studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity

feat: seed Sol agent vault policy + gitea creds, bump v1.0.1

Browse Source 
Patches gitea admin credentials into secret/sol for Sol's Gitea
integration. Adds sol-agent vault policy with read/write access
to sol-tokens/* for user impersonation PATs, plus k8s auth role
bound to the matrix namespace.
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-22 13:46:15 +00:00
parent 051e17ddf1
commit 34647e6bcb
4 changed files with 82 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
sunbeam-sdk/src/secrets/mod.rs
View File

@@ -1103,4 +1103,50 @@ mod tests {
];
assert_eq!(PG_USERS, &expected[..]);
}
#[test]
fn test_sol_gitea_credential_mapping() {
let mut gitea = HashMap::new();
gitea.insert("admin-username".to_string(), "gitea_admin".to_string());
gitea.insert("admin-password".to_string(), "s3cret".to_string());
let mut sol_gitea = HashMap::new();
if let Some(u) = gitea.get("admin-username") {
sol_gitea.insert("gitea-admin-username".to_string(), u.clone());
}
if let Some(p) = gitea.get("admin-password") {
sol_gitea.insert("gitea-admin-password".to_string(), p.clone());
}
assert_eq!(sol_gitea.len(), 2);
assert_eq!(sol_gitea["gitea-admin-username"], "gitea_admin");
assert_eq!(sol_gitea["gitea-admin-password"], "s3cret");
}
#[test]
fn test_sol_gitea_credential_mapping_partial() {
let gitea: HashMap<String, String> = HashMap::new();
let mut sol_gitea = HashMap::new();
if let Some(u) = gitea.get("admin-username") {
sol_gitea.insert("gitea-admin-username".to_string(), u.clone());
}
if let Some(p) = gitea.get("admin-password") {
sol_gitea.insert("gitea-admin-password".to_string(), p.clone());
}
assert!(sol_gitea.is_empty(), "No creds should be mapped when gitea map is empty");
}
#[test]
fn test_sol_agent_policy_hcl() {
let sol_policy_hcl = concat!(
"path \"secret/data/sol-tokens/*\" { capabilities = [\"create\", \"read\", \"update\", \"delete\"] }\n",
"path \"secret/metadata/sol-tokens/*\" { capabilities = [\"read\", \"delete\", \"list\"] }\n",
);
assert!(sol_policy_hcl.contains("secret/data/sol-tokens/*"));
assert!(sol_policy_hcl.contains("secret/metadata/sol-tokens/*"));
assert!(sol_policy_hcl.contains("create"));
assert!(sol_policy_hcl.contains("delete"));
assert!(sol_policy_hcl.contains("list"));
assert_eq!(sol_policy_hcl.lines().count(), 2);
}
}