cameleer-server-app/src/main/java/com/cameleer/server/app/outbound/dto/OutboundConnectionRequest.java

@@ -30,7 +30,7 @@ public record OutboundConnectionRequest(
         defaultHeaders = defaultHeaders == null ? Map.of() : defaultHeaders;
         tlsCaPemPaths = tlsCaPemPaths == null ? List.of() : tlsCaPemPaths;
         allowedEnvironmentIds = allowedEnvironmentIds == null ? List.of() : allowedEnvironmentIds;
-        if (tlsTrustMode == TrustMode.TRUST_PATHS && tlsCaPemPaths.isEmpty()) {
+        if (tlsTrustMode != null && tlsTrustMode == TrustMode.TRUST_PATHS && tlsCaPemPaths.isEmpty()) {
             throw new IllegalArgumentException("tlsCaPemPaths must not be empty when tlsTrustMode = TRUST_PATHS");
         }
     }

cameleer-server-app/src/test/java/com/cameleer/server/app/outbound/controller/OutboundConnectionAdminControllerIT.java

@@ -176,4 +176,19 @@ class OutboundConnectionAdminControllerIT extends AbstractPostgresIT {
         assertThat(body.path("tlsProtocol").asText()).isEqualTo("TLS");
         assertThat(body.path("error").isNull()).isTrue();
     }
+
+    @Test
+    void operatorCannotTest() throws Exception {
+        ResponseEntity<String> create = restTemplate.exchange(
+                "/api/v1/admin/outbound-connections", HttpMethod.POST,
+                new HttpEntity<>(CREATE_BODY, securityHelper.authHeaders(adminJwt)),
+                String.class);
+        String id = objectMapper.readTree(create.getBody()).path("id").asText();
+
+        ResponseEntity<String> test = restTemplate.exchange(
+                "/api/v1/admin/outbound-connections/" + id + "/test", HttpMethod.POST,
+                new HttpEntity<>(securityHelper.authHeaders(operatorJwt)),
+                String.class);
+        assertThat(test.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
+    }
 }