tests/test_audit.py
1.5 KB · 48 lines · python Raw
1 """Tests for KVAuditLog."""
2
3 from __future__ import annotations
4
5 import json
6
7 from pqc_kv_cache.audit import KVAuditLog
8
9
10 def test_log_encrypt_appends() -> None:
11 log = KVAuditLog()
12 log.log_encrypt("tenant-a", "sess-a", layer_idx=0, position=0, seq=1)
13 log.log_encrypt("tenant-a", "sess-a", layer_idx=0, position=1, seq=2)
14 assert len(log) == 2
15
16
17 def test_filter_by_tenant() -> None:
18 log = KVAuditLog()
19 log.log_encrypt("tenant-a", "sess-a", 0, 0, 1)
20 log.log_encrypt("tenant-b", "sess-b", 0, 0, 1)
21 a_entries = log.entries(tenant_id="tenant-a")
22 assert len(a_entries) == 1
23 assert a_entries[0].tenant_id == "tenant-a"
24
25
26 def test_filter_by_operation() -> None:
27 log = KVAuditLog()
28 log.log_encrypt("tenant-a", "sess-a", 0, 0, 1)
29 log.log_decrypt("tenant-a", "sess-a", 0, 0, 1, success=True)
30 log.log_rotate("tenant-a", "sess-a", trigger="entry-count")
31 log.log_isolation_violation("tenant-a", "tenant-b", details="cross-read")
32 ops = {"encrypt", "decrypt", "rotate", "isolation-violation"}
33 for op in ops:
34 entries = log.entries(operation=op)
35 assert len(entries) == 1
36 assert entries[0].operation == op
37
38
39 def test_export_json_valid() -> None:
40 log = KVAuditLog()
41 log.log_encrypt("tenant-a", "sess-a", 0, 0, 1)
42 log.log_rotate("tenant-a", "sess-a", trigger="manual")
43 data = json.loads(log.export_json())
44 assert isinstance(data, list)
45 assert len(data) == 2
46 assert data[0]["operation"] == "encrypt"
47 assert data[1]["operation"] == "rotate"
48