Restore live platform compatibility contracts

2026-03-10 01:37:24 +02:00
parent 6b7168ca3c
commit afb9711e61
15 changed files with 1790 additions and 27 deletions
--- a/src/Policy/__Tests/StellaOps.Policy.Gateway.Tests/GovernanceCompatibilityEndpointsTests.cs
+++ b/src/Policy/__Tests/StellaOps.Policy.Gateway.Tests/GovernanceCompatibilityEndpointsTests.cs
@@ -0,0 +1,112 @@
+using System.Net.Http.Json;
+using System.Text.Json;
+using StellaOps.TestKit;
+using Xunit;
+
+namespace StellaOps.Policy.Gateway.Tests;
+
+public sealed class GovernanceCompatibilityEndpointsTests : IClassFixture<TestPolicyGatewayFactory>
+{
+    private readonly HttpClient _client;
+
+    public GovernanceCompatibilityEndpointsTests(TestPolicyGatewayFactory factory)
+    {
+        _client = factory.CreateClient();
+        _client.DefaultRequestHeaders.Add("X-StellaOps-Tenant", "test-tenant");
+    }
+
+    [Trait("Category", TestCategories.Integration)]
+    [Fact]
+    public async Task GetTrustWeights_ReturnsCompatibilityShape()
+    {
+        var response = await _client.GetAsync("/api/v1/governance/trust-weights", TestContext.Current.CancellationToken);
+        response.EnsureSuccessStatusCode();
+
+        var payload = await response.Content.ReadFromJsonAsync<JsonElement>(TestContext.Current.CancellationToken);
+        Assert.Equal("test-tenant", payload.GetProperty("tenantId").GetString());
+        Assert.True(payload.GetProperty("weights").GetArrayLength() >= 3);
+    }
+
+    [Trait("Category", TestCategories.Integration)]
+    [Fact]
+    public async Task PutTrustWeight_PersistsUpdatedPriorityAndWeight()
+    {
+        var updateResponse = await _client.PutAsJsonAsync(
+            "/api/v1/governance/trust-weights/tw-002",
+            new
+            {
+                id = "tw-002",
+                issuerId = "nist",
+                issuerName = "NIST NVD",
+                source = "nist",
+                weight = 1.75m,
+                priority = 1,
+                active = true,
+                reason = "Escalated for live route verification"
+            },
+            TestContext.Current.CancellationToken);
+        updateResponse.EnsureSuccessStatusCode();
+
+        var listResponse = await _client.GetAsync("/api/v1/governance/trust-weights", TestContext.Current.CancellationToken);
+        listResponse.EnsureSuccessStatusCode();
+        var payload = await listResponse.Content.ReadFromJsonAsync<JsonElement>(TestContext.Current.CancellationToken);
+        var updated = payload.GetProperty("weights").EnumerateArray().Single(item => item.GetProperty("id").GetString() == "tw-002");
+
+        Assert.Equal(1.75m, updated.GetProperty("weight").GetDecimal());
+        Assert.Equal(1, updated.GetProperty("priority").GetInt32());
+    }
+
+    [Trait("Category", TestCategories.Integration)]
+    [Fact]
+    public async Task PreviewImpact_ReturnsAffectedFindingSamples()
+    {
+        var response = await _client.PostAsJsonAsync(
+            "/api/v1/governance/trust-weights/preview-impact",
+            new
+            {
+                weights = new[]
+                {
+                    new { issuerId = "cisa", issuerName = "CISA", source = "cisa", weight = 1.6m, active = true }
+                }
+            },
+            TestContext.Current.CancellationToken);
+        response.EnsureSuccessStatusCode();
+
+        var payload = await response.Content.ReadFromJsonAsync<JsonElement>(TestContext.Current.CancellationToken);
+        Assert.True(payload.GetProperty("affectedVulnerabilities").GetInt32() > 0);
+        Assert.True(payload.GetProperty("sampleAffected").GetArrayLength() > 0);
+    }
+
+    [Trait("Category", TestCategories.Integration)]
+    [Fact]
+    public async Task StalenessEndpoints_ReturnConfigAndStatusUpdates()
+    {
+        var updateResponse = await _client.PutAsJsonAsync(
+            "/api/v1/governance/staleness/config/sbom",
+            new
+            {
+                dataType = "sbom",
+                enabled = false,
+                gracePeriodHours = 48,
+                thresholds = new[]
+                {
+                    new { level = "fresh", ageDays = 14, severity = "low", actions = new[] { new { type = "warn", message = "Fresh enough" } } }
+                }
+            },
+            TestContext.Current.CancellationToken);
+        updateResponse.EnsureSuccessStatusCode();
+
+        var configResponse = await _client.GetAsync("/api/v1/governance/staleness/config", TestContext.Current.CancellationToken);
+        configResponse.EnsureSuccessStatusCode();
+        var config = await configResponse.Content.ReadFromJsonAsync<JsonElement>(TestContext.Current.CancellationToken);
+        var sbomConfig = config.GetProperty("configs").EnumerateArray().Single(item => item.GetProperty("dataType").GetString() == "sbom");
+        Assert.False(sbomConfig.GetProperty("enabled").GetBoolean());
+        Assert.Equal(48, sbomConfig.GetProperty("gracePeriodHours").GetInt32());
+
+        var statusResponse = await _client.GetAsync("/api/v1/governance/staleness/status", TestContext.Current.CancellationToken);
+        statusResponse.EnsureSuccessStatusCode();
+        var status = await statusResponse.Content.ReadFromJsonAsync<JsonElement>(TestContext.Current.CancellationToken);
+        Assert.True(status.ValueKind == JsonValueKind.Array);
+        Assert.True(status.GetArrayLength() > 0);
+    }
+}