Kyle Isom
dddc66f31b
Phase 5 (OCI pull): internal/oci/ package with manifest GET/HEAD by tag/digest, blob GET/HEAD with repo membership check, tag listing with OCI pagination, catalog listing. Multi-segment repo names via parseOCIPath() right-split routing. DB query layer in internal/db/repository.go. Phase 6 (OCI push): blob uploads (monolithic and chunked) with uploadManager tracking in-progress BlobWriters, manifest push implementing full ARCHITECTURE.md §5 flow in a single SQLite transaction (create repo, upsert manifest, populate manifest_blobs, atomic tag move). Digest verification on both blob commit and manifest push-by-digest. Phase 8 (admin REST): /v1 endpoints for auth (login/logout/health), repository management (list/detail/delete), policy CRUD with engine reload, audit log listing with filters, GC trigger/status stubs. RequireAdmin middleware, platform-standard error format. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
153 lines
4.2 KiB
Go
153 lines
4.2 KiB
Go
package server
|
|
|
|
import (
|
|
"encoding/json"
|
|
"testing"
|
|
|
|
"git.wntrmute.dev/kyle/mcr/internal/db"
|
|
)
|
|
|
|
func TestAdminListAuditEvents(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
router, _ := buildAdminRouter(t, database)
|
|
|
|
// Seed some audit events.
|
|
if err := database.WriteAuditEvent("login_ok", "user-1", "", "", "10.0.0.1", nil); err != nil {
|
|
t.Fatalf("WriteAuditEvent: %v", err)
|
|
}
|
|
if err := database.WriteAuditEvent("manifest_pushed", "user-1", "myapp", "sha256:abc", "10.0.0.1",
|
|
map[string]string{"tag": "latest"}); err != nil {
|
|
t.Fatalf("WriteAuditEvent: %v", err)
|
|
}
|
|
if err := database.WriteAuditEvent("login_ok", "user-2", "", "", "10.0.0.2", nil); err != nil {
|
|
t.Fatalf("WriteAuditEvent: %v", err)
|
|
}
|
|
|
|
rr := adminReq(t, router, "GET", "/v1/audit", "")
|
|
if rr.Code != 200 {
|
|
t.Fatalf("status: got %d, want 200", rr.Code)
|
|
}
|
|
|
|
var events []db.AuditEvent
|
|
if err := json.NewDecoder(rr.Body).Decode(&events); err != nil {
|
|
t.Fatalf("decode: %v", err)
|
|
}
|
|
if len(events) != 3 {
|
|
t.Fatalf("event count: got %d, want 3", len(events))
|
|
}
|
|
}
|
|
|
|
func TestAdminListAuditEventsWithFilter(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
router, _ := buildAdminRouter(t, database)
|
|
|
|
if err := database.WriteAuditEvent("login_ok", "user-1", "", "", "", nil); err != nil {
|
|
t.Fatalf("WriteAuditEvent: %v", err)
|
|
}
|
|
if err := database.WriteAuditEvent("manifest_pushed", "user-1", "myapp", "", "", nil); err != nil {
|
|
t.Fatalf("WriteAuditEvent: %v", err)
|
|
}
|
|
if err := database.WriteAuditEvent("login_ok", "user-2", "", "", "", nil); err != nil {
|
|
t.Fatalf("WriteAuditEvent: %v", err)
|
|
}
|
|
|
|
// Filter by event_type.
|
|
rr := adminReq(t, router, "GET", "/v1/audit?event_type=login_ok", "")
|
|
if rr.Code != 200 {
|
|
t.Fatalf("status: got %d, want 200", rr.Code)
|
|
}
|
|
|
|
var events []db.AuditEvent
|
|
if err := json.NewDecoder(rr.Body).Decode(&events); err != nil {
|
|
t.Fatalf("decode: %v", err)
|
|
}
|
|
if len(events) != 2 {
|
|
t.Fatalf("event count: got %d, want 2", len(events))
|
|
}
|
|
for _, e := range events {
|
|
if e.EventType != "login_ok" {
|
|
t.Fatalf("unexpected event type: %q", e.EventType)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestAdminListAuditEventsFilterByActor(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
router, _ := buildAdminRouter(t, database)
|
|
|
|
if err := database.WriteAuditEvent("login_ok", "actor-a", "", "", "", nil); err != nil {
|
|
t.Fatalf("WriteAuditEvent: %v", err)
|
|
}
|
|
if err := database.WriteAuditEvent("login_ok", "actor-b", "", "", "", nil); err != nil {
|
|
t.Fatalf("WriteAuditEvent: %v", err)
|
|
}
|
|
|
|
rr := adminReq(t, router, "GET", "/v1/audit?actor_id=actor-a", "")
|
|
if rr.Code != 200 {
|
|
t.Fatalf("status: got %d, want 200", rr.Code)
|
|
}
|
|
|
|
var events []db.AuditEvent
|
|
if err := json.NewDecoder(rr.Body).Decode(&events); err != nil {
|
|
t.Fatalf("decode: %v", err)
|
|
}
|
|
if len(events) != 1 {
|
|
t.Fatalf("event count: got %d, want 1", len(events))
|
|
}
|
|
if events[0].ActorID != "actor-a" {
|
|
t.Fatalf("actor_id: got %q, want %q", events[0].ActorID, "actor-a")
|
|
}
|
|
}
|
|
|
|
func TestAdminListAuditEventsPagination(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
router, _ := buildAdminRouter(t, database)
|
|
|
|
for range 5 {
|
|
if err := database.WriteAuditEvent("login_ok", "user-1", "", "", "", nil); err != nil {
|
|
t.Fatalf("WriteAuditEvent: %v", err)
|
|
}
|
|
}
|
|
|
|
rr := adminReq(t, router, "GET", "/v1/audit?n=2&offset=0", "")
|
|
if rr.Code != 200 {
|
|
t.Fatalf("status: got %d, want 200", rr.Code)
|
|
}
|
|
|
|
var events []db.AuditEvent
|
|
if err := json.NewDecoder(rr.Body).Decode(&events); err != nil {
|
|
t.Fatalf("decode: %v", err)
|
|
}
|
|
if len(events) != 2 {
|
|
t.Fatalf("event count: got %d, want 2", len(events))
|
|
}
|
|
}
|
|
|
|
func TestAdminListAuditEventsEmpty(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
router, _ := buildAdminRouter(t, database)
|
|
|
|
rr := adminReq(t, router, "GET", "/v1/audit", "")
|
|
if rr.Code != 200 {
|
|
t.Fatalf("status: got %d, want 200", rr.Code)
|
|
}
|
|
|
|
var events []db.AuditEvent
|
|
if err := json.NewDecoder(rr.Body).Decode(&events); err != nil {
|
|
t.Fatalf("decode: %v", err)
|
|
}
|
|
if len(events) != 0 {
|
|
t.Fatalf("event count: got %d, want 0", len(events))
|
|
}
|
|
}
|
|
|
|
func TestAdminListAuditEventsNonAdmin(t *testing.T) {
|
|
database := openAdminTestDB(t)
|
|
router := buildNonAdminRouter(t, database)
|
|
|
|
rr := adminReq(t, router, "GET", "/v1/audit", "")
|
|
if rr.Code != 403 {
|
|
t.Fatalf("status: got %d, want 403", rr.Code)
|
|
}
|
|
}
|