chore: print warning if both mtls and mtlsKeyPair provided

Author: davidkna-sap

packages/connectivity/src/http-agent/http-agent.spec.ts

@@ -316,6 +316,35 @@ describe('getAgentConfig', () => {
         expect(actual.passphrase).not.toBeDefined();
         expect(cacheSpy).toHaveBeenCalledTimes(1);
       });
+
+      it('logs a warning when both mtls is enabled and mtlsKeyPair is provided', async () => {
+        process.env.CF_INSTANCE_CERT = 'cf-crypto/cf-cert';
+        process.env.CF_INSTANCE_KEY = 'cf-crypto/cf-key';
+
+        const destination: HttpDestination = {
+          url: 'https://example.com',
+          name: 'test-destination',
+          mtls: true,
+          mtlsKeyPair: {
+            cert: 'ias-cert',
+            key: 'ias-key'
+          }
+        };
+
+        const logger = createLogger('http-agent');
+        const warnSpy = jest.spyOn(logger, 'warn');
+
+        const actual = (await getAgentConfig(destination))['httpsAgent']
+          .options;
+
+        expect(warnSpy).toHaveBeenCalledWith(
+          "Destination test-destination has both 'mtlsKeyPair' (used by IAS) and 'mtls' (to use certs from cf) enabled. The 'mtlsKeyPair' will be used."
+        );
+        expect(actual.cert).toEqual('ias-cert');
+        expect(actual.key).toEqual('ias-key');
+
+        warnSpy.mockRestore();
+      });
     });
 
     it('returns an object with key "httpsAgent" which is missing mTLS options when mtls is set to true but env variables do not include cert & key', async () => {

packages/connectivity/src/http-agent/http-agent.ts

@@ -116,7 +116,7 @@ function getKeyStoreOptions(destination: Destination):
   if (
     // Only add certificates, when using ClientCertificateAuthentication (https://github.com/SAP/cloud-sdk-js/issues/3544)
     destination.authentication === 'ClientCertificateAuthentication' &&
-    !mtlsIsEnabled(destination) &&
+    !(mtlsIsEnabled(destination) || destination.mtlsKeyPair) &&
     destination.keyStoreName
   ) {
     const certificate = selectCertificate(destination);
@@ -181,11 +181,18 @@ async function getMtlsOptions(
       } has mTLS enabled, but the required Cloud Foundry environment variables (CF_INSTANCE_CERT and CF_INSTANCE_KEY) are not defined. Note that 'inferMtls' only works on Cloud Foundry.`
     );
   }
-  if (mtlsIsEnabled(destination)) {
-    if (destination.mtlsKeyPair) {
-      return destination.mtlsKeyPair;
+  if (destination.mtlsKeyPair) {
+    if (mtlsIsEnabled(destination)) {
+      logger.warn(
+        `Destination ${
+          destination.name ? destination.name : ''
+        } has both 'mtlsKeyPair' (used by IAS) and 'mtls' (to use certs from cf) enabled. The 'mtlsKeyPair' will be used.`
+      );
     }
 
+    return destination.mtlsKeyPair;
+  }
+  if (mtlsIsEnabled(destination)) {
     if (registerDestinationCache.mtls.useMtlsCache) {
       return registerDestinationCache.mtls.getMtlsOptions();
     }
@@ -202,10 +209,9 @@ async function getMtlsOptions(
 
 function mtlsIsEnabled(destination: Destination) {
   return (
-    (destination.mtls &&
-      process.env.CF_INSTANCE_CERT &&
-      process.env.CF_INSTANCE_KEY) ||
-    destination.mtlsKeyPair
+    destination.mtls &&
+    process.env.CF_INSTANCE_CERT &&
+    process.env.CF_INSTANCE_KEY
   );
 }