99 lines
5.6 KiB
JSON
99 lines
5.6 KiB
JSON
{
|
|
"type": "api",
|
|
"module": "multi-tenant",
|
|
"feature": "same-api-key-selection",
|
|
"runId": "run-001",
|
|
"capturedAtUtc": "2026-02-22T23:18:33Z",
|
|
"transport": "xUnit v3 in-process API integration via dotnet run",
|
|
"checks": [
|
|
{
|
|
"service": "authority",
|
|
"scope": "admin client assignment CRUD",
|
|
"testsRun": 8,
|
|
"testsPassed": 8,
|
|
"evidenceFile": "evidence/authority-console-admin-tenant-assignments.txt",
|
|
"behaviorVerified": [
|
|
"Create and update admin client endpoints persist multi-tenant assignments.",
|
|
"Duplicate, missing, and invalid tenant assignment payloads are rejected deterministically.",
|
|
"Audit event properties include before/after tenant assignment fields."
|
|
],
|
|
"result": "pass"
|
|
},
|
|
{
|
|
"service": "authority",
|
|
"scope": "console tenants selected marker",
|
|
"testsRun": 1,
|
|
"testsPassed": 1,
|
|
"evidenceFile": "evidence/authority-console-tenants-selected-marker.txt",
|
|
"behaviorVerified": [
|
|
"/console/tenants returns assigned tenant set and selectedTenant marker for immediate UI hydration."
|
|
],
|
|
"result": "pass"
|
|
},
|
|
{
|
|
"service": "authority",
|
|
"scope": "token issuance and validation tenant selection",
|
|
"testsRun": 8,
|
|
"testsPassed": 8,
|
|
"evidenceFile": "evidence/authority-token-tenant-selection-targeted.txt",
|
|
"behaviorVerified": [
|
|
"Client credentials and password grants select requested tenant when assigned.",
|
|
"Ambiguous or unassigned tenant selections are rejected.",
|
|
"Access token validation rejects tenant mismatch and out-of-assignment tenant claims."
|
|
],
|
|
"result": "pass"
|
|
},
|
|
{
|
|
"service": "platform",
|
|
"scope": "resolver + topology + context endpoints",
|
|
"testsRun": 14,
|
|
"testsPassed": 14,
|
|
"evidenceFile": "evidence/platform-tenant-isolation-targeted.txt",
|
|
"behaviorVerified": [
|
|
"Resolver returns tenant_missing and tenant_conflict errors deterministically.",
|
|
"Topology endpoints return bad request when tenant header is missing.",
|
|
"Topology and context data are isolated across tenants with overlapping identifiers."
|
|
],
|
|
"result": "pass"
|
|
},
|
|
{
|
|
"service": "scanner",
|
|
"scope": "resolver + scans + triage + unknowns + webhook lookup",
|
|
"testsRun": 13,
|
|
"testsPassed": 13,
|
|
"evidenceFile": "evidence/scanner-tenant-isolation-targeted.txt",
|
|
"behaviorVerified": [
|
|
"Resolver returns deterministic missing/conflict outcomes with canonical and legacy headers.",
|
|
"Cross-tenant scan status, triage evidence, and callgraph submission attempts are rejected.",
|
|
"Webhook source resolution is tenant-scoped and same sourceName collisions do not cross-dispatch."
|
|
],
|
|
"result": "pass"
|
|
},
|
|
{
|
|
"service": "graph",
|
|
"scope": "tenant resolver + authorization alignment",
|
|
"testsRun": 7,
|
|
"testsPassed": 7,
|
|
"evidenceFile": "evidence/graph-tenant-alignment-targeted.txt",
|
|
"observedHttpStatuses": [
|
|
"200",
|
|
"400",
|
|
"403"
|
|
],
|
|
"behaviorVerified": [
|
|
"Canonical tenant header + scope yields success for query path.",
|
|
"Conflicting tenant headers produce tenant_conflict/bad request behavior.",
|
|
"Missing required scope returns forbidden deterministically."
|
|
],
|
|
"result": "pass"
|
|
}
|
|
],
|
|
"summary": {
|
|
"testsRun": 51,
|
|
"testsPassed": 51,
|
|
"testsFailed": 0,
|
|
"crossTenantAttemptsDenied": true
|
|
},
|
|
"verdict": "pass"
|
|
}
|