didericis
11f17d7927
test / run tests/run_tests.py (pull_request) Successful in 16s
The yaml generation logic moves wholesale onto DockerBottleBackend where it's used. pipelock_write_yaml is deleted; pipelock.py keeps the allowlist resolution helpers (still called by prepare_proxy and by pipelock_allowlist_summary). The pipelock_start error message that referenced "pipelock_write_yaml must run first" now says "backend.prepare_proxy must run first." tests/test_pipelock_yaml.py rewritten to drive DockerBottleBackend(). prepare_proxy(spec, yaml_path); test_pipelock_sidecar_smoke.py call site updated similarly. Same coverage at the new location.
96 lines
3.5 KiB
Python
96 lines
3.5 KiB
Python
"""Unit: DockerBottleBackend.prepare_proxy — produces a pipelock YAML
|
|
config containing the expected top-level keys and per-bottle entries.
|
|
We don't fully parse YAML; we grep for content shape."""
|
|
|
|
import os
|
|
import tempfile
|
|
import unittest
|
|
from pathlib import Path
|
|
|
|
from claude_bottle.backend import BottleSpec
|
|
from claude_bottle.backend.docker import DockerBottleBackend
|
|
from claude_bottle.manifest import Manifest
|
|
from tests.fixtures import fixture_minimal, fixture_with_ssh
|
|
|
|
|
|
def _spec(manifest: Manifest) -> BottleSpec:
|
|
"""Construct a minimal BottleSpec around a fixture manifest. The
|
|
fixtures all define an agent named 'demo' on a bottle named 'dev'."""
|
|
return BottleSpec(
|
|
manifest=manifest,
|
|
agent_name="demo",
|
|
copy_cwd=False,
|
|
user_cwd="/tmp",
|
|
forward_oauth_token=False,
|
|
)
|
|
|
|
|
|
class TestPrepareProxyYaml(unittest.TestCase):
|
|
def setUp(self):
|
|
self.out_dir = Path(tempfile.mkdtemp())
|
|
self.backend = DockerBottleBackend()
|
|
|
|
def tearDown(self):
|
|
import shutil
|
|
shutil.rmtree(self.out_dir, ignore_errors=True)
|
|
|
|
def test_minimal(self):
|
|
yaml_path = self.out_dir / "min.yaml"
|
|
self.backend.prepare_proxy(_spec(fixture_minimal()), yaml_path)
|
|
content = yaml_path.read_text()
|
|
self.assertIn("mode: strict", content)
|
|
self.assertIn("enforce: true", content)
|
|
self.assertIn("api_allowlist:", content)
|
|
self.assertIn("api.anthropic.com", content)
|
|
self.assertIn("raw.githubusercontent.com", content)
|
|
self.assertIn("forward_proxy:", content)
|
|
self.assertIn("enabled: true", content)
|
|
self.assertIn("dlp:", content)
|
|
self.assertIn("include_defaults: true", content)
|
|
self.assertIn("scan_env: true", content)
|
|
# No ssh entries → no trusted_domains nor ssrf block.
|
|
self.assertNotIn("trusted_domains:", content)
|
|
self.assertNotIn("ssrf:", content)
|
|
|
|
def test_ssh_blocks(self):
|
|
yaml_path = self.out_dir / "ssh.yaml"
|
|
self.backend.prepare_proxy(_spec(fixture_with_ssh()), yaml_path)
|
|
content = yaml_path.read_text()
|
|
self.assertIn("trusted_domains:", content)
|
|
self.assertIn("github.com", content)
|
|
self.assertIn("ssrf:", content)
|
|
self.assertIn("ip_allowlist:", content)
|
|
self.assertIn("100.78.141.42/32", content)
|
|
# ipv4 host should also be in api_allowlist (strict mode requires both).
|
|
self.assertIn("100.78.141.42", content)
|
|
|
|
def test_secret_hygiene(self):
|
|
manifest = Manifest.from_json_obj({
|
|
"bottles": {
|
|
"dev": {
|
|
"env": {
|
|
"MY_SECRET": "literal-value-should-not-appear",
|
|
"ANOTHER": "?prompt-message",
|
|
},
|
|
"egress": {"allowlist": ["github.com"]},
|
|
}
|
|
},
|
|
"agents": {"demo": {"skills": [], "prompt": "", "bottle": "dev"}},
|
|
})
|
|
yaml_path = self.out_dir / "secret.yaml"
|
|
self.backend.prepare_proxy(_spec(manifest), yaml_path)
|
|
content = yaml_path.read_text()
|
|
self.assertNotIn("literal-value-should-not-appear", content)
|
|
self.assertNotIn("MY_SECRET", content)
|
|
self.assertNotIn("prompt-message", content)
|
|
|
|
def test_file_mode_is_600(self):
|
|
yaml_path = self.out_dir / "min.yaml"
|
|
self.backend.prepare_proxy(_spec(fixture_minimal()), yaml_path)
|
|
mode = os.stat(yaml_path).st_mode & 0o777
|
|
self.assertEqual(0o600, mode)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main()
|