e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
27 lines
809 B
Python
27 lines
809 B
Python
"""Git utilities, adopted from mypy's git utilities (https://github.com/python/mypy/blob/master/mypy/git.py)."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import subprocess
|
|
from pathlib import Path
|
|
|
|
|
|
def is_git_repo(dir: Path) -> bool:
|
|
"""Is the given directory version-controlled with git?"""
|
|
return dir.joinpath('.git').exists()
|
|
|
|
|
|
def have_git() -> bool: # pragma: no cover
|
|
"""Can we run the git executable?"""
|
|
try:
|
|
subprocess.check_output(['git', '--help'])
|
|
return True
|
|
except subprocess.CalledProcessError:
|
|
return False
|
|
except OSError:
|
|
return False
|
|
|
|
|
|
def git_revision(dir: Path) -> str:
|
|
"""Get the SHA-1 of the HEAD of a git repository."""
|
|
return subprocess.check_output(['git', 'rev-parse', '--short', 'HEAD'], cwd=dir).decode('utf-8').strip()
|