fix: [#340] remove SSH key file existence validation from config parsing

SSH key files are external resources that should be validated at runtime
when actually needed (during provision/configure), not during configuration
parsing or validation. This allows:

- Configs to be validated on machines without SSH keys
- SSH keys to be on different machines than where config is validated
- More flexible deployment workflows

Changes:
- Removed file existence checks from TryFrom<SshCredentialsConfig>
- Updated validate command to skip file existence validation
- Marked 5 obsolete tests as #[ignore] with explanatory comments
- SSH keys now validated when SSH connections are attempted (runtime)

Error handling remains user-friendly - provision command will fail with
clear message if SSH keys don't exist when actually needed.

Fixes #340

Author: josecelano

src/application/command_handlers/create/config/environment_config.rs

@@ -820,7 +820,9 @@ mod tests {
         }
     }
 
+    // Note: SSH key file existence validation removed - checked at runtime instead
     #[test]
+    #[ignore = "SSH key file existence no longer validated during config parsing"]
     fn it_should_return_error_when_private_key_file_not_found() {
         use std::env;
 
@@ -857,7 +859,9 @@ mod tests {
         }
     }
 
+    // Note: SSH key file existence validation removed - checked at runtime instead
     #[test]
+    #[ignore = "SSH key file existence no longer validated during config parsing"]
     fn it_should_return_error_when_public_key_file_not_found() {
         use std::env;
 

src/application/command_handlers/create/config/ssh_credentials_config.rs

@@ -120,18 +120,10 @@ impl TryFrom<SshCredentialsConfig> for SshCredentials {
             });
         }
 
-        // Validate SSH key files exist
-        if !private_key_path.exists() {
-            return Err(CreateConfigError::PrivateKeyNotFound {
-                path: private_key_path,
-            });
-        }
-
-        if !public_key_path.exists() {
-            return Err(CreateConfigError::PublicKeyNotFound {
-                path: public_key_path,
-            });
-        }
+        // Note: File existence is NOT validated here.
+        // SSH keys are external resources that may not exist at config parsing time.
+        // They will be validated at runtime when SSH connections are actually attempted.
+        // This allows configs to be validated and stored even if keys are on different machines.
 
         // Create domain credentials object
         Ok(SshCredentials::new(
@@ -275,55 +267,8 @@ mod tests {
         }
     }
 
-    #[test]
-    fn it_should_return_error_when_private_key_file_not_found() {
-        use std::env;
-
-        let project_root = env::var("CARGO_MANIFEST_DIR").expect("CARGO_MANIFEST_DIR not set");
-        let public_key_path = format!("{project_root}/fixtures/testing_rsa.pub");
-
-        let config = SshCredentialsConfig::new(
-            "/nonexistent/private_key".to_string(),
-            public_key_path,
-            "torrust".to_string(),
-            22,
-        );
-
-        let result: Result<SshCredentials, CreateConfigError> = config.try_into();
-        assert!(result.is_err());
-
-        match result.unwrap_err() {
-            CreateConfigError::PrivateKeyNotFound { .. } => {
-                // Expected error
-            }
-            other => panic!("Expected PrivateKeyNotFound error, got: {other:?}"),
-        }
-    }
-
-    #[test]
-    fn it_should_return_error_when_public_key_file_not_found() {
-        use std::env;
-
-        let project_root = env::var("CARGO_MANIFEST_DIR").expect("CARGO_MANIFEST_DIR not set");
-        let private_key_path = format!("{project_root}/fixtures/testing_rsa");
-
-        let config = SshCredentialsConfig::new(
-            private_key_path,
-            "/nonexistent/public_key.pub".to_string(),
-            "torrust".to_string(),
-            22,
-        );
-
-        let result: Result<SshCredentials, CreateConfigError> = config.try_into();
-        assert!(result.is_err());
-
-        match result.unwrap_err() {
-            CreateConfigError::PublicKeyNotFound { path } => {
-                assert_eq!(path, PathBuf::from("/nonexistent/public_key.pub"));
-            }
-            other => panic!("Expected PublicKeyNotFound error, got: {other:?}"),
-        }
-    }
+    // Note: Tests for file existence removed - file existence is now validated
+    // at runtime when SSH connections are attempted, not during config parsing.
 
     #[test]
     fn it_should_provide_correct_default_values_when_using_default_functions() {

src/application/command_handlers/create/tests/integration.rs

@@ -163,7 +163,9 @@ fn it_should_fail_with_invalid_environment_name() {
     }
 }
 
+// Note: SSH key file existence validation removed - checked at runtime instead
 #[test]
+#[ignore = "SSH key file existence no longer validated during config parsing"]
 fn it_should_fail_when_ssh_private_key_not_found() {
     use crate::application::command_handlers::create::config::tracker::TrackerSection;
     use crate::application::command_handlers::create::config::{

src/application/command_handlers/validate/handler.rs

@@ -92,7 +92,7 @@ impl ValidateCommandHandler {
 
         // Step 3: Convert to domain types (validates all constraints)
         // This includes:
-        // - SSH key files must exist
+        // - SSH key paths must be absolute (file existence checked at runtime)
         // - Port numbers must be valid
         // - Domain names must be well-formed
         // - All business rules must pass

src/presentation/controllers/create/subcommands/environment/config_loader.rs

@@ -288,7 +288,9 @@ mod tests {
         }
     }
 
+    // Note: SSH key file existence validation removed - checked at runtime instead
     #[test]
+    #[ignore = "SSH key file existence no longer validated during config parsing"]
     fn it_should_return_error_for_missing_ssh_keys() {
         let temp_dir = TempDir::new().unwrap();
         let config_path = temp_dir.path().join("missing_keys.json");

src/presentation/controllers/create/tests/environment.rs

@@ -105,7 +105,9 @@ async fn it_should_reject_invalid_environment_name() {
     }
 }
 
+// Note: SSH key file existence validation removed - checked at runtime instead
 #[tokio::test]
+#[ignore = "SSH key file existence no longer validated during config parsing"]
 async fn it_should_reject_missing_ssh_keys() {
     let context = TestContext::new();
     let config_path = create_config_with_missing_keys(context.working_dir());

tests/e2e/validate_command.rs

@@ -121,86 +121,10 @@ fn it_should_report_invalid_json_when_configuration_file_has_malformed_json() {
     );
 }
 
-#[test]
-fn it_should_report_missing_ssh_keys_when_key_files_do_not_exist() {
-    // Verify dependencies before running tests
-    verify_required_dependencies().expect("Dependency verification failed");
-
-    // Arrange: Create temporary workspace
-    let temp_workspace = TempWorkspace::new().expect("Failed to create temp workspace");
-
-    // Create config with non-existent SSH keys
-    let config_json = r#"{
-  "environment": {
-    "name": "test-missing-keys"
-  },
-  "ssh_credentials": {
-    "private_key_path": "/tmp/nonexistent-private.key",
-    "public_key_path": "/tmp/nonexistent-public.pub",
-    "username": "torrust",
-    "port": 22
-  },
-  "provider": {
-    "provider": "lxd",
-    "profile_name": "default"
-  },
-  "tracker": {
-    "core": {
-      "database": {
-        "driver": "sqlite3",
-        "database_name": "tracker.db"
-      },
-      "private": false
-    },
-    "udp_trackers": [
-      {
-        "bind_address": "0.0.0.0:6969"
-      }
-    ],
-    "http_trackers": [
-      {
-        "bind_address": "0.0.0.0:7070"
-      }
-    ],
-    "http_api": {
-      "bind_address": "0.0.0.0:1212",
-      "admin_token": "test"
-    },
-    "health_check_api": {
-      "bind_address": "127.0.0.1:1313"
-    }
-  }
-}"#;
-
-    let config_path = temp_workspace.path().join("invalid-ssh.json");
-    fs::write(&config_path, config_json).expect("Failed to write config");
-
-    // Act: Run validate command
-    let result = ProcessRunner::new()
-        .working_dir(temp_workspace.path())
-        .run_validate_command(config_path.to_str().unwrap())
-        .expect("Failed to run validate command");
-
-    // Assert: Command should fail
-    assert!(
-        !result.success(),
-        "Validate command should fail for missing SSH keys"
-    );
-
-    // Assert: Error message should mention SSH keys
-    let stderr = result.stderr();
-    assert!(
-        stderr.contains("SSH")
-            && (stderr.contains("not found") || stderr.contains("does not exist")),
-        "Expected error about missing SSH keys, got: {stderr}"
-    );
-
-    // Assert: Help text should provide guidance
-    assert!(
-        stderr.contains("domain constraints") || stderr.contains("Common issues"),
-        "Expected helpful troubleshooting tips, got: {stderr}"
-    );
-}
+// Note: Test for missing SSH key files removed.
+// File existence is no longer validated during config validation.
+// SSH key files are external resources checked at runtime (provision/configure commands).
+// This allows configs to be validated even when SSH keys don't exist yet or are on different machines.
 
 #[test]
 fn it_should_succeed_when_configuration_file_is_valid() {