Sharang Parnerkar
e3aabe7d18
CI / Check (pull_request) Successful in 8m40s
CI / Detect Changes (pull_request) Has been skipped
CI / Deploy Agent (pull_request) Has been skipped
CI / Deploy Dashboard (pull_request) Has been skipped
CI / Deploy Docs (pull_request) Has been skipped
CI / Deploy MCP (pull_request) Has been skipped
First slice of the M7.2 tenant-isolation work. Adds a `DatabasePool`
that hands out per-tenant `Database` handles physically scoped to
`<prefix>_<tenant_id>` Mongo databases. Isolation is at the driver,
not at "we hope we filter" — a handle for tenant A literally cannot
see tenant B's documents because it's connected to a different db.
What's in this PR
- DatabasePool::connect — pings the cluster, prepares per-tenant lazy
handles.
- DatabasePool::for_tenant(&TenantContext) — returns a Database scoped
to that tenant. ensure_indexes runs once per tenant per process via
a DashMap-backed marker; failure rolls the marker back so the next
request retries.
- tenant_db_name — `<prefix>_<sanitized_tenant_id>` if it fits in
Mongo's 63-byte db-name cap, else `<prefix>_<sha256-16hex>` fallback.
- Sanitizer rewrites the Mongo-disallowed chars (`/ \ . " $ <space>
NUL`) so any future tenant_id shape works.
- ComplianceAgent gains a `db_pool: DatabasePool` field next to the
existing `db: Database`. Handlers / pipelines / webhooks still use
`db` — they migrate to `db_pool.for_tenant(&ctx)` in M7.2-B/C and
`db` goes away in M7.2-D.
Test plan
- cargo fmt --all clean
- cargo clippy --workspace --exclude compliance-dashboard -- -D warnings
clean
- cargo test -p compliance-core --lib — 7 pass
- cargo test -p compliance-agent --lib — 228 pass
- cargo test -p compliance-agent --test tenant_isolation — 4 pass
against live mongo on 27017:
* pool_isolates_tenants_at_driver_level — writes for acme + globex,
reads through each tenant's handle; each sees exactly its own
data with no filter doc anywhere.
* for_tenant_is_idempotent_index_creation — second + third call
for the same tenant do not error.
* tenant_db_name_sanitizes_unsafe_characters
* tenant_db_name_falls_back_to_hash_when_too_long — 100-byte
tenant_id collapses to a stable 8-byte hex suffix.
Why per-tenant DB vs `tenant_id` field + filter
- Driver-level isolation; impossible to forget the filter on one of
the 184 query call-sites in compliance-agent.
- Handlers don't change shape at migration — `agent.db.findings()`
becomes `db.findings()` after pulling `db` from
`agent.db_pool.for_tenant(&ctx)`.
- GDPR delete = `db.dropDatabase()`.
- On-prem deploy = the same code path, with one tenant.
- Trade-off accepted: index storage duplicated per tenant; Mongo's
~thousand-db ceiling is way above the 10s-100s tenants we're
targeting.
Caveats
- Existing `agent.db` continues to point at the single legacy db.
Handlers / pipelines that use it are unscoped until M7.2-B/C
migrate them.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
170 lines
5.6 KiB
Rust
170 lines
5.6 KiB
Rust
// Shared test harness for E2E / integration tests.
|
|
//
|
|
// Spins up the agent API server on a random port with an isolated test
|
|
// database. Each test gets a fresh database that is dropped on cleanup.
|
|
|
|
use std::sync::Arc;
|
|
|
|
use compliance_agent::agent::ComplianceAgent;
|
|
use compliance_agent::api;
|
|
use compliance_agent::database::{Database, DatabasePool};
|
|
use compliance_core::AgentConfig;
|
|
use secrecy::SecretString;
|
|
|
|
/// A running test server with a unique database.
|
|
pub struct TestServer {
|
|
pub base_url: String,
|
|
pub client: reqwest::Client,
|
|
db_name: String,
|
|
mongodb_uri: String,
|
|
}
|
|
|
|
impl TestServer {
|
|
/// Start an agent API server on a random port with an isolated database.
|
|
pub async fn start() -> Self {
|
|
let mongodb_uri = std::env::var("TEST_MONGODB_URI")
|
|
.unwrap_or_else(|_| "mongodb://root:example@localhost:27017/?authSource=admin".into());
|
|
|
|
// Unique database name per test run to avoid collisions
|
|
let db_name = format!("test_{}", uuid::Uuid::new_v4().simple());
|
|
|
|
let db = Database::connect(&mongodb_uri, &db_name)
|
|
.await
|
|
.expect("Failed to connect to MongoDB — is it running?");
|
|
db.ensure_indexes().await.expect("Failed to create indexes");
|
|
|
|
let db_pool = DatabasePool::connect(&mongodb_uri, &db_name)
|
|
.await
|
|
.expect("Failed to build DatabasePool");
|
|
|
|
let config = AgentConfig {
|
|
mongodb_uri: mongodb_uri.clone(),
|
|
mongodb_database: db_name.clone(),
|
|
litellm_url: std::env::var("TEST_LITELLM_URL")
|
|
.unwrap_or_else(|_| "http://localhost:4000".into()),
|
|
litellm_api_key: SecretString::from(String::new()),
|
|
litellm_model: "gpt-4o".into(),
|
|
litellm_embed_model: "text-embedding-3-small".into(),
|
|
agent_port: 0, // not used — we bind ourselves
|
|
scan_schedule: String::new(),
|
|
cve_monitor_schedule: String::new(),
|
|
git_clone_base_path: "/tmp/compliance-scanner-tests/repos".into(),
|
|
ssh_key_path: "/tmp/compliance-scanner-tests/ssh/id_ed25519".into(),
|
|
github_token: None,
|
|
github_webhook_secret: None,
|
|
gitlab_url: None,
|
|
gitlab_token: None,
|
|
gitlab_webhook_secret: None,
|
|
jira_url: None,
|
|
jira_email: None,
|
|
jira_api_token: None,
|
|
jira_project_key: None,
|
|
searxng_url: None,
|
|
nvd_api_key: None,
|
|
keycloak_url: None,
|
|
keycloak_realm: None,
|
|
keycloak_admin_username: None,
|
|
keycloak_admin_password: None,
|
|
pentest_verification_email: None,
|
|
pentest_imap_host: None,
|
|
pentest_imap_port: None,
|
|
pentest_imap_tls: false,
|
|
pentest_imap_username: None,
|
|
pentest_imap_password: None,
|
|
};
|
|
|
|
let agent = ComplianceAgent::new(config, db, db_pool);
|
|
|
|
// Build the router with the agent extension
|
|
let app = api::routes::build_router()
|
|
.layer(axum::extract::Extension(Arc::new(agent)))
|
|
.layer(tower_http::cors::CorsLayer::permissive());
|
|
|
|
// Bind to port 0 to get a random available port
|
|
let listener = tokio::net::TcpListener::bind("127.0.0.1:0")
|
|
.await
|
|
.expect("Failed to bind test server");
|
|
let port = listener.local_addr().expect("no local addr").port();
|
|
|
|
tokio::spawn(async move {
|
|
axum::serve(listener, app).await.ok();
|
|
});
|
|
|
|
let base_url = format!("http://127.0.0.1:{port}");
|
|
let client = reqwest::Client::builder()
|
|
.timeout(std::time::Duration::from_secs(30))
|
|
.build()
|
|
.expect("Failed to build HTTP client");
|
|
|
|
// Wait for server to be ready
|
|
for _ in 0..50 {
|
|
if client
|
|
.get(format!("{base_url}/api/v1/health"))
|
|
.send()
|
|
.await
|
|
.is_ok()
|
|
{
|
|
break;
|
|
}
|
|
tokio::time::sleep(std::time::Duration::from_millis(50)).await;
|
|
}
|
|
|
|
Self {
|
|
base_url,
|
|
client,
|
|
db_name,
|
|
mongodb_uri,
|
|
}
|
|
}
|
|
|
|
/// GET helper
|
|
pub async fn get(&self, path: &str) -> reqwest::Response {
|
|
self.client
|
|
.get(format!("{}{path}", self.base_url))
|
|
.send()
|
|
.await
|
|
.expect("GET request failed")
|
|
}
|
|
|
|
/// POST helper with JSON body
|
|
pub async fn post(&self, path: &str, body: &serde_json::Value) -> reqwest::Response {
|
|
self.client
|
|
.post(format!("{}{path}", self.base_url))
|
|
.json(body)
|
|
.send()
|
|
.await
|
|
.expect("POST request failed")
|
|
}
|
|
|
|
/// PATCH helper with JSON body
|
|
pub async fn patch(&self, path: &str, body: &serde_json::Value) -> reqwest::Response {
|
|
self.client
|
|
.patch(format!("{}{path}", self.base_url))
|
|
.json(body)
|
|
.send()
|
|
.await
|
|
.expect("PATCH request failed")
|
|
}
|
|
|
|
/// DELETE helper
|
|
pub async fn delete(&self, path: &str) -> reqwest::Response {
|
|
self.client
|
|
.delete(format!("{}{path}", self.base_url))
|
|
.send()
|
|
.await
|
|
.expect("DELETE request failed")
|
|
}
|
|
|
|
/// Get the unique database name for direct MongoDB access in tests.
|
|
pub fn db_name(&self) -> &str {
|
|
&self.db_name
|
|
}
|
|
|
|
/// Drop the test database on cleanup
|
|
pub async fn cleanup(&self) {
|
|
if let Ok(client) = mongodb::Client::with_uri_str(&self.mongodb_uri).await {
|
|
client.database(&self.db_name).drop().await.ok();
|
|
}
|
|
}
|
|
}
|