37 lines
1.8 KiB
Python
37 lines
1.8 KiB
Python
from __future__ import annotations
|
|
|
|
from fastapi import FastAPI
|
|
from fastapi.testclient import TestClient
|
|
|
|
from src.api.v1.agents import router
|
|
|
|
|
|
def test_dependency_risk_policy_endpoint_returns_committed_snapshot():
|
|
app = FastAPI()
|
|
app.include_router(router, prefix="/api/v1")
|
|
client = TestClient(app)
|
|
|
|
response = client.get("/api/v1/agents/dependency-risk-policy")
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert data["schema_version"] == "dependency_risk_policy_v1"
|
|
assert data["program_status"]["overall_completion_percent"] == 98
|
|
assert data["program_status"]["read_only_mode"] is True
|
|
assert data["program_status"]["current_task_id"] == "P1-204"
|
|
assert data["program_status"]["next_task_id"] == "P1-205"
|
|
assert data["rollups"]["total_rules"] == len(data["severity_rules"]) == 12
|
|
assert data["rollups"]["by_severity"]["critical"] == 1
|
|
assert data["rollups"]["by_status"]["action_required"] == 8
|
|
assert data["operation_boundaries"]["read_only_policy_allowed"] is True
|
|
assert data["operation_boundaries"]["external_cve_lookup_allowed"] is False
|
|
assert data["operation_boundaries"]["external_license_lookup_allowed"] is False
|
|
assert data["operation_boundaries"]["package_upgrade_allowed"] is False
|
|
assert data["operation_boundaries"]["docker_build_allowed"] is False
|
|
assert data["operation_boundaries"]["registry_push_allowed"] is False
|
|
assert data["operation_boundaries"]["paid_api_call_allowed"] is False
|
|
assert data["approval_boundaries"]["shadow_or_canary_allowed"] is False
|
|
assert any(rule["rule_id"] == "cve_critical_known_exploited" for rule in data["severity_rules"])
|
|
assert any(rule["rule_id"] == "docker_base_not_digest_pinned" for rule in data["severity_rules"])
|
|
assert any(policy["policy_id"] == "external_source_policy" for policy in data["domain_policies"])
|