sharang
4c46d673fb
Replaces the M5.1-skeleton handler set with the M4.2 spec from
IMPLEMENTATION_PLAN.md:
Endpoints (authoritative shape in openapi.yaml):
POST /v1/tenants
GET /v1/tenants/{id}
GET /v1/tenants/by-slug/{slug}
POST /v1/tenants/{id}/activate
POST /v1/tenants/{id}/cancel
GET /v1/entitlements?tenant_id=...
GET /v1/catalog
POST /v1/catalog/request
POST /v1/catalog/trial-request
POST /v1/api-keys returns plaintext ONCE
GET /v1/api-keys?tenant_id=...
DELETE /v1/api-keys/{id}
POST /v1/internal/api-keys/verify always 200; valid: bool
POST /v1/audit
GET /v1/audit?{tenant_id,product,actor_id,action,since,until,limit,cursor}
Architecture:
internal/store/store.go Store interface (CRUD + audit + ping)
internal/store/memory.go in-process impl, used when DATABASE_URL
is empty (seed acme tenant, no migrations)
internal/store/postgres.go pgxpool impl against the M4.1 schema
internal/server/server.go router + healthz/readyz
internal/server/{tenants,catalog,apikeys,audit}.go
per-concern handlers (≤250 LoC each)
internal/server/helpers.go writeJSON/writeError/error mapping/log mw
openapi.yaml 3.1 spec; openapi_test.go is the contract gate
API keys:
Plaintext format 'bp_<22-char base64>'. Prefix bp_<8> stored for UI.
Hash is argon2id(salt, time=1, mem=64MB, threads=4, len=32) encoded as
'argon2id|<salt-b64>|<hash-b64>'. Format-tagged so we can rotate
parameters without re-keying. Verify is constant-time.
Store selection:
cmd/server picks Postgres when DATABASE_URL is set, otherwise Memory.
Both implementations are exercised by the same eachStore test harness —
parity is enforced.
Audit:
Every state-changing endpoint emits via s.emitAudit() (fire-and-forget).
audit_log uses ON DELETE SET NULL on tenant_id so forensic history
outlives tenant deletes (per M4.1 schema).
Routing constraint:
Go 1.22 ServeMux can't disambiguate /v1/tenants/{id}/products from
/v1/tenants/by-slug/{slug=products}. Per-tenant subresources moved to
query-param top-level paths: /v1/entitlements?tenant_id=… and
/v1/api-keys?tenant_id=….
Tests:
Every endpoint exercised against both Memory and Postgres via the
eachStore harness. Includes happy paths, validation errors, conflicts,
404s, auto-audit-emit assertion. testcontainers-go for the postgres
harness; gated by -short.
TestOpenAPISpec is the contract gate: every documented operation must
resolve against the router. (kin-openapi v0.138.0.)
Refs: M4.2
114 lines
3.3 KiB
Go
114 lines
3.3 KiB
Go
package server_test
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"gitea.meghsakha.com/platform/tenant-registry/internal/store"
|
|
)
|
|
|
|
func TestAppendAndListAudit(t *testing.T) {
|
|
eachStore(t, func(t *testing.T, h *testHarness) {
|
|
// Take a snapshot of the audit count beforehand (the seed acme tenant
|
|
// + any /v1/tenants POST in earlier subtests already emit events).
|
|
resp, body := h.do("GET", "/v1/audit?limit=500", nil)
|
|
if resp.StatusCode != 200 {
|
|
t.Fatalf("baseline list status = %d", resp.StatusCode)
|
|
}
|
|
baseline := decode[struct {
|
|
Items []store.AuditEvent `json:"items"`
|
|
}](t, body)
|
|
before := len(baseline.Items)
|
|
|
|
// Append three events.
|
|
for i := 0; i < 3; i++ {
|
|
resp, body := h.do("POST", "/v1/audit", map[string]any{
|
|
"tenant_id": h.tenant.ID, "action": "test.event",
|
|
"actor_id": "u1", "actor_name": "Test User",
|
|
"metadata": map[string]any{"i": i},
|
|
})
|
|
if resp.StatusCode != http.StatusCreated {
|
|
t.Fatalf("append %d status = %d, body=%s", i, resp.StatusCode, body)
|
|
}
|
|
}
|
|
|
|
// List again, expect baseline + 3
|
|
resp, body = h.do("GET", "/v1/audit?limit=500", nil)
|
|
if resp.StatusCode != 200 {
|
|
t.Fatalf("list status = %d", resp.StatusCode)
|
|
}
|
|
after := decode[struct {
|
|
Items []store.AuditEvent `json:"items"`
|
|
}](t, body)
|
|
if len(after.Items) != before+3 {
|
|
t.Errorf("expected before+3=%d events, got %d", before+3, len(after.Items))
|
|
}
|
|
|
|
// Filter by action: only our test.event rows.
|
|
resp, body = h.do("GET", "/v1/audit?action=test.event", nil)
|
|
if resp.StatusCode != 200 {
|
|
t.Fatalf("filter status = %d", resp.StatusCode)
|
|
}
|
|
filtered := decode[struct {
|
|
Items []store.AuditEvent `json:"items"`
|
|
}](t, body)
|
|
if len(filtered.Items) != 3 {
|
|
t.Errorf("expected 3 filtered events, got %d", len(filtered.Items))
|
|
}
|
|
for _, ev := range filtered.Items {
|
|
if ev.Action != "test.event" {
|
|
t.Errorf("filter leaked %q", ev.Action)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestAppendAudit_actionRequired(t *testing.T) {
|
|
eachStore(t, func(t *testing.T, h *testHarness) {
|
|
resp, _ := h.do("POST", "/v1/audit", map[string]any{
|
|
"tenant_id": h.tenant.ID,
|
|
})
|
|
if resp.StatusCode != http.StatusBadRequest {
|
|
t.Fatalf("status = %d", resp.StatusCode)
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestListAudit_invalidParams(t *testing.T) {
|
|
eachStore(t, func(t *testing.T, h *testHarness) {
|
|
cases := []string{
|
|
"/v1/audit?since=notatime",
|
|
"/v1/audit?until=notatime",
|
|
"/v1/audit?limit=0",
|
|
"/v1/audit?limit=10000",
|
|
"/v1/audit?cursor=abc",
|
|
}
|
|
for _, p := range cases {
|
|
resp, _ := h.do("GET", p, nil)
|
|
if resp.StatusCode != http.StatusBadRequest {
|
|
t.Errorf("%s: status = %d, want 400", p, resp.StatusCode)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestAuditAutoEmittedOnTenantCreate(t *testing.T) {
|
|
eachStore(t, func(t *testing.T, h *testHarness) {
|
|
_, body := h.do("POST", "/v1/tenants", map[string]any{
|
|
"slug": "audit-target", "name": "Audit Target",
|
|
})
|
|
fresh := decode[store.Tenant](t, body)
|
|
|
|
resp, body := h.do("GET", "/v1/audit?action=tenant.created&tenant_id="+fresh.ID, nil)
|
|
if resp.StatusCode != 200 {
|
|
t.Fatalf("status = %d", resp.StatusCode)
|
|
}
|
|
events := decode[struct {
|
|
Items []store.AuditEvent `json:"items"`
|
|
}](t, body)
|
|
if len(events.Items) != 1 || events.Items[0].TargetID != fresh.ID {
|
|
t.Errorf("expected exactly one tenant.created event for %s, got %d items", fresh.ID, len(events.Items))
|
|
}
|
|
})
|
|
}
|