134 lines
8.4 KiB
PowerShell
134 lines
8.4 KiB
PowerShell
param(
|
|
[string]$ApiBaseUrl = "http://192.168.200.61:18121/api/v1",
|
|
[string]$ClusterID = "cfc0743d-d960-49fb-9de8-96e063d5e4aa",
|
|
[string]$ActorUserID = "f67d943f-5397-4b3a-a229-695fe67ad700",
|
|
[string]$RequestedNodeName = "test-1",
|
|
[string]$DefaultNodeName = "test-2",
|
|
[string]$MatrixNodeName = "test-1",
|
|
[string]$ResultPath = "artifacts\c19z138-remote-workspace-real-adapter-not-approved-outcome-continuation-block-enforcement-compatibility-smoke-result.json"
|
|
)
|
|
|
|
Set-StrictMode -Version Latest
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
$repoRoot = (Resolve-Path (Join-Path $PSScriptRoot "..\..")).ProviderPath
|
|
$sourceResultPath = "artifacts\c19z138-remote-workspace-real-adapter-not-approved-outcome-continuation-block-enforcement-source-result.json"
|
|
$requiredEnforcementFields = @("schema_version", "source_guard_schema", "enforcement_status", "enforcement_marker", "attempted_action", "attempt_allowed", "block_reason", "next_allowed_entrypoint", "blocks_not_approved_extension", "guard_status", "branch_state", "continuation_policy", "reopen_policy", "enablement_status", "runtime_gate_state", "runtime_effect", "allows_process_start", "allows_payload_traffic", "guardrail_summary", "enforcement_notes")
|
|
$requiredGuardrailFields = @("activation_blocked", "process_start_allowed", "health_probe_enabled", "payload_traffic", "allows_process_start", "allows_payload_traffic")
|
|
$requiredEnforcementNotes = @("continuation_attempt_blocked", "not_approved_branch_remains_closed", "new_explicit_enablement_request_required", "real_runtime_gate_not_enabled", "process_start_disabled", "payload_forwarding_disabled")
|
|
|
|
function Get-PropertyValue {
|
|
param([object]$Item, [string]$Name, [object]$Default = $null)
|
|
if ($null -eq $Item) { return $Default }
|
|
if ($Item -is [System.Collections.IDictionary]) {
|
|
if ($Item.Contains($Name)) { return $Item[$Name] }
|
|
return $Default
|
|
}
|
|
$property = $Item.PSObject.Properties[$Name]
|
|
if ($null -eq $property) { return $Default }
|
|
return $property.Value
|
|
}
|
|
|
|
function Test-ObjectHasFields {
|
|
param([object]$Item, [string[]]$Fields)
|
|
if ($null -eq $Item) { return $false }
|
|
foreach ($field in $Fields) {
|
|
if ($Item -is [System.Collections.IDictionary]) {
|
|
if (-not $Item.Contains($field)) { return $false }
|
|
continue
|
|
}
|
|
if ($null -eq $Item.PSObject.Properties[$field]) { return $false }
|
|
}
|
|
return $true
|
|
}
|
|
|
|
function Test-ArrayContainsAll {
|
|
param([object[]]$Actual, [string[]]$Expected)
|
|
foreach ($item in $Expected) {
|
|
if ($Actual -notcontains $item) { return $false }
|
|
}
|
|
return $true
|
|
}
|
|
|
|
& powershell -ExecutionPolicy Bypass -File (Join-Path $PSScriptRoot "c19z137-remote-workspace-real-adapter-not-approved-outcome-continuation-block-enforcement-smoke.ps1") `
|
|
-ApiBaseUrl $ApiBaseUrl `
|
|
-ClusterID $ClusterID `
|
|
-ActorUserID $ActorUserID `
|
|
-RequestedNodeName $RequestedNodeName `
|
|
-DefaultNodeName $DefaultNodeName `
|
|
-MatrixNodeName $MatrixNodeName `
|
|
-ResultPath $sourceResultPath | Out-Null
|
|
|
|
$sourceFile = Join-Path $repoRoot $sourceResultPath
|
|
$sourceResult = Get-Content -Raw -Path $sourceFile | ConvertFrom-Json
|
|
$enforcement = Get-PropertyValue -Item $sourceResult -Name "not_approved_outcome_continuation_block_enforcement" -Default $null
|
|
$guardrails = Get-PropertyValue -Item $enforcement -Name "guardrail_summary" -Default $null
|
|
$enforcementNotes = @(Get-PropertyValue -Item $enforcement -Name "enforcement_notes" -Default @())
|
|
|
|
$enforcementFieldsCompatible = Test-ObjectHasFields -Item $enforcement -Fields $requiredEnforcementFields
|
|
$enforcementValuesCompatible = (
|
|
[string](Get-PropertyValue -Item $enforcement -Name "schema_version" -Default "") -eq "rap.remote_workspace_real_adapter_not_approved_outcome_continuation_block_enforcement.v1" -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "source_guard_schema" -Default "") -eq "rap.remote_workspace_real_adapter_not_approved_outcome_no_continuation_guard.v1" -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "enforcement_status" -Default "") -eq "blocked_continuation_enforced" -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "attempted_action" -Default "") -eq "continue_not_approved_branch_without_new_explicit_enablement_request" -and
|
|
-not [bool](Get-PropertyValue -Item $enforcement -Name "attempt_allowed" -Default $true) -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "block_reason" -Default "") -eq "new_explicit_enablement_request_required" -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "next_allowed_entrypoint" -Default "") -eq "new_explicit_enablement_request_only" -and
|
|
[bool](Get-PropertyValue -Item $enforcement -Name "blocks_not_approved_extension" -Default $false) -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "guard_status" -Default "") -eq "no_continuation_without_new_explicit_enablement_request" -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "branch_state" -Default "") -eq "not_approved_branch_closed" -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "continuation_policy" -Default "") -eq "do_not_continue_without_new_explicit_enablement_request" -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "reopen_policy" -Default "") -eq "new_explicit_enablement_request_required" -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "enablement_status" -Default "") -eq "not_enabled" -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "runtime_gate_state" -Default "") -eq "validated_contract_only_not_enabled" -and
|
|
[string](Get-PropertyValue -Item $enforcement -Name "runtime_effect" -Default "") -eq "contract_only_no_runtime_enablement" -and
|
|
-not [bool](Get-PropertyValue -Item $enforcement -Name "allows_process_start" -Default $true) -and
|
|
-not [bool](Get-PropertyValue -Item $enforcement -Name "allows_payload_traffic" -Default $true)
|
|
)
|
|
$enforcementNotesCompatible = Test-ArrayContainsAll -Actual $enforcementNotes -Expected $requiredEnforcementNotes
|
|
$guardrailsCompatible = (
|
|
(Test-ObjectHasFields -Item $guardrails -Fields $requiredGuardrailFields) -and
|
|
[bool](Get-PropertyValue -Item $guardrails -Name "activation_blocked" -Default $false) -and
|
|
-not [bool](Get-PropertyValue -Item $guardrails -Name "process_start_allowed" -Default $true) -and
|
|
-not [bool](Get-PropertyValue -Item $guardrails -Name "health_probe_enabled" -Default $true) -and
|
|
[string](Get-PropertyValue -Item $guardrails -Name "payload_traffic" -Default "") -eq "none" -and
|
|
-not [bool](Get-PropertyValue -Item $guardrails -Name "allows_process_start" -Default $true) -and
|
|
-not [bool](Get-PropertyValue -Item $guardrails -Name "allows_payload_traffic" -Default $true)
|
|
)
|
|
|
|
$checks = [ordered]@{
|
|
source_smoke_passed = ([bool]$sourceResult.passed)
|
|
source_schema_expected = ([string]$sourceResult.schema_version -eq "c19z137.remote_workspace_real_adapter_not_approved_outcome_continuation_block_enforcement_smoke.v1")
|
|
enforcement_present = ($null -ne $enforcement)
|
|
enforcement_fields_compatible = $enforcementFieldsCompatible
|
|
enforcement_values_compatible = $enforcementValuesCompatible
|
|
enforcement_notes_compatible = $enforcementNotesCompatible
|
|
guardrails_compatible = $guardrailsCompatible
|
|
}
|
|
$failed = @($checks.GetEnumerator() | Where-Object { -not $_.Value } | ForEach-Object { $_.Key })
|
|
|
|
$result = [ordered]@{
|
|
schema_version = "c19z138.remote_workspace_real_adapter_not_approved_outcome_continuation_block_enforcement_compatibility_smoke.v1"
|
|
source_result_path = $sourceFile
|
|
cluster_id = $ClusterID
|
|
required_enforcement_fields = $requiredEnforcementFields
|
|
required_guardrail_fields = $requiredGuardrailFields
|
|
required_enforcement_notes = $requiredEnforcementNotes
|
|
not_approved_outcome_continuation_block_enforcement = $enforcement
|
|
checks = $checks
|
|
failed_checks = $failed
|
|
passed = ($failed.Count -eq 0)
|
|
}
|
|
|
|
$fullResultPath = Join-Path $repoRoot $ResultPath
|
|
$resultDir = Split-Path -Parent $fullResultPath
|
|
if ($resultDir) { New-Item -ItemType Directory -Force -Path $resultDir | Out-Null }
|
|
$result | ConvertTo-Json -Depth 100 | Set-Content -Encoding UTF8 -Path $fullResultPath
|
|
|
|
if (-not $result.passed) {
|
|
throw "C19Z138 remote workspace real-adapter not-approved outcome continuation block enforcement compatibility smoke failed. Result: $fullResultPath Failed: $($failed -join ', ')"
|
|
}
|
|
|
|
Write-Host "C19Z138 remote workspace real-adapter not-approved outcome continuation block enforcement compatibility smoke passed. Result: $fullResultPath"
|
|
$result
|