Merge all changes

2026-01-08 08:54:27 +02:00
parent 589de352c2
commit 110591d6bf
381 changed files with 2237 additions and 1939 deletions
--- a/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/Security/StandardCredentialAuditLoggerTests.cs
+++ b/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/Security/StandardCredentialAuditLoggerTests.cs
@@ -39,7 +39,7 @@ public class StandardCredentialAuditLoggerTests
            failureCode: null,
            reason: null,
            properties: Array.Empty<AuthEventProperty>(),
-            CancellationToken.None);
+            TestContext.Current.CancellationToken);

        var record = Assert.Single(sink.Records);
        Assert.Equal("authority.plugin.standard.password_verification", record.EventType);
@@ -92,7 +92,7 @@ public class StandardCredentialAuditLoggerTests
            failureCode: AuthorityCredentialFailureCode.InvalidCredentials,
            reason: "Invalid credentials.",
            properties,
-            CancellationToken.None);
+            TestContext.Current.CancellationToken);

        var record = Assert.Single(sink.Records);
        Assert.Equal(AuthEventOutcome.Failure, record.Outcome);
@@ -147,7 +147,7 @@ public class StandardCredentialAuditLoggerTests
            failureCode: AuthorityCredentialFailureCode.LockedOut,
            reason: "Account locked.",
            properties,
-            CancellationToken.None);
+            TestContext.Current.CancellationToken);

        var record = Assert.Single(sink.Records);
        Assert.Equal(AuthEventOutcome.LockedOut, record.Outcome);
@@ -189,7 +189,7 @@ public class StandardCredentialAuditLoggerTests
            failureCode: AuthorityCredentialFailureCode.RequiresMfa,
            reason: "MFA required.",
            properties: null,
-            CancellationToken.None);
+            TestContext.Current.CancellationToken);

        var record = Assert.Single(sink.Records);
        var property = Assert.Single(record.Properties);
--- a/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/StandardClaimsEnricherTests.cs
+++ b/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/StandardClaimsEnricherTests.cs
@@ -43,7 +43,7 @@ public class StandardClaimsEnricherTests
        var identity = new ClaimsIdentity();
        var enricher = new StandardClaimsEnricher();

-        await enricher.EnrichAsync(identity, context, CancellationToken.None);
+        await enricher.EnrichAsync(identity, context, TestContext.Current.CancellationToken);

        Assert.Contains(identity.Claims, claim => claim.Type == ClaimTypes.Role && claim.Value == "admin");
        Assert.Contains(identity.Claims, claim => claim.Type == ClaimTypes.Role && claim.Value == "ops");
--- a/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/StandardClientProvisioningStoreTests.cs
+++ b/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/StandardClientProvisioningStoreTests.cs
@@ -32,7 +32,7 @@ public class StandardClientProvisioningStoreTests
            allowedGrantTypes: new[] { "client_credentials" },
            allowedScopes: new[] { "scopeA" });

-        var result = await provisioning.CreateOrUpdateAsync(registration, CancellationToken.None);
+        var result = await provisioning.CreateOrUpdateAsync(registration, TestContext.Current.CancellationToken);

        Assert.True(result.Succeeded);
        Assert.True(store.Documents.TryGetValue("bootstrap-client", out var document));
@@ -40,7 +40,7 @@ public class StandardClientProvisioningStoreTests
        Assert.Equal(AuthoritySecretHasher.ComputeHash("SuperSecret1!"), document!.SecretHash);
        Assert.Equal("standard", document.Plugin);

-        var descriptor = await provisioning.FindByClientIdAsync("bootstrap-client", CancellationToken.None);
+        var descriptor = await provisioning.FindByClientIdAsync("bootstrap-client", TestContext.Current.CancellationToken);
        Assert.NotNull(descriptor);
        Assert.Equal("bootstrap-client", descriptor!.ClientId);
        Assert.True(descriptor.Confidential);
@@ -65,13 +65,13 @@ public class StandardClientProvisioningStoreTests
            allowedScopes: new[] { "scopeA" },
            tenant: " Tenant-Alpha " );

-        await provisioning.CreateOrUpdateAsync(registration, CancellationToken.None);
+        await provisioning.CreateOrUpdateAsync(registration, TestContext.Current.CancellationToken);

        Assert.True(store.Documents.TryGetValue("tenant-client", out var document));
        Assert.NotNull(document);
        Assert.Equal("tenant-alpha", document!.Properties[AuthorityClientMetadataKeys.Tenant]);

-        var descriptor = await provisioning.FindByClientIdAsync("tenant-client", CancellationToken.None);
+        var descriptor = await provisioning.FindByClientIdAsync("tenant-client", TestContext.Current.CancellationToken);
        Assert.NotNull(descriptor);
        Assert.Equal("tenant-alpha", descriptor!.Tenant);
    }
@@ -92,14 +92,14 @@ public class StandardClientProvisioningStoreTests
            allowedScopes: new[] { "signer.sign" },
            allowedAudiences: new[] { "attestor", "signer" });

-        var result = await provisioning.CreateOrUpdateAsync(registration, CancellationToken.None);
+        var result = await provisioning.CreateOrUpdateAsync(registration, TestContext.Current.CancellationToken);

        Assert.True(result.Succeeded);
        Assert.True(store.Documents.TryGetValue("signer", out var document));
        Assert.NotNull(document);
        Assert.Equal("attestor signer", document!.Properties[AuthorityClientMetadataKeys.Audiences]);

-        var descriptor = await provisioning.FindByClientIdAsync("signer", CancellationToken.None);
+        var descriptor = await provisioning.FindByClientIdAsync("signer", TestContext.Current.CancellationToken);
        Assert.NotNull(descriptor);
        Assert.Equal(new[] { "attestor", "signer" }, descriptor!.AllowedAudiences.OrderBy(value => value, StringComparer.Ordinal));
    }
@@ -132,7 +132,7 @@ public class StandardClientProvisioningStoreTests
            allowedAudiences: new[] { "signer" },
            certificateBindings: new[] { bindingRegistration });

-        await provisioning.CreateOrUpdateAsync(registration, CancellationToken.None);
+        await provisioning.CreateOrUpdateAsync(registration, TestContext.Current.CancellationToken);

        Assert.True(store.Documents.TryGetValue("mtls-client", out var document));
        Assert.NotNull(document);
@@ -164,9 +164,9 @@ public class StandardClientProvisioningStoreTests
            allowedGrantTypes: new[] { "client_credentials" },
            allowedScopes: new[] { "scopeA" });

-        await provisioning.CreateOrUpdateAsync(registration, CancellationToken.None);
+        await provisioning.CreateOrUpdateAsync(registration, TestContext.Current.CancellationToken);

-        var result = await provisioning.DeleteAsync("delete-me", CancellationToken.None);
+        var result = await provisioning.DeleteAsync("delete-me", TestContext.Current.CancellationToken);

        Assert.True(result.Succeeded);
        Assert.False(store.Documents.ContainsKey("delete-me"));
--- a/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/StandardIdentityProviderPluginTests.cs
+++ b/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/StandardIdentityProviderPluginTests.cs
@@ -58,7 +58,7 @@ public class StandardIdentityProviderPluginTests
            new StandardClaimsEnricher(),
            NullLogger<StandardIdentityProviderPlugin>.Instance);

-        var health = await plugin.CheckHealthAsync(CancellationToken.None);
+        var health = await plugin.CheckHealthAsync(TestContext.Current.CancellationToken);

        Assert.Equal(AuthorityPluginHealthStatus.Healthy, health.Status);
    }
--- a/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/StandardPluginBootstrapperTests.cs
+++ b/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/StandardPluginBootstrapperTests.cs
@@ -67,7 +67,7 @@ public class StandardPluginBootstrapperTests
        using var provider = services.BuildServiceProvider();
        var bootstrapper = provider.GetRequiredService<StandardPluginBootstrapper>();

-        var exception = await Record.ExceptionAsync(() => bootstrapper.StartAsync(CancellationToken.None));
+        var exception = await Record.ExceptionAsync(() => bootstrapper.StartAsync(TestContext.Current.CancellationToken));

        Assert.Null(exception);
    }
--- a/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/StandardUserCredentialStoreTests.cs
+++ b/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard.Tests/StandardUserCredentialStoreTests.cs
@@ -228,6 +228,7 @@ public class StandardUserCredentialStoreTests : IAsyncLifetime

        var updated = await store.UpsertUserAsync(update, CancellationToken.None);
        Assert.True(updated.Succeeded);
+        Assert.NotNull(updated.Value);
        Assert.Contains("editor", updated.Value.Roles);
        Assert.Contains("admin", updated.Value.Roles);
        Assert.Equal("us", updated.Value.Attributes["region"]);
@@ -250,6 +251,7 @@ public class StandardUserCredentialStoreTests : IAsyncLifetime

        var created = await store.UpsertUserAsync(registration, CancellationToken.None);
        Assert.True(created.Succeeded);
+        Assert.NotNull(created.Value);

        var found = await store.FindBySubjectAsync(created.Value.SubjectId, CancellationToken.None);
        Assert.NotNull(found);