Public-flip audit: URL refresh + minor scrubs

Repository URLs, version strings, and example creds normalized for the
public git.sulkta.com endpoint. No code-behavior change.

Audit-applied by the public-flip rolling-audit pass — see
kayos/openclaw-workspace memory/2026-05-27 logs for the campaign
context.
This commit is contained in:
Sulkta 2026-05-27 10:59:58 -07:00
parent 04b10427f5
commit 427e1bb97f
10 changed files with 71 additions and 59 deletions

View file

@ -6,6 +6,11 @@ are skipped — so the default ``pytest`` run on a laptop never phones home.
Set ``ISPCONFIG_TEST_VERIFY_SSL=0`` for panels with self-signed or
mismatched certs.
Tests that read a specific record additionally read
``ISPCONFIG_TEST_DOMAIN_ID`` (a ``web_domain`` primary id) and
``ISPCONFIG_TEST_DOMAIN_NAME`` (the matching domain/zone origin). They skip
individually if either is missing see ``tests/test_smoke.py``.
"""
from __future__ import annotations

View file

@ -3,17 +3,25 @@
Gated on env vars: ``ISPCONFIG_TEST_URL``, ``ISPCONFIG_TEST_USER``,
``ISPCONFIG_TEST_PASS``. These tests are skipped if any is unset.
They are **read-only** no ``_add`` / ``_update`` / ``_delete`` calls. Safe
to run against production.
They are read-only no ``_add`` / ``_update`` / ``_delete`` calls. Safe to
run against production.
Every new auto-generated module gets at least one read-only call here so we
know the wrappers actually wire up against a live panel. Methods that the
API user lacks permission for (admin-only, etc.) are documented skips
see the README's "Known admin-only" list.
Two further env vars target a known record on your panel so the hand-audited
helpers have something to fetch:
* ``ISPCONFIG_TEST_DOMAIN_ID`` a ``web_domain`` primary id (int).
* ``ISPCONFIG_TEST_DOMAIN_NAME`` the matching ``domain`` string + DNS zone
origin (e.g. ``example.com``).
If either is missing, the domain/dns/mail tests below are skipped only
the auto-generated module probes run, since those don't need a known record.
Methods that the API user lacks permission for (admin-only, etc.) skip
cleanly see the README's "Known admin-only" list.
"""
from __future__ import annotations
import os
from collections.abc import Iterator
import pytest
@ -33,6 +41,20 @@ def client(live_creds: dict[str, str]) -> Iterator[ISPConfigClient]:
yield c
def _known_domain_id() -> int:
val = os.environ.get("ISPCONFIG_TEST_DOMAIN_ID")
if not val:
pytest.skip("set ISPCONFIG_TEST_DOMAIN_ID to a real web_domain primary id")
return int(val)
def _known_domain_name() -> str:
val = os.environ.get("ISPCONFIG_TEST_DOMAIN_NAME")
if not val:
pytest.skip("set ISPCONFIG_TEST_DOMAIN_NAME to the matching domain/zone origin")
return val
# ---- hand-audited modules (first pass) -----------------------------------
@ -44,20 +66,24 @@ def test_login_returns_session(live_creds: dict[str, str]) -> None:
assert c.logout() is True
def test_get_domain_156(client: ISPConfigClient) -> None:
site = client.sites.web_domain_get(156)
assert site["domain"] == "mcbindustrial.com"
assert site["php"] == "fast-cgi"
def test_get_known_domain(client: ISPConfigClient) -> None:
domain_id = _known_domain_id()
expected_name = _known_domain_name()
site = client.sites.web_domain_get(domain_id)
assert site["domain"] == expected_name
def test_dns_zone_lookup(client: ISPConfigClient) -> None:
zone_id = client.dns.zone_get_id("mcbindustrial.com.")
expected_name = _known_domain_name()
# Pass with a trailing dot to exercise the wrapper's stripping behavior.
zone_id = client.dns.zone_get_id(expected_name + ".")
assert zone_id > 0, "zone_get_id returned 0 — is the zone present?"
def test_mail_users_under_mcbindustrial(client: ISPConfigClient) -> None:
def test_mail_users_filter_returns_list(client: ISPConfigClient) -> None:
# mail_user_get accepts a filter-dict and returns a list.
users = client.mail.user_get({"email": "%@mcbindustrial.com"})
expected_name = _known_domain_name()
users = client.mail.user_get({"email": f"%@{expected_name}"})
assert isinstance(users, list)
# Don't assert count — just shape. Zero mailboxes is a valid state.
for u in users:
@ -67,8 +93,8 @@ def test_mail_users_under_mcbindustrial(client: ISPConfigClient) -> None:
# ---- auto-generated modules: one read-only probe each -------------------
#
# These prove the wrappers encode/decode correctly against a real panel.
# Each test tolerates the method being restricted to admin (``admin`` is a
# reseller, not an admin) — those skip with a clear reason.
# Each test tolerates the method being restricted to admin — reseller logins
# fault with "permission denied" on those, and we skip with a clear reason.
def test_raw_call_list_functions(client: ISPConfigClient) -> None:
@ -188,12 +214,13 @@ def test_cron_get_missing(client: ISPConfigClient) -> None:
def test_backups_list(client: ISPConfigClient) -> None:
"""``sites_web_domain_backup_list`` on a known domain."""
domain_id = _known_domain_id()
try:
result = client.backups.sites_web_domain_backup_list(156)
result = client.backups.sites_web_domain_backup_list(domain_id)
except PermissionError:
pytest.skip("sites_web_domain_backup_list: admin-only on this panel")
except NotFoundError:
pytest.skip("no backups configured for domain 156")
pytest.skip(f"no backups configured for domain {domain_id}")
assert result is None or isinstance(result, (list, dict))