coulomb/railiance-platform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mark whynot lane applied pending verification

Browse Source
This commit is contained in:
Bernd Worsch
2026-06-28 12:53:39 +02:00
parent 271aa94642
commit adf865611c
5 changed files with 29 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/credential-change.py
View File

@@ -34,6 +34,7 @@ ALLOWED_STATUSES = {
"cancelled",
}
APPLY_ALLOWED_STATUSES = {"approved"}
POST_APPLY_STATUSES = {"applied", "verified", "active"}
SECRET_MARKERS = [
"AGE-SECRET-KEY-1",
"-----BEGIN PRIVATE KEY-----",
@@ -435,8 +436,11 @@ def validate_or_exit(path: Path) -> tuple[dict[str, Any], list[str]]:
def apply_blockers(ccr: dict[str, Any]) -> list[str]:
blockers: list[str] = []
if ccr.get("status") not in APPLY_ALLOWED_STATUSES:
blockers.append(f"apply requires status approved, got {ccr.get('status')}")
status = ccr.get("status")
if status in POST_APPLY_STATUSES:
return blockers
if status not in APPLY_ALLOWED_STATUSES:
blockers.append(f"apply requires status approved, got {status}")
if ccr["openbao"]["auth"].get("bound_claims_confirmed") is not True:
blockers.append("apply requires confirmed OpenBao auth binding")
return blockers
@@ -467,7 +471,8 @@ def status_payload(ccr: dict[str, Any], warnings: list[str]) -> dict[str, Any]:
"title": ccr["title"],
"status": ccr["status"],
"request_type": ccr["request_type"],
"apply_allowed": not apply_blocked_by,
"apply_allowed": ccr.get("status") in APPLY_ALLOWED_STATUSES and not apply_blocked_by,
"apply_complete": ccr.get("status") in POST_APPLY_STATUSES,
"apply_blockers": apply_blocked_by,
"frontdoor_resolvable": not frontdoor_blocked_by,
"frontdoor_blockers": frontdoor_blocked_by,
@@ -504,6 +509,7 @@ def render_status(payload: dict[str, Any]) -> str:
f"Readiness: {payload['access_frontdoor']['readiness']}",
f"Resolvable: {payload['frontdoor_resolvable']}",
f"Apply allowed: {payload['apply_allowed']}",
f"Apply complete: {payload.get('apply_complete') is True}",
]
decision = payload.get("state_hub", {}).get("decision_api_url")
dashboard = payload.get("state_hub", {}).get("decision_dashboard_url")