feat: 装配 UniDesk SSH 工具凭证
This commit is contained in:
@@ -8,6 +8,18 @@ import { stableHash, validateEnvName } from "../common/validation.js";
|
||||
import { renderRunnerJobManifest } from "../runner/k8s-job.js";
|
||||
import type { RunnerTransientEnv } from "../runner/k8s-job.js";
|
||||
|
||||
const reusableCredentialEnvNames = new Set([
|
||||
"AUTH_PASSWORD",
|
||||
"CODEX_API_KEY",
|
||||
"GH_TOKEN",
|
||||
"GITHUB_TOKEN",
|
||||
"OPENAI_API_KEY",
|
||||
"PROVIDER_TOKEN",
|
||||
"UNIDESK_AUTH_PASSWORD",
|
||||
"UNIDESK_PROVIDER_TOKEN",
|
||||
"UNIDESK_SSH_CLIENT_TOKEN",
|
||||
]);
|
||||
|
||||
export interface RunnerJobDefaults {
|
||||
namespace: string;
|
||||
managerUrl: string;
|
||||
@@ -165,7 +177,7 @@ function transientEnvField(value: unknown): RunnerTransientEnv[] {
|
||||
const record = entry as JsonRecord;
|
||||
const name = stringField(record, "name");
|
||||
validateEnvName(name, `transientEnv[${index}].name`);
|
||||
if (name === "GH_TOKEN" || name === "GITHUB_TOKEN" || name === "OPENAI_API_KEY" || name === "CODEX_API_KEY") throw new AgentRunError("tenant-policy-denied", `transientEnv ${name} must use tool/provider credential assembly instead`, { httpStatus: 403 });
|
||||
if (reusableCredentialEnvNames.has(name)) throw new AgentRunError("tenant-policy-denied", `transientEnv ${name} must use tool/provider credential assembly instead`, { httpStatus: 403 });
|
||||
if (seen.has(name)) throw new AgentRunError("schema-invalid", `transientEnv name ${name} is duplicated`, { httpStatus: 400 });
|
||||
seen.add(name);
|
||||
const rawValue = record.value;
|
||||
|
||||
Reference in New Issue
Block a user