vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 14:00:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7f4c0b319262c0c3c1935b43786312a5483bf8b1
openclaw/src/shared/device-bootstrap-profile.test.ts
Agustin Rivera b8372a714c fix(auth): bound bootstrap handoff scopes (#72919) 
* fix(auth): bound bootstrap handoff scopes

Co-authored-by: zsx <git@zsxsoft.com>

* fix(auth): log stripped bootstrap scopes

* docs: add changelog entry for bootstrap handoff scope bounds

---------

Co-authored-by: zsx <git@zsxsoft.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-04-29 14:11:16 -06:00

68 lines
2.0 KiB
TypeScript
Raw Blame History

import { describe, expect, test } from "vitest";
import {
BOOTSTRAP_HANDOFF_OPERATOR_SCOPES,
normalizeDeviceBootstrapHandoffProfile,
resolveBootstrapProfileScopesForRole,
resolveBootstrapProfileScopesForRoles,
} from "./device-bootstrap-profile.js";
describe("device bootstrap profile", () => {
test("bounds bootstrap handoff scopes by role", () => {
expect(
resolveBootstrapProfileScopesForRole("operator", [
"node.exec",
"operator.admin",
"operator.approvals",
"operator.pairing",
"operator.read",
"operator.write",
]),
).toEqual(["operator.approvals", "operator.read", "operator.write"]);
expect(
resolveBootstrapProfileScopesForRole("node", ["node.exec", "operator.approvals"]),
).toEqual([]);
});
test("bounds bootstrap handoff scopes across profile roles", () => {
expect(
resolveBootstrapProfileScopesForRoles(
["node", "operator"],
["node.exec", "operator.admin", "operator.approvals", "operator.read", "operator.write"],
),
).toEqual(["operator.approvals", "operator.read", "operator.write"]);
expect(
resolveBootstrapProfileScopesForRoles(["node"], ["node.exec", "operator.admin"]),
).toEqual([]);
});
test("normalizes issued handoff profiles to the bootstrap allowlist", () => {
expect(
normalizeDeviceBootstrapHandoffProfile({
roles: ["node", "operator"],
scopes: [
"node.exec",
"operator.admin",
"operator.approvals",
"operator.pairing",
"operator.read",
"operator.write",
],
}),
).toEqual({
roles: ["node", "operator"],
scopes: ["operator.approvals", "operator.read", "operator.write"],
});
});
test("bootstrap handoff operator allowlist stays aligned with pairing setup profile", () => {
expect([...BOOTSTRAP_HANDOFF_OPERATOR_SCOPES]).toEqual([
"operator.approvals",
"operator.read",
"operator.talk.secrets",
"operator.write",
]);
});
});
Reference in New Issue View Git Blame Copy Permalink