You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
81 lines
3.1 KiB
Python
81 lines
3.1 KiB
Python
import unittest
|
|
|
|
from admin_app.db.write_governance import (
|
|
AdminWriteGovernanceViolation,
|
|
build_admin_write_governance_payload,
|
|
ensure_direct_admin_write_allowed,
|
|
enforce_admin_session_write_governance,
|
|
)
|
|
|
|
|
|
class _FakeTabledObject:
|
|
def __init__(self, table_name: str):
|
|
self.__tablename__ = table_name
|
|
|
|
|
|
class AdminWriteGovernanceTests(unittest.TestCase):
|
|
def test_payload_exposes_internal_allowlist_and_governed_targets(self):
|
|
payload = build_admin_write_governance_payload()
|
|
|
|
self.assertEqual(payload["mode"], "admin_internal_tables_only")
|
|
self.assertEqual(
|
|
payload["allowed_direct_write_tables"],
|
|
[
|
|
"admin_audit_logs",
|
|
"staff_accounts",
|
|
"staff_sessions",
|
|
"tool_drafts",
|
|
"tool_versions",
|
|
"tool_metadata",
|
|
"tool_artifacts",
|
|
],
|
|
)
|
|
self.assertIn("sales_orders", payload["blocked_operational_dataset_keys"])
|
|
self.assertIn("orders", payload["blocked_product_source_tables"])
|
|
self.assertIn("conversation_turns", payload["blocked_product_source_tables"])
|
|
self.assertIn("atendimento_runtime_profile", payload["governed_configuration_keys"])
|
|
self.assertIn("bot_behavior_policy", payload["governed_configuration_keys"])
|
|
|
|
def test_internal_admin_tables_are_allowed_for_direct_write(self):
|
|
ensure_direct_admin_write_allowed("staff_accounts")
|
|
ensure_direct_admin_write_allowed("staff_sessions")
|
|
ensure_direct_admin_write_allowed("admin_audit_logs")
|
|
ensure_direct_admin_write_allowed("tool_drafts")
|
|
ensure_direct_admin_write_allowed("tool_versions")
|
|
ensure_direct_admin_write_allowed("tool_metadata")
|
|
ensure_direct_admin_write_allowed("tool_artifacts")
|
|
|
|
def test_unknown_or_product_tables_raise_governance_violation(self):
|
|
with self.assertRaises(AdminWriteGovernanceViolation):
|
|
ensure_direct_admin_write_allowed("orders")
|
|
|
|
with self.assertRaises(AdminWriteGovernanceViolation):
|
|
ensure_direct_admin_write_allowed("conversation_turns")
|
|
|
|
def test_session_guard_accepts_only_internal_admin_tables(self):
|
|
enforce_admin_session_write_governance(
|
|
new=(
|
|
_FakeTabledObject("staff_accounts"),
|
|
_FakeTabledObject("tool_versions"),
|
|
_FakeTabledObject("tool_metadata"),
|
|
_FakeTabledObject("tool_artifacts"),
|
|
),
|
|
dirty=(_FakeTabledObject("staff_sessions"),),
|
|
deleted=(
|
|
_FakeTabledObject("admin_audit_logs"),
|
|
_FakeTabledObject("tool_drafts"),
|
|
),
|
|
)
|
|
|
|
def test_session_guard_blocks_direct_operational_write_attempt(self):
|
|
with self.assertRaises(AdminWriteGovernanceViolation) as context:
|
|
enforce_admin_session_write_governance(
|
|
new=(_FakeTabledObject("orders"),),
|
|
)
|
|
|
|
self.assertIn("fluxo governado, versionado e auditavel", str(context.exception))
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main()
|