test: drop ssh-gate suites and shadow-route assertions (PRD 0009)

- Delete tests/unit/test_ssh_gate.py and the fixture_with_ssh helpers. - test_pipelock_yaml: drop the ssh-leak guard (structurally impossible now); the remaining tests switch to fixture_minimal. - test_pipelock_allowlist: rewrite the union/dedup test to exercise an egress.allowlist that duplicates a baked default (the property the ssh-leak assertion was hitching onto). - test_manifest_git: shadow-route assertion becomes a legacy-ssh- dies-with-hint assertion, since bottle.ssh is now parse-fail. - test_orphan_cleanup: drop the SSHGate.stop idempotency check; pipelock equivalent stays. - test_dry_run_plan: drop assertions on the removed ssh_hosts / ssh_gate keys. 52 unit tests pass.
2026-05-12 23:54:22 -04:00
parent 3d66ad2a86
commit 249e8cc15e
7 changed files with 21 additions and 251 deletions
@@ -37,34 +37,6 @@ def fixture_with_egress_dict() -> dict[str, Any]:
    }


-def fixture_with_ssh_dict() -> dict[str, Any]:
-    """Bottle has both an IPv4-literal SSH host (CGNAT) and a hostname host,
-    exercising both ssrf.ip_allowlist and trusted_domains code paths. JSON shape."""
-    return {
-        "bottles": {
-            "dev": {
-                "ssh": [
-                    {
-                        "Host": "tailscale-gitea",
-                        "IdentityFile": "/dev/null",
-                        "Hostname": "100.78.141.42",
-                        "User": "git",
-                        "Port": 30009,
-                    },
-                    {
-                        "Host": "github",
-                        "IdentityFile": "/dev/null",
-                        "Hostname": "github.com",
-                        "User": "git",
-                        "Port": 22,
-                    },
-                ]
-            }
-        },
-        "agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
-    }
-
-
 def fixture_with_git_dict() -> dict[str, Any]:
    """Bottle declares a git-gate upstream. JSON shape."""
    return {
@@ -98,10 +70,6 @@ def fixture_with_egress() -> Manifest:
    return Manifest.from_json_obj(fixture_with_egress_dict())


-def fixture_with_ssh() -> Manifest:
-    return Manifest.from_json_obj(fixture_with_ssh_dict())
-
-
 def fixture_with_git() -> Manifest:
    return Manifest.from_json_obj(fixture_with_git_dict())