up

2025-10-15 10:03:56 +03:00
parent 0ddc014864
commit 79823d3319
276 changed files with 21674 additions and 934 deletions
--- a/src/StellaOps.Configuration.Tests/AuthorityPluginConfigurationLoaderTests.cs
+++ b/src/StellaOps.Configuration.Tests/AuthorityPluginConfigurationLoaderTests.cs
@@ -1,5 +1,6 @@
 using System;
 using System.IO;
+using System.Linq;
 using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Configuration;
 using Xunit;
@@ -97,6 +98,61 @@ public class AuthorityPluginConfigurationLoaderTests : IDisposable
        Assert.Contains("unknown capability", ex.Message, StringComparison.OrdinalIgnoreCase);
    }

+    [Fact]
+    public void Analyze_ReturnsWarning_WhenStandardPasswordPolicyWeaker()
+    {
+        var pluginDir = Path.Combine(tempRoot, "etc", "authority.plugins");
+        Directory.CreateDirectory(pluginDir);
+
+        var standardConfigPath = Path.Combine(pluginDir, "standard.yaml");
+        File.WriteAllText(standardConfigPath, "passwordPolicy:\n  minimumLength: 8\n  requireSymbol: false\n");
+
+        var options = CreateOptions();
+        options.Plugins.ConfigurationDirectory = "etc/authority.plugins";
+        options.Plugins.Descriptors["standard"] = new AuthorityPluginDescriptorOptions
+        {
+            AssemblyName = "StellaOps.Authority.Plugin.Standard",
+            Enabled = true
+        };
+
+        options.Validate();
+
+        var contexts = AuthorityPluginConfigurationLoader.Load(options, tempRoot);
+        var diagnostics = AuthorityPluginConfigurationAnalyzer.Analyze(contexts);
+
+        var diagnostic = Assert.Single(diagnostics);
+        Assert.Equal(AuthorityConfigurationDiagnosticSeverity.Warning, diagnostic.Severity);
+        Assert.Equal("standard", diagnostic.PluginName);
+        Assert.Contains("minimum length 8", diagnostic.Message, StringComparison.OrdinalIgnoreCase);
+        Assert.Contains("symbol requirement disabled", diagnostic.Message, StringComparison.OrdinalIgnoreCase);
+    }
+
+    [Fact]
+    public void Analyze_ReturnsNoDiagnostics_WhenPasswordPolicyMatchesBaseline()
+    {
+        var pluginDir = Path.Combine(tempRoot, "etc", "authority.plugins");
+        Directory.CreateDirectory(pluginDir);
+
+        var standardConfigPath = Path.Combine(pluginDir, "standard.yaml");
+        // Baseline configuration (no overrides)
+        File.WriteAllText(standardConfigPath, "bootstrapUser:\n  username: bootstrap\n  password: Bootstrap1!\n");
+
+        var options = CreateOptions();
+        options.Plugins.ConfigurationDirectory = "etc/authority.plugins";
+        options.Plugins.Descriptors["standard"] = new AuthorityPluginDescriptorOptions
+        {
+            AssemblyName = "StellaOps.Authority.Plugin.Standard",
+            Enabled = true
+        };
+
+        options.Validate();
+
+        var contexts = AuthorityPluginConfigurationLoader.Load(options, tempRoot);
+        var diagnostics = AuthorityPluginConfigurationAnalyzer.Analyze(contexts);
+
+        Assert.Empty(diagnostics);
+    }
+
    public void Dispose()
    {
        try
@@ -121,6 +177,8 @@ public class AuthorityPluginConfigurationLoaderTests : IDisposable
        };

        options.Storage.ConnectionString = "mongodb://localhost:27017/authority_test";
+        options.Signing.ActiveKeyId = "test-key";
+        options.Signing.KeyPath = "/tmp/authority-test-key.pem";
        return options;
    }
 }