logaritmisk/biggus-dickus
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

test(db): assert audit_log mutations fail via the immutability trigger

Browse Source
This commit is contained in:
Anders Olsson
2026-06-02 08:01:28 +02:00
parent 45aea6b702
commit 86a3a8a47c
1 changed files with 28 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crates/db/tests/audit_immutability.rs
+28 -14
View File
@@ -29,23 +29,37 @@ async fn update_delete_truncate_are_rejected(pool: PgPool) {
// Each failing statement poisons its connection (Postgres enters aborted-transaction
// state). Acquire a fresh connection per statement so later assertions are independent.
let updated = sqlx::query("UPDATE audit_log SET action = 'deleted'")
let update_err = sqlx::query("UPDATE audit_log SET action = 'deleted'")
.execute(db.pool())
.await;
assert!(updated.is_err(), "UPDATE must be rejected by the trigger");
let deleted = sqlx::query("DELETE FROM audit_log")
.execute(db.pool())
.await;
assert!(deleted.is_err(), "DELETE must be rejected by the trigger");
let truncated = sqlx::query("TRUNCATE audit_log").execute(db.pool()).await;
.await
.unwrap_err()
.to_string();
assert!(
truncated.is_err(),
"TRUNCATE must be rejected by the trigger"
update_err.contains("audit_log is append-only"),
"UPDATE must be rejected by the trigger, got: {update_err}"
);
let delete_err = sqlx::query("DELETE FROM audit_log")
.execute(db.pool())
.await
.unwrap_err()
.to_string();
assert!(
delete_err.contains("audit_log is append-only"),
"DELETE must be rejected by the trigger, got: {delete_err}"
);
let truncate_err = sqlx::query("TRUNCATE audit_log")
.execute(db.pool())
.await
.unwrap_err()
.to_string();
assert!(
truncate_err.contains("audit_log is append-only"),
"TRUNCATE must be rejected by the trigger, got: {truncate_err}"
);
assert_eq!(count(db.pool()).await, 1, "the row is still there");