e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
27 lines
828 B
Python
27 lines
828 B
Python
from typing import final
|
|
|
|
|
|
class PluggyWarning(UserWarning):
|
|
"""Base class for all warnings emitted by pluggy."""
|
|
|
|
__module__ = "pluggy"
|
|
|
|
|
|
@final
|
|
class PluggyTeardownRaisedWarning(PluggyWarning):
|
|
"""A plugin raised an exception during an :ref:`old-style hookwrapper
|
|
<old_style_hookwrappers>` teardown.
|
|
|
|
Such exceptions are not handled by pluggy, and may cause subsequent
|
|
teardowns to be executed at unexpected times, or be skipped entirely.
|
|
|
|
This is an issue in the plugin implementation.
|
|
|
|
If the exception is unintended, fix the underlying cause.
|
|
|
|
If the exception is intended, switch to :ref:`new-style hook wrappers
|
|
<hookwrappers>`, or use :func:`result.force_exception()
|
|
<pluggy.Result.force_exception>` to set the exception instead of raising.
|
|
"""
|
|
|
|
__module__ = "pluggy"
|