|
| 1 | +# Testing Strategy & Roadmap |
| 2 | + |
| 3 | +## 1. Core Philosophy: Defense-in-Depth |
| 4 | +BetweenRows is a security-critical governance layer. The strategy ensures that no query can bypass policies due to SQL complexity and that the administrative state (policies, users) is always consistent with the proxy's enforcement engine. |
| 5 | + |
| 6 | +## 2. The 4-Tier Strategy |
| 7 | + |
| 8 | +### **Tier 1: Core Engine (Logic & Security Hardening)** |
| 9 | +* **Focus:** `PolicyHook`, `RewriteStatement`, `PolicyMatch`. |
| 10 | +* **Approach:** **Property-based testing** (using `proptest`). |
| 11 | +* **Goal:** Generate thousands of random SQL patterns to verify that if a policy denies a column, that column **never** appears in the resulting logical plan, regardless of query nesting or complexity. |
| 12 | + |
| 13 | +### **Tier 2: Admin API (Consistency & Side Effects)** |
| 14 | +* **Focus:** Axum Handlers (`user`, `policy`, `datasource`). |
| 15 | +* **Approach:** **SQLite In-Memory testing** (decided over `MockDatabase`). |
| 16 | +* **Decision Rationale:** We will continue using SQLite in-memory for 90% of handler tests. This provides **high-fidelity schema validation** and **constraint testing** (e.g., verifying unique indexes and foreign keys) that a MockDatabase would miss. |
| 17 | +* **Goal:** Verify that CRUD operations update the DB and trigger side effects like invalidating the `PolicyHook` cache and rebuilding background `SessionContext`s. |
| 18 | + |
| 19 | +### **Tier 3: Protocol Integration (Compatibility)** |
| 20 | +* **Focus:** PostgreSQL Wire Protocol & Data Source Drivers. |
| 21 | +* **Approach:** Automated E2E tests using **Testcontainers**. |
| 22 | +* **Goal:** Replace the current `#[ignore]` tests in `integration.rs`. Spin up a real Postgres container to verify that complex PG-specific queries from BI tools (like Grafana) work seamlessly and honor RLS filters. |
| 23 | + |
| 24 | +### **Tier 4: UI & Catalog (UX & Async Reliability)** |
| 25 | +* **Focus:** Discovery Wizard & Drift Reporting. |
| 26 | +* **Approach:** Component testing (Vitest) + SSE Mocking. |
| 27 | +* **Goal:** Ensure the UI handles asynchronous discovery jobs correctly and renders "Breaking Change" warnings without blocking the user. |
| 28 | +* **Architecture Dependency:** **Frontend Architecture Guidelines** (logic decoupling, atomic design) must be completed **before** expanding UI tests. This ensures test stability, easier mocking via custom hooks, and isolation of UI primitives. |
| 29 | + |
| 30 | +--- |
| 31 | + |
| 32 | +## 3. Implementation Roadmap |
| 33 | + |
| 34 | +### **Phase 1: Admin API Coverage & Frontend Refactor (High Priority)** |
| 35 | +* **Backend:** Implement full coverage for `Policy` and `DataSource` handlers using the established SQLite in-memory pattern. |
| 36 | +* **Frontend:** Execute the **Architecture Guideline** (install `cva`, `cn()` helper, refactor to logic-only hooks) to build a testable foundation. |
| 37 | +* **Roadmap Note:** Explicitly maintain the SQLite in-memory infrastructure to ensure migrations and schema integrity are tested during every API test run. |
| 38 | + |
| 39 | +### **Phase 2: Automated Integration (Medium Priority)** |
| 40 | +* Introduce `testcontainers` to the `Cargo.toml` and refactor `proxy/tests/integration.rs` to run automatically in CI without manual environment setup. |
| 41 | + |
| 42 | +### **Phase 3: Security Regression Suite (High Priority)** |
| 43 | +* Add a specialized "Security Regression" suite that specifically targets RLS bypass attempts using known SQL obfuscation techniques (nested subqueries, CTEs). |
0 commit comments