Define operation-name normalization table and enforcement tests #106
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Define and test operation-name normalization for
profiles.json v2.Source discussion
Refs #100
Scope
Canonical operations should be namespaced, such as:
Legacy unqualified operations may be accepted only through explicit normalization.
Examples:
Security requirements
allowed_operationsandforbidden_operations.forbidden_operationsalways overridesallowed_operations.Required test matrix
Cover:
Non-goals
Acceptance criteria
Implementation planning comment
Readiness
Ready with changes
Summary
The proposal to namespace operations and translate legacy unqualified ones is essential for multi-service safety. However, to prevent permission-widening and cross-service conflicts, normalization must be strictly context-sensitive (scoped by service type) rather than a global list, and it must occur identically on both allowed and forbidden lists before checking constraints.
Dependencies
Risks
forbidden_operations: ["merge"]and the system normalizes the allowed list but fails to normalize the forbidden list togitea.pr.merge, theforbidden_operationscheck will miss the match and silently allow a forbidden operation.readis ambiguous. It must resolve togitea.read,jenkins.read, orglitchtip.readdepending on the service. A global mapping list without service context could lead to credentials/operations leaking or mapping incorrectly.Acceptance criteria changes
mergeandgitea.pr.mergedefined) are deduplicated cleanly.merge) is rejected when specified under a Jenkins or GlitchTip service block (fail-closed).Recommended implementation notes
allowed_operationsandforbidden_operationslists are mapped using this function, then converted to sets to handle deduplication automatically before gating is applied.Controller Handoff Summary
Work performed
Reviewed Issue #106, identified potential permission widening and service mismatch risks, defined acceptance criteria adjustments, and provided concrete Python code guidance in the issue comment.
Current state
Scaled-Tech-Consulting/Gitea-Tools, master790c2c8, cleanFiles changed
None.
Validation
Not applicable — issue comment only.
Issues encountered
None.
Review needed?
No review needed — discussion/comment only.
Next recommended action
Wait for owner review and decision on #106. Proceed with Issue #103 implementation planning reviews.
Safety confirmations