generated from coulomb/repo-seed
tegwick
90007c2cda
Ship flex-auth policy gate registry and smoke evidence, archive WP-0009 through WP-0013, and add integration docs: ops-bridge cert_command migration playbook, operator OpenBao token hygiene, principals drift check script, and 2026-06-24 INTENT/SCOPE gap analysis.
34 lines
1.1 KiB
Python
34 lines
1.1 KiB
Python
"""Tests for scripts/build_flex_auth_registry.py."""
|
|
import json
|
|
import subprocess
|
|
import sys
|
|
from pathlib import Path
|
|
|
|
import yaml
|
|
|
|
ROOT = Path(__file__).resolve().parents[1]
|
|
SCRIPT = ROOT / "scripts" / "build_flex_auth_registry.py"
|
|
INVENTORY = ROOT / "examples" / "inventory.seed.yaml"
|
|
|
|
|
|
def test_build_registry_from_inventory_seed(tmp_path):
|
|
out = tmp_path / "registry.json"
|
|
subprocess.run(
|
|
[sys.executable, str(SCRIPT), str(INVENTORY), "-o", str(out)],
|
|
check=True,
|
|
cwd=ROOT,
|
|
)
|
|
registry = json.loads(out.read_text())
|
|
actors = yaml.safe_load(INVENTORY.read_text())["actors"]
|
|
|
|
assert len(registry["subjects"]) == len(actors)
|
|
assert len(registry["resource_manifests"][0]["resources"]) == len(actors)
|
|
|
|
bridge = next(
|
|
r
|
|
for r in registry["resource_manifests"][0]["resources"]
|
|
if r["id"] == "ssh-cert:actor/agt-state-hub-bridge"
|
|
)
|
|
assert bridge["attributes"]["actor_type"] == "agt"
|
|
assert bridge["attributes"]["max_ttl_hours"] == 24
|
|
assert "agt-task-bridge" in bridge["attributes"]["allowed_principals"] |