up

2025-11-26 07:47:08 +02:00
parent 56e2f64d07
commit 1c782897f7
184 changed files with 8991 additions and 649 deletions
--- a/src/Policy/__Tests/StellaOps.Policy.Tests/SplMigrationToolTests.cs
+++ b/src/Policy/__Tests/StellaOps.Policy.Tests/SplMigrationToolTests.cs
@@ -0,0 +1,75 @@
+using System.Collections.Immutable;
+using StellaOps.Policy;
+using Xunit;
+
+namespace StellaOps.Policy.Tests;
+
+public class SplMigrationToolTests
+{
+    [Fact]
+    public void ToSplPolicyJson_ConvertsRulesAndMetadata()
+    {
+        var rule = PolicyRule.Create(
+            name: "Block CVE",
+            action: new PolicyAction(PolicyActionType.Block, null, null, null, false),
+            severities: ImmutableArray.Create(PolicySeverity.Critical),
+            environments: ImmutableArray<string>.Empty,
+            sources: ImmutableArray<string>.Empty,
+            vendors: ImmutableArray<string>.Empty,
+            licenses: ImmutableArray<string>.Empty,
+            tags: ImmutableArray<string>.Empty,
+            match: PolicyRuleMatchCriteria.Create(
+                ImmutableArray<string>.Empty,
+                ImmutableArray<string>.Empty,
+                ImmutableArray<string>.Empty,
+                ImmutableArray<string>.Empty,
+                ImmutableArray<string>.Empty,
+                ImmutableArray.Create("/app"),
+                ImmutableArray<string>.Empty,
+                ImmutableArray<string>.Empty),
+            expires: null,
+            justification: "block it",
+            identifier: "RULE-1");
+
+        var document = new PolicyDocument(
+            PolicySchema.CurrentVersion,
+            ImmutableArray.Create(rule),
+            ImmutableDictionary<string, string>.Empty.Add("name", "demo"),
+            PolicyExceptionConfiguration.Empty);
+
+        var spl = SplMigrationTool.ToSplPolicyJson(document);
+
+        const string expected = "{\"apiVersion\":\"spl.stellaops/v1\",\"kind\":\"Policy\",\"metadata\":{\"labels\":{\"name\":\"demo\"},\"name\":\"demo\"},\"spec\":{\"defaultEffect\":\"deny\",\"statements\":[{\"effect\":\"deny\",\"id\":\"RULE-1\",\"match\":{\"actions\":[\"access\"],\"resource\":\"/app\"}}]}}";
+
+        Assert.Equal(expected, spl);
+    }
+
+    [Fact]
+    public void ToSplPolicyJson_UsesOverlaySafeIdsAndAudits()
+    {
+        var rule = PolicyRule.Create(
+            name: "Warn entrypoint",
+            action: new PolicyAction(PolicyActionType.Warn, null, null, null, true),
+            severities: ImmutableArray.Create(PolicySeverity.Low),
+            environments: ImmutableArray<string>.Empty,
+            sources: ImmutableArray<string>.Empty,
+            vendors: ImmutableArray<string>.Empty,
+            licenses: ImmutableArray<string>.Empty,
+            tags: ImmutableArray<string>.Empty,
+            match: PolicyRuleMatchCriteria.Empty,
+            expires: null,
+            justification: "soft warning");
+
+        var document = new PolicyDocument(
+            PolicySchema.CurrentVersion,
+            ImmutableArray.Create(rule),
+            ImmutableDictionary<string, string>.Empty,
+            PolicyExceptionConfiguration.Empty);
+
+        var spl = SplMigrationTool.ToSplPolicyJson(document);
+
+        const string expectedId = "warn-entrypoint";
+        Assert.Contains(expectedId, spl);
+        Assert.Contains("\"audit\":{\"message\":\"soft warning\",\"severity\":\"warn\"}", spl);
+    }
+}