work

2025-11-23 23:40:10 +02:00
parent c13355923f
commit 029002ad05
93 changed files with 2160 additions and 285 deletions
--- a/src/Scanner/__Tests/StellaOps.Scanner.Surface.Secrets.Tests/SurfaceSecretsServiceCollectionExtensionsTests.cs
+++ b/src/Scanner/__Tests/StellaOps.Scanner.Surface.Secrets.Tests/SurfaceSecretsServiceCollectionExtensionsTests.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Threading.Tasks;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using StellaOps.Scanner.Surface.Env;
@@ -23,6 +24,31 @@ namespace StellaOps.Scanner.Surface.Secrets.Tests
            Assert.NotNull(secretProvider);
        }

+        [Fact]
+        public async Task AddSurfaceSecrets_UsesFallbackProvider_WhenPrimaryCannotResolve()
+        {
+            const string key = "SURFACE_SECRET_TENANT_COMPONENT_REGISTRY_DEFAULT";
+            Environment.SetEnvironmentVariable(key, Convert.ToBase64String(new byte[] { 9, 9, 9 }));
+
+            var services = new ServiceCollection();
+            services.AddSingleton<ISurfaceEnvironment>(_ => new TestSurfaceEnvironmentWithFallback());
+            services.AddLogging(builder => builder.ClearProviders());
+            services.AddSurfaceSecrets();
+
+            await using var provider = services.BuildServiceProvider();
+            var secretProvider = provider.GetRequiredService<ISurfaceSecretProvider>();
+            var handle = await secretProvider.GetAsync(new SurfaceSecretRequest("tenant", "component", "registry"));
+            try
+            {
+                Assert.Equal(new byte[] { 9, 9, 9 }, handle.AsBytes().ToArray());
+            }
+            finally
+            {
+                handle.Dispose();
+                Environment.SetEnvironmentVariable(key, null);
+            }
+        }
+
        private sealed class TestSurfaceEnvironment : ISurfaceEnvironment
        {
            public SurfaceEnvironmentSettings Settings { get; }
@@ -48,5 +74,32 @@ namespace StellaOps.Scanner.Surface.Secrets.Tests
                RawVariables = new Dictionary<string, string>();
            }
        }
+
+        private sealed class TestSurfaceEnvironmentWithFallback : ISurfaceEnvironment
+        {
+            public SurfaceEnvironmentSettings Settings { get; }
+            public IReadOnlyDictionary<string, string> RawVariables { get; }
+
+            public TestSurfaceEnvironmentWithFallback()
+            {
+                var root = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName());
+                Settings = new SurfaceEnvironmentSettings(
+                    new Uri("https://surface.example"),
+                    "surface",
+                    null,
+                    new DirectoryInfo(Path.GetTempPath()),
+                    1024,
+                    false,
+                    Array.Empty<string>(),
+                    new SurfaceSecretsConfiguration("kubernetes", "tenant", Root: root, Namespace: "ns", FallbackProvider: "inline", AllowInline: true),
+                    "tenant",
+                    new SurfaceTlsConfiguration(null, null, null))
+                {
+                    CreatedAtUtc = DateTimeOffset.UtcNow
+                };
+
+                RawVariables = new Dictionary<string, string>();
+            }
+        }
    }
 }