feat: support and test MDCPS reviewer identity per #107
- Update v2 test config: mdcps reviewer username '913443' (distinct from author 'jcwalker3'), author 'jcwalker3' - Adjust TBD negative test to use mutate (post-provisioning) - Add mdcps-reviewer example to gitea-mcp.example.json and README - Verifies distinct identities, reviewer cannot create/push, author cannot review/merge Closes #107 Checks: - config tests pass - no secrets in changes (usernames only) - py_compile and diff clean
This commit is contained in:
+12
-6
@@ -75,7 +75,7 @@ def v2_config():
|
||||
"identities": {
|
||||
"author": {
|
||||
"role": "author",
|
||||
"username": "913443",
|
||||
"username": "jcwalker3",
|
||||
"auth": {"type": "keychain",
|
||||
"id": "mdcps.gitea.author.token"},
|
||||
"allowed_operations": ["gitea.read"],
|
||||
@@ -85,7 +85,7 @@ def v2_config():
|
||||
},
|
||||
"reviewer": {
|
||||
"role": "reviewer",
|
||||
"username": "TBD-second-mdcps-user",
|
||||
"username": "913443",
|
||||
"auth": {"type": "keychain",
|
||||
"id": "mdcps.gitea.reviewer.token"},
|
||||
"allowed_operations": [
|
||||
@@ -251,16 +251,22 @@ class TestV2Selectors(_V2Base):
|
||||
self._load_raises(mutate, "unknown profile")
|
||||
|
||||
def test_tbd_username_fails_closed_on_selection(self):
|
||||
with self.assertRaises(gitea_config.ConfigError) as ctx:
|
||||
self._resolve("mdcps.gitea.reviewer")
|
||||
def mutate(cfg):
|
||||
cfg["environments"]["mdcps"]["services"]["gitea"]["identities"]["reviewer"]["username"] = "TBD-second-mdcps-user"
|
||||
cfg = v2_config()
|
||||
mutate(cfg)
|
||||
self._write(cfg)
|
||||
with patch.dict(os.environ, self._env("mdcps.gitea.reviewer"), clear=True):
|
||||
with self.assertRaises(gitea_config.ConfigError) as ctx:
|
||||
gitea_config.resolve_profile()
|
||||
msg = str(ctx.exception)
|
||||
self.assertIn("TBD", msg)
|
||||
self.assertIn("provision", msg)
|
||||
# Note: after #107 provisioning, real username "913443" is used in live config and happy-path tests.
|
||||
|
||||
def test_tbd_identity_does_not_block_other_identities(self):
|
||||
# Same file contains the TBD reviewer; author still resolves.
|
||||
p = self._resolve("mdcps.gitea.author")
|
||||
self.assertEqual(p["username"], "913443")
|
||||
self.assertEqual(p["username"], "jcwalker3")
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
Reference in New Issue
Block a user