up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
This commit is contained in:
StellaOps Bot
@@ -45,6 +45,84 @@ public sealed class PolicyBundleServiceTests
|
||||
Assert.NotEmpty(response.Diagnostics);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CompileAndStoreAsync_ReturnsAocMetadata()
|
||||
{
|
||||
var services = CreateServices();
|
||||
var request = new PolicyBundleRequest(new PolicyDslPayload("stella-dsl@1", BaselineDsl), SigningKeyId: "test-key");
|
||||
|
||||
var response = await services.BundleService.CompileAndStoreAsync("pack-1", 1, request, CancellationToken.None);
|
||||
|
||||
Assert.True(response.Success);
|
||||
Assert.NotNull(response.AocMetadata);
|
||||
Assert.StartsWith("comp-", response.AocMetadata!.CompilationId);
|
||||
Assert.Equal("stella-dsl@1", response.AocMetadata.CompilerVersion);
|
||||
Assert.StartsWith("sha256:", response.AocMetadata.SourceDigest);
|
||||
Assert.StartsWith("sha256:", response.AocMetadata.ArtifactDigest);
|
||||
Assert.True(response.AocMetadata.RuleCount >= 1);
|
||||
Assert.True(response.AocMetadata.ComplexityScore >= 0);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CompileAndStoreAsync_IncludesProvenanceWhenProvided()
|
||||
{
|
||||
var services = CreateServices();
|
||||
var provenance = new PolicyProvenanceInput(
|
||||
SourceType: "git",
|
||||
SourceUrl: "https://github.com/test/policies",
|
||||
Submitter: "test-user",
|
||||
CommitSha: "abc123",
|
||||
Branch: "main");
|
||||
var request = new PolicyBundleRequest(
|
||||
new PolicyDslPayload("stella-dsl@1", BaselineDsl),
|
||||
SigningKeyId: "test-key",
|
||||
Provenance: provenance);
|
||||
|
||||
var response = await services.BundleService.CompileAndStoreAsync("pack-1", 1, request, CancellationToken.None);
|
||||
|
||||
Assert.True(response.Success);
|
||||
Assert.NotNull(response.AocMetadata);
|
||||
|
||||
// Verify bundle record has provenance stored
|
||||
var bundle = await services.Repository.GetBundleAsync("pack-1", 1, CancellationToken.None);
|
||||
Assert.NotNull(bundle);
|
||||
Assert.NotNull(bundle!.AocMetadata);
|
||||
Assert.NotNull(bundle.AocMetadata!.Provenance);
|
||||
Assert.Equal("git", bundle.AocMetadata.Provenance!.SourceType);
|
||||
Assert.Equal("https://github.com/test/policies", bundle.AocMetadata.Provenance.SourceUrl);
|
||||
Assert.Equal("test-user", bundle.AocMetadata.Provenance.Submitter);
|
||||
Assert.Equal("abc123", bundle.AocMetadata.Provenance.CommitSha);
|
||||
Assert.Equal("main", bundle.AocMetadata.Provenance.Branch);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CompileAndStoreAsync_NullAocMetadataOnFailure()
|
||||
{
|
||||
var services = CreateServices();
|
||||
var request = new PolicyBundleRequest(new PolicyDslPayload("unknown", "policy bad"), SigningKeyId: null);
|
||||
|
||||
var response = await services.BundleService.CompileAndStoreAsync("pack-1", 1, request, CancellationToken.None);
|
||||
|
||||
Assert.False(response.Success);
|
||||
Assert.Null(response.AocMetadata);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task CompileAndStoreAsync_SourceDigestIsDeterministic()
|
||||
{
|
||||
var services = CreateServices();
|
||||
var request1 = new PolicyBundleRequest(new PolicyDslPayload("stella-dsl@1", BaselineDsl), SigningKeyId: "test-key");
|
||||
var request2 = new PolicyBundleRequest(new PolicyDslPayload("stella-dsl@1", BaselineDsl), SigningKeyId: "test-key");
|
||||
|
||||
var response1 = await services.BundleService.CompileAndStoreAsync("pack-1", 1, request1, CancellationToken.None);
|
||||
var response2 = await services.BundleService.CompileAndStoreAsync("pack-2", 1, request2, CancellationToken.None);
|
||||
|
||||
Assert.NotNull(response1.AocMetadata);
|
||||
Assert.NotNull(response2.AocMetadata);
|
||||
Assert.Equal(response1.AocMetadata!.SourceDigest, response2.AocMetadata!.SourceDigest);
|
||||
Assert.Equal(response1.AocMetadata.ArtifactDigest, response2.AocMetadata.ArtifactDigest);
|
||||
}
|
||||
|
||||
private static ServiceHarness CreateServices()
|
||||
{
|
||||
var compiler = new PolicyCompiler();
|
||||
@@ -53,10 +131,11 @@ public sealed class PolicyBundleServiceTests
|
||||
var compilationService = new PolicyCompilationService(compiler, complexity, new StaticOptionsMonitor(options.Value), TimeProvider.System);
|
||||
var repo = new InMemoryPolicyPackRepository();
|
||||
return new ServiceHarness(
|
||||
new PolicyBundleService(compilationService, repo, TimeProvider.System));
|
||||
new PolicyBundleService(compilationService, repo, TimeProvider.System),
|
||||
repo);
|
||||
}
|
||||
|
||||
private sealed record ServiceHarness(PolicyBundleService BundleService);
|
||||
private sealed record ServiceHarness(PolicyBundleService BundleService, InMemoryPolicyPackRepository Repository);
|
||||
|
||||
private sealed class StaticOptionsMonitor : IOptionsMonitor<PolicyEngineOptions>
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user