tests/test_audit.py
| 1 | """Tests for EnclaveAuditLog.""" |
| 2 | |
| 3 | from __future__ import annotations |
| 4 | |
| 5 | from pqc_enclave_sdk import EnclaveAuditLog |
| 6 | |
| 7 | |
| 8 | def test_log_unlock_appends() -> None: |
| 9 | log = EnclaveAuditLog() |
| 10 | log.log_unlock(device_id="d-1", key_id="urn:pqc-enclave-key:abc") |
| 11 | assert len(log) == 1 |
| 12 | entries = log.entries() |
| 13 | assert entries[0].operation == "unlock" |
| 14 | assert entries[0].device_id == "d-1" |
| 15 | assert "abc" in entries[0].details |
| 16 | |
| 17 | |
| 18 | def test_log_put_captures_artifact_id_and_kind() -> None: |
| 19 | log = EnclaveAuditLog() |
| 20 | log.log_put( |
| 21 | device_id="d-1", |
| 22 | artifact_id="urn:pqc-enclave-art:1", |
| 23 | artifact_name="llama", |
| 24 | artifact_kind="model-weights", |
| 25 | ) |
| 26 | e = log.entries()[0] |
| 27 | assert e.artifact_id == "urn:pqc-enclave-art:1" |
| 28 | assert e.artifact_name == "llama" |
| 29 | assert e.artifact_kind == "model-weights" |
| 30 | |
| 31 | |
| 32 | def test_filter_by_operation() -> None: |
| 33 | log = EnclaveAuditLog() |
| 34 | log.log_unlock("d", "k-1") |
| 35 | log.log_put("d", "id-1", "n", "credential") |
| 36 | log.log_get("d", "id-1") |
| 37 | log.log_lock("d") |
| 38 | puts = log.entries(operation="put") |
| 39 | assert len(puts) == 1 |
| 40 | assert puts[0].operation == "put" |
| 41 | |
| 42 | |
| 43 | def test_filter_by_device_id() -> None: |
| 44 | log = EnclaveAuditLog() |
| 45 | log.log_unlock("d-alice", "k-1") |
| 46 | log.log_unlock("d-bob", "k-2") |
| 47 | alice = log.entries(device_id="d-alice") |
| 48 | bob = log.entries(device_id="d-bob") |
| 49 | assert len(alice) == 1 |
| 50 | assert len(bob) == 1 |
| 51 | assert alice[0].device_id == "d-alice" |
| 52 | assert bob[0].device_id == "d-bob" |
| 53 | |