40 lines
1.5 KiB
Python
40 lines
1.5 KiB
Python
"""Vault credential-verify: spec parsing + dispatch (no live network)."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from pathlib import Path
|
|
|
|
from claire import vault_verify as vv
|
|
|
|
|
|
def test_parse_spec_variants():
|
|
assert vv.parse_spec("verify: imap://10.9.0.1:993\n") == ("imap", "10.9.0.1", 993, "/")
|
|
assert vv.parse_spec("verify: smtps://10.9.0.1:465")[0] == "smtps"
|
|
s = vv.parse_spec("verify: https://10.0.0.11/api/health")
|
|
assert s == ("https", "10.0.0.11", None, "/api/health")
|
|
|
|
|
|
def test_parse_spec_none_when_absent_or_garbage():
|
|
assert vv.parse_spec("account: a\npassword: b\n") is None
|
|
assert vv.parse_spec("verify: not-a-url") is None
|
|
|
|
|
|
def test_verify_file_no_spec(tmp_path: Path):
|
|
(tmp_path / "x.txt").write_text("account: a\npassword: b\n")
|
|
r = vv.verify_file("x.txt", vault_dir=tmp_path)
|
|
assert r.status == "no-spec"
|
|
|
|
|
|
def test_verify_file_unsupported_scheme(tmp_path: Path):
|
|
(tmp_path / "x.txt").write_text("account: a\npassword: b\nverify: postgres://10.0.0.11:5432\n")
|
|
r = vv.verify_file("x.txt", vault_dir=tmp_path)
|
|
assert r.status == "unsupported"
|
|
assert "postgres" in r.detail
|
|
|
|
|
|
def test_verify_all_skips_specless(tmp_path: Path):
|
|
(tmp_path / "a.txt").write_text("password: x\n") # no verify
|
|
(tmp_path / "b.txt").write_text("verify: imap://h:993\naccount: u\npassword: p\n")
|
|
(tmp_path / "c.prev.txt").write_text("verify: imap://h:993\n") # prev excluded
|
|
names = {r.file for r in vv.verify_all(vault_dir=tmp_path)}
|
|
assert names == {"b.txt"} # only the spec'd, non-prev file
|