stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Add OpenSslLegacyShim to ensure OpenSSL 1.1 libraries are accessible on Linux
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
This commit introduces the OpenSslLegacyShim class, which sets the LD_LIBRARY_PATH environment variable to include the directory containing OpenSSL 1.1 native libraries. This is necessary for Mongo2Go to function correctly on Linux platforms that do not ship these libraries by default. The shim checks if the current operating system is Linux and whether the required directory exists before modifying the environment variable.
This commit is contained in:
master
2025-11-02 21:41:03 +02:00
parent f98cea3bcf
commit 1d962ee6fc
71 changed files with 3675 additions and 1255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/Cli/StellaOps.Cli/Configuration/AuthorityTokenUtilities.cs
View File

@@ -33,22 +33,32 @@ internal static class AuthorityTokenUtilities
var cacheKey = $"{options.Authority.Url}|{credential}|{scope}";
if (!string.IsNullOrWhiteSpace(scope) && scope.Contains("orch:operate", StringComparison.OrdinalIgnoreCase))
{
var reasonHash = HashOperatorMetadata(options.Authority.OperatorReason);
var ticketHash = HashOperatorMetadata(options.Authority.OperatorTicket);
cacheKey = $"{cacheKey}|op_reason:{reasonHash}|op_ticket:{ticketHash}";
}
return cacheKey;
}
private static string HashOperatorMetadata(string value)
{
if (string.IsNullOrWhiteSpace(value))
{
return "none";
}
if (!string.IsNullOrWhiteSpace(scope))
{
if (scope.Contains("orch:operate", StringComparison.OrdinalIgnoreCase))
{
var reasonHash = HashMetadata(options.Authority.OperatorReason);
var ticketHash = HashMetadata(options.Authority.OperatorTicket);
cacheKey = $"{cacheKey}|op_reason:{reasonHash}|op_ticket:{ticketHash}";
}
if (scope.Contains("orch:backfill", StringComparison.OrdinalIgnoreCase))
{
var reasonHash = HashMetadata(options.Authority.BackfillReason);
var ticketHash = HashMetadata(options.Authority.BackfillTicket);
cacheKey = $"{cacheKey}|bf_reason:{reasonHash}|bf_ticket:{ticketHash}";
}
}
return cacheKey;
}
private static string HashMetadata(string? value)
{
if (string.IsNullOrWhiteSpace(value))
{
return "none";
}
var trimmed = value.Trim();
var bytes = Encoding.UTF8.GetBytes(trimmed);

48
src/Cli/StellaOps.Cli/Configuration/CliBootstrapper.cs
View File

@@ -111,28 +111,44 @@ public static class CliBootstrapper
"StellaOps:Authority:OperatorReason",
"Authority:OperatorReason");
authority.OperatorTicket = ResolveWithFallback(
authority.OperatorTicket,
configuration,
"STELLAOPS_ORCH_TICKET",
"StellaOps:Authority:OperatorTicket",
"Authority:OperatorTicket");
authority.TokenCacheDirectory = ResolveWithFallback(
authority.TokenCacheDirectory,
configuration,
"STELLAOPS_AUTHORITY_TOKEN_CACHE_DIR",
"StellaOps:Authority:TokenCacheDirectory",
authority.OperatorTicket = ResolveWithFallback(
authority.OperatorTicket,
configuration,
"STELLAOPS_ORCH_TICKET",
"StellaOps:Authority:OperatorTicket",
"Authority:OperatorTicket");
authority.BackfillReason = ResolveWithFallback(
authority.BackfillReason,
configuration,
"STELLAOPS_ORCH_BACKFILL_REASON",
"StellaOps:Authority:BackfillReason",
"Authority:BackfillReason");
authority.BackfillTicket = ResolveWithFallback(
authority.BackfillTicket,
configuration,
"STELLAOPS_ORCH_BACKFILL_TICKET",
"StellaOps:Authority:BackfillTicket",
"Authority:BackfillTicket");
authority.TokenCacheDirectory = ResolveWithFallback(
authority.TokenCacheDirectory,
configuration,
"STELLAOPS_AUTHORITY_TOKEN_CACHE_DIR",
"StellaOps:Authority:TokenCacheDirectory",
"Authority:TokenCacheDirectory");
authority.Url = authority.Url?.Trim() ?? string.Empty;
authority.ClientId = authority.ClientId?.Trim() ?? string.Empty;
authority.ClientSecret = string.IsNullOrWhiteSpace(authority.ClientSecret) ? null : authority.ClientSecret.Trim();
authority.Username = authority.Username?.Trim() ?? string.Empty;
authority.Password = string.IsNullOrWhiteSpace(authority.Password) ? null : authority.Password.Trim();
authority.Scope = string.IsNullOrWhiteSpace(authority.Scope) ? StellaOpsScopes.ConcelierJobsTrigger : authority.Scope.Trim();
authority.OperatorReason = authority.OperatorReason?.Trim() ?? string.Empty;
authority.OperatorTicket = authority.OperatorTicket?.Trim() ?? string.Empty;
authority.Password = string.IsNullOrWhiteSpace(authority.Password) ? null : authority.Password.Trim();
authority.Scope = string.IsNullOrWhiteSpace(authority.Scope) ? StellaOpsScopes.ConcelierJobsTrigger : authority.Scope.Trim();
authority.OperatorReason = authority.OperatorReason?.Trim() ?? string.Empty;
authority.OperatorTicket = authority.OperatorTicket?.Trim() ?? string.Empty;
authority.BackfillReason = authority.BackfillReason?.Trim() ?? string.Empty;
authority.BackfillTicket = authority.BackfillTicket?.Trim() ?? string.Empty;
authority.Resilience ??= new StellaOpsCliAuthorityResilienceOptions();
authority.Resilience.RetryDelays ??= new List<TimeSpan>();

14
src/Cli/StellaOps.Cli/Configuration/StellaOpsCliOptions.cs
View File

@@ -46,11 +46,15 @@ public sealed class StellaOpsCliAuthorityOptions
public string Scope { get; set; } = StellaOpsScopes.ConcelierJobsTrigger;
public string OperatorReason { get; set; } = string.Empty;
public string OperatorTicket { get; set; } = string.Empty;
public string TokenCacheDirectory { get; set; } = string.Empty;
public string OperatorReason { get; set; } = string.Empty;
public string OperatorTicket { get; set; } = string.Empty;
public string BackfillReason { get; set; } = string.Empty;
public string BackfillTicket { get; set; } = string.Empty;
public string TokenCacheDirectory { get; set; } = string.Empty;
public StellaOpsCliAuthorityResilienceOptions Resilience { get; set; } = new();
}

52
src/Cli/StellaOps.Cli/Services/BackendOperationsClient.cs
View File

@@ -31,6 +31,8 @@ internal sealed class BackendOperationsClient : IBackendOperationsClient
private const string OperatorReasonParameterName = "operator_reason";
private const string OperatorTicketParameterName = "operator_ticket";
private const string BackfillReasonParameterName = "backfill_reason";
private const string BackfillTicketParameterName = "backfill_ticket";
private readonly HttpClient _httpClient;
private readonly StellaOpsCliOptions _options;
@@ -1745,26 +1747,52 @@ internal sealed class BackendOperationsClient : IBackendOperationsClient
}
}
private IReadOnlyDictionary<string, string>? ResolveOperatorMetadataIfNeeded(string? scope)
private IReadOnlyDictionary<string, string>? ResolveOrchestratorMetadataIfNeeded(string? scope)
{
if (string.IsNullOrWhiteSpace(scope) || !scope.Contains("orch:operate", StringComparison.OrdinalIgnoreCase))
if (string.IsNullOrWhiteSpace(scope))
{
return null;
}
var reason = _options.Authority.OperatorReason?.Trim();
var ticket = _options.Authority.OperatorTicket?.Trim();
var requiresOperate = scope.Contains("orch:operate", StringComparison.OrdinalIgnoreCase);
var requiresBackfill = scope.Contains("orch:backfill", StringComparison.OrdinalIgnoreCase);
if (string.IsNullOrWhiteSpace(reason) || string.IsNullOrWhiteSpace(ticket))
if (!requiresOperate && !requiresBackfill)
{
throw new InvalidOperationException("Authority.OperatorReason and Authority.OperatorTicket must be configured when requesting orch:operate tokens. Set STELLAOPS_ORCH_REASON and STELLAOPS_ORCH_TICKET or the corresponding configuration values.");
return null;
}
return new Dictionary<string, string>(StringComparer.Ordinal)
var metadata = new Dictionary<string, string>(StringComparer.Ordinal);
if (requiresOperate)
{
[OperatorReasonParameterName] = reason,
[OperatorTicketParameterName] = ticket
};
var reason = _options.Authority.OperatorReason?.Trim();
var ticket = _options.Authority.OperatorTicket?.Trim();
if (string.IsNullOrWhiteSpace(reason) || string.IsNullOrWhiteSpace(ticket))
{
throw new InvalidOperationException("Authority.OperatorReason and Authority.OperatorTicket must be configured when requesting orch:operate tokens. Set STELLAOPS_ORCH_REASON and STELLAOPS_ORCH_TICKET or the corresponding configuration values.");
}
metadata[OperatorReasonParameterName] = reason;
metadata[OperatorTicketParameterName] = ticket;
}
if (requiresBackfill)
{
var reason = _options.Authority.BackfillReason?.Trim();
var ticket = _options.Authority.BackfillTicket?.Trim();
if (string.IsNullOrWhiteSpace(reason) || string.IsNullOrWhiteSpace(ticket))
{
throw new InvalidOperationException("Authority.BackfillReason and Authority.BackfillTicket must be configured when requesting orch:backfill tokens. Set STELLAOPS_ORCH_BACKFILL_REASON and STELLAOPS_ORCH_BACKFILL_TICKET or the corresponding configuration values.");
}
metadata[BackfillReasonParameterName] = reason;
metadata[BackfillTicketParameterName] = ticket;
}
return metadata;
}
private async Task<string?> ResolveAccessTokenAsync(CancellationToken cancellationToken)
@@ -1802,7 +1830,7 @@ internal sealed class BackendOperationsClient : IBackendOperationsClient
}
var scope = AuthorityTokenUtilities.ResolveScope(_options);
var operatorMetadata = ResolveOperatorMetadataIfNeeded(scope);
var orchestratorMetadata = ResolveOrchestratorMetadataIfNeeded(scope);
StellaOpsTokenResult token;
if (!string.IsNullOrWhiteSpace(_options.Authority.Username))
@@ -1821,7 +1849,7 @@ internal sealed class BackendOperationsClient : IBackendOperationsClient
}
else
{
token = await _tokenClient.RequestClientCredentialsTokenAsync(scope, operatorMetadata, cancellationToken).ConfigureAwait(false);
token = await _tokenClient.RequestClientCredentialsTokenAsync(scope, orchestratorMetadata, cancellationToken).ConfigureAwait(false);
}
await _tokenClient.CacheTokenAsync(cacheKey, token.ToCacheEntry(), cancellationToken).ConfigureAwait(false);

86
src/Cli/__Tests/StellaOps.Cli.Tests/Configuration/AuthorityTokenUtilitiesTests.cs Normal file
View File

@@ -0,0 +1,86 @@
using System;
using System.Security.Cryptography;
using System.Text;
using StellaOps.Cli.Configuration;
using Xunit;
namespace StellaOps.Cli.Tests.Configuration;
public static class AuthorityTokenUtilitiesTests
{
[Fact]
public static void BuildCacheKey_AppendsOperateMetadataHashes_WhenScopeRequiresOperate()
{
var options = new StellaOpsCliOptions
{
Authority = new StellaOpsCliAuthorityOptions
{
Url = "https://authority.example",
ClientId = "cli",
Scope = "orch:operate",
OperatorReason = "Resume service",
OperatorTicket = "INC-2001"
}
};
var key = AuthorityTokenUtilities.BuildCacheKey(options);
var expectedReasonHash = ComputeHash("Resume service");
var expectedTicketHash = ComputeHash("INC-2001");
Assert.Contains($"|op_reason:{expectedReasonHash}|op_ticket:{expectedTicketHash}", key, StringComparison.Ordinal);
}
[Fact]
public static void BuildCacheKey_AppendsBackfillMetadataHashes_WhenScopeRequiresBackfill()
{
var options = new StellaOpsCliOptions
{
Authority = new StellaOpsCliAuthorityOptions
{
Url = "https://authority.example",
ClientId = "cli",
Scope = "orch:backfill",
BackfillReason = "Rebuild historical findings",
BackfillTicket = "INC-3003"
}
};
var key = AuthorityTokenUtilities.BuildCacheKey(options);
var expectedReasonHash = ComputeHash("Rebuild historical findings");
var expectedTicketHash = ComputeHash("INC-3003");
Assert.Contains($"|bf_reason:{expectedReasonHash}|bf_ticket:{expectedTicketHash}", key, StringComparison.Ordinal);
}
[Fact]
public static void BuildCacheKey_AppendsBothOperateAndBackfillHashes_WhenScopeRequiresBoth()
{
var options = new StellaOpsCliOptions
{
Authority = new StellaOpsCliAuthorityOptions
{
Url = "https://authority.example",
ClientId = "cli",
Scope = "orch:operate orch:backfill",
OperatorReason = "Adjust schedules",
OperatorTicket = "INC-4004",
BackfillReason = "Historical rebuild",
BackfillTicket = "INC-5005"
}
};
var key = AuthorityTokenUtilities.BuildCacheKey(options);
Assert.Contains($"|op_reason:{ComputeHash("Adjust schedules")}|op_ticket:{ComputeHash("INC-4004")}", key, StringComparison.Ordinal);
Assert.Contains($"|bf_reason:{ComputeHash("Historical rebuild")}|bf_ticket:{ComputeHash("INC-5005")}", key, StringComparison.Ordinal);
}
private static string ComputeHash(string value)
{
var bytes = Encoding.UTF8.GetBytes(value.Trim());
var hash = SHA256.HashData(bytes);
return Convert.ToHexString(hash).ToLowerInvariant();
}
}

124
src/Cli/__Tests/StellaOps.Cli.Tests/Services/BackendOperationsClientTests.cs
View File

@@ -422,11 +422,11 @@ public sealed class BackendOperationsClientTests
}
[Fact]
public async Task TriggerJobAsync_UsesAuthorityTokenWhenConfigured()
{
using var temp = new TempDirectory();
var handler = new StubHttpMessageHandler((request, _) =>
public async Task TriggerJobAsync_UsesAuthorityTokenWhenConfigured()
{
using var temp = new TempDirectory();
var handler = new StubHttpMessageHandler((request, _) =>
{
Assert.NotNull(request.Headers.Authorization);
Assert.Equal("Bearer", request.Headers.Authorization!.Scheme);
@@ -471,10 +471,116 @@ public sealed class BackendOperationsClientTests
var result = await client.TriggerJobAsync("test", new Dictionary<string, object?>(), CancellationToken.None);
Assert.True(result.Success);
Assert.Equal("Accepted", result.Message);
Assert.True(tokenClient.Requests > 0);
}
Assert.Equal("Accepted", result.Message);
Assert.True(tokenClient.Requests > 0);
}
[Fact]
public async Task TriggerJobAsync_ThrowsWhenBackfillMetadataMissing()
{
using var temp = new TempDirectory();
var handler = new StubHttpMessageHandler((request, _) =>
{
return new HttpResponseMessage(HttpStatusCode.Accepted)
{
RequestMessage = request,
Content = JsonContent.Create(new JobRunResponse
{
RunId = Guid.NewGuid(),
Kind = "test",
Status = "Pending",
Trigger = "cli",
CreatedAt = DateTimeOffset.UtcNow
})
};
});
var httpClient = new HttpClient(handler)
{
BaseAddress = new Uri("https://concelier.example")
};
var options = new StellaOpsCliOptions
{
BackendUrl = "https://concelier.example",
Authority =
{
Url = "https://authority.example",
ClientId = "cli",
ClientSecret = "secret",
Scope = "orch:backfill",
TokenCacheDirectory = temp.Path
}
};
var tokenClient = new StubTokenClient();
var loggerFactory = LoggerFactory.Create(builder => builder.SetMinimumLevel(LogLevel.Debug));
var client = new BackendOperationsClient(httpClient, options, loggerFactory.CreateLogger<BackendOperationsClient>(), tokenClient);
var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => client.TriggerJobAsync("test", new Dictionary<string, object?>(), CancellationToken.None));
Assert.Contains("Authority.BackfillReason", exception.Message, StringComparison.Ordinal);
Assert.Equal(0, tokenClient.Requests);
}
[Fact]
public async Task TriggerJobAsync_RequestsOperateAndBackfillMetadata()
{
using var temp = new TempDirectory();
var handler = new StubHttpMessageHandler((request, _) =>
{
Assert.NotNull(request.Headers.Authorization);
return new HttpResponseMessage(HttpStatusCode.Accepted)
{
RequestMessage = request,
Content = JsonContent.Create(new JobRunResponse
{
RunId = Guid.NewGuid(),
Kind = "test",
Status = "Pending",
Trigger = "cli",
CreatedAt = DateTimeOffset.UtcNow
})
};
});
var httpClient = new HttpClient(handler)
{
BaseAddress = new Uri("https://concelier.example")
};
var options = new StellaOpsCliOptions
{
BackendUrl = "https://concelier.example",
Authority =
{
Url = "https://authority.example",
ClientId = "cli",
ClientSecret = "secret",
Scope = "orch:operate orch:backfill",
TokenCacheDirectory = temp.Path,
OperatorReason = "Resume operations",
OperatorTicket = "INC-6006",
BackfillReason = "Historical rebuild",
BackfillTicket = "INC-7007"
}
};
var tokenClient = new StubTokenClient();
var loggerFactory = LoggerFactory.Create(builder => builder.SetMinimumLevel(LogLevel.Debug));
var client = new BackendOperationsClient(httpClient, options, loggerFactory.CreateLogger<BackendOperationsClient>(), tokenClient);
var result = await client.TriggerJobAsync("test", new Dictionary<string, object?>(), CancellationToken.None);
Assert.True(result.Success);
var metadata = Assert.NotNull(tokenClient.LastAdditionalParameters);
Assert.Equal("Resume operations", metadata["operator_reason"]);
Assert.Equal("INC-6006", metadata["operator_ticket"]);
Assert.Equal("Historical rebuild", metadata["backfill_reason"]);
Assert.Equal("INC-7007", metadata["backfill_ticket"]);
}
[Fact]
public async Task EvaluateRuntimePolicyAsync_ParsesDecisionPayload()
{