4ed96a83a5
Some checks failed
Code Review / ai-code-review (push) Successful in 17s
CD Pipeline / tests (push) Successful in 1m39s
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
90 lines
4.3 KiB
Python
90 lines
4.3 KiB
Python
from __future__ import annotations
|
|
|
|
from fastapi import FastAPI
|
|
from fastapi.testclient import TestClient
|
|
|
|
from src.api.v1.iwooos import router
|
|
from src.services.iwooos_wazuh_managed_host_coverage import (
|
|
load_latest_iwooos_wazuh_managed_host_coverage,
|
|
)
|
|
|
|
|
|
def _client() -> TestClient:
|
|
app = FastAPI()
|
|
app.include_router(router)
|
|
return TestClient(app)
|
|
|
|
|
|
def test_iwooos_wazuh_managed_host_coverage_keeps_registry_gate_closed() -> None:
|
|
payload = load_latest_iwooos_wazuh_managed_host_coverage()
|
|
|
|
assert payload["schema_version"] == "iwooos_wazuh_managed_host_coverage_readback_v1"
|
|
assert payload["status"] == "blocked_waiting_full_host_registry_readback"
|
|
assert payload["mode"] == "committed_snapshot_readback_alias_only_no_wazuh_live_query"
|
|
assert payload["summary"]["expected_host_scope_count"] == 6
|
|
assert payload["summary"]["host_scope_matrix_count"] == 6
|
|
assert payload["summary"]["direct_agent_active_observed_count"] == 2
|
|
assert payload["summary"]["direct_agent_missing_or_no_transport_count"] == 1
|
|
assert payload["summary"]["ssh_readback_blocked_count"] == 3
|
|
assert payload["summary"]["manager_registry_accepted_count"] == 0
|
|
assert payload["summary"]["manager_registry_gap_count"] == 6
|
|
assert payload["summary"]["required_evidence_before_green_count"] == 6
|
|
assert payload["summary"]["required_evidence_accepted_count"] == 0
|
|
assert payload["summary"]["runtime_gate_count"] == 0
|
|
assert payload["summary"]["active_response_authorized_count"] == 0
|
|
assert payload["summary"]["host_write_authorized_count"] == 0
|
|
assert payload["summary"]["agent_reenroll_authorized_count"] == 0
|
|
assert payload["summary"]["agent_restart_authorized_count"] == 0
|
|
|
|
boundaries = payload["boundaries"]
|
|
assert boundaries["not_authorization"] is True
|
|
for key, value in boundaries.items():
|
|
if key == "not_authorization":
|
|
continue
|
|
assert value is False
|
|
|
|
|
|
def test_iwooos_wazuh_managed_host_coverage_alias_matrix_is_complete() -> None:
|
|
payload = load_latest_iwooos_wazuh_managed_host_coverage()
|
|
|
|
matrix = payload["host_scope_matrix"]
|
|
assert [item["node_id"] for item in matrix] == [
|
|
"managed_core_node_a",
|
|
"managed_core_node_b",
|
|
"managed_dev_node_a",
|
|
"managed_dev_node_b",
|
|
"managed_control_node_a",
|
|
"managed_control_node_b",
|
|
]
|
|
assert all(item["node_id"].startswith("managed_") for item in matrix)
|
|
assert all(item["manager_registry_accepted"] is False for item in matrix)
|
|
assert matrix[0]["readback_status"] == "agent_active_transport_observed"
|
|
assert matrix[0]["next_gate"] == "manager_registry_cross_check"
|
|
assert matrix[2]["readback_status"] == "no_agent_transport_observed"
|
|
assert matrix[3]["readback_status"] == "ssh_readback_blocked"
|
|
|
|
|
|
def test_iwooos_wazuh_managed_host_coverage_api_is_public_safe() -> None:
|
|
response = _client().get("/api/v1/iwooos/wazuh-managed-host-coverage")
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert data["schema_version"] == "iwooos_wazuh_managed_host_coverage_readback_v1"
|
|
assert data["summary"]["expected_host_scope_count"] == 6
|
|
assert data["summary"]["manager_registry_accepted_count"] == 0
|
|
assert data["summary"]["manager_registry_gap_count"] == 6
|
|
assert data["summary"]["required_evidence_accepted_count"] == 0
|
|
assert data["summary"]["runtime_gate_count"] == 0
|
|
assert len(data["host_scope_matrix"]) == 6
|
|
assert any(marker == "wazuh_managed_host_coverage_host_scope_matrix_count=6" for marker in data["boundary_markers"])
|
|
assert any(marker == "wazuh_managed_host_coverage_manager_registry_accepted_count=0" for marker in data["boundary_markers"])
|
|
assert any(marker == "wazuh_managed_host_coverage_manager_registry_gap_count=6" for marker in data["boundary_markers"])
|
|
assert any(marker == "wazuh_managed_host_coverage_required_evidence_accepted_count=0" for marker in data["boundary_markers"])
|
|
assert any(rule.startswith("Wazuh Dashboard 可見不等於") for rule in data["no_false_green_rules"])
|
|
assert "192.168.0." not in response.text
|
|
assert "工作視窗" not in response.text
|
|
assert "批准!繼續" not in response.text
|
|
assert "source_thread_id" not in response.text
|
|
assert "owenhytsai/" not in response.text
|
|
assert "WAZUH_API_PASSWORD" not in response.text
|