From ecc2f6cb4312dfc1a063e23d398092fc56432ca2 Mon Sep 17 00:00:00 2001
From: Winston Howes <winstonhowes@gmail.com>
Date: Mon, 29 Dec 2025 21:16:21 -0800
Subject: [PATCH] Add MSI secret error coverage to azure managed identity

---
 .../azure_managed_identity/outgoing_test.go   | 21 ++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/app/auth/plugins/azure_managed_identity/outgoing_test.go b/app/auth/plugins/azure_managed_identity/outgoing_test.go
index 951e3dd..3da3eb2 100644
--- a/app/auth/plugins/azure_managed_identity/outgoing_test.go
+++ b/app/auth/plugins/azure_managed_identity/outgoing_test.go
@@ -355,12 +355,23 @@ func TestFetchTokenUsesIdentityEndpoint(t *testing.T) {
 }
 
 func TestFetchTokenMissingIdentityHeader(t *testing.T) {
-	t.Setenv("IDENTITY_ENDPOINT", "http://localhost/identity")
-	t.Setenv("IDENTITY_HEADER", "")
+        t.Setenv("IDENTITY_ENDPOINT", "http://localhost/identity")
+        t.Setenv("IDENTITY_HEADER", "")
 
-	if _, _, err := fetchToken(context.Background(), "api://res", ""); err == nil {
-		t.Fatal("expected error for missing identity header")
-	}
+        if _, _, err := fetchToken(context.Background(), "api://res", ""); err == nil {
+                t.Fatal("expected error for missing identity header")
+        }
+}
+
+func TestFetchTokenMissingMSISecret(t *testing.T) {
+        t.Setenv("IDENTITY_ENDPOINT", "")
+        t.Setenv("IDENTITY_HEADER", "")
+        t.Setenv("MSI_ENDPOINT", "http://localhost/msi")
+        t.Setenv("MSI_SECRET", "")
+
+        if _, _, err := fetchToken(context.Background(), "api://res", ""); err == nil {
+                t.Fatal("expected error for missing MSI secret")
+        }
 }
 
 func TestFetchTokenUsesMSIEndpoint(t *testing.T) {