vitor
/
orquestrador
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
feat/self-evolving-tools-foundation
main
chore/observability-latency-markers
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b3662906bc'
${ noResults }
orquestrador/tests/test_admin_write_governance.py

66 lines
2.7 KiB
Python
Raw Blame History

import unittest
from admin_app.db.write_governance import (
AdminWriteGovernanceViolation,
build_admin_write_governance_payload,
ensure_direct_admin_write_allowed,
enforce_admin_session_write_governance,
)
class _FakeTabledObject:
def __init__(self, table_name: str):
self.__tablename__ = table_name
class AdminWriteGovernanceTests(unittest.TestCase):
def test_payload_exposes_internal_allowlist_and_governed_targets(self):
payload = build_admin_write_governance_payload()
self.assertEqual(payload["mode"], "admin_internal_tables_only")
self.assertEqual(
payload["allowed_direct_write_tables"],
["admin_audit_logs", "staff_accounts", "staff_sessions", "tool_drafts", "tool_versions"],
)
self.assertIn("sales_orders", payload["blocked_operational_dataset_keys"])
self.assertIn("orders", payload["blocked_product_source_tables"])
self.assertIn("conversation_turns", payload["blocked_product_source_tables"])
self.assertIn("atendimento_runtime_profile", payload["governed_configuration_keys"])
self.assertIn("bot_behavior_policy", payload["governed_configuration_keys"])
def test_internal_admin_tables_are_allowed_for_direct_write(self):
ensure_direct_admin_write_allowed("staff_accounts")
ensure_direct_admin_write_allowed("staff_sessions")
ensure_direct_admin_write_allowed("admin_audit_logs")
ensure_direct_admin_write_allowed("tool_drafts")
ensure_direct_admin_write_allowed("tool_versions")
def test_unknown_or_product_tables_raise_governance_violation(self):
with self.assertRaises(AdminWriteGovernanceViolation):
ensure_direct_admin_write_allowed("orders")
with self.assertRaises(AdminWriteGovernanceViolation):
ensure_direct_admin_write_allowed("conversation_turns")
def test_session_guard_accepts_only_internal_admin_tables(self):
enforce_admin_session_write_governance(
new=(_FakeTabledObject("staff_accounts"), _FakeTabledObject("tool_versions")),
dirty=(_FakeTabledObject("staff_sessions"),),
deleted=(
_FakeTabledObject("admin_audit_logs"),
_FakeTabledObject("tool_drafts"),
),
)
def test_session_guard_blocks_direct_operational_write_attempt(self):
with self.assertRaises(AdminWriteGovernanceViolation) as context:
enforce_admin_session_write_governance(
new=(_FakeTabledObject("orders"),),
)
self.assertIn("fluxo governado, versionado e auditavel", str(context.exception))
if __name__ == "__main__":
unittest.main()
Reference in New Issue View Git Blame Copy Permalink