Initial commit (history squashed)

src/StellaOps.Configuration.Tests/AuthorityPluginConfigurationLoaderTests.cs

@@ -0,0 +1,126 @@
+using System;
+using System.IO;
+using StellaOps.Authority.Plugins.Abstractions;
+using StellaOps.Configuration;
+using Xunit;
+
+namespace StellaOps.Configuration.Tests;
+
+public class AuthorityPluginConfigurationLoaderTests : IDisposable
+{
+    private readonly string tempRoot;
+
+    public AuthorityPluginConfigurationLoaderTests()
+    {
+        tempRoot = Path.Combine(Path.GetTempPath(), "authority-plugin-tests", Guid.NewGuid().ToString("N"));
+        Directory.CreateDirectory(tempRoot);
+    }
+
+    [Fact]
+    public void Load_ReturnsConfiguration_ForEnabledPlugin()
+    {
+        var pluginDir = Path.Combine(tempRoot, "etc", "authority.plugins");
+        Directory.CreateDirectory(pluginDir);
+
+        var standardConfigPath = Path.Combine(pluginDir, "standard.yaml");
+        File.WriteAllText(standardConfigPath, "secretKey: value");
+
+        var options = CreateOptions();
+        options.Plugins.ConfigurationDirectory = "etc/authority.plugins";
+        options.Plugins.Descriptors["standard"] = new AuthorityPluginDescriptorOptions
+        {
+            AssemblyName = "StellaOps.Authority.Plugin.Standard",
+            Enabled = true
+        };
+
+        options.Validate();
+
+        var contexts = AuthorityPluginConfigurationLoader.Load(options, tempRoot);
+        var context = Assert.Single(contexts);
+        Assert.Equal("standard", context.Manifest.Name);
+        Assert.Equal("value", context.Configuration["secretKey"]);
+        Assert.True(context.Manifest.Enabled);
+    }
+
+    [Fact]
+    public void Load_Throws_WhenEnabledConfigMissing()
+    {
+        var options = CreateOptions();
+        options.Plugins.ConfigurationDirectory = "etc/authority.plugins";
+        options.Plugins.Descriptors["standard"] = new AuthorityPluginDescriptorOptions
+        {
+            AssemblyName = "StellaOps.Authority.Plugin.Standard",
+            Enabled = true
+        };
+
+        options.Validate();
+
+        var ex = Assert.Throws<FileNotFoundException>(() =>
+            AuthorityPluginConfigurationLoader.Load(options, tempRoot));
+
+        Assert.Contains("standard.yaml", ex.FileName, StringComparison.OrdinalIgnoreCase);
+    }
+
+    [Fact]
+    public void Load_SkipsMissingFile_ForDisabledPlugin()
+    {
+        var options = CreateOptions();
+        options.Plugins.ConfigurationDirectory = "etc/authority.plugins";
+        options.Plugins.Descriptors["ldap"] = new AuthorityPluginDescriptorOptions
+        {
+            AssemblyName = "StellaOps.Authority.Plugin.Ldap",
+            Enabled = false,
+            ConfigFile = "ldap.yaml"
+        };
+
+        options.Validate();
+
+        var contexts = AuthorityPluginConfigurationLoader.Load(options, tempRoot);
+        var context = Assert.Single(contexts);
+        Assert.False(context.Manifest.Enabled);
+        Assert.Equal("ldap", context.Manifest.Name);
+        Assert.Null(context.Configuration["connection:host"]);
+    }
+
+    [Fact]
+    public void Validate_ThrowsForUnknownCapability()
+    {
+        var options = CreateOptions();
+        options.Plugins.Descriptors["standard"] = new AuthorityPluginDescriptorOptions
+        {
+            AssemblyName = "StellaOps.Authority.Plugin.Standard",
+            Enabled = true
+        };
+        options.Plugins.Descriptors["standard"].Capabilities.Add("custom-flow");
+
+        var ex = Assert.Throws<InvalidOperationException>(() => options.Validate());
+        Assert.Contains("unknown capability", ex.Message, StringComparison.OrdinalIgnoreCase);
+    }
+
+    public void Dispose()
+    {
+        try
+        {
+            if (Directory.Exists(tempRoot))
+            {
+                Directory.Delete(tempRoot, recursive: true);
+            }
+        }
+        catch
+        {
+            // ignore cleanup failures in test environment
+        }
+    }
+
+    private static StellaOpsAuthorityOptions CreateOptions()
+    {
+        var options = new StellaOpsAuthorityOptions
+        {
+            Issuer = new Uri("https://authority.stella-ops.test"),
+            SchemaVersion = 1
+        };
+
+        options.Storage.ConnectionString = "mongodb://localhost:27017/authority_test";
+        return options;
+    }
+}

src/StellaOps.Configuration.Tests/AuthorityTelemetryTests.cs

@@ -0,0 +1,24 @@
+using StellaOps.Auth;
+using Xunit;
+
+namespace StellaOps.Configuration.Tests;
+
+public class AuthorityTelemetryTests
+{
+    [Fact]
+    public void ServiceName_AndNamespace_MatchExpectations()
+    {
+        Assert.Equal("stellaops-authority", AuthorityTelemetry.ServiceName);
+        Assert.Equal("stellaops", AuthorityTelemetry.ServiceNamespace);
+    }
+
+    [Fact]
+    public void BuildDefaultResourceAttributes_ContainsExpectedKeys()
+    {
+        var attributes = AuthorityTelemetry.BuildDefaultResourceAttributes();
+
+        Assert.Equal("stellaops-authority", attributes["service.name"]);
+        Assert.Equal("stellaops", attributes["service.namespace"]);
+        Assert.False(string.IsNullOrWhiteSpace(attributes["service.version"]?.ToString()));
+    }
+}

src/StellaOps.Configuration.Tests/StellaOps.Configuration.Tests.csproj

@@ -0,0 +1,11 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+  <ItemGroup>
+    <ProjectReference Include="../StellaOps.Configuration/StellaOps.Configuration.csproj" />
+    <ProjectReference Include="../StellaOps.Authority/StellaOps.Auth.Abstractions/StellaOps.Auth.Abstractions.csproj" />
+  </ItemGroup>
+</Project>

src/StellaOps.Configuration.Tests/StellaOpsAuthorityOptionsTests.cs

@@ -0,0 +1,148 @@
+using System;
+using System.Collections.Generic;
+using Microsoft.Extensions.Configuration;
+using StellaOps.Configuration;
+using Xunit;
+
+namespace StellaOps.Configuration.Tests;
+
+public class StellaOpsAuthorityOptionsTests
+{
+    [Fact]
+    public void Validate_Throws_When_IssuerMissing()
+    {
+        var options = new StellaOpsAuthorityOptions();
+
+        var exception = Assert.Throws<InvalidOperationException>(() => options.Validate());
+
+        Assert.Contains("issuer", exception.Message, StringComparison.OrdinalIgnoreCase);
+    }
+
+    [Fact]
+    public void Validate_Normalises_Collections()
+    {
+        var options = new StellaOpsAuthorityOptions
+        {
+            Issuer = new Uri("https://authority.stella-ops.test"),
+            SchemaVersion = 1
+        };
+        options.Storage.ConnectionString = "mongodb://localhost:27017/authority";
+
+        options.PluginDirectories.Add("  ./plugins ");
+        options.PluginDirectories.Add("./plugins");
+        options.PluginDirectories.Add("./other");
+
+        options.BypassNetworks.Add(" 10.0.0.0/24 ");
+        options.BypassNetworks.Add("10.0.0.0/24");
+        options.BypassNetworks.Add("192.168.0.0/16");
+
+        options.Validate();
+
+        Assert.Equal(new[] { "./plugins", "./other" }, options.PluginDirectories);
+        Assert.Equal(new[] { "10.0.0.0/24", "192.168.0.0/16" }, options.BypassNetworks);
+    }
+
+    [Fact]
+    public void Validate_Normalises_PluginDescriptors()
+    {
+        var options = new StellaOpsAuthorityOptions
+        {
+            Issuer = new Uri("https://authority.stella-ops.test"),
+            SchemaVersion = 1
+        };
+        options.Storage.ConnectionString = "mongodb://localhost:27017/authority";
+
+        var descriptor = new AuthorityPluginDescriptorOptions
+        {
+            AssemblyName = "StellaOps.Authority.Plugin.Standard",
+            ConfigFile = "  standard.yaml  ",
+            Enabled = true
+        };
+
+        descriptor.Capabilities.Add("password");
+        descriptor.Capabilities.Add("PASSWORD");
+        options.Plugins.Descriptors["standard"] = descriptor;
+
+        options.Validate();
+
+        var normalized = options.Plugins.Descriptors["standard"];
+        Assert.Equal("standard.yaml", normalized.ConfigFile);
+        Assert.Single(normalized.Capabilities);
+        Assert.Equal("password", normalized.Capabilities[0]);
+    }
+
+    [Fact]
+    public void Validate_Throws_When_StorageConnectionStringMissing()
+    {
+        var options = new StellaOpsAuthorityOptions
+        {
+            Issuer = new Uri("https://authority.stella-ops.test"),
+            SchemaVersion = 1
+        };
+
+        var exception = Assert.Throws<InvalidOperationException>(() => options.Validate());
+
+        Assert.Contains("Mongo connection string", exception.Message, StringComparison.OrdinalIgnoreCase);
+    }
+
+    [Fact]
+    public void Build_Binds_From_Configuration()
+    {
+        var context = StellaOpsAuthorityConfiguration.Build(options =>
+        {
+            options.ConfigureBuilder = builder =>
+            {
+                builder.AddInMemoryCollection(new Dictionary<string, string?>
+                {
+                    ["Authority:SchemaVersion"] = "2",
+                    ["Authority:Issuer"] = "https://authority.internal",
+                    ["Authority:AccessTokenLifetime"] = "00:30:00",
+                    ["Authority:RefreshTokenLifetime"] = "30.00:00:00",
+                    ["Authority:Storage:ConnectionString"] = "mongodb://example/stellaops",
+                    ["Authority:Storage:DatabaseName"] = "overrideDb",
+                    ["Authority:Storage:CommandTimeout"] = "00:01:30",
+                    ["Authority:PluginDirectories:0"] = "/var/lib/stellaops/plugins",
+                    ["Authority:BypassNetworks:0"] = "127.0.0.1/32",
+                    ["Authority:Security:RateLimiting:Token:PermitLimit"] = "25",
+                    ["Authority:Security:RateLimiting:Token:Window"] = "00:00:30",
+                    ["Authority:Security:RateLimiting:Authorize:Enabled"] = "true",
+                    ["Authority:Security:RateLimiting:Internal:Enabled"] = "true",
+                    ["Authority:Security:RateLimiting:Internal:PermitLimit"] = "3"
+                });
+            };
+        });
+
+        var options = context.Options;
+
+        Assert.Equal(2, options.SchemaVersion);
+        Assert.Equal(new Uri("https://authority.internal"), options.Issuer);
+        Assert.Equal(TimeSpan.FromMinutes(30), options.AccessTokenLifetime);
+        Assert.Equal(TimeSpan.FromDays(30), options.RefreshTokenLifetime);
+        Assert.Equal(new[] { "/var/lib/stellaops/plugins" }, options.PluginDirectories);
+        Assert.Equal(new[] { "127.0.0.1/32" }, options.BypassNetworks);
+        Assert.Equal("mongodb://example/stellaops", options.Storage.ConnectionString);
+        Assert.Equal("overrideDb", options.Storage.DatabaseName);
+        Assert.Equal(TimeSpan.FromMinutes(1.5), options.Storage.CommandTimeout);
+        Assert.Equal(25, options.Security.RateLimiting.Token.PermitLimit);
+        Assert.Equal(TimeSpan.FromSeconds(30), options.Security.RateLimiting.Token.Window);
+        Assert.True(options.Security.RateLimiting.Authorize.Enabled);
+        Assert.True(options.Security.RateLimiting.Internal.Enabled);
+        Assert.Equal(3, options.Security.RateLimiting.Internal.PermitLimit);
+    }
+
+    [Fact]
+    public void Validate_Throws_When_RateLimitingInvalid()
+    {
+        var options = new StellaOpsAuthorityOptions
+        {
+            Issuer = new Uri("https://authority.stella-ops.test"),
+            SchemaVersion = 1
+        };
+        options.Storage.ConnectionString = "mongodb://localhost:27017/authority";
+        options.Security.RateLimiting.Token.PermitLimit = 0;
+
+        var exception = Assert.Throws<InvalidOperationException>(() => options.Validate());
+
+        Assert.Contains("permitLimit", exception.Message, StringComparison.OrdinalIgnoreCase);
+    }
+}