didericis
249e8cc15e
- Delete tests/unit/test_ssh_gate.py and the fixture_with_ssh helpers. - test_pipelock_yaml: drop the ssh-leak guard (structurally impossible now); the remaining tests switch to fixture_minimal. - test_pipelock_allowlist: rewrite the union/dedup test to exercise an egress.allowlist that duplicates a baked default (the property the ssh-leak assertion was hitching onto). - test_manifest_git: shadow-route assertion becomes a legacy-ssh- dies-with-hint assertion, since bottle.ssh is now parse-fail. - test_orphan_cleanup: drop the SSHGate.stop idempotency check; pipelock equivalent stays. - test_dry_run_plan: drop assertions on the removed ssh_hosts / ssh_gate keys. 52 unit tests pass.
209 lines
7.5 KiB
Python
209 lines
7.5 KiB
Python
"""Unit: Bottle.git manifest parsing + validation (PRD 0008)."""
|
|
|
|
import unittest
|
|
|
|
from claude_bottle.log import Die
|
|
from claude_bottle.manifest import Manifest
|
|
|
|
|
|
def _manifest(git_entries):
|
|
return {
|
|
"bottles": {"dev": {"git": git_entries}},
|
|
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
|
|
}
|
|
|
|
|
|
class TestGitEntryParsing(unittest.TestCase):
|
|
def test_parses_minimal_entry(self):
|
|
m = Manifest.from_json_obj(_manifest([{
|
|
"Name": "claude-bottle",
|
|
"Upstream": "ssh://git@gitea.dideric.is:30009/didericis/claude-bottle.git",
|
|
"IdentityFile": "/dev/null",
|
|
}]))
|
|
entries = m.bottles["dev"].git
|
|
self.assertEqual(1, len(entries))
|
|
e = entries[0]
|
|
self.assertEqual("claude-bottle", e.Name)
|
|
self.assertEqual("git", e.UpstreamUser)
|
|
self.assertEqual("gitea.dideric.is", e.UpstreamHost)
|
|
self.assertEqual("30009", e.UpstreamPort)
|
|
self.assertEqual("didericis/claude-bottle.git", e.UpstreamPath)
|
|
|
|
def test_default_port_is_22(self):
|
|
m = Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "ssh://git@github.com/didericis/foo.git",
|
|
"IdentityFile": "/dev/null",
|
|
}]))
|
|
e = m.bottles["dev"].git[0]
|
|
self.assertEqual("22", e.UpstreamPort)
|
|
self.assertEqual("github.com", e.UpstreamHost)
|
|
|
|
def test_known_host_key_optional(self):
|
|
m = Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "ssh://git@github.com/foo.git",
|
|
"IdentityFile": "/dev/null",
|
|
}]))
|
|
self.assertEqual("", m.bottles["dev"].git[0].KnownHostKey)
|
|
|
|
def test_missing_name_dies(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([{
|
|
"Upstream": "ssh://git@github.com/foo.git",
|
|
"IdentityFile": "/dev/null",
|
|
}]))
|
|
|
|
def test_missing_upstream_dies(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"IdentityFile": "/dev/null",
|
|
}]))
|
|
|
|
def test_missing_identity_file_dies(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "ssh://git@github.com/foo.git",
|
|
}]))
|
|
|
|
def test_non_ssh_upstream_dies(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "https://github.com/didericis/foo.git",
|
|
"IdentityFile": "/dev/null",
|
|
}]))
|
|
|
|
def test_scp_style_upstream_dies(self):
|
|
# SCP-style "git@host:path" is intentionally not supported in
|
|
# v1 — ssh:// only.
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "git@github.com:didericis/foo.git",
|
|
"IdentityFile": "/dev/null",
|
|
}]))
|
|
|
|
def test_upstream_without_user_dies(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "ssh://github.com/foo.git",
|
|
"IdentityFile": "/dev/null",
|
|
}]))
|
|
|
|
def test_upstream_without_path_dies(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "ssh://git@github.com",
|
|
"IdentityFile": "/dev/null",
|
|
}]))
|
|
|
|
def test_non_numeric_port_dies(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "ssh://git@github.com:notaport/foo.git",
|
|
"IdentityFile": "/dev/null",
|
|
}]))
|
|
|
|
|
|
class TestGitEntryExtraHosts(unittest.TestCase):
|
|
def test_extra_hosts_defaults_to_empty(self):
|
|
m = Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "ssh://git@github.com/foo.git",
|
|
"IdentityFile": "/dev/null",
|
|
}]))
|
|
self.assertEqual({}, dict(m.bottles["dev"].git[0].ExtraHosts))
|
|
|
|
def test_extra_hosts_parses_host_to_ip_map(self):
|
|
m = Manifest.from_json_obj(_manifest([{
|
|
"Name": "claude-bottle",
|
|
"Upstream": "ssh://git@gitea.dideric.is:30009/didericis/claude-bottle.git",
|
|
"IdentityFile": "/dev/null",
|
|
"ExtraHosts": {"gitea.dideric.is": "100.78.141.42"},
|
|
}]))
|
|
eh = dict(m.bottles["dev"].git[0].ExtraHosts)
|
|
self.assertEqual({"gitea.dideric.is": "100.78.141.42"}, eh)
|
|
|
|
def test_extra_hosts_must_be_object(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "ssh://git@github.com/foo.git",
|
|
"IdentityFile": "/dev/null",
|
|
"ExtraHosts": ["gitea.dideric.is", "100.78.141.42"],
|
|
}]))
|
|
|
|
def test_extra_hosts_ip_must_be_string(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "ssh://git@github.com/foo.git",
|
|
"IdentityFile": "/dev/null",
|
|
"ExtraHosts": {"gitea.dideric.is": 100},
|
|
}]))
|
|
|
|
def test_extra_hosts_empty_ip_dies(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([{
|
|
"Name": "foo",
|
|
"Upstream": "ssh://git@github.com/foo.git",
|
|
"IdentityFile": "/dev/null",
|
|
"ExtraHosts": {"gitea.dideric.is": ""},
|
|
}]))
|
|
|
|
|
|
class TestGitEntryCrossValidation(unittest.TestCase):
|
|
def test_duplicate_name_dies(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(_manifest([
|
|
{"Name": "foo", "Upstream": "ssh://git@a.example/x.git",
|
|
"IdentityFile": "/dev/null"},
|
|
{"Name": "foo", "Upstream": "ssh://git@b.example/y.git",
|
|
"IdentityFile": "/dev/null"},
|
|
]))
|
|
|
|
def test_legacy_ssh_field_dies_with_hint(self):
|
|
# PRD 0009: bottle.ssh is removed; manifests carrying it must
|
|
# fail loudly with a hint pointing at bottle.git.
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj({
|
|
"bottles": {
|
|
"dev": {
|
|
"ssh": [{
|
|
"Host": "gitea",
|
|
"IdentityFile": "/dev/null",
|
|
"Hostname": "gitea.dideric.is",
|
|
"User": "git",
|
|
"Port": 30009,
|
|
}],
|
|
},
|
|
},
|
|
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
|
|
})
|
|
|
|
|
|
class TestEmptyGitField(unittest.TestCase):
|
|
def test_no_git_field_yields_empty_tuple(self):
|
|
m = Manifest.from_json_obj({
|
|
"bottles": {"dev": {}},
|
|
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
|
|
})
|
|
self.assertEqual((), m.bottles["dev"].git)
|
|
|
|
def test_git_array_type_required(self):
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj({
|
|
"bottles": {"dev": {"git": "not-a-list"}},
|
|
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
|
|
})
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main()
|