# Tier 3 E2E Tests - Quick Reference Guide **Status**: πŸ”„ IN PROGRESS (17/21 scenarios, 81%) **Focus**: Advanced features, edge cases, security validation, operational scenarios **Priority**: MEDIUM-LOW (after Tier 1 & 2 complete) --- ## Overview Tier 3 tests validate advanced Attune features, edge cases, security boundaries, and operational scenarios that go beyond core automation flows. These tests ensure the platform is robust, secure, and production-ready. --- ## Implemented Tests (17 scenarios, 56 tests) ### πŸ” T3.20: Secret Injection Security (HIGH Priority) **File**: `test_t3_20_secret_injection.py` (566 lines) **Tests**: 4 **Duration**: ~20 seconds Validates that secrets are passed securely via stdin (not environment variables) and never exposed in logs or to other tenants. **Test Functions:** 1. `test_secret_injection_via_stdin` - Secrets via stdin validation 2. `test_secret_encryption_at_rest` - Encryption flag validation 3. `test_secret_not_in_execution_logs` - Secret redaction testing 4. `test_secret_access_tenant_isolation` - Cross-tenant isolation **Run:** ```bash pytest e2e/tier3/test_t3_20_secret_injection.py -v pytest -m secrets -v ``` **Key Validations:** - βœ… Secrets passed via stdin (secure) - βœ… Secrets NOT in environment variables - βœ… Secrets NOT exposed in logs - βœ… Tenant isolation enforced --- ### πŸ”’ T3.10: RBAC Permission Checks (MEDIUM Priority) **File**: `test_t3_10_rbac.py` (524 lines) **Tests**: 4 **Duration**: ~20 seconds Tests role-based access control enforcement across all API endpoints. **Test Functions:** 1. `test_viewer_role_permissions` - Read-only access 2. `test_admin_role_permissions` - Full CRUD access 3. `test_executor_role_permissions` - Execute + read only 4. `test_role_permissions_summary` - Permission matrix documentation **Run:** ```bash pytest e2e/tier3/test_t3_10_rbac.py -v pytest -m rbac -v ``` **Roles Tested:** - **admin** - Full access - **editor** - Create/update + execute - **executor** - Execute + read only - **viewer** - Read-only --- ### 🌐 T3.18: HTTP Runner Execution (MEDIUM Priority) **File**: `test_t3_18_http_runner.py` (473 lines) **Tests**: 4 **Duration**: ~10 seconds Validates HTTP runner making REST API calls with authentication, headers, and error handling. **Test Functions:** 1. `test_http_runner_basic_get` - GET request 2. `test_http_runner_post_with_json` - POST with JSON 3. `test_http_runner_authentication_header` - Bearer token auth 4. `test_http_runner_error_handling` - 4xx/5xx errors **Run:** ```bash pytest e2e/tier3/test_t3_18_http_runner.py -v pytest -m http -v ``` **Features Validated:** - βœ… GET and POST requests - βœ… Custom headers - βœ… JSON serialization - βœ… Authentication via secrets - βœ… Response capture - βœ… Error handling --- ### ⚠️ T3.13: Invalid Action Parameters (MEDIUM Priority) **File**: `test_t3_13_invalid_parameters.py` (559 lines) **Tests**: 4 **Duration**: ~5 seconds Tests parameter validation, default values, and error handling. **Test Functions:** 1. `test_missing_required_parameter` - Required param validation 2. `test_invalid_parameter_type` - Type checking 3. `test_extra_parameters_ignored` - Extra params handling 4. `test_parameter_default_values` - Default values **Run:** ```bash pytest e2e/tier3/test_t3_13_invalid_parameters.py -v pytest -m validation -v ``` **Validations:** - βœ… Missing required parameters fail early - βœ… Clear error messages - βœ… Default values applied - βœ… Extra parameters ignored gracefully --- ### ⏱️ T3.1: Date Timer with Past Date (LOW Priority) **File**: `test_t3_01_past_date_timer.py` (305 lines) **Tests**: 3 **Duration**: ~5 seconds Tests edge cases for date timers with past dates. **Test Functions:** 1. `test_past_date_timer_immediate_execution` - 1 hour past 2. `test_just_missed_date_timer` - 2 seconds past 3. `test_far_past_date_timer` - 1 year past **Run:** ```bash pytest e2e/tier3/test_t3_01_past_date_timer.py -v pytest -m edge_case -v ``` **Edge Cases:** - βœ… Past date behavior (execute or reject) - βœ… Boundary conditions - βœ… Clear error messages --- ### πŸ”— T3.4: Webhook with Multiple Rules (LOW Priority) **File**: `test_t3_04_webhook_multiple_rules.py` (343 lines) **Tests**: 2 **Duration**: ~15 seconds Tests single webhook triggering multiple rules simultaneously. **Test Functions:** 1. `test_webhook_fires_multiple_rules` - 1 webhook β†’ 3 rules 2. `test_webhook_multiple_posts_multiple_rules` - 3 posts Γ— 2 rules **Run:** ```bash pytest e2e/tier3/test_t3_04_webhook_multiple_rules.py -v pytest -m webhook e2e/tier3/ -v ``` **Validations:** - βœ… Single event triggers multiple rules - βœ… Independent rule execution - βœ… Correct execution count (posts Γ— rules) --- ### ⏱️ T3.2: Timer Cancellation (LOW Priority) **File**: `test_t3_02_timer_cancellation.py` (335 lines) **Tests**: 3 **Duration**: ~15 seconds Tests that disabling/deleting rules stops timer executions. **Test Functions:** 1. `test_timer_cancellation_via_rule_disable` - Disable stops executions 2. `test_timer_resume_after_re_enable` - Re-enable resumes timer 3. `test_timer_delete_stops_executions` - Delete permanently stops **Run:** ```bash pytest e2e/tier3/test_t3_02_timer_cancellation.py -v pytest -m timer e2e/tier3/ -v ``` **Validations:** - βœ… Disabling rule stops future executions - βœ… Re-enabling rule resumes timer - βœ… Deleting rule permanently stops timer - βœ… In-flight executions complete normally --- ### ⏱️ T3.3: Multiple Concurrent Timers (LOW Priority) **File**: `test_t3_03_concurrent_timers.py` (438 lines) **Tests**: 3 **Duration**: ~30 seconds Tests that multiple timers run independently without interference. **Test Functions:** 1. `test_multiple_concurrent_timers` - 3 timers with different intervals 2. `test_many_concurrent_timers` - 5 concurrent timers (stress test) 3. `test_timer_precision_under_load` - Precision validation **Run:** ```bash pytest e2e/tier3/test_t3_03_concurrent_timers.py -v pytest -m performance e2e/tier3/ -v ``` **Validations:** - βœ… Multiple timers fire independently - βœ… Correct execution counts per timer - βœ… No timer interference - βœ… System handles concurrent load - βœ… Timing precision maintained --- ### 🎯 T3.5: Webhook with Rule Criteria Filtering (MEDIUM Priority) **File**: `test_t3_05_rule_criteria.py` (507 lines) **Tests**: 4 **Duration**: ~20 seconds Tests conditional rule firing based on event payload criteria. **Test Functions:** 1. `test_rule_criteria_basic_filtering` - Equality checks 2. `test_rule_criteria_numeric_comparison` - Numeric operators 3. `test_rule_criteria_complex_expressions` - AND/OR logic 4. `test_rule_criteria_list_membership` - List membership **Run:** ```bash pytest e2e/tier3/test_t3_05_rule_criteria.py -v pytest -m criteria -v ``` **Validations:** - βœ… Jinja2 expression evaluation - βœ… Event filtering by criteria - βœ… Numeric comparisons (>, <, >=, <=) - βœ… Complex boolean logic (AND/OR) - βœ… List membership (in operator) - βœ… Only matching rules fire --- ### πŸ”’ T3.11: System vs User Packs (MEDIUM Priority) **File**: `test_t3_11_system_packs.py` (401 lines) **Tests**: 4 **Duration**: ~15 seconds Tests multi-tenant pack isolation and system pack availability. **Test Functions:** 1. `test_system_pack_visible_to_all_tenants` - System packs visible to all 2. `test_user_pack_isolation` - User packs isolated per tenant 3. `test_system_pack_actions_available_to_all` - System actions executable 4. `test_system_pack_identification` - Documentation reference **Run:** ```bash pytest e2e/tier3/test_t3_11_system_packs.py -v pytest -m multi_tenant -v ``` **Validations:** - βœ… System packs visible to all tenants - βœ… User packs isolated per tenant - βœ… Cross-tenant access blocked - βœ… System actions executable by all - βœ… Pack isolation enforced --- ### πŸ”” T3.14: Execution Completion Notifications (MEDIUM Priority) **File**: `test_t3_14_execution_notifications.py` (374 lines) **Tests**: 4 **Duration**: ~20 seconds Tests real-time notification system for execution lifecycle events. **Test Functions:** 1. `test_execution_success_notification` - Success completion notifications 2. `test_execution_failure_notification` - Failure event notifications 3. `test_execution_timeout_notification` - Timeout event notifications 4. `test_websocket_notification_delivery` - Real-time WebSocket delivery (skipped) **Run:** ```bash pytest e2e/tier3/test_t3_14_execution_notifications.py -v pytest -m notifications -v ``` **Key Validations:** - βœ… Notification metadata for execution events - βœ… Success, failure, and timeout notifications - βœ… Execution tracking for real-time updates - ⏭️ WebSocket delivery (infrastructure pending) --- ### πŸ”” T3.15: Inquiry Creation Notifications (MEDIUM Priority) **File**: `test_t3_15_inquiry_notifications.py` (405 lines) **Tests**: 4 **Duration**: ~20 seconds Tests notification system for human-in-the-loop inquiry workflows. **Test Functions:** 1. `test_inquiry_creation_notification` - Inquiry creation event 2. `test_inquiry_response_notification` - Response submission event 3. `test_inquiry_timeout_notification` - Inquiry timeout handling 4. `test_websocket_inquiry_notification_delivery` - Real-time delivery (skipped) **Run:** ```bash pytest e2e/tier3/test_t3_15_inquiry_notifications.py -v pytest -m "notifications and inquiry" -v ``` **Key Validations:** - βœ… Inquiry lifecycle events (created, responded, timeout) - βœ… Notification metadata for approval workflows - βœ… Human-in-the-loop notification flow - ⏭️ Real-time WebSocket delivery (pending) --- ### 🐳 T3.17: Container Runner Execution (MEDIUM Priority) **File**: `test_t3_17_container_runner.py` (472 lines) **Tests**: 4 **Duration**: ~30 seconds Tests Docker-based container runner for isolated action execution. **Test Functions:** 1. `test_container_runner_basic_execution` - Basic Python container execution 2. `test_container_runner_with_parameters` - Parameter injection via stdin 3. `test_container_runner_isolation` - Container isolation validation 4. `test_container_runner_failure_handling` - Failure capture and cleanup **Run:** ```bash pytest e2e/tier3/test_t3_17_container_runner.py -v pytest -m container -v ``` **Key Validations:** - βœ… Container-based execution (python:3.11-slim) - βœ… Parameter passing via JSON stdin - βœ… Container isolation (no state leakage) - βœ… Failure handling and cleanup - βœ… Docker image specification **Prerequisites**: Docker daemon running --- ### πŸ“ T3.21: Action Log Size Limits (MEDIUM Priority) **File**: `test_t3_21_log_size_limits.py` (481 lines) **Tests**: 4 **Duration**: ~20 seconds Tests log capture, size limits, and handling of large outputs. **Test Functions:** 1. `test_large_log_output_truncation` - Large log truncation (~5MB output) 2. `test_stderr_log_capture` - Separate stdout/stderr capture 3. `test_log_line_count_limits` - High line count handling (10k lines) 4. `test_binary_output_handling` - Binary/non-UTF8 output sanitization **Run:** ```bash pytest e2e/tier3/test_t3_21_log_size_limits.py -v pytest -m logs -v ``` **Key Validations:** - βœ… Log size limits enforced (max 10MB) - βœ… Stdout and stderr captured separately - βœ… High line count (10,000+) handled gracefully - βœ… Binary data properly sanitized - βœ… No crashes from large output --- ### πŸ”„ T3.7: Complex Workflow Orchestration (MEDIUM Priority) **File**: `test_t3_07_complex_workflows.py` (718 lines) **Tests**: 4 **Duration**: ~45 seconds Tests advanced workflow features including parallel execution, branching, and data transformation. **Test Functions:** 1. `test_parallel_workflow_execution` - Parallel task execution 2. `test_conditional_workflow_branching` - If/else conditional logic 3. `test_nested_workflow_with_error_handling` - Nested workflows with error recovery 4. `test_workflow_with_data_transformation` - Data pipeline with transformations **Run:** ```bash pytest e2e/tier3/test_t3_07_complex_workflows.py -v pytest -m orchestration -v ``` **Key Validations:** - βœ… Parallel task execution (3 tasks concurrently) - βœ… Conditional branching (if/else based on parameters) - βœ… Nested workflow execution with error handling - βœ… Data transformation and passing between tasks - βœ… Workflow orchestration patterns --- ### πŸ”— T3.8: Chained Webhook Triggers (MEDIUM Priority) **File**: `test_t3_08_chained_webhooks.py` (686 lines) **Tests**: 4 **Duration**: ~30 seconds Tests webhook chains where webhooks trigger workflows that trigger other webhooks. **Test Functions:** 1. `test_webhook_triggers_workflow_triggers_webhook` - Aβ†’Workflowβ†’B chain 2. `test_webhook_cascade_multiple_levels` - Multi-level cascade (Aβ†’Bβ†’C) 3. `test_webhook_chain_with_data_passing` - Data transformation in chains 4. `test_webhook_chain_error_propagation` - Error handling in chains **Run:** ```bash pytest e2e/tier3/test_t3_08_chained_webhooks.py -v pytest -m "webhook and orchestration" -v ``` **Key Validations:** - βœ… Webhook chaining through workflows - βœ… Multi-level webhook cascades - βœ… Data passing and transformation through chains - βœ… Error propagation and isolation - βœ… HTTP runner triggering webhooks --- ### πŸ” T3.9: Multi-Step Approval Workflow (MEDIUM Priority) **File**: `test_t3_09_multistep_approvals.py` (788 lines) **Tests**: 4 **Duration**: ~40 seconds Tests complex approval workflows with multiple sequential and conditional inquiries. **Test Functions:** 1. `test_sequential_multi_step_approvals` - 3 sequential approvals (Managerβ†’Directorβ†’VP) 2. `test_conditional_approval_workflow` - Conditional approval based on response 3. `test_approval_with_timeout_and_escalation` - Timeout triggers escalation 4. `test_approval_denial_stops_workflow` - Denial stops subsequent steps **Run:** ```bash pytest e2e/tier3/test_t3_09_multistep_approvals.py -v pytest -m "inquiry and workflow" -v ``` **Key Validations:** - βœ… Sequential multi-step approvals - βœ… Conditional approval logic - βœ… Timeout and escalation handling - βœ… Denial stops workflow execution - βœ… Human-in-the-loop orchestration --- ### πŸ”” T3.16: Rule Trigger Notifications (MEDIUM Priority) **File**: `test_t3_16_rule_notifications.py` (464 lines) **Tests**: 4 **Duration**: ~20 seconds Tests real-time notifications for rule lifecycle events. **Test Functions:** 1. `test_rule_trigger_notification` - Rule trigger notification metadata 2. `test_rule_enable_disable_notification` - State change notifications 3. `test_multiple_rule_triggers_notification` - Multiple rules from one event 4. `test_rule_criteria_evaluation_notification` - Criteria match/no-match **Run:** ```bash pytest e2e/tier3/test_t3_16_rule_notifications.py -v pytest -m "notifications and rules" -v ``` **Key Validations:** - βœ… Rule trigger notification metadata - βœ… Rule state change notifications (enable/disable) - βœ… Multiple rule trigger notifications from single event - βœ… Rule criteria evaluation tracking - βœ… Enforcement creation notification --- ## Remaining Scenarios (4 scenarios, ~4 tests) ### LOW Priority (4 remaining) - [ ] **T3.6**: Sensor-generated custom events - [ ] **T3.12**: Worker crash recovery - [ ] **T3.19**: Dependency conflict isolation (virtualenv) - [ ] **T3.22**: Additional edge cases (TBD) --- ## Quick Commands ### Run All Tier 3 Tests ```bash cd tests pytest e2e/tier3/ -v ``` ### Run by Category ```bash # Security tests (secrets + RBAC) pytest -m security e2e/tier3/ -v # HTTP runner tests pytest -m http -v # Parameter validation tests pytest -m validation -v # Edge cases pytest -m edge_case -v # All webhook tests pytest -m webhook e2e/tier3/ -v ``` ### Run Specific Test ```bash # Secret injection (most important security test) pytest e2e/tier3/test_t3_20_secret_injection.py::test_secret_injection_via_stdin -v # RBAC viewer permissions pytest e2e/tier3/test_t3_10_rbac.py::test_viewer_role_permissions -v # HTTP GET request pytest e2e/tier3/test_t3_18_http_runner.py::test_http_runner_basic_get -v ``` ### Run with Output ```bash # Show print statements pytest e2e/tier3/ -v -s # Stop on first failure pytest e2e/tier3/ -v -x # Run specific marker with output pytest -m secrets -v -s ``` --- ## Test Markers Use pytest markers to run specific test categories: - `@pytest.mark.tier3` - All Tier 3 tests - `@pytest.mark.security` - Security and RBAC tests - `@pytest.mark.secrets` - Secret management tests - `@pytest.mark.rbac` - Role-based access control - `@pytest.mark.http` - HTTP runner tests - `@pytest.mark.runner` - Action runner tests - `@pytest.mark.validation` - Parameter validation - `@pytest.mark.parameters` - Parameter handling - `@pytest.mark.edge_case` - Edge cases - `@pytest.mark.webhook` - Webhook tests - `@pytest.mark.rules` - Rule evaluation tests - `@pytest.mark.timer` - Timer tests - `@pytest.mark.criteria` - Rule criteria tests - `@pytest.mark.multi_tenant` - Multi-tenancy tests - `@pytest.mark.packs` - Pack management tests - `@pytest.mark.notifications` - Notification system tests - `@pytest.mark.websocket` - WebSocket tests (skipped - pending infrastructure) - `@pytest.mark.container` - Container runner tests - `@pytest.mark.logs` - Log capture and size tests - `@pytest.mark.limits` - Resource and size limit tests - `@pytest.mark.orchestration` - Advanced workflow orchestration tests --- ## Prerequisites ### Services Required 1. PostgreSQL (port 5432) 2. RabbitMQ (port 5672) 3. attune-api (port 8080) 4. attune-executor 5. attune-worker 6. attune-sensor 7. attune-notifier (for notification tests) ### External Dependencies - **HTTP tests**: Internet access (uses httpbin.org) - **Container tests**: Docker daemon running - **Notification tests**: Notifier service running - **Secret tests**: Encryption key configured --- ## Test Patterns ### Common Test Structure ```python def test_feature(client: AttuneClient, test_pack): """Test description""" print("\n" + "=" * 80) print("TEST: Feature Name") print("=" * 80) # Step 1: Setup print("\n[STEP 1] Setting up...") # Create resources # Step 2: Execute print("\n[STEP 2] Executing...") # Trigger action # Step 3: Verify print("\n[STEP 3] Verifying...") # Check results # Summary print("\n" + "=" * 80) print("SUMMARY") print("=" * 80) # Print results # Assertions assert condition, "Error message" ``` ### Polling Pattern ```python from helpers.polling import wait_for_execution_status final_exec = wait_for_execution_status( client=client, execution_id=execution_id, expected_status="succeeded", timeout=20, ) ``` ### Secret Testing Pattern ```python # Create secret secret_response = client.create_secret( key="api_key", value="secret_value", encrypted=True ) # Use secret in action execution_data = { "action": action_ref, "parameters": {}, "secrets": ["api_key"] } ``` --- ## Troubleshooting ### Test Failures **Secret injection test fails:** - Check if worker is passing secrets via stdin - Verify encryption key is configured - Check worker logs for secret handling **RBAC test fails:** - RBAC may not be fully implemented yet - Tests use `pytest.skip()` for unavailable features - Check if role-based registration is available **HTTP runner test fails:** - Verify internet access (uses httpbin.org) - Check if HTTP runner is implemented - Verify proxy settings if behind firewall **Parameter validation test fails:** - Check if parameter validation is implemented - Verify error messages are clear - Check executor parameter handling ### Common Issues **Timeouts:** - Increase timeout values in polling functions - Check if services are running and responsive - Verify network connectivity **Import Errors:** - Run `pip install -r requirements-test.txt` - Check Python path includes test helpers **Authentication Errors:** - Check if test user credentials are correct - Verify JWT_SECRET is configured - Check API service logs --- ## Contributing ### Adding New Tests 1. Create test file: `test_t3_XX_feature_name.py` 2. Add docstring with scenario number and description 3. Use consistent test structure (steps, summary, assertions) 4. Add appropriate pytest markers 5. Update this README with test information 6. Update `E2E_TESTS_COMPLETE.md` with completion status ### Test Writing Guidelines - βœ… Clear step-by-step output for debugging - βœ… Comprehensive assertions with descriptive messages - βœ… Summary section at end of each test - βœ… Handle unimplemented features gracefully (pytest.skip) - βœ… Use unique references to avoid conflicts - βœ… Clean up resources when possible - βœ… Document expected behavior in docstrings --- ## Statistics **Completed**: 17/21 scenarios (81%) **Test Functions**: 56 **Lines of Code**: ~8,700 **Average Duration**: ~240 seconds total **Priority Status:** - HIGH: 5/5 complete (100%) βœ… - MEDIUM: 11/11 complete (100%) βœ… - LOW: 1/5 complete (20%) πŸ”„ --- ## References - **Test Plan**: `docs/e2e-test-plan.md` - **Complete Report**: `tests/E2E_TESTS_COMPLETE.md` - **Helpers**: `tests/helpers/` - **Tier 1 Tests**: `tests/e2e/tier1/` - **Tier 2 Tests**: `tests/e2e/tier2/` --- **Last Updated**: 2026-01-21 **Status**: πŸ”„ IN PROGRESS (17/21 scenarios, 81%) **Next**: T3.6 (Custom events), T3.12 (Crash recovery), T3.19 (Dependency isolation)