docs(security): add gitea owner response request packet
This commit is contained in:
@@ -41,6 +41,7 @@ LANES = [
|
||||
"reject_execution_request",
|
||||
"keep_waiting_owner_response",
|
||||
],
|
||||
"expected_request_packet_id": "s4_9_gitea_owner_attestation_response_request",
|
||||
},
|
||||
{
|
||||
"lane_id": "s4_10_github_target_owner_decision_response",
|
||||
@@ -170,6 +171,45 @@ def validate(root: Path) -> None:
|
||||
assert_equal(f"{lane['lane_id']}.rejected_response_count", summary["rejected_response_count"], 0)
|
||||
assert_equal(f"{lane['lane_id']}.acceptance_check_count", summary["acceptance_check_count"], 8)
|
||||
assert_equal(f"{lane['lane_id']}.rejection_rule_count", summary["rejection_rule_count"], 10)
|
||||
expected_request_packet_id = lane.get("expected_request_packet_id")
|
||||
if expected_request_packet_id is not None:
|
||||
request_packet = snapshot["owner_response_request_packet"]
|
||||
assert_equal(
|
||||
f"{lane['lane_id']}.owner_response_request_packet_count",
|
||||
summary["owner_response_request_packet_count"],
|
||||
1,
|
||||
)
|
||||
assert_equal(
|
||||
f"{lane['lane_id']}.owner_response_request_packet_id",
|
||||
request_packet["request_id"],
|
||||
expected_request_packet_id,
|
||||
)
|
||||
assert_equal(
|
||||
f"{lane['lane_id']}.owner_response_request_display_status",
|
||||
request_packet["display_status"],
|
||||
"ready_to_request_owner_response",
|
||||
)
|
||||
assert_equal(
|
||||
f"{lane['lane_id']}.owner_response_request_template_ids",
|
||||
request_packet["requested_template_ids"],
|
||||
[
|
||||
"response-public-only-vs-local-gitea-gap",
|
||||
"response-org-user-endpoint-identity",
|
||||
"response-internal-110-adjacent-scope",
|
||||
"response-repo-owner-canonical-scope",
|
||||
"response-legacy-or-inaccessible-disposition",
|
||||
],
|
||||
)
|
||||
assert_equal(
|
||||
f"{lane['lane_id']}.owner_response_request_awooop_display_mode",
|
||||
request_packet["awooop_display_mode"],
|
||||
"display_owner_response_request_only",
|
||||
)
|
||||
assert_false(
|
||||
f"{lane['lane_id']}.owner_response_request_execution_authorized",
|
||||
request_packet["execution_authorized"],
|
||||
)
|
||||
assert_true(f"{lane['lane_id']}.owner_response_request_not_approval", request_packet["not_approval"])
|
||||
expected_preflight_checks = lane.get("expected_preflight_checks")
|
||||
if expected_preflight_checks is not None:
|
||||
intake_preflight_checks = snapshot["intake_preflight_checks"]
|
||||
|
||||
Reference in New Issue
Block a user