Start user-engine implementation scaffold

2026-05-22 20:55:27 +02:00
parent e618b4e286
commit 58d9de26d3
14 changed files with 763 additions and 7 deletions
--- a/tests/test_domain_models.py
+++ b/tests/test_domain_models.py
@@ -0,0 +1,28 @@
+import unittest
+
+from user_engine.domain import (
+    AuthorizationDecision,
+    AuthorizationEffect,
+    CatalogLifecycle,
+)
+from user_engine.testing.fixtures import sample_catalog
+
+
+class DomainModelTests(unittest.TestCase):
+    def test_catalog_exposes_attribute_keys(self):
+        catalog = sample_catalog()
+
+        self.assertEqual(catalog.lifecycle, CatalogLifecycle.ACTIVE)
+        self.assertEqual(catalog.attribute_keys(), {"demo.display_density"})
+
+    def test_authorization_decision_allowed_property(self):
+        self.assertTrue(
+            AuthorizationDecision(effect=AuthorizationEffect.ALLOW).allowed
+        )
+        self.assertFalse(
+            AuthorizationDecision(effect=AuthorizationEffect.DENY).allowed
+        )
+
+
+if __name__ == "__main__":
+    unittest.main()
--- a/tests/test_ports_and_fixtures.py
+++ b/tests/test_ports_and_fixtures.py
@@ -0,0 +1,49 @@
+import unittest
+
+from user_engine.domain import AuthorizationEffect, AuthorizationRequest
+from user_engine.testing.fixtures import (
+    FixtureIdentityClaimsAdapter,
+    StaticAuthorizationCheckPort,
+    human_actor_claims,
+    sample_application_binding,
+)
+
+
+class PortFixtureTests(unittest.TestCase):
+    def test_fixture_identity_claims_adapter_normalizes_actor(self):
+        adapter = FixtureIdentityClaimsAdapter()
+        actor = adapter.normalize(human_actor_claims())
+
+        self.assertEqual(actor.identity_key, ("https://issuer.example.test", "user-123"))
+        self.assertEqual(actor.tenant, "tenant:coulomb")
+        self.assertIn("profile", actor.scopes)
+
+    def test_static_authorization_check_records_requests(self):
+        adapter = FixtureIdentityClaimsAdapter()
+        actor = adapter.normalize(human_actor_claims())
+        authz = StaticAuthorizationCheckPort(effect=AuthorizationEffect.ALLOW)
+        request = AuthorizationRequest(
+            actor=actor,
+            resource_type="user-engine:profile",
+            resource_id="usr_123",
+            action="read",
+            tenant="tenant:coulomb",
+            correlation_id="corr-1",
+            target_user_id="usr_123",
+        )
+
+        decision = authz.check(request)
+
+        self.assertTrue(decision.allowed)
+        self.assertEqual(authz.requests, [request])
+
+    def test_sample_application_binding_keeps_external_ids_separate(self):
+        binding = sample_application_binding()
+
+        self.assertEqual(binding.application_id, "app.demo")
+        self.assertEqual(binding.oidc_client_id, "demo-client")
+        self.assertEqual(binding.protected_system_id, "user-engine.demo")
+
+
+if __name__ == "__main__":
+    unittest.main()