fix(awooop): 移除 tenants public api 內部控制鍵
This commit is contained in:
Your Name
@@ -876,21 +876,11 @@ def build_tenant_asset_inventory(tenants: list[Mapping[str, Any]]) -> dict[str,
|
||||
"public_routes": public_routes,
|
||||
"source_repos": source_repos,
|
||||
"boundaries": [
|
||||
"read_only_inventory_only=true",
|
||||
"repo_owner_namespace_redacted=true",
|
||||
"public_product_identity_redacted=true",
|
||||
"raw_repository_namespace_visible=false",
|
||||
"public_api_raw_repo_namespace_allowed=false",
|
||||
"public_api_raw_project_slug_allowed=false",
|
||||
"owner_response_received_count=0",
|
||||
"owner_response_accepted_count=0",
|
||||
"runtime_execution_authorized=false",
|
||||
"active_runtime_gate_count=0",
|
||||
"action_buttons_allowed=false",
|
||||
"repo_creation_authorized=false",
|
||||
"refs_sync_authorized=false",
|
||||
"workflow_modification_authorized=false",
|
||||
"public_route_change_authorized=false",
|
||||
"只讀資產台帳;不修改租戶、路由、主機或專案庫。",
|
||||
"公開回應只顯示產品代號、範圍代號與繁中管控狀態;不揭露原始負責人、命名空間或完整專案庫名稱。",
|
||||
"負責人回覆尚未接受;候選範圍不得視為已核准。",
|
||||
"執行期閘門維持關閉;不啟動掃描、修復、部署或主機操作。",
|
||||
"未取得正式決策前,不建立專案庫、不同步分支或標籤、不修改工作流程或公開路由。",
|
||||
],
|
||||
}
|
||||
|
||||
|
||||
@@ -14,6 +14,12 @@ FORBIDDEN_PUBLIC_MARKERS = [
|
||||
"AWOOOI / " + "AwoooP / " + "IwoooS",
|
||||
"Tsen" + "Yang Website",
|
||||
"Bitan " + "Pharmacy",
|
||||
"repo_owner_namespace_redacted=true",
|
||||
"raw_repository_namespace_visible=false",
|
||||
"public_api_raw_repo_namespace_allowed=false",
|
||||
"read_only_inventory_only=true",
|
||||
"runtime_execution_authorized=false",
|
||||
"action_buttons_allowed=false",
|
||||
]
|
||||
|
||||
|
||||
@@ -93,6 +99,8 @@ def test_tenant_asset_inventory_merges_products_routes_and_repos() -> None:
|
||||
assert "blocked_waiting_" not in inventory_payload
|
||||
assert "observe_scope_review" not in inventory_payload
|
||||
assert all(marker not in inventory_payload for marker in FORBIDDEN_PUBLIC_MARKERS)
|
||||
assert "只讀資產台帳" in " ".join(inventory["boundaries"])
|
||||
assert all("=" not in boundary for boundary in inventory["boundaries"])
|
||||
assert {item["risk"] for item in inventory["source_repos"]}.issubset(
|
||||
{"high", "medium", "low", "unknown"}
|
||||
)
|
||||
@@ -135,5 +143,5 @@ def test_tenant_response_model_keeps_asset_inventory_contract() -> None:
|
||||
response_payload = response.model_dump_json()
|
||||
assert "owenhytsai" not in response_payload
|
||||
assert "nexu-io" not in response_payload
|
||||
assert all(marker not in response_payload for marker in FORBIDDEN_PUBLIC_MARKERS[:3])
|
||||
assert all(marker not in response_payload for marker in FORBIDDEN_PUBLIC_MARKERS)
|
||||
assert response.asset_inventory.source_repos[0].source_namespace_redacted is True
|
||||
|
||||
@@ -11858,13 +11858,22 @@ def validate(root: Path) -> None:
|
||||
for text in [
|
||||
"source_scope_id",
|
||||
"source_namespace_redacted",
|
||||
"只讀資產台帳;不修改租戶、路由、主機或專案庫。",
|
||||
"公開回應只顯示產品代號、範圍代號與繁中管控狀態",
|
||||
"執行期閘門維持關閉",
|
||||
]:
|
||||
assert_text_contains("platform_operator_service.source_namespace_redaction", platform_operator_service, text)
|
||||
for text in [
|
||||
"repo_owner_namespace_redacted=true",
|
||||
"raw_repository_namespace_visible=false",
|
||||
"public_api_raw_repo_namespace_allowed=false",
|
||||
"public_product_identity_redacted=true",
|
||||
"read_only_inventory_only=true",
|
||||
"runtime_execution_authorized=false",
|
||||
"action_buttons_allowed=false",
|
||||
"public_api_raw_project_slug_allowed=false",
|
||||
]:
|
||||
assert_text_contains("platform_operator_service.source_namespace_redaction", platform_operator_service, text)
|
||||
assert_text_not_contains("platform_operator_service.raw_boundary_key_leak", platform_operator_service, text)
|
||||
for text in ["source_scope_id", "source_namespace_redacted"]:
|
||||
assert_text_contains("tenants_api_contract.source_namespace_redaction", tenants_api_contract, text)
|
||||
tenant_global_assets_messages_zh = json.dumps(
|
||||
|
||||
Reference in New Issue
Block a user