1088 }
1089
1090 // Broad, general-purpose tokens must not be forwarded as model credentials.
1091 assert.NotContains(t, vars, "GITHUB_TOKEN")
1092}

Callers

nothing calls this directly

Calls 2

ProviderAPIKeyEnvVarsFunction · 0.85
CloneMethod · 0.45

Tested by

no test coverage detected