loghunter-cli 0.1.0.dev0__py3-none-any.whl

tests/test_root_provenance.py

@@ -0,0 +1,212 @@
+"""CLI-vs-config provenance for the LH_ROOT path rail.
+
+CLI-supplied paths get root="" (just ~-expansion, shell semantics). Config
+paths flow through ``resolve_path(value, root)`` so LH_ROOT applies. The
+provenance split must hold at every resolve site: ``_runner_kwargs``,
+``_digest_runner_kwargs``, ``_build_digest_fanout_stream``, and the exporter
+output cascade.
+"""
+
+from __future__ import annotations
+
+from datetime import datetime
+from pathlib import Path
+from typing import Any
+
+import pytest
+
+from loghunter import cli
+from loghunter.common import config as cfg
+from loghunter.exporters import _resolve_output_path
+
+
+# ── analyze: source-dir LH_ROOT rail ────────────────────────────────────────
+#
+# The four CLI-layer `_runner_kwargs` source-dir tests were DELETED. After
+# the single-ownership refactor, `_runner_kwargs` does NOT resolve source
+# dirs — it passes raw strings (or None) to `runner.run`, which calls
+# `common.sources.resolve_sources`. The provenance rail moved with it:
+#
+#   relative-config + LH_ROOT       → tests/test_sources.py:
+#                                      test_resolve_sources_config_relative_uses_lh_root
+#                                      AND test_runner_run_applies_root_to_config_source_dirs (this file, below)
+#   absolute-config ignores root    → covered by resolve_path's own absolute branch
+#                                      (exercised indirectly by every resolver test)
+#   CLI override never gets root    → tests/test_sources.py:
+#                                      test_resolve_sources_relative_override_ignores_lh_root
+#   env LH_ROOT wins over config    → tests/test_sources.py:
+#                                      test_resolve_sources_env_lh_root_wins_over_config
+
+
+# ── analyze: --out / report_dir ──────────────────────────────────────────────
+
+
+def test_runner_kwargs_relative_report_dir_resolves_against_root(
+    monkeypatch: pytest.MonkeyPatch, tmp_path: Path,
+) -> None:
+    monkeypatch.delenv("LOGHUNTER_ROOT", raising=False)
+    root = tmp_path / "lh"
+    (root / "reports").mkdir(parents=True)
+    config = {"loghunter": {"root": str(root), "report_dir": "reports"}}
+    kwargs = cli._runner_kwargs({}, config)
+    assert kwargs["output_dir"] == root / "reports"
+
+
+def test_runner_kwargs_cli_out_relative_ignores_root(
+    monkeypatch: pytest.MonkeyPatch, tmp_path: Path,
+) -> None:
+    """--out=relative-dir/ resolves against CWD, NOT LH_ROOT."""
+    monkeypatch.delenv("LOGHUNTER_ROOT", raising=False)
+    config = {"loghunter": {"root": str(tmp_path / "should-not-apply")}}
+    kwargs = cli._runner_kwargs({"out": "rel-cli/"}, config)
+    assert kwargs["output_dir"] == Path("rel-cli")
+
+
+# ── digest: _build_digest_fanout_stream report_dir vs --out ──────────────────
+
+
+def test_digest_fanout_relative_report_dir_resolves_against_root(
+    monkeypatch: pytest.MonkeyPatch, tmp_path: Path,
+) -> None:
+    """Glenn's amendment: the fan-out stream MUST honor LH_ROOT for
+    config-supplied report_dir, and ~-only-expansion for CLI --out."""
+    monkeypatch.delenv("LOGHUNTER_ROOT", raising=False)
+    root = tmp_path / "lh"
+    (root / "reports").mkdir(parents=True)
+    config = {"loghunter": {"root": str(root), "report_dir": "reports"}}
+    get_stream, close_stream = cli._build_digest_fanout_stream({}, config)
+    fh = get_stream()
+    try:
+        # Stream is open; the file it opened lives under root/reports.
+        assert root / "reports" in Path(fh.name).parents
+    finally:
+        close_stream()
+
+
+def test_digest_fanout_cli_out_relative_ignores_root(
+    monkeypatch: pytest.MonkeyPatch, tmp_path: Path,
+) -> None:
+    monkeypatch.delenv("LOGHUNTER_ROOT", raising=False)
+    config = {"loghunter": {"root": str(tmp_path / "should-not-apply")}}
+    parsed: dict[str, Any] = {"out": str(tmp_path / "rel.txt")}
+    get_stream, close_stream = cli._build_digest_fanout_stream(parsed, config)
+    try:
+        fh = get_stream()
+        assert Path(fh.name) == tmp_path / "rel.txt"
+    finally:
+        close_stream()
+
+
+# ── exporter cascade: root applies to config tiers, "" to CLI ────────────────
+
+
+def test_export_cascade_root_applies_to_loghunter_export_dir(
+    monkeypatch: pytest.MonkeyPatch, tmp_path: Path,
+) -> None:
+    """Config-supplied [loghunter].export_dir is relative + root set → joined,
+    then auto-segmented per source (global tier). The ``syslog`` subdir is NOT
+    pre-created — the trailing-slash directory verdict resolves it regardless."""
+    monkeypatch.delenv("LOGHUNTER_ROOT", raising=False)
+    root = tmp_path / "lh"
+    (root / "exports").mkdir(parents=True)
+    result = _resolve_output_path(
+        {"output_basename": "syslog"}, None,
+        datetime(2026, 6, 1), datetime(2026, 6, 2), "default",
+        backend_config={}, loghunter_config={"export_dir": "exports"},
+        root=str(root),
+    )
+    assert result.parent == root / "exports" / "syslog"
+
+
+def test_export_cascade_cli_out_ignores_root(tmp_path: Path) -> None:
+    """CLI --out resolves against CWD even when root is set."""
+    cli_dir = tmp_path / "cli_out"
+    result = _resolve_output_path(
+        {"output_basename": "syslog"}, f"{cli_dir}/",
+        datetime(2026, 6, 1), datetime(2026, 6, 2), "default",
+        backend_config={"export_dir": "should-not-apply"},
+        loghunter_config={"export_dir": "ignored-too"},
+        root="/lh",
+    )
+    assert result.parent == cli_dir
+
+
+# ── empty config slots cascade to CWD floor ──────────────────────────────────
+
+
+# ── runner.run / run_digest — programmatic-caller config-fallback rail ──────
+
+
+def test_runner_run_applies_root_to_config_source_dirs(
+    monkeypatch: pytest.MonkeyPatch, capsys: pytest.CaptureFixture,
+) -> None:
+    """Glenn P2: programmatic ``runner.run(config=...)`` callers must see
+    LH_ROOT applied to relative config-supplied source dirs, just like the
+    CLI seam does. dry_run prints the resolved paths."""
+    monkeypatch.delenv("LOGHUNTER_ROOT", raising=False)
+
+    from loghunter import runner
+    runner.run(
+        config={"loghunter": {
+            "root": "/tmp/lh-root",
+            "zeek_dir": "zeek",
+            "syslog_dir": "syslog",
+            "pihole_dir": "pihole",
+            "cloudtrail_dir": "cloudtrail",
+        }},
+        dry_run=True,
+    )
+    out = capsys.readouterr().out
+    assert "/tmp/lh-root/zeek" in out
+    assert "/tmp/lh-root/syslog" in out
+    assert "/tmp/lh-root/pihole" in out
+    assert "/tmp/lh-root/cloudtrail" in out
+
+
+def test_runner_run_digest_applies_root_to_config_source_dirs(
+    monkeypatch: pytest.MonkeyPatch, capsys: pytest.CaptureFixture,
+) -> None:
+    """run_digest's per-schema config fallback honors LH_ROOT. The syslog
+    branch is the one with a TWO-key fallback (syslog_dir first, then zeek);
+    cloudtrail and conn each have a single-key fallback. All flow through
+    resolve_path."""
+    monkeypatch.delenv("LOGHUNTER_ROOT", raising=False)
+    from loghunter import runner
+
+    runner.run_digest(
+        config={"loghunter": {"root": "/tmp/lh-root", "syslog_dir": "syslog"}},
+        schema="syslog",
+        dry_run=True,
+    )
+    out = capsys.readouterr().out
+    assert "/tmp/lh-root/syslog" in out
+
+
+def test_runner_run_digest_cloudtrail_fallback_applies_root(
+    monkeypatch: pytest.MonkeyPatch, capsys: pytest.CaptureFixture,
+) -> None:
+    monkeypatch.delenv("LOGHUNTER_ROOT", raising=False)
+    from loghunter import runner
+
+    runner.run_digest(
+        config={"loghunter": {"root": "/tmp/lh-root", "cloudtrail_dir": "ct"}},
+        schema="cloudtrail",
+        dry_run=True,
+    )
+    out = capsys.readouterr().out
+    assert "/tmp/lh-root/ct" in out
+
+
+def test_export_cascade_empty_config_values_still_floor_to_cwd(
+    monkeypatch: pytest.MonkeyPatch, tmp_path: Path,
+) -> None:
+    """Glenn's note: resolve_path('', root) → None, but the floor is a literal '.'."""
+    monkeypatch.chdir(tmp_path)
+    result = _resolve_output_path(
+        {"output_basename": "syslog"}, None,
+        datetime(2026, 6, 1), datetime(2026, 6, 2), "default",
+        backend_config={"export_dir": ""},
+        loghunter_config={"export_dir": ""},
+        root="/lh",
+    )
+    assert result.parent == Path(".")