didericis
1f36d53f7b
test / run tests/run_tests.py (pull_request) Successful in 14s
Replace the TypedDict + 14 manifest_* free functions with frozen dataclasses (SshEntry, BottleEgress, Bottle, Agent, Manifest) carrying their own validators and constructors. Call sites import Manifest and chain attribute access; the manifest_* helpers and manifest_validate are gone. Behavior changes worth flagging: - Agent.bottle is now required (was optional with a "(none)" fallback). Manifest.from_json_obj dies if any agent lacks a 'bottle' field or references an undefined bottle, where previously start.py raised the error lazily for the specific agent being launched. - ssh.py now takes SshEntry instances; Host/IdentityFile shape checks moved upstream into Manifest construction, leaving only the IdentityFile filesystem-existence check in ssh_validate_entries. - pipelock_bottle_allowlist's per-element string check is dropped — the Manifest validator enforces it at load. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
83 lines
3.1 KiB
Python
83 lines
3.1 KiB
Python
"""Unit: allowlist resolution — pipelock_bottle_allowlist,
|
|
pipelock_bottle_ssh_hostnames, pipelock_bottle_ssh_ip_cidrs,
|
|
pipelock_bottle_ssh_trusted_domains, pipelock_effective_allowlist."""
|
|
|
|
import unittest
|
|
|
|
from claude_bottle.log import Die
|
|
from claude_bottle.manifest import Manifest
|
|
from claude_bottle.pipelock import (
|
|
pipelock_bottle_allowlist,
|
|
pipelock_bottle_ssh_hostnames,
|
|
pipelock_bottle_ssh_ip_cidrs,
|
|
pipelock_bottle_ssh_trusted_domains,
|
|
pipelock_effective_allowlist,
|
|
)
|
|
from tests.fixtures import fixture_minimal, fixture_with_egress, fixture_with_ssh
|
|
|
|
|
|
class TestBottleAllowlist(unittest.TestCase):
|
|
def test_egress_allowlist_present(self):
|
|
out = pipelock_bottle_allowlist(fixture_with_egress(), "dev")
|
|
self.assertIn("github.com", out)
|
|
self.assertIn("gitlab.com", out)
|
|
self.assertIn("registry.npmjs.org", out)
|
|
|
|
def test_empty_when_no_egress_block(self):
|
|
out = pipelock_bottle_allowlist(fixture_minimal(), "dev")
|
|
self.assertEqual([], out)
|
|
|
|
def test_rejects_non_string_entry(self):
|
|
bad = {
|
|
"bottles": {"dev": {"egress": {"allowlist": ["github.com", 42]}}},
|
|
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
|
|
}
|
|
with self.assertRaises(Die):
|
|
Manifest.from_json_obj(bad)
|
|
|
|
|
|
class TestSSHHostnames(unittest.TestCase):
|
|
def test_hostnames_include_both(self):
|
|
hosts = pipelock_bottle_ssh_hostnames(fixture_with_ssh(), "dev")
|
|
self.assertIn("100.78.141.42", hosts)
|
|
self.assertIn("github.com", hosts)
|
|
|
|
def test_ip_cidrs_only_ipv4(self):
|
|
cidrs = pipelock_bottle_ssh_ip_cidrs(fixture_with_ssh(), "dev")
|
|
self.assertIn("100.78.141.42/32", cidrs)
|
|
self.assertNotIn("github.com", cidrs)
|
|
|
|
def test_trusted_domains_only_hostnames(self):
|
|
trusted = pipelock_bottle_ssh_trusted_domains(fixture_with_ssh(), "dev")
|
|
self.assertIn("github.com", trusted)
|
|
self.assertNotIn("100.78.141.42", trusted)
|
|
|
|
|
|
class TestEffectiveAllowlist(unittest.TestCase):
|
|
def test_union_and_dedup(self):
|
|
manifest = Manifest.from_json_obj({
|
|
"bottles": {
|
|
"dev": {
|
|
"egress": {"allowlist": ["registry.npmjs.org"]},
|
|
"ssh": [
|
|
{"Host": "ts", "IdentityFile": "/dev/null",
|
|
"Hostname": "100.78.141.42", "User": "git", "Port": 30009},
|
|
{"Host": "gh", "IdentityFile": "/dev/null",
|
|
"Hostname": "github.com", "User": "git", "Port": 22},
|
|
],
|
|
}
|
|
},
|
|
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
|
|
})
|
|
eff = pipelock_effective_allowlist(manifest, "dev")
|
|
self.assertIn("api.anthropic.com", eff)
|
|
self.assertIn("registry.npmjs.org", eff)
|
|
self.assertIn("100.78.141.42", eff)
|
|
self.assertIn("github.com", eff)
|
|
self.assertEqual(len(eff), len(set(eff)), "deduplicated")
|
|
self.assertEqual(eff, sorted(eff), "sorted")
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main()
|