test(sshConn): close coverage gaps in config resolver

ncode · ncode · commit f68dc89579d3 · 2026-04-20T17:02:28.000+02:00
Add focused tests for previously-uncovered branches in config.go:

- Error propagation from loadConfig for non-ENOENT paths (ENOTDIR via
  intermediate regular file) and from both user and system config loads
  in LoadSSHConfig.
- Resolver error propagation through getValue and getAllValues when the
  underlying library rejects an empty HostArg.
- ResolveHost paths for HostSpec.Alias precedence, invalid Port values
  surfacing as a wrapped error, and fallback to currentUser() when no
  explicit fallback is provided.
- LoadIdentityFiles wrapping non-ErrNotExist read errors with the
  offending path.
- ParseProxyJump dropping empty/whitespace-only components between
  commas.

Statement coverage for internal/sshConn/config.go: 84.61% -&gt; 93.75%.
Remaining gaps are platform-specific (Windows shell branch in
shellMatchExec), environment-dependent (currentUser env fallbacks when
user.Current() fails), or structurally unreachable under normal control
flow.
diff --git a/internal/sshConn/config_test.go b/internal/sshConn/config_test.go
@@ -11,6 +11,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"runtime"
+	"strings"
 	"testing"
 
 	"golang.org/x/crypto/ssh"
@@ -83,6 +84,49 @@ func TestResolveHostFallbackUser(t *testing.T) {
 	}
 }
 
+func TestResolveHostUsesCurrentUserWhenNoFallback(t *testing.T) {
+	// With no explicit user, no User directive, and an empty fallbackUser,
+	// ResolveHost must fall back to the OS current user. This exercises the
+	// `userValue = currentUser()` branch that is otherwise masked by the
+	// explicit fallback used in every other test in this file.
+	resolver, err := LoadSSHConfig(SSHConfigPaths{})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	resolved, err := resolver.ResolveHost(HostSpec{Host: "host-no-user"}, "")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if resolved.User == "" {
+		t.Fatalf("expected a non-empty OS user when fallback is empty, got %+v", resolved)
+	}
+	if resolved.User != currentUser() {
+		t.Fatalf("expected OS current user %q, got %q", currentUser(), resolved.User)
+	}
+}
+
+func TestResolveHostPrefersExplicitAliasOverHost(t *testing.T) {
+	// HostSpec.Alias takes precedence over Host for config lookup; this
+	// covers the `alias = spec.Alias` branch that the other tests never hit
+	// because they always set Host directly.
+	cfg := "Host canonical\n  HostName canonical.internal\n  User deploy\n"
+	userCfg := writeTempConfig(t, cfg)
+	resolver, err := LoadSSHConfig(SSHConfigPaths{User: userCfg})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	resolved, err := resolver.ResolveHost(HostSpec{Host: "ignored", Alias: "canonical"}, "me")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if resolved.Alias != "canonical" {
+		t.Fatalf("expected alias to win over host, got %+v", resolved)
+	}
+	if resolved.Host != "canonical.internal" {
+		t.Fatalf("expected HostName to resolve via alias, got %+v", resolved)
+	}
+}
+
 func TestLoadIdentityFilesSkipsMissing(t *testing.T) {
 	methods, err := LoadIdentityFiles([]string{"/does/not/exist"})
 	if err != nil {
@@ -182,6 +226,20 @@ func TestLoadIdentityFilesReturnsErrorForMalformedPrivateKey(t *testing.T) {
 	}
 }
 
+func TestLoadIdentityFilesWrapsNonNotExistReadError(t *testing.T) {
+	// Passing a directory where a file is expected produces a read error
+	// that is not os.ErrNotExist, which must be surfaced with a wrapped,
+	// path-qualified message rather than swallowed.
+	dir := t.TempDir()
+	_, err := LoadIdentityFiles([]string{dir})
+	if err == nil {
+		t.Fatalf("expected read error for directory path")
+	}
+	if !strings.Contains(err.Error(), dir) {
+		t.Fatalf("expected wrapped error to include the offending path, got %q", err.Error())
+	}
+}
+
 func TestResolveHostMatchExecApplies(t *testing.T) {
 	// Models the production pattern where a jump alias resolves to a concrete
 	// HostName only when the probe command succeeds, e.g.:
@@ -323,6 +381,16 @@ func TestParseProxyJumpNoneDisablesJumps(t *testing.T) {
 	}
 }
 
+func TestParseProxyJumpSkipsEmptyComponents(t *testing.T) {
+	// Empty/whitespace-only segments between commas are dropped rather than
+	// surfacing as blank jump entries to the dialer.
+	got := ParseProxyJump(" ,jump1, ,jump2,")
+	want := []string{"jump1", "jump2"}
+	if !reflect.DeepEqual(got, want) {
+		t.Fatalf("ParseProxyJump skipped-empty: got %v, want %v", got, want)
+	}
+}
+
 func TestResolveHostProxyJumpNoneClearsJumps(t *testing.T) {
 	// OpenSSH: first matching directive wins for single-valued options, so
 	// the specific block declaring `ProxyJump none` must come before the
@@ -654,6 +722,45 @@ func TestLoadConfigNonExistentPath(t *testing.T) {
 	}
 }
 
+func TestLoadConfigSurfacesNonNotExistOpenError(t *testing.T) {
+	// Using a regular file as an intermediate path component produces an
+	// ENOTDIR error from os.Open, which is not os.IsNotExist. loadConfig
+	// must surface that error instead of silently returning nil.
+	base := filepath.Join(t.TempDir(), "not_a_dir")
+	if err := os.WriteFile(base, []byte("placeholder"), 0o600); err != nil {
+		t.Fatalf("failed to seed placeholder file: %v", err)
+	}
+	cfg, err := loadConfig(filepath.Join(base, "config"))
+	if err == nil {
+		t.Fatalf("expected non-nil error for ENOTDIR path")
+	}
+	if cfg != nil {
+		t.Fatalf("expected nil config when open errors, got %+v", cfg)
+	}
+}
+
+func TestLoadSSHConfigPropagatesUserLoadError(t *testing.T) {
+	base := filepath.Join(t.TempDir(), "user_placeholder")
+	if err := os.WriteFile(base, []byte("x"), 0o600); err != nil {
+		t.Fatalf("failed to seed placeholder: %v", err)
+	}
+	_, err := LoadSSHConfig(SSHConfigPaths{User: filepath.Join(base, "config")})
+	if err == nil {
+		t.Fatalf("expected user loadConfig error to propagate")
+	}
+}
+
+func TestLoadSSHConfigPropagatesSystemLoadError(t *testing.T) {
+	base := filepath.Join(t.TempDir(), "sys_placeholder")
+	if err := os.WriteFile(base, []byte("x"), 0o600); err != nil {
+		t.Fatalf("failed to seed placeholder: %v", err)
+	}
+	_, err := LoadSSHConfig(SSHConfigPaths{System: filepath.Join(base, "config")})
+	if err == nil {
+		t.Fatalf("expected system loadConfig error to propagate")
+	}
+}
+
 func TestResolveNilConfig(t *testing.T) {
 	resolver := &SSHConfigResolver{}
 	result, err := resolver.resolve(nil, "web")
@@ -665,6 +772,83 @@ func TestResolveNilConfig(t *testing.T) {
 	}
 }
 
+func TestResolveHostInvalidPortSurfacesError(t *testing.T) {
+	cfg := "Host web\n  Port not-a-number\n"
+	userCfg := writeTempConfig(t, cfg)
+	resolver, err := LoadSSHConfig(SSHConfigPaths{User: userCfg})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	_, err = resolver.ResolveHost(HostSpec{Host: "web"}, "me")
+	if err == nil {
+		t.Fatalf("expected invalid Port value to produce a wrapped error")
+	}
+	if !strings.Contains(err.Error(), "invalid port") {
+		t.Fatalf("expected wrapped error to mention invalid port, got %q", err.Error())
+	}
+}
+
+func TestResolveHostEmptyAliasSurfacesResolverError(t *testing.T) {
+	// The underlying ssh_config library requires a non-empty HostArg and
+	// returns an error otherwise. ResolveHost must surface that rather than
+	// continuing to connect to a nameless host.
+	userCfg := writeTempConfig(t, "Host web\n  User deploy\n")
+	resolver, err := LoadSSHConfig(SSHConfigPaths{User: userCfg})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	_, err = resolver.ResolveHost(HostSpec{}, "")
+	if err == nil {
+		t.Fatalf("expected error for empty host/alias")
+	}
+}
+
+func TestGetValueSurfacesUserResolverError(t *testing.T) {
+	userCfg := writeTempConfig(t, "Host web\n  User deploy\n")
+	resolver, err := LoadSSHConfig(SSHConfigPaths{User: userCfg})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if _, err := resolver.getValue("", "User"); err == nil {
+		t.Fatalf("expected resolver error for empty alias via user config")
+	}
+}
+
+func TestGetValueSurfacesSystemResolverError(t *testing.T) {
+	// Only a system config is loaded so the error must come from the system
+	// branch of getValue rather than the user branch.
+	systemCfg := writeTempConfig(t, "Host web\n  User deploy\n")
+	resolver, err := LoadSSHConfig(SSHConfigPaths{System: systemCfg})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if _, err := resolver.getValue("", "User"); err == nil {
+		t.Fatalf("expected resolver error for empty alias via system config")
+	}
+}
+
+func TestGetAllValuesSurfacesUserResolverError(t *testing.T) {
+	userCfg := writeTempConfig(t, "Host web\n  IdentityFile ~/.ssh/id\n")
+	resolver, err := LoadSSHConfig(SSHConfigPaths{User: userCfg})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if _, err := resolver.getAllValues("", "IdentityFile"); err == nil {
+		t.Fatalf("expected resolver error for empty alias via user config")
+	}
+}
+
+func TestGetAllValuesSurfacesSystemResolverError(t *testing.T) {
+	systemCfg := writeTempConfig(t, "Host web\n  IdentityFile ~/.ssh/id\n")
+	resolver, err := LoadSSHConfig(SSHConfigPaths{System: systemCfg})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if _, err := resolver.getAllValues("", "IdentityFile"); err == nil {
+		t.Fatalf("expected resolver error for empty alias via system config")
+	}
+}
+
 func TestGetValueWithNilConfigs(t *testing.T) {
 	resolver := &SSHConfigResolver{}
 	val, err := resolver.getValue("web", "HostName")
