"""Tests for security test endpoints (V2 API). Covers the test CRUD and basic workflow via the REST API. For full workflow logic tests see ``test_workflow.py`` and ``test_integration_v2.py``. """ import pytest @pytest.fixture def technique(client, auth_headers): """Create a technique for test association.""" response = client.post( "/api/v1/techniques", json={"mitre_id": "T1059", "name": "Test Technique"}, headers=auth_headers, ) return response.json() def test_create_test_requires_auth(client): """POST /tests without token returns 401 or 403.""" response = client.post( "/api/v1/tests", json={ "technique_id": "00000000-0000-0000-0000-000000000000", "name": "Test Name", }, ) assert response.status_code in (401, 403) def test_create_test_success(client, auth_headers, technique): """Admin can create a test via POST /tests.""" response = client.post( "/api/v1/tests", json={ "technique_id": technique["id"], "name": "My Security Test", "description": "Test description", "platform": "windows", }, headers=auth_headers, ) assert response.status_code == 201 data = response.json() assert data["name"] == "My Security Test" assert data["state"] == "draft" assert data["technique_id"] == technique["id"] def test_create_test_nonexistent_technique(client, auth_headers): """Creating a test with non-existent technique fails.""" response = client.post( "/api/v1/tests", json={ "technique_id": "00000000-0000-0000-0000-000000000000", "name": "Test", }, headers=auth_headers, ) assert response.status_code == 404 def test_get_test_by_id(client, auth_headers, technique): """GET /tests/{id} returns the test.""" create_response = client.post( "/api/v1/tests", json={"technique_id": technique["id"], "name": "Test"}, headers=auth_headers, ) test_id = create_response.json()["id"] response = client.get(f"/api/v1/tests/{test_id}", headers=auth_headers) assert response.status_code == 200 assert response.json()["id"] == test_id