e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
24 lines
778 B
Python
24 lines
778 B
Python
from __future__ import annotations
|
|
|
|
|
|
def tracemalloc_message(source: object) -> str:
|
|
if source is None:
|
|
return ""
|
|
|
|
try:
|
|
import tracemalloc
|
|
except ImportError:
|
|
return ""
|
|
|
|
tb = tracemalloc.get_object_traceback(source)
|
|
if tb is not None:
|
|
formatted_tb = "\n".join(tb.format())
|
|
# Use a leading new line to better separate the (large) output
|
|
# from the traceback to the previous warning text.
|
|
return f"\nObject allocated at:\n{formatted_tb}"
|
|
# No need for a leading new line.
|
|
url = "https://docs.pytest.org/en/stable/how-to/capture-warnings.html#resource-warnings"
|
|
return (
|
|
"Enable tracemalloc to get traceback where the object was allocated.\n"
|
|
f"See {url} for more info."
|
|
)
|