revert(egress-proxy): drop Role + agent provisioner (keep git-push block)
Partial revert offa06a3a. The role + agent-side provisioner felt overengineered: anthropic-base-url + npm-registry's only realistic host values match the tool defaults, so the role tags drove no-op dotfile writes most of the time. If non-default npm registry / tea config is needed in a future bottle, we can ship it through a more direct mechanism then. What stays fromfa06a3a: - Universal HTTPS git-push block in the egress-proxy addon (`is_git_push_request` in egress_proxy_addon_core, called from the request hook before route matching; 403s git-receive-pack regardless of route). This is the security backstop so git-gate remains the only outbound write path; PR #29 keeps it. What gets reverted: - `Role` field on EgressProxyRoute (manifest + runtime). - `EGRESS_PROXY_ROLES` + `EGRESS_PROXY_SINGLETON_ROLES` constants and singleton-role validation. - `backend/docker/provision/egress_proxy.py` (npmrc + tea config). - `provision_egress_proxy` slot in `BottleBackend.provision`. - `prepare.py`'s role-based ANTHROPIC_BASE_URL detection (back to the token_ref="CLAUDE_CODE_OAUTH_TOKEN" auto-detect). - Manifest + provisioner tests for the above. 355 unit + 24 integration tests pass. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -128,64 +128,6 @@ class TestAuth(unittest.TestCase):
|
||||
}])
|
||||
|
||||
|
||||
class TestRole(unittest.TestCase):
|
||||
def test_omitted_means_no_roles(self):
|
||||
b = _bottle([{"host": "x.example"}])
|
||||
self.assertEqual((), b.egress_proxy.routes[0].Role)
|
||||
|
||||
def test_string_normalizes_to_tuple(self):
|
||||
b = _bottle([{"host": "api.anthropic.com",
|
||||
"role": "anthropic-base-url",
|
||||
"auth": {"scheme": "Bearer", "token_ref": "T"}}])
|
||||
self.assertEqual(("anthropic-base-url",),
|
||||
b.egress_proxy.routes[0].Role)
|
||||
|
||||
def test_list_supported(self):
|
||||
b = _bottle([{"host": "registry.npmjs.org",
|
||||
"role": ["npm-registry"]}])
|
||||
self.assertEqual(("npm-registry",), b.egress_proxy.routes[0].Role)
|
||||
|
||||
def test_unknown_role_rejected(self):
|
||||
with self.assertRaises(Die):
|
||||
_bottle([{"host": "x.example", "role": "git-insteadof"}])
|
||||
|
||||
def test_non_string_role_rejected(self):
|
||||
with self.assertRaises(Die):
|
||||
_bottle([{"host": "x.example", "role": 42}])
|
||||
|
||||
def test_list_with_non_string_item_rejected(self):
|
||||
with self.assertRaises(Die):
|
||||
_bottle([{"host": "x.example", "role": ["npm-registry", 42]}])
|
||||
|
||||
def test_singleton_anthropic_base_url_enforced(self):
|
||||
with self.assertRaises(Die):
|
||||
_bottle([
|
||||
{"host": "api.anthropic.com", "role": "anthropic-base-url",
|
||||
"auth": {"scheme": "Bearer", "token_ref": "T1"}},
|
||||
{"host": "api2.anthropic.example",
|
||||
"role": "anthropic-base-url",
|
||||
"auth": {"scheme": "Bearer", "token_ref": "T2"}},
|
||||
])
|
||||
|
||||
def test_singleton_npm_registry_enforced(self):
|
||||
with self.assertRaises(Die):
|
||||
_bottle([
|
||||
{"host": "registry.npmjs.org", "role": "npm-registry"},
|
||||
{"host": "npm.example", "role": "npm-registry"},
|
||||
])
|
||||
|
||||
def test_tea_login_is_not_singleton(self):
|
||||
# Multiple Gitea instances on one bottle is a legitimate
|
||||
# dev setup; tea-login lays one logins[] entry per route.
|
||||
b = _bottle([
|
||||
{"host": "gitea.example", "role": "tea-login",
|
||||
"auth": {"scheme": "token", "token_ref": "T1"}},
|
||||
{"host": "other-gitea.example", "role": "tea-login",
|
||||
"auth": {"scheme": "token", "token_ref": "T2"}},
|
||||
])
|
||||
self.assertEqual(2, len(b.egress_proxy.routes))
|
||||
|
||||
|
||||
class TestRouteValidation(unittest.TestCase):
|
||||
def test_duplicate_hosts_rejected(self):
|
||||
# Routes match by exact host; duplicates leave the choice
|
||||
|
||||
Reference in New Issue
Block a user