62 lines
1.8 KiB
Go
62 lines
1.8 KiB
Go
package audit
|
|
|
|
import (
|
|
"testing"
|
|
)
|
|
|
|
func TestValidateRecordRequiresDangerousOperationsToCarryReviewID(t *testing.T) {
|
|
record := Record{
|
|
SourceService: "alert",
|
|
ActorID: "u-1",
|
|
Action: "policy.update",
|
|
ObjectType: "notification_policy",
|
|
ObjectID: "np-1",
|
|
OperationRisk: RiskDangerous,
|
|
}
|
|
|
|
if err := ValidateRecord(record); err == nil {
|
|
t.Fatal("expected dangerous operation without approval id to fail")
|
|
}
|
|
|
|
record.ApprovalID = "apr-1"
|
|
if err := ValidateRecord(record); err != nil {
|
|
t.Fatalf("expected valid dangerous audit record, got %v", err)
|
|
}
|
|
}
|
|
|
|
func TestNormalizeRecordClassifiesDangerousActions(t *testing.T) {
|
|
record := NormalizeRecord(Record{
|
|
SourceService: " alert ",
|
|
Action: "notification_policy.update",
|
|
ObjectType: " notification_policy ",
|
|
ObjectID: " np-1 ",
|
|
ActorID: " u-1 ",
|
|
})
|
|
|
|
if record.SourceService != "alert" || record.ObjectType != "notification_policy" || record.ObjectID != "np-1" {
|
|
t.Fatalf("record was not normalized: %#v", record)
|
|
}
|
|
if record.OperationRisk != RiskDangerous {
|
|
t.Fatalf("notification policy changes must be dangerous, got %q", record.OperationRisk)
|
|
}
|
|
}
|
|
|
|
func TestApprovalTransitionAllowsApproveOnlyFromPending(t *testing.T) {
|
|
req := ApprovalRequest{Status: ApprovalPending}
|
|
|
|
approved, err := Transition(req, ApprovalApproved, "reviewer-1", "ok")
|
|
if err != nil {
|
|
t.Fatalf("expected pending approval to approve: %v", err)
|
|
}
|
|
if approved.Status != ApprovalApproved {
|
|
t.Fatalf("unexpected status: %s", approved.Status)
|
|
}
|
|
if approved.ReviewerID != "reviewer-1" || approved.ReviewComment != "ok" {
|
|
t.Fatalf("review metadata not stored: %#v", approved)
|
|
}
|
|
|
|
if _, err := Transition(approved, ApprovalRejected, "reviewer-2", "late"); err == nil {
|
|
t.Fatal("expected approved request to reject further transition")
|
|
}
|
|
}
|