refactor(pipelock): drop bottle.ssh carve-outs
PRD 0007: SSH traffic now flows through the per-agent ssh-gate sidecar, so pipelock should know nothing about bottle.ssh. Removed: - pipelock_bottle_ssh_hostnames, _trusted_domains, _ip_cidrs. - The trusted_domains / ssrf blocks built from ssh entries. - pipelock_proxy_host_port — its last caller (the ssh provisioner) is gone. - is_ipv4_literal — only used to classify ssh hostnames into trusted_domains vs ssrf.ip_allowlist, both of which are gone. api_allowlist now derives solely from baked-in defaults + bottle.egress.allowlist. Tests updated to pin the new shape and assert ssh hostnames do NOT leak into pipelock's config.
This commit is contained in:
@@ -1,20 +1,12 @@
|
||||
"""Unit: pipelock_effective_allowlist — the union of baked-in defaults,
|
||||
bottle.egress.allowlist, and bottle.ssh[].Hostname. Plus a small check
|
||||
that IPv4 hostnames pick up the /32 suffix when classified as CIDRs.
|
||||
|
||||
The lower-level one-line helpers (pipelock_bottle_allowlist,
|
||||
pipelock_bottle_ssh_hostnames, pipelock_bottle_ssh_trusted_domains)
|
||||
are exercised end-to-end by test_union_and_dedup, so they don't get
|
||||
their own tests."""
|
||||
"""Unit: pipelock_effective_allowlist — the union of baked-in defaults
|
||||
and bottle.egress.allowlist. Per PRD 0007, bottle.ssh entries do NOT
|
||||
contribute (SSH traffic goes through the per-agent ssh-gate, not
|
||||
pipelock)."""
|
||||
|
||||
import unittest
|
||||
|
||||
from claude_bottle.manifest import Manifest
|
||||
from claude_bottle.pipelock import (
|
||||
pipelock_bottle_ssh_ip_cidrs,
|
||||
pipelock_effective_allowlist,
|
||||
)
|
||||
from tests.fixtures import fixture_with_ssh
|
||||
from claude_bottle.pipelock import pipelock_effective_allowlist
|
||||
|
||||
|
||||
class TestEffectiveAllowlist(unittest.TestCase):
|
||||
@@ -36,20 +28,14 @@ class TestEffectiveAllowlist(unittest.TestCase):
|
||||
eff = pipelock_effective_allowlist(manifest.bottles["dev"])
|
||||
self.assertIn("api.anthropic.com", eff, "baked default present")
|
||||
self.assertIn("registry.npmjs.org", eff, "egress.allowlist present")
|
||||
self.assertIn("100.78.141.42", eff, "ssh ipv4 hostname present")
|
||||
self.assertIn("github.com", eff, "ssh hostname present")
|
||||
# PRD 0007: ssh hostnames must not contribute to pipelock's
|
||||
# allowlist anymore — they're routed through the ssh-gate
|
||||
# sidecar, which is on its own egress path.
|
||||
self.assertNotIn("100.78.141.42", eff)
|
||||
self.assertNotIn("github.com", eff)
|
||||
self.assertEqual(len(eff), len(set(eff)), "deduplicated")
|
||||
self.assertEqual(eff, sorted(eff), "sorted")
|
||||
|
||||
|
||||
class TestSSHIPCidrs(unittest.TestCase):
|
||||
def test_ipv4_hostname_gets_32_suffix(self):
|
||||
cidrs = pipelock_bottle_ssh_ip_cidrs(fixture_with_ssh().bottles["dev"])
|
||||
self.assertIn("100.78.141.42/32", cidrs)
|
||||
# Hostname-typed entries don't end up here.
|
||||
self.assertNotIn("github.com", cidrs)
|
||||
self.assertNotIn("github.com/32", cidrs)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
|
||||
Reference in New Issue
Block a user