feat(directive): implement BRIDGE-WP-0004 AccessManagementDirective alignment

- ActorType enum (adm/agt/atm) replaces actor_class string; config validates naming convention (adm-*/agt-*/atm-*) with hard ConfigError on mismatch; legacy 'human'/'automation' values accepted with DeprecationWarning - cert_command: pluggable shell string run before each SSH launch; cert written to state dir; -i cert appended to SSH command alongside -i key - TTL-aware cert refresh: parses Valid-to via ssh-keygen -L; pre-emptive restart 5 min before expiry (no backoff, no attempt increment); CERT_EXPIRING logged - CertAcquisitionError: cert failures trigger normal backoff/retry loop - cert_identity: Key ID parsed from cert and recorded in BRIDGE_CONNECTED event - bridge cert-status: new CLI command; exit 1 on expired cert; --json flag - 233 tests passing, ruff clean Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-15 09:38:29 +02:00
parent 22601ef3e6
commit bd169a07e2
17 changed files with 730 additions and 145 deletions
--- a/tests/test_diagnostics.py
+++ b/tests/test_diagnostics.py
@@ -6,7 +6,7 @@ from unittest.mock import MagicMock, patch

 import pytest

-from bridge.diagnostics import TunnelCheckResult, check_all_tunnels, check_tunnel
+from bridge.diagnostics import check_all_tunnels, check_tunnel
 from bridge.models import BridgeState, TunnelConfig
 from bridge.state import StateManager

@@ -20,7 +20,7 @@ def tcfg():
        local_port=8000,
        ssh_user="ubuntu",
        ssh_key="~/.ssh/id_ops",
-        actor="operator.bernd",
+        actor="adm-bernd",
    )


@@ -114,7 +114,7 @@ class TestCheckTunnel:
            local_port=8000,
            ssh_user="ubuntu",
            ssh_key="~/.ssh/id_ops",
-            actor="operator.bernd",
+            actor="adm-bernd",
            health_check=HealthCheckConfig(url="http://127.0.0.1:8000/health"),
        )
        state_mgr.write_pid("test-tunnel", 12345)
@@ -135,7 +135,8 @@ class TestCheckAllTunnels:
    def test_check_all_iterates_tunnels(self, tmp_path):
        """check_all_tunnels returns one result per tunnel in cfg."""
        from bridge.config import load_config
-        import textwrap, os
+        import textwrap
+        import os

        cfg_file = tmp_path / "tunnels.yaml"
        cfg_file.write_text(textwrap.dedent("""\
@@ -146,17 +147,17 @@ class TestCheckAllTunnels:
                local_port: 8001
                ssh_user: ubuntu
                ssh_key: ~/.ssh/id_ops
-                actor: operator.bernd
+                actor: adm-bernd
              t2:
                host: h2.local
                remote_port: 18002
                local_port: 8002
                ssh_user: ubuntu
                ssh_key: ~/.ssh/id_ops
-                actor: operator.bernd
+                actor: adm-bernd
            actors:
-              operator.bernd:
-                class: human
+              adm-bernd:
+                class: adm
                description: Bernd
        """))
        os.environ["BRIDGE_CONFIG"] = str(cfg_file)