fix(security): restore compliance scanner readback
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 2m36s
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled

This commit is contained in:
ogt
2026-07-11 21:01:51 +08:00
parent ccd94d45af
commit 964beb2564
4 changed files with 105 additions and 11 deletions

View File

@@ -0,0 +1,72 @@
from __future__ import annotations
import asyncio
from src.jobs import compliance_scanner_job
class _AssetRow:
asset_id = 1
asset_key = "host/test"
asset_type = "host"
metadata = {}
class _Result:
def fetchall(self):
return [_AssetRow()]
class _Database:
async def execute(self, statement, parameters=None):
return _Result()
class _Context:
async def __aenter__(self):
return _Database()
async def __aexit__(self, exc_type, exc, traceback):
return False
def test_background_compliance_scanner_scopes_database_operations(monkeypatch) -> None:
requested_projects: list[str | None] = []
def fake_db_context(project_id: str | None = None):
requested_projects.append(project_id)
return _Context()
monkeypatch.setattr("src.db.base.get_db_context", fake_db_context)
monkeypatch.setattr(
compliance_scanner_job,
"_evaluate_all_dimensions",
lambda asset: {"audit_log_enabled": ("compliant", {"source": "test"})},
)
async def exercise_compliance_operations() -> None:
assets = await compliance_scanner_job._fetch_active_assets()
assert assets == [
{
"asset_id": 1,
"asset_key": "host/test",
"asset_type": "host",
"metadata": {},
}
]
written, violations, warnings = (
await compliance_scanner_job._write_compliance_for_asset(assets[0])
)
assert (written, violations, warnings) == (1, 0, 0)
await compliance_scanner_job._log_aol(
stats={"assets_scanned": 1, "snapshots_written": 1},
duration_ms=10,
triggered_by="cron",
error=None,
)
asyncio.run(exercise_compliance_operations())
assert requested_projects == ["awoooi"] * 3

View File

@@ -345,6 +345,7 @@ def test_service_uses_canonical_awoooi_project_scope(monkeypatch) -> None:
def test_service_bounds_source_concurrency_for_database_budget(monkeypatch) -> None:
service = IwoooSSecurityAssetControlPlaneService()
concurrency = {"active": 0, "maximum": 0}
statements: list[str] = []
class EmptyResult:
def fetchall(self):
@@ -358,6 +359,7 @@ def test_service_bounds_source_concurrency_for_database_budget(monkeypatch) -> N
class SlowDb:
async def execute(self, statement):
statements.append(str(statement))
concurrency["active"] += 1
concurrency["maximum"] = max(concurrency["maximum"], concurrency["active"])
await asyncio.sleep(0.02)
@@ -381,6 +383,13 @@ def test_service_bounds_source_concurrency_for_database_budget(monkeypatch) -> N
assert payload["summary"]["source_count"] == 9
assert payload["summary"]["ready_source_count"] == 9
assert payload["summary"]["unavailable_source_count"] == 0
compliance_query = next(
statement
for statement in statements
if "asset_compliance_snapshot" in statement
)
assert "ORDER BY snapshot_id DESC" in compliance_query
assert "LIMIT 100000" in compliance_query
def test_public_api_returns_live_aggregate(monkeypatch) -> None: