Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

Write tenant isolation integration tests #19

New Issue
Open
opened 2026-04-20 09:37:11 +00:00 by sharang · 0 comments
sharang commented 2026-04-20 09:37:11 +00:00
Owner
Copy Link
Copy Source

Problem

The most critical security assumption — that Tenant A cannot access Tenant B's data — has zero automated tests. This means any regression in the tenant isolation code (#5) could silently ship to production.

Required Actions

  1. Add backend-compliance/compliance/tests/test_tenant_isolation.py
  2. Test matrix (at minimum):
    • Tenant A authenticated user cannot GET any resource belonging to Tenant B
    • Tenant A user cannot PATCH/DELETE Tenant B's records
    • Supplying X-Tenant-ID for another tenant after #5 fix is rejected with 403
    • DSR requests, VVT entries, company profiles, change requests — all scoped
  3. Tests must run against a real test database (transactional fixture with rollback), not mocks
  4. Add to CI test-python-backend job

Acceptance Criteria

  • Test suite contains at minimum 10 cross-tenant access scenarios, all returning non-200
  • Tests run in CI and are not marked @pytest.mark.skip
  • Depends on: #5 (tenant isolation fix)
## Problem The most critical security assumption — that Tenant A cannot access Tenant B's data — has zero automated tests. This means any regression in the tenant isolation code (#5) could silently ship to production. ## Required Actions 1. Add `backend-compliance/compliance/tests/test_tenant_isolation.py` 2. Test matrix (at minimum): - Tenant A authenticated user cannot GET any resource belonging to Tenant B - Tenant A user cannot PATCH/DELETE Tenant B's records - Supplying `X-Tenant-ID` for another tenant after #5 fix is rejected with 403 - DSR requests, VVT entries, company profiles, change requests — all scoped 3. Tests must run against a real test database (transactional fixture with rollback), not mocks 4. Add to CI `test-python-backend` job ## Acceptance Criteria - Test suite contains at minimum 10 cross-tenant access scenarios, all returning non-200 - Tests run in CI and are not marked `@pytest.mark.skip` - Depends on: #5 (tenant isolation fix)
sharang added this to the M4: Testing & Contract Stability milestone 2026-04-20 09:37:11 +00:00
sharang added the testingseverity: highsecurity labels 2026-04-20 09:37:11 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
config
Env vars, secrets management, startup validation
 data-integrity
Transactions, indexes, pagination
 frontend
Next.js, client-side concerns
 observability
Logging, audit trails, health checks
 reliability
Error handling, retries, circuit breakers
 security
Auth, secrets, injection, tenant isolation
 severity: critical
System-level risk, data breach or full outage
 severity: high
Significant risk, must fix before go-live
 severity: medium
Important but not blocking go-live
 testing
Test coverage, integration tests
No Label security severity: high testing
Milestone
No items
No Milestone M4: Testing & Contract Stability
Projects
Clear projects
No project
Assignees
Clear assignees
sharang (Sharang Parnerkar) Benjamin_Boenisch
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Benjamin_Boenisch/breakpilot-compliance#19
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?