test(827): scrub D4 fixture credentials

This commit is contained in:
ms-lead-reviewer
2026-07-18 16:34:36 -05:00
parent cff21358a2
commit 7f975b95ad
2 changed files with 26 additions and 29 deletions

View File

@@ -464,6 +464,16 @@ def isolated_environment(
return environment return environment
def scrub_fixture_credentials(root: Path) -> None:
"""Remove the copied Pi credential/config subtree before retaining evidence."""
copied_agent = root / "home" / ".pi" / "agent"
if copied_agent.exists():
shutil.rmtree(copied_agent)
if copied_agent.exists():
raise RuntimeError("D4 credential scrub failed")
def run_once(index: int) -> Path: def run_once(index: int) -> Path:
root = Path(tempfile.mkdtemp(prefix=f"gate0-d4-{index}-")) root = Path(tempfile.mkdtemp(prefix=f"gate0-d4-{index}-"))
workspace = root / "workspace" workspace = root / "workspace"
@@ -475,11 +485,11 @@ def run_once(index: int) -> Path:
pi_log = root / "pi.jsonl" pi_log = root / "pi.jsonl"
extension = root / "d4_extension.ts" extension = root / "d4_extension.ts"
write_extension(extension) write_extension(extension)
environment = isolated_environment(root, index, workspace, socket_path, pi_log)
broker: subprocess.Popen[str] | None = None broker: subprocess.Popen[str] | None = None
pi: PiRpc | None = None pi: PiRpc | None = None
try: try:
environment = isolated_environment(root, index, workspace, socket_path, pi_log)
# Must run before the fixture broker or Pi process is launched. It proves # Must run before the fixture broker or Pi process is launched. It proves
# the launcher registers before exec and can only read this fixture socket. # the launcher registers before exec and can only read this fixture socket.
gated_launcher_precondition(root, socket_path, environment) gated_launcher_precondition(root, socket_path, environment)
@@ -570,19 +580,22 @@ def run_once(index: int) -> Path:
raise raise
finally: finally:
try: try:
if pi is not None: try:
pi.close() if pi is not None:
pi.close()
finally:
if broker is not None:
try:
request(socket_path, {"action": "shutdown-broker"})
except OSError:
pass
try:
broker.wait(timeout=5)
except subprocess.TimeoutExpired:
broker.kill()
broker.wait()
finally: finally:
if broker is not None: scrub_fixture_credentials(root)
try:
request(socket_path, {"action": "shutdown-broker"})
except OSError:
pass
try:
broker.wait(timeout=5)
except subprocess.TimeoutExpired:
broker.kill()
broker.wait()
return root return root

View File

@@ -176,22 +176,6 @@ def main() -> None:
emit(log_path, record) emit(log_path, record)
conn.sendall((json.dumps(record, sort_keys=True) + "\n").encode()) conn.sendall((json.dumps(record, sort_keys=True) + "\n").encode())
continue continue
if request.get("action") == "source-invalid":
old_lease = lease_state.get(identity, "NONE")
lease_state[identity] = "REVOKED"
record = {
"event": "source_invalidation_revoke",
"peercred": {"pid": pid, "uid": uid, "gid": gid},
"starttime_ticks": starttime,
"generation": generations.get(identity, 0),
"source_reason": request.get("reason"),
"prior_lease": old_lease,
"new_lease_state": "REVOKED",
"promotion": False,
}
emit(log_path, record)
conn.sendall((json.dumps(record, sort_keys=True) + "\n").encode())
continue
if request.get("action") != "lifecycle": if request.get("action") != "lifecycle":
conn.sendall(b'{"ok":false,"reason":"invalid-action"}\n') conn.sendall(b'{"ok":false,"reason":"invalid-action"}\n')
continue continue