Pure decision core for [`check_push_credentials`], split out so it can be unit-tested without touching the on-disk identity store. `identity_name` — the resolved identity (override or URL-inferred), if any. `from_flag` — whether `identity_name` came from `--identity` (vs. the URL). `identity_exists` — whether an identity with the given name is in the store. `keypair_loadable` — whether that ident
(
identity_name: Option<String>,
from_flag: bool,
identity_exists: impl Fn(&str) -> bool,
keypair_loadable: impl Fn(&str) -> bool,
)
| 343 | /// Returns `None` when credentials are usable, or `Some(issue)` describing the |
| 344 | /// first problem encountered. |
| 345 | fn evaluate_push_credentials( |
| 346 | identity_name: Option<String>, |
| 347 | from_flag: bool, |
| 348 | identity_exists: impl Fn(&str) -> bool, |
| 349 | keypair_loadable: impl Fn(&str) -> bool, |
| 350 | ) -> Option<CredentialIssue> { |
| 351 | let name = match identity_name { |
| 352 | Some(n) => n, |
| 353 | None => return Some(CredentialIssue::NoIdentityInUrl), |
| 354 | }; |
| 355 | |
| 356 | if !identity_exists(&name) { |
| 357 | return Some(CredentialIssue::IdentityNotFound { name, from_flag }); |
| 358 | } |
| 359 | |
| 360 | if !keypair_loadable(&name) { |
| 361 | return Some(CredentialIssue::KeypairUnavailable { name }); |
| 362 | } |
| 363 | |
| 364 | None |
| 365 | } |
| 366 | |
| 367 | /// Derive the apex server URL (scheme + host without the leading subdomain |
| 368 | /// label + port) from a tenant-scoped remote URL. |
no outgoing calls