roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Wiki Activity

wire: AccountManager HTTP dispatch + EgressManager startup + egress API routes
Unit Tests / test (push) Successful in 11m15s
Details

Browse Source 
- add_peer() now calls account_manager.provision() for any installed store
  service whose manifest declares accounts.manager == 'http', enabling
  per-peer credential provisioning to third-party HTTP services
- reapply_on_startup() calls egress_manager.apply_all() so fwmark rules
  survive container restarts without manual intervention
- add GET /api/egress/status and PUT /api/egress/services/<id>/exit routes
  so the UI can read and override per-service egress policy
- tests: HTTP provision wiring (happy path + non-fatal failure), egress
  apply_all at startup (wired/unwired/failure cases)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-06-05 10:30:41 -04:00
parent a906c26b5d
commit 41d09c598b
5 changed files with 177 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_service_store_manager.py
+31
View File
@@ -771,5 +771,36 @@ class TestRemove(unittest.TestCase):
composer.remove.assert_called_once_with('myapp', purge_data=True)
class TestReapplyOnStartup(unittest.TestCase):
def _make_ssm_with_installed(self):
ssm = _make_manager(installed={'svc1': {'service_ip': '172.20.1.10', 'iptables_rules': []}})
ssm.caddy_manager = MagicMock()
return ssm
def test_reapply_calls_egress_apply_all_when_wired(self):
ssm = self._make_ssm_with_installed()
mock_egress = MagicMock()
ssm.egress_manager = mock_egress
with patch('firewall_manager.apply_service_rules'):
ssm.reapply_on_startup()
mock_egress.apply_all.assert_called_once()
def test_reapply_skips_egress_when_not_wired(self):
"""reapply_on_startup must not raise when egress_manager is None."""
ssm = self._make_ssm_with_installed()
ssm.egress_manager = None
with patch('firewall_manager.apply_service_rules'):
ssm.reapply_on_startup() # must not raise
def test_reapply_egress_failure_is_nonfatal(self):
ssm = self._make_ssm_with_installed()
mock_egress = MagicMock()
mock_egress.apply_all.side_effect = RuntimeError('iptables error')
ssm.egress_manager = mock_egress
with patch('firewall_manager.apply_service_rules'):
ssm.reapply_on_startup() # must not raise
if __name__ == '__main__':
unittest.main()