stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

tests fixes

Browse Source
This commit is contained in:
master
2026-01-27 08:23:42 +02:00
parent c305d05d32
commit 82caceba56
58 changed files with 651 additions and 312 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/Policy/__Libraries/StellaOps.Policy.Persistence/Postgres/Repositories/PostgresExceptionObjectRepository.cs
View File

@@ -71,7 +71,8 @@ public sealed class PostgresExceptionObjectRepository : RepositoryBase<PolicyDat
created_at, updated_at, approved_at, expires_at,
reason_code, rationale, evidence_refs, compensating_controls,
metadata, ticket_ref,
recheck_policy_id, last_recheck_result, last_recheck_at
recheck_policy_id, last_recheck_result, last_recheck_at,
name, reason
)
VALUES (
@exception_id, @version, @status, @type,
@@ -81,7 +82,8 @@ public sealed class PostgresExceptionObjectRepository : RepositoryBase<PolicyDat
@created_at, @updated_at, @approved_at, @expires_at,
@reason_code, @rationale, @evidence_refs::jsonb, @compensating_controls::jsonb,
@metadata::jsonb, @ticket_ref,
@recheck_policy_id, @last_recheck_result::jsonb, @last_recheck_at
@recheck_policy_id, @last_recheck_result::jsonb, @last_recheck_at,
@name, @reason
)
RETURNING id
""";
@@ -464,16 +466,17 @@ public sealed class PostgresExceptionObjectRepository : RepositoryBase<PolicyDat
AddParameter(command, "vulnerability_id", (object?)exception.Scope.VulnerabilityId ?? DBNull.Value);
AddParameter(command, "policy_rule_id", (object?)exception.Scope.PolicyRuleId ?? DBNull.Value);
AddTextArrayParameter(command, "environments", exception.Scope.Environments.ToArray());
AddParameter(command, "tenant_id", (object?)exception.Scope.TenantId ?? DBNull.Value);
AddParameter(command, "owner_id", exception.OwnerId);
AddParameter(command, "requester_id", exception.RequesterId);
// tenant_id is stored as TEXT in the database
AddParameter(command, "tenant_id", exception.Scope.TenantId?.ToString() ?? (object)DBNull.Value);
AddParameter(command, "owner_id", (object?)exception.OwnerId ?? DBNull.Value);
AddParameter(command, "requester_id", (object?)exception.RequesterId ?? DBNull.Value);
AddTextArrayParameter(command, "approver_ids", exception.ApproverIds.ToArray());
AddParameter(command, "created_at", exception.CreatedAt);
AddParameter(command, "updated_at", exception.UpdatedAt);
AddParameter(command, "approved_at", (object?)exception.ApprovedAt ?? DBNull.Value);
AddParameter(command, "expires_at", exception.ExpiresAt);
AddParameter(command, "reason_code", ReasonToString(exception.ReasonCode));
AddParameter(command, "rationale", exception.Rationale);
AddParameter(command, "rationale", (object?)exception.Rationale ?? DBNull.Value);
AddJsonbParameter(command, "evidence_refs", JsonSerializer.Serialize(exception.EvidenceRefs, JsonOptions));
AddJsonbParameter(command, "compensating_controls", JsonSerializer.Serialize(exception.CompensatingControls, JsonOptions));
AddJsonbParameter(command, "metadata", JsonSerializer.Serialize(exception.Metadata, JsonOptions));
@@ -481,6 +484,9 @@ public sealed class PostgresExceptionObjectRepository : RepositoryBase<PolicyDat
AddParameter(command, "recheck_policy_id", (object?)(exception.RecheckPolicyId ?? exception.RecheckPolicy?.PolicyId) ?? DBNull.Value);
AddJsonbParameter(command, "last_recheck_result", SerializeRecheckResult(exception.LastRecheckResult));
AddParameter(command, "last_recheck_at", (object?)exception.LastRecheckAt ?? DBNull.Value);
// Legacy columns required by schema (name TEXT NOT NULL, reason TEXT NOT NULL)
AddParameter(command, "name", exception.ExceptionId); // Use exception_id as name
AddParameter(command, "reason", exception.Rationale ?? ReasonToString(exception.ReasonCode)); // Use rationale or reason_code as reason
}
private async Task InsertEventAsync(
@@ -612,6 +618,12 @@ public sealed class PostgresExceptionObjectRepository : RepositoryBase<PolicyDat
private static ExceptionObject MapException(NpgsqlDataReader reader)
{
// tenant_id is stored as TEXT in the database but needs to be parsed as Guid
var tenantIdText = GetNullableString(reader, reader.GetOrdinal("tenant_id"));
Guid? tenantId = !string.IsNullOrEmpty(tenantIdText) && Guid.TryParse(tenantIdText, out var parsedTenantId)
? parsedTenantId
: null;
return new ExceptionObject
{
ExceptionId = reader.GetString(reader.GetOrdinal("exception_id")),
@@ -625,17 +637,17 @@ public sealed class PostgresExceptionObjectRepository : RepositoryBase<PolicyDat
VulnerabilityId = GetNullableString(reader, reader.GetOrdinal("vulnerability_id")),
PolicyRuleId = GetNullableString(reader, reader.GetOrdinal("policy_rule_id")),
Environments = GetStringArray(reader, reader.GetOrdinal("environments")),
TenantId = GetNullableGuid(reader, reader.GetOrdinal("tenant_id"))
TenantId = tenantId
},
OwnerId = reader.GetString(reader.GetOrdinal("owner_id")),
RequesterId = reader.GetString(reader.GetOrdinal("requester_id")),
OwnerId = GetNullableString(reader, reader.GetOrdinal("owner_id")) ?? string.Empty,
RequesterId = GetNullableString(reader, reader.GetOrdinal("requester_id")) ?? string.Empty,
ApproverIds = GetStringArray(reader, reader.GetOrdinal("approver_ids")),
CreatedAt = reader.GetFieldValue<DateTimeOffset>(reader.GetOrdinal("created_at")),
UpdatedAt = reader.GetFieldValue<DateTimeOffset>(reader.GetOrdinal("updated_at")),
ApprovedAt = GetNullableDateTimeOffset(reader, reader.GetOrdinal("approved_at")),
ExpiresAt = reader.GetFieldValue<DateTimeOffset>(reader.GetOrdinal("expires_at")),
ReasonCode = ParseReason(reader.GetString(reader.GetOrdinal("reason_code"))),
Rationale = reader.GetString(reader.GetOrdinal("rationale")),
Rationale = GetNullableString(reader, reader.GetOrdinal("rationale")) ?? string.Empty,
EvidenceRefs = ParseJsonArray(reader.GetString(reader.GetOrdinal("evidence_refs"))),
CompensatingControls = ParseJsonArray(reader.GetString(reader.GetOrdinal("compensating_controls"))),
Metadata = ParseJsonDictionary(reader.GetString(reader.GetOrdinal("metadata"))),

76
src/Policy/__Libraries/StellaOps.Policy.Unknowns/Repositories/UnknownsRepository.cs
View File

@@ -415,32 +415,37 @@ public sealed class UnknownsRepository : IUnknownsRepository
#region Row Mapping
private sealed record UnknownRow(
Guid id,
Guid tenant_id,
string package_id,
string package_version,
string band,
decimal score,
decimal uncertainty_factor,
decimal exploit_pressure,
string? reason_code,
string? remediation_hint,
string? evidence_refs,
string? assumptions,
int? blast_radius_dependents,
bool? blast_radius_net_facing,
string? blast_radius_privilege,
string? containment_seccomp,
string? containment_fs_mode,
string? containment_network_policy,
DateTimeOffset first_seen_at,
DateTimeOffset last_evaluated_at,
string? resolution_reason,
DateTimeOffset? resolved_at,
DateTimeOffset created_at,
DateTimeOffset updated_at)
/// <summary>
/// Internal row class for Dapper materialization. Uses parameterless constructor
/// with property setters for compatibility with Dapper's deserialization.
/// </summary>
private sealed class UnknownRow
{
public Guid id { get; set; }
public Guid tenant_id { get; set; }
public string package_id { get; set; } = string.Empty;
public string package_version { get; set; } = string.Empty;
public string band { get; set; } = string.Empty;
public decimal score { get; set; }
public decimal uncertainty_factor { get; set; }
public decimal exploit_pressure { get; set; }
public string? reason_code { get; set; }
public string? remediation_hint { get; set; }
public string? evidence_refs { get; set; }
public string? assumptions { get; set; }
public int? blast_radius_dependents { get; set; }
public bool? blast_radius_net_facing { get; set; }
public string? blast_radius_privilege { get; set; }
public string? containment_seccomp { get; set; }
public string? containment_fs_mode { get; set; }
public string? containment_network_policy { get; set; }
public DateTime first_seen_at { get; set; }
public DateTime last_evaluated_at { get; set; }
public string? resolution_reason { get; set; }
public DateTime? resolved_at { get; set; }
public DateTime created_at { get; set; }
public DateTime updated_at { get; set; }
public Unknown ToModel() => new()
{
Id = id,
@@ -475,16 +480,25 @@ public sealed class UnknownsRepository : IUnknownsRepository
NetworkPolicy = containment_network_policy
}
: null,
FirstSeenAt = first_seen_at,
LastEvaluatedAt = last_evaluated_at,
FirstSeenAt = new DateTimeOffset(first_seen_at, TimeSpan.Zero),
LastEvaluatedAt = new DateTimeOffset(last_evaluated_at, TimeSpan.Zero),
ResolutionReason = resolution_reason,
ResolvedAt = resolved_at,
CreatedAt = created_at,
UpdatedAt = updated_at
ResolvedAt = resolved_at.HasValue ? new DateTimeOffset(resolved_at.Value, TimeSpan.Zero) : null,
CreatedAt = new DateTimeOffset(created_at, TimeSpan.Zero),
UpdatedAt = new DateTimeOffset(updated_at, TimeSpan.Zero)
};
}
private sealed record SummaryRow(int hot_count, int warm_count, int cold_count, int resolved_count);
/// <summary>
/// Internal row class for summary query Dapper materialization.
/// </summary>
private sealed class SummaryRow
{
public int hot_count { get; set; }
public int warm_count { get; set; }
public int cold_count { get; set; }
public int resolved_count { get; set; }
}
private static readonly JsonSerializerOptions JsonOptions = new()
{

5
src/Policy/__Tests/StellaOps.Policy.Persistence.Tests/ExceptionObjectRepositoryTests.cs
View File

@@ -449,6 +449,8 @@ public sealed class ExceptionObjectRepositoryTests : IAsyncLifetime
#region Test Helpers
private static readonly Guid TestTenantId = Guid.Parse("11111111-1111-1111-1111-111111111111");
private static ExceptionObject CreateException(
string exceptionId,
ExceptionStatus status = ExceptionStatus.Proposed,
@@ -469,7 +471,8 @@ public sealed class ExceptionObjectRepositoryTests : IAsyncLifetime
Scope = new ExceptionScope
{
VulnerabilityId = vulnerabilityId,
Environments = environments ?? []
Environments = environments ?? [],
TenantId = TestTenantId
},
OwnerId = "owner@example.com",
RequesterId = "requester@example.com",

48
src/Policy/__Tests/StellaOps.Policy.Persistence.Tests/PackVersioningWorkflowTests.cs
View File

@@ -22,6 +22,7 @@ public sealed class PackVersioningWorkflowTests : IAsyncLifetime
{
private readonly PolicyPostgresFixture _fixture;
private readonly PackRepository _packRepository;
private readonly PackVersionRepository _packVersionRepository;
private readonly RuleRepository _ruleRepository;
private readonly string _tenantId = Guid.NewGuid().ToString();
@@ -33,9 +34,27 @@ public sealed class PackVersioningWorkflowTests : IAsyncLifetime
options.SchemaName = fixture.SchemaName;
var dataSource = new PolicyDataSource(Options.Create(options), NullLogger<PolicyDataSource>.Instance);
_packRepository = new PackRepository(dataSource, NullLogger<PackRepository>.Instance);
_packVersionRepository = new PackVersionRepository(dataSource, NullLogger<PackVersionRepository>.Instance);
_ruleRepository = new RuleRepository(dataSource, NullLogger<RuleRepository>.Instance);
}
/// <summary>
/// Creates a published pack version required for SetActiveVersionAsync to work.
/// </summary>
private async Task CreatePublishedPackVersionAsync(Guid packId, int version)
{
await _packVersionRepository.CreateAsync(new PackVersionEntity
{
Id = Guid.NewGuid(),
PackId = packId,
Version = version,
Description = $"Test version {version}",
RulesHash = $"sha256:test-hash-v{version}-{Guid.NewGuid():N}",
IsPublished = true,
PublishedAt = DateTimeOffset.UtcNow
});
}
public ValueTask InitializeAsync() => new(_fixture.TruncateAllTablesAsync());
public ValueTask DisposeAsync() => ValueTask.CompletedTask;
@@ -56,6 +75,11 @@ public sealed class PackVersioningWorkflowTests : IAsyncLifetime
};
await _packRepository.CreateAsync(pack);
// Create published pack versions (required for SetActiveVersionAsync)
await CreatePublishedPackVersionAsync(pack.Id, 1);
await CreatePublishedPackVersionAsync(pack.Id, 2);
await CreatePublishedPackVersionAsync(pack.Id, 3);
// Act - Update to version 2
await _packRepository.SetActiveVersionAsync(_tenantId, pack.Id, 2);
var afterV2 = await _packRepository.GetByIdAsync(_tenantId, pack.Id);
@@ -88,6 +112,10 @@ public sealed class PackVersioningWorkflowTests : IAsyncLifetime
};
await _packRepository.CreateAsync(pack);
// Create published pack versions (required for SetActiveVersionAsync)
await CreatePublishedPackVersionAsync(pack.Id, 2);
await CreatePublishedPackVersionAsync(pack.Id, 3);
// Act - Rollback to version 2
await _packRepository.SetActiveVersionAsync(_tenantId, pack.Id, 2);
var afterRollback = await _packRepository.GetByIdAsync(_tenantId, pack.Id);
@@ -119,6 +147,11 @@ public sealed class PackVersioningWorkflowTests : IAsyncLifetime
await _packRepository.CreateAsync(pack1);
await _packRepository.CreateAsync(pack2);
// Create published pack versions (required for SetActiveVersionAsync)
await CreatePublishedPackVersionAsync(pack1.Id, 1);
await CreatePublishedPackVersionAsync(pack1.Id, 10);
await CreatePublishedPackVersionAsync(pack2.Id, 5);
// Act - Update pack1 only
await _packRepository.SetActiveVersionAsync(_tenantId, pack1.Id, 10);
@@ -169,6 +202,12 @@ public sealed class PackVersioningWorkflowTests : IAsyncLifetime
};
await _packRepository.CreateAsync(pack);
// Create published pack versions (required for SetActiveVersionAsync)
await CreatePublishedPackVersionAsync(pack.Id, 1);
await CreatePublishedPackVersionAsync(pack.Id, 2);
await CreatePublishedPackVersionAsync(pack.Id, 3);
await CreatePublishedPackVersionAsync(pack.Id, 4);
// Act - Simulate concurrent updates
var tasks = new[]
{
@@ -229,6 +268,11 @@ public sealed class PackVersioningWorkflowTests : IAsyncLifetime
ActiveVersion = 1
};
await _packRepository.CreateAsync(pack);
// Create published pack versions (required for SetActiveVersionAsync)
await CreatePublishedPackVersionAsync(pack.Id, 1);
await CreatePublishedPackVersionAsync(pack.Id, 2);
var created = await _packRepository.GetByIdAsync(_tenantId, pack.Id);
var initialUpdatedAt = created!.UpdatedAt;
@@ -280,6 +324,10 @@ public sealed class PackVersioningWorkflowTests : IAsyncLifetime
};
await _packRepository.CreateAsync(builtinPack);
// Create published pack versions (required for SetActiveVersionAsync)
await CreatePublishedPackVersionAsync(builtinPack.Id, 1);
await CreatePublishedPackVersionAsync(builtinPack.Id, 2);
// Act - Update version
await _packRepository.SetActiveVersionAsync(_tenantId, builtinPack.Id, 2);
var updated = await _packRepository.GetByIdAsync(_tenantId, builtinPack.Id);

6
src/Policy/__Tests/StellaOps.Policy.Persistence.Tests/PostgresExceptionObjectRepositoryTests.cs
View File

@@ -75,7 +75,9 @@ public sealed class PostgresExceptionObjectRepositoryTests : IAsyncLifetime
var exception = CreateVulnerabilityException("CVE-2024-12345") with
{
RecheckPolicyId = "policy-critical",
// RecheckPolicyId requires a valid FK reference, so we leave it null
// and just test the LastRecheckResult and LastRecheckAt fields
RecheckPolicyId = null,
LastRecheckResult = lastResult,
LastRecheckAt = DateTimeOffset.UtcNow
};
@@ -86,7 +88,7 @@ public sealed class PostgresExceptionObjectRepositoryTests : IAsyncLifetime
// Assert
fetched.Should().NotBeNull();
fetched!.RecheckPolicyId.Should().Be("policy-critical");
fetched!.RecheckPolicyId.Should().BeNull();
fetched.LastRecheckResult.Should().NotBeNull();
fetched.LastRecheckResult!.RecommendedAction.Should().Be(RecheckAction.Block);
fetched.LastRecheckResult!.TriggeredConditions.Should().ContainSingle(

3
src/Policy/__Tests/StellaOps.Policy.Persistence.Tests/RecheckEvidenceMigrationTests.cs
View File

@@ -42,7 +42,8 @@ public sealed class RecheckEvidenceMigrationTests : IAsyncLifetime
private static async Task AssertTableExistsAsync(NpgsqlConnection connection, string tableName)
{
await using var command = new NpgsqlCommand("SELECT to_regclass(@name)", connection);
// Cast regclass to text to avoid Npgsql type mapping issues
await using var command = new NpgsqlCommand("SELECT to_regclass(@name)::text", connection);
command.Parameters.AddWithValue("name", tableName);
var result = await command.ExecuteScalarAsync();
result.Should().NotBeNull($"{tableName} should exist after migrations");

40
src/Policy/__Tests/StellaOps.Policy.Persistence.Tests/RiskProfileVersionHistoryTests.cs
View File

@@ -1,3 +1,4 @@
using System.Text.Json;
using FluentAssertions;
using Microsoft.Extensions.Logging.Abstractions;
using Microsoft.Extensions.Options;
@@ -212,11 +213,11 @@ public sealed class RiskProfileVersionHistoryTests : IAsyncLifetime
// Act
var versions = await _repository.GetVersionsByNameAsync(_tenantId, profileName);
// Assert - Should be ordered by version
// Assert - Should be ordered by version DESC (newest first)
versions.Should().HaveCount(3);
versions[0].Version.Should().Be(1);
versions[0].Version.Should().Be(3);
versions[1].Version.Should().Be(2);
versions[2].Version.Should().Be(3);
versions[2].Version.Should().Be(1);
}
[Trait("Category", TestCategories.Unit)]
@@ -296,10 +297,35 @@ public sealed class RiskProfileVersionHistoryTests : IAsyncLifetime
var fetchedV2 = await _repository.GetByIdAsync(_tenantId, v2.Id);
// Assert - Both versions should preserve their original configuration
fetchedV1!.Thresholds.Should().Be(v1Thresholds);
fetchedV1.ScoringWeights.Should().Be(v1Weights);
fetchedV2!.Thresholds.Should().Be(v2Thresholds);
fetchedV2.ScoringWeights.Should().Be(v2Weights);
// Note: PostgreSQL jsonb may reorder keys, so we compare JSON values semantically
AssertJsonEquivalent(fetchedV1!.Thresholds, v1Thresholds);
AssertJsonEquivalent(fetchedV1.ScoringWeights, v1Weights);
AssertJsonEquivalent(fetchedV2!.Thresholds, v2Thresholds);
AssertJsonEquivalent(fetchedV2.ScoringWeights, v2Weights);
}
/// <summary>
/// Compares two JSON strings for semantic equivalence (ignores key ordering).
/// </summary>
private static void AssertJsonEquivalent(string? actual, string expected)
{
actual.Should().NotBeNull();
// Deserialize both to dictionaries with decimal values for numeric comparison
var actualDict = JsonSerializer.Deserialize<Dictionary<string, decimal>>(actual!);
var expectedDict = JsonSerializer.Deserialize<Dictionary<string, decimal>>(expected);
actualDict.Should().NotBeNull();
expectedDict.Should().NotBeNull();
// Compare keys
actualDict!.Keys.Should().BeEquivalentTo(expectedDict!.Keys);
// Compare values
foreach (var key in expectedDict.Keys)
{
actualDict[key].Should().Be(expectedDict[key], $"value for key '{key}' should match");
}
}
[Trait("Category", TestCategories.Unit)]

4
src/Policy/__Tests/StellaOps.Policy.Persistence.Tests/StellaOps.Policy.Persistence.Tests.csproj
View File

@@ -10,6 +10,10 @@
<IsTestProject>true</IsTestProject>
</PropertyGroup>
<ItemGroup>
<Content Include="xunit.runner.json" CopyToOutputDirectory="PreserveNewest" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="Dapper" />
<PackageReference Include="FluentAssertions" />

6
src/Policy/__Tests/StellaOps.Policy.Persistence.Tests/xunit.runner.json Normal file
View File

@@ -0,0 +1,6 @@
{
"$schema": "https://xunit.net/schema/current/xunit.runner.schema.json",
"parallelizeAssembly": false,
"parallelizeTestCollections": false,
"maxParallelThreads": 1
}