This repository has been archived on 2026-07-08. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
core-hub/tests/test_console.py

87 lines
2.6 KiB
Python

OPERATOR_HEADERS = {"Authorization": "Bearer operator-token"}
def seed_console_data(client):
hub = client.post(
"/api/v2/hubs",
headers=OPERATOR_HEADERS,
json={
"slug": "ops-hub",
"name": "Ops Hub",
"domain": "ops.coulomb.social",
"hubKind": "domain",
"hubFamily": "vsm",
"vsmFunction": "OPS",
"vsmSystem": "1",
},
).json()
manifest = client.post(
"/api/v2/hub-capability-manifests",
headers=OPERATOR_HEADERS,
json={"hubId": hub["id"], "manifestVersion": "1.0"},
).json()
client.post(
f"/api/v2/hub-capability-manifests/{manifest['id']}/activate",
headers=OPERATOR_HEADERS,
)
consumer = client.post(
"/api/v2/api-consumers",
headers=OPERATOR_HEADERS,
json={
"name": "ops-hub",
"description": "API consumer for the VSM Operations hub",
"hubCapabilityManifestId": manifest["id"],
"rateLimitPerMinute": 120,
},
).json()
key_payload = client.post(
f"/api/v2/api-consumers/{consumer['id']}/api-keys",
headers=OPERATOR_HEADERS,
json={"scopes": "framework:read hub:ops-hub:write"},
).json()
runtime_headers = {"Authorization": f"Bearer {key_payload['fullKey']}"}
widget = client.post(
"/api/v2/widgets",
headers=runtime_headers,
json={
"hubId": hub["id"],
"name": "Readiness",
"widgetType": "ops-readiness-gate",
"capabilityRef": "ops:readiness",
"viewContext": "ops-hub/readiness",
"policyScope": "ops-registry",
},
).json()
client.post(
"/api/v2/interaction-events",
headers=runtime_headers,
json={
"widgetId": widget["id"],
"eventType": "ops-endpoint-verified",
"metadata": {"expectedStatus": 401},
},
)
return key_payload
def test_console_requires_operator_auth(client):
response = client.get("/console")
assert response.status_code == 401
def test_console_renders_operational_state_without_full_key(client):
key_payload = seed_console_data(client)
response = client.get("/console", headers=OPERATOR_HEADERS)
assert response.status_code == 200
assert response.headers["content-type"].startswith("text/html")
body = response.text
assert "Operator console" in body
assert "ops-hub" in body
assert "ops-endpoint-verified" in body
assert key_payload["apiKey"]["keyPrefix"] in body
assert key_payload["fullKey"] not in body
assert "fullKey" not in body