Correct whynot credential tenant path

This commit is contained in:
2026-06-28 01:00:12 +02:00
parent ad47a136f7
commit eb24e04b71
10 changed files with 67 additions and 48 deletions

View File

@@ -50,7 +50,7 @@ class CredentialChangeTests(unittest.TestCase):
ccr, _errors, warnings = credential_change.validate_ccr(self.sample)
rendered = credential_change.render_summary(ccr, warnings)
self.assertIn("whynot-design npm publish token lane", rendered)
self.assertIn("platform/workloads/whynot-design/whynot-design/npm-publish", rendered)
self.assertIn("platform/workloads/coulomb/whynot-design/npm-publish", rendered)
self.assertIn("whynot-design-npm-publish", rendered)
self.assertIn("readiness: template resolvable=False", rendered)
self.assertIn("approve | deny | needs_changes", rendered)
@@ -58,18 +58,15 @@ class CredentialChangeTests(unittest.TestCase):
def test_status_payload_marks_template_not_resolvable(self) -> None:
ccr, _errors, warnings = credential_change.validate_ccr(self.sample)
payload = credential_change.status_payload(ccr, warnings)
self.assertTrue(payload["apply_allowed"])
self.assertFalse(payload["apply_allowed"])
self.assertFalse(payload["frontdoor_resolvable"])
self.assertEqual(payload["access_frontdoor"]["readiness"], "template")
self.assertEqual(payload["access_frontdoor"]["catalog_id"], "whynot-design-npm-publish")
self.assertEqual(payload["apply_blockers"], [])
self.assertEqual(payload["apply_blockers"], ["apply requires status approved, got proposed"])
self.assertEqual(payload["warnings"], [])
self.assertEqual(
payload["state_hub"]["decision_id"],
"250669d0-8475-4527-9624-cd072249f9a9",
)
self.assertIsNone(payload["state_hub"]["decision_id"])
self.assertIn(
"front door requires CCR status active, got approved",
"front door requires CCR status active, got proposed",
payload["frontdoor_blockers"],
)
self.assertIn("front door is marked resolvable=false", payload["frontdoor_blockers"])
@@ -94,6 +91,11 @@ class CredentialChangeTests(unittest.TestCase):
with tempfile.TemporaryDirectory() as tmp:
copied = Path(tmp) / self.sample.name
shutil.copy2(self.sample, copied)
copied_ccr = credential_change.load_yaml(copied)
copied_ccr.setdefault("state_hub", {})[
"decision_id"
] = "250669d0-8475-4527-9624-cd072249f9a9"
credential_change.dump_yaml(copied, copied_ccr)
original = credential_change.state_hub_decision_status
try:
credential_change.state_hub_decision_status = lambda _ccr, _url: {
@@ -144,7 +146,7 @@ class CredentialChangeTests(unittest.TestCase):
rendered,
)
self.assertIn(
"# bao kv put platform/workloads/whynot-design/whynot-design/npm-publish",
"# bao kv put platform/workloads/coulomb/whynot-design/npm-publish",
rendered,
)
self.assertIn("NPM_AUTH_TOKEN=<enter-through-approved-custody>", rendered)
@@ -199,7 +201,7 @@ class CredentialChangeTests(unittest.TestCase):
def test_generated_policy_is_narrow(self) -> None:
ccr, _errors, _warnings = credential_change.validate_ccr(self.sample)
policy = credential_change.generated_policy_hcl(ccr)
self.assertIn('path "platform/data/workloads/whynot-design/whynot-design/npm-publish"', policy)
self.assertIn('path "platform/data/workloads/coulomb/whynot-design/npm-publish"', policy)
self.assertNotIn("*", policy)
self.assertNotIn("delete", policy)