ruben/ai-agent
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ai-agent/tests/security/test_core.py

162 lines
No EOL
6.7 KiB
Python
Raw Blame History

import unittest
from unittest.mock import MagicMock
from datetime import datetime
import os
from security.memory.core import MemoryCore, EncryptionError, DecryptionError, AccessDenied, NotFound
from security.rbac_engine import RBACEngine, ClientCertInfo
class TestMemoryCore(unittest.TestCase):
def setUp(self):
# Setup mock RBAC engine
self.mock_rbac = MagicMock(spec=RBACEngine)
self.mock_rbac.validate_permission.return_value = True
# Test encryption key
self.test_key = os.urandom(32)
# Initialize core
self.core = MemoryCore(self.test_key, self.mock_rbac)
# Test data
self.test_key = "test_key"
self.test_value = b"test_value"
self.test_user = "test_user"
self.test_cert = ClientCertInfo(
subject={"CN": "test_cert"},
issuer={"CN": "test_issuer"},
not_before=datetime.now(),
not_after=datetime(2030, 1, 1)
)
def test_create_success(self):
result = self.core.create(self.test_key, self.test_value, self.test_user)
self.assertTrue(result)
self.assertIn(self.test_key, self.core.data)
def test_create_rbac_failure(self):
self.mock_rbac.validate_permission.return_value = False
with self.assertRaises(AccessDenied):
self.core.create(self.test_key, self.test_value, self.test_user)
def test_read_success(self):
self.core.create(self.test_key, self.test_value, self.test_user)
result = self.core.read(self.test_key, self.test_user)
self.assertEqual(result, self.test_value)
def test_read_not_found(self):
with self.assertRaises(NotFound):
self.core.read("nonexistent_key", self.test_user)
def test_read_rbac_failure(self):
self.core.create(self.test_key, self.test_value, self.test_user)
self.mock_rbac.validate_permission.return_value = False
with self.assertRaises(AccessDenied):
self.core.read(self.test_key, self.test_user)
def test_update_success(self):
self.core.create(self.test_key, self.test_value, self.test_user)
new_value = b"new_value"
result = self.core.update(self.test_key, new_value, self.test_user)
self.assertTrue(result)
self.assertEqual(self.core.read(self.test_key, self.test_user), new_value)
def test_update_not_found(self):
with self.assertRaises(NotFound):
self.core.update("nonexistent_key", self.test_value, self.test_user)
def test_delete_success(self):
self.core.create(self.test_key, self.test_value, self.test_user)
result = self.core.delete(self.test_key, self.test_user)
self.assertTrue(result)
self.assertNotIn(self.test_key, self.core.data)
def test_encryption_error(self):
with self.assertRaises(EncryptionError):
# Pass invalid key to force encryption error
bad_core = MemoryCore(b"invalid_key", self.mock_rbac)
bad_core.create(self.test_key, self.test_value, self.test_user)
def test_decryption_error(self):
self.core.create(self.test_key, self.test_value, self.test_user)
# Corrupt the encrypted data
self.core.data[self.test_key] = b"corrupted_data"
with self.assertRaises(DecryptionError):
self.core.read(self.test_key, self.test_user)
def test_audit_logging(self):
initial_log_count = len(self.core.audit_log)
self.core.create(self.test_key, self.test_value, self.test_user)
self.assertEqual(len(self.core.audit_log), initial_log_count + 1)
self.core.read(self.test_key, self.test_user)
self.assertEqual(len(self.core.audit_log), initial_log_count + 2)
def test_cert_based_auth(self):
result = self.core.create(self.test_key, self.test_value, cert_info=self.test_cert)
self.assertTrue(result)
self.assertIn(self.test_key, self.core.data)
def test_memory_operations_rbac_integration(self):
"""Test RBAC integration with memory operations"""
# Test create with valid permission
self.mock_rbac.validate_permission.return_value = True
result = self.core.create("key1", b"value1", self.test_user)
self.assertTrue(result)
# Test create with invalid permission
self.mock_rbac.validate_permission.return_value = False
with self.assertRaises(AccessDenied):
self.core.create("key2", b"value2", self.test_user)
# Test read with valid permission
self.mock_rbac.validate_permission.return_value = True
value = self.core.read("key1", self.test_user)
self.assertEqual(value, b"value1")
# Test read with invalid permission
self.mock_rbac.validate_permission.return_value = False
with self.assertRaises(AccessDenied):
self.core.read("key1", self.test_user)
# Test update with valid permission
self.mock_rbac.validate_permission.return_value = True
result = self.core.update("key1", b"new_value", self.test_user)
self.assertTrue(result)
# Test update with invalid permission
self.mock_rbac.validate_permission.return_value = False
with self.assertRaises(AccessDenied):
self.core.update("key1", b"new_value", self.test_user)
# Test delete with valid permission
self.mock_rbac.validate_permission.return_value = True
result = self.core.delete("key1", self.test_user)
self.assertTrue(result)
# Test delete with invalid permission
self.core.create("key1", b"value1", self.test_user)
self.mock_rbac.validate_permission.return_value = False
with self.assertRaises(AccessDenied):
self.core.delete("key1", self.test_user)
def test_memory_operations_cert_auth(self):
"""Test certificate-based authentication for memory operations"""
# Test create with valid cert
self.mock_rbac.validate_permission.return_value = True
result = self.core.create("key1", b"value1", cert_info=self.test_cert)
self.assertTrue(result)
# Test read with valid cert
value = self.core.read("key1", cert_info=self.test_cert)
self.assertEqual(value, b"value1")
# Test update with valid cert
result = self.core.update("key1", b"new_value", cert_info=self.test_cert)
self.assertTrue(result)
# Test delete with valid cert
result = self.core.delete("key1", cert_info=self.test_cert)
self.assertTrue(result)
if __name__ == '__main__':
unittest.main()
Reference in a new issue View git blame Copy permalink