Merge pull request #866 from pikasTech/fix/861-tool-credential-projection
修正 AgentRun tool credential projection 渲染
This commit is contained in:
+33
-5
@@ -6377,10 +6377,12 @@ function agentRunAipodBindingDisclosure(task: Record<string, unknown>, aipod: st
|
||||
}));
|
||||
const toolCredentials = arrayRecords(secretScope.toolCredentials).map((credential) => ({
|
||||
tool: credential.tool ?? null,
|
||||
purpose: credential.purpose ?? null,
|
||||
secretRef: {
|
||||
name: record(credential.secretRef).name ?? null,
|
||||
keys: Array.isArray(record(credential.secretRef).keys) ? record(credential.secretRef).keys : [],
|
||||
},
|
||||
projection: record(credential.projection),
|
||||
valuesPrinted: false,
|
||||
}));
|
||||
return {
|
||||
@@ -7295,10 +7297,12 @@ function agentRunExecutionPolicyWithLaneCredentials(basePolicy: Record<string, u
|
||||
}
|
||||
return {
|
||||
tool: credential.tool,
|
||||
purpose: credential.purpose,
|
||||
secretRef: {
|
||||
name: credential.secretRef.name,
|
||||
keys: [credential.secretRef.key],
|
||||
},
|
||||
projection: credential.projection,
|
||||
};
|
||||
}) : [];
|
||||
const secretScope = record(basePolicy.secretScope);
|
||||
@@ -7312,21 +7316,45 @@ function agentRunExecutionPolicyWithLaneCredentials(basePolicy: Record<string, u
|
||||
};
|
||||
}
|
||||
|
||||
const AGENTRUN_DEFAULT_TOOL_CREDENTIALS = new Set(["unidesk-ssh"]);
|
||||
const AGENTRUN_DEFAULT_TOOL_CREDENTIAL_IDS = new Set(["tool-github-pr-token", "tool-unidesk-ssh-token"]);
|
||||
|
||||
function agentRunToolCredentialRefs(spec: AgentRunLaneSpec, options: { includeUnsupported?: boolean } = {}): Array<{ tool: string; sourceId: string; secretRef: { namespace: string; name: string; key: string }; valuesPrinted: false }> {
|
||||
function agentRunToolCredentialRefs(spec: AgentRunLaneSpec, options: { includeUnsupported?: boolean } = {}): Array<{ tool: string; purpose: string; projection: Record<string, unknown>; sourceId: string; secretRef: { namespace: string; name: string; key: string }; valuesPrinted: false }> {
|
||||
return spec.secrets
|
||||
.filter((secret) => secret.providerCredentialProfile === null && secret.id.startsWith("tool-"))
|
||||
.map((secret) => {
|
||||
const tool = secret.id.replace(/^tool-/u, "").replace(/-token$/u, "");
|
||||
const binding = agentRunToolCredentialBinding(secret.id, secret.targetRef.key);
|
||||
return {
|
||||
tool,
|
||||
tool: binding.tool,
|
||||
purpose: binding.purpose,
|
||||
projection: binding.projection,
|
||||
sourceId: secret.id,
|
||||
secretRef: secret.targetRef,
|
||||
valuesPrinted: false as const,
|
||||
};
|
||||
})
|
||||
.filter((credential) => options.includeUnsupported === true || AGENTRUN_DEFAULT_TOOL_CREDENTIALS.has(credential.tool));
|
||||
.filter((credential) => options.includeUnsupported === true || AGENTRUN_DEFAULT_TOOL_CREDENTIAL_IDS.has(credential.sourceId));
|
||||
}
|
||||
|
||||
function agentRunToolCredentialBinding(sourceId: string, key: string): { tool: string; purpose: string; projection: Record<string, unknown> } {
|
||||
if (sourceId === "tool-github-pr-token") {
|
||||
return {
|
||||
tool: "github",
|
||||
purpose: "github-pr",
|
||||
projection: { kind: "env", envName: key, secretKey: key },
|
||||
};
|
||||
}
|
||||
if (sourceId === "tool-unidesk-ssh-token") {
|
||||
return {
|
||||
tool: "unidesk-ssh",
|
||||
purpose: "ssh-passthrough",
|
||||
projection: { kind: "env", envName: key, secretKey: key },
|
||||
};
|
||||
}
|
||||
return {
|
||||
tool: sourceId.replace(/^tool-/u, "").replace(/-token$/u, ""),
|
||||
purpose: sourceId.replace(/^tool-/u, ""),
|
||||
projection: {},
|
||||
};
|
||||
}
|
||||
|
||||
function renderAgentRunSessionPolicyExplanation(args: string[] = [], options: AgentRunRestTargetOptions = { node: null, lane: null }): string {
|
||||
|
||||
Reference in New Issue
Block a user