e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
33 lines
783 B
Python
33 lines
783 B
Python
from __future__ import annotations
|
|
|
|
from abc import ABCMeta, abstractmethod
|
|
from types import TracebackType
|
|
from typing import TypeVar
|
|
|
|
T = TypeVar("T")
|
|
|
|
|
|
class AsyncResource(metaclass=ABCMeta):
|
|
"""
|
|
Abstract base class for all closeable asynchronous resources.
|
|
|
|
Works as an asynchronous context manager which returns the instance itself on enter,
|
|
and calls :meth:`aclose` on exit.
|
|
"""
|
|
|
|
__slots__ = ()
|
|
|
|
async def __aenter__(self: T) -> T:
|
|
return self
|
|
|
|
async def __aexit__(
|
|
self,
|
|
exc_type: type[BaseException] | None,
|
|
exc_val: BaseException | None,
|
|
exc_tb: TracebackType | None,
|
|
) -> None:
|
|
await self.aclose()
|
|
|
|
@abstractmethod
|
|
async def aclose(self) -> None:
|
|
"""Close the resource."""
|