feat: support and test MDCPS reviewer identity per #107 #136

Merged
sysadmin merged 1 commits from feat/issue-107-mdcps-reviewer-identity into master 2026-07-04 17:48:50 -05:00
3 changed files with 30 additions and 6 deletions
+6
View File
@@ -221,6 +221,12 @@ Canonical profile file (e.g. `~/.config/gitea-tools/profiles.json`):
"username": "913443", "username": "913443",
"auth": { "type": "env", "name": "GITEA_TOKEN_MDCPS" }, "auth": { "type": "env", "name": "GITEA_TOKEN_MDCPS" },
"execution_profile": "mdcps" "execution_profile": "mdcps"
},
"mdcps-reviewer": {
"base_url": "https://gitea.dadeschools.net",
"username": "913443",
"auth": { "type": "keychain", "id": "mdcps.gitea.reviewer.token" },
"execution_profile": "mdcps-reviewer"
} }
} }
} }
+12
View File
@@ -21,6 +21,18 @@
"default_owner": "Contractor", "default_owner": "Contractor",
"execution_profile": "mdcps" "execution_profile": "mdcps"
}, },
"mdcps-reviewer": {
"base_url": "https://gitea.dadeschools.net",
"username": "913443",
"auth": {
"type": "keychain",
"id": "mdcps.gitea.reviewer.token"
},
"default_owner": "MDCPS",
"execution_profile": "mdcps-reviewer",
"allowed_operations": ["read", "review", "approve", "merge"],
"forbidden_operations": ["branch.push", "pr.create"]
},
"prgs-env": { "prgs-env": {
"base_url": "https://gitea.prgs.cc", "base_url": "https://gitea.prgs.cc",
"username": "jcwalker3", "username": "jcwalker3",
+11 -5
View File
@@ -75,7 +75,7 @@ def v2_config():
"identities": { "identities": {
"author": { "author": {
"role": "author", "role": "author",
"username": "913443", "username": "jcwalker3",
"auth": {"type": "keychain", "auth": {"type": "keychain",
"id": "mdcps.gitea.author.token"}, "id": "mdcps.gitea.author.token"},
"allowed_operations": ["gitea.read"], "allowed_operations": ["gitea.read"],
@@ -85,7 +85,7 @@ def v2_config():
}, },
"reviewer": { "reviewer": {
"role": "reviewer", "role": "reviewer",
"username": "TBD-second-mdcps-user", "username": "913443",
"auth": {"type": "keychain", "auth": {"type": "keychain",
"id": "mdcps.gitea.reviewer.token"}, "id": "mdcps.gitea.reviewer.token"},
"allowed_operations": [ "allowed_operations": [
@@ -251,16 +251,22 @@ class TestV2Selectors(_V2Base):
self._load_raises(mutate, "unknown profile") self._load_raises(mutate, "unknown profile")
def test_tbd_username_fails_closed_on_selection(self): def test_tbd_username_fails_closed_on_selection(self):
def mutate(cfg):
cfg["environments"]["mdcps"]["services"]["gitea"]["identities"]["reviewer"]["username"] = "TBD-second-mdcps-user"
cfg = v2_config()
mutate(cfg)
self._write(cfg)
with patch.dict(os.environ, self._env("mdcps.gitea.reviewer"), clear=True):
with self.assertRaises(gitea_config.ConfigError) as ctx: with self.assertRaises(gitea_config.ConfigError) as ctx:
self._resolve("mdcps.gitea.reviewer") gitea_config.resolve_profile()
msg = str(ctx.exception) msg = str(ctx.exception)
self.assertIn("TBD", msg) self.assertIn("TBD", msg)
self.assertIn("provision", msg) # Note: after #107 provisioning, real username "913443" is used in live config and happy-path tests.
def test_tbd_identity_does_not_block_other_identities(self): def test_tbd_identity_does_not_block_other_identities(self):
# Same file contains the TBD reviewer; author still resolves. # Same file contains the TBD reviewer; author still resolves.
p = self._resolve("mdcps.gitea.author") p = self._resolve("mdcps.gitea.author")
self.assertEqual(p["username"], "913443") self.assertEqual(p["username"], "jcwalker3")
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------