save progress

2026-01-03 11:02:24 +02:00
parent ca578801fd
commit 83c37243e0
446 changed files with 22798 additions and 4031 deletions
--- a/src/Cartographer/StellaOps.Cartographer/CartographerEntryPoint.cs
+++ b/src/Cartographer/StellaOps.Cartographer/CartographerEntryPoint.cs
@@ -0,0 +1,5 @@
+namespace StellaOps.Cartographer;
+
+public sealed class CartographerEntryPoint
+{
+}
--- a/src/Cartographer/StellaOps.Cartographer/Options/CartographerAuthorityOptionsValidator.cs
+++ b/src/Cartographer/StellaOps.Cartographer/Options/CartographerAuthorityOptionsValidator.cs
@@ -0,0 +1,20 @@
+using Microsoft.Extensions.Options;
+
+namespace StellaOps.Cartographer.Options;
+
+internal sealed class CartographerAuthorityOptionsValidator : IValidateOptions<CartographerAuthorityOptions>
+{
+    public ValidateOptionsResult Validate(string? name, CartographerAuthorityOptions options)
+    {
+        try
+        {
+            CartographerAuthorityOptionsConfigurator.ApplyDefaults(options);
+            options.Validate();
+            return ValidateOptionsResult.Success;
+        }
+        catch (Exception ex)
+        {
+            return ValidateOptionsResult.Fail(ex.Message);
+        }
+    }
+}
--- a/src/Cartographer/StellaOps.Cartographer/Program.cs
+++ b/src/Cartographer/StellaOps.Cartographer/Program.cs
@@ -1,3 +1,8 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Diagnostics.HealthChecks;
+using Microsoft.Extensions.Options;
+using StellaOps.Auth.Abstractions;
+using StellaOps.Auth.ServerIntegration;
 using StellaOps.Cartographer.Options;

 var builder = WebApplication.CreateBuilder(args);
@@ -10,17 +15,60 @@ builder.Services.AddOptions();
 builder.Services.AddLogging();

 var authoritySection = builder.Configuration.GetSection("Cartographer:Authority");
-var authorityOptions = new CartographerAuthorityOptions();
-authoritySection.Bind(authorityOptions);
+builder.Services.AddOptions<CartographerAuthorityOptions>()
+    .Bind(authoritySection)
+    .PostConfigure(CartographerAuthorityOptionsConfigurator.ApplyDefaults)
+    .ValidateOnStart();
+builder.Services.AddSingleton<IValidateOptions<CartographerAuthorityOptions>, CartographerAuthorityOptionsValidator>();
+
+var authorityOptions = authoritySection.Get<CartographerAuthorityOptions>() ?? new CartographerAuthorityOptions();
 CartographerAuthorityOptionsConfigurator.ApplyDefaults(authorityOptions);
 authorityOptions.Validate();

-builder.Services.AddSingleton(authorityOptions);
-builder.Services.AddOptions<CartographerAuthorityOptions>()
-    .Bind(authoritySection)
-    .PostConfigure(CartographerAuthorityOptionsConfigurator.ApplyDefaults);
+if (authorityOptions.Enabled)
+{
+    builder.Services.AddStellaOpsResourceServerAuthentication(
+        builder.Configuration,
+        configurationSection: null,
+        configure: resourceOptions =>
+        {
+            resourceOptions.Authority = authorityOptions.Issuer;
+            resourceOptions.RequireHttpsMetadata = authorityOptions.RequireHttpsMetadata;
+            resourceOptions.MetadataAddress = authorityOptions.MetadataAddress;
+            resourceOptions.BackchannelTimeout = TimeSpan.FromSeconds(authorityOptions.BackchannelTimeoutSeconds);
+            resourceOptions.TokenClockSkew = TimeSpan.FromSeconds(authorityOptions.TokenClockSkewSeconds);
+
+            resourceOptions.Audiences.Clear();
+            foreach (var audience in authorityOptions.Audiences)
+            {
+                resourceOptions.Audiences.Add(audience);
+            }
+
+            resourceOptions.RequiredScopes.Clear();
+            foreach (var scope in authorityOptions.RequiredScopes)
+            {
+                resourceOptions.RequiredScopes.Add(scope);
+            }
+        });
+
+    builder.Services.AddAuthorization(options =>
+    {
+        if (authorityOptions.AllowAnonymousFallback)
+        {
+            return;
+        }
+
+        options.FallbackPolicy = new AuthorizationPolicyBuilder()
+            .RequireAuthenticatedUser()
+            .AddAuthenticationSchemes(StellaOpsAuthenticationDefaults.AuthenticationScheme)
+            .AddRequirements(new StellaOpsScopeRequirement(authorityOptions.RequiredScopes.ToArray()))
+            .Build();
+    });
+}

 // TODO: register Cartographer graph builders, overlay workers, and Authority client once implementations land.
+builder.Services.AddHealthChecks()
+    .AddCheck("cartographer_ready", () => HealthCheckResult.Healthy(), tags: new[] { "ready" });

 var app = builder.Build();

@@ -33,7 +81,18 @@ else if (authorityOptions.AllowAnonymousFallback)
    app.Logger.LogWarning("Cartographer Authority allows anonymous fallback; disable fallback before production rollout.");
 }

-app.MapGet("/healthz", () => Results.Ok(new { status = "ok" }));
-app.MapGet("/readyz", () => Results.Ok(new { status = "warming" }));
+if (authorityOptions.Enabled)
+{
+    app.UseAuthentication();
+    app.UseAuthorization();
+}
+
+app.MapHealthChecks("/healthz").AllowAnonymous();
+app.MapHealthChecks("/readyz", new Microsoft.AspNetCore.Diagnostics.HealthChecks.HealthCheckOptions
+{
+    Predicate = check => check.Tags.Contains("ready")
+}).AllowAnonymous();

 app.Run();
+
+public partial class Program;
--- a/src/Cartographer/StellaOps.Cartographer/StellaOps.Cartographer.csproj
+++ b/src/Cartographer/StellaOps.Cartographer/StellaOps.Cartographer.csproj
@@ -5,7 +5,7 @@
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
    <LangVersion>preview</LangVersion>
-    <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
    <AspNetCoreHostingModel>InProcess</AspNetCoreHostingModel>
  </PropertyGroup>

@@ -14,5 +14,6 @@
    <ProjectReference Include="../../__Libraries/StellaOps.DependencyInjection/StellaOps.DependencyInjection.csproj" />
    <ProjectReference Include="../../Policy/StellaOps.Policy.Engine/StellaOps.Policy.Engine.csproj" />
    <ProjectReference Include="../../Authority/StellaOps.Authority/StellaOps.Auth.Abstractions/StellaOps.Auth.Abstractions.csproj" />
+    <ProjectReference Include="../../Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/StellaOps.Auth.ServerIntegration.csproj" />
  </ItemGroup>
 </Project>
--- a/src/Cartographer/StellaOps.Cartographer/TASKS.md
+++ b/src/Cartographer/StellaOps.Cartographer/TASKS.md
@@ -7,4 +7,4 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 | --- | --- | --- |
 | AUDIT-0134-M | DONE | Maintainability audit for StellaOps.Cartographer. |
 | AUDIT-0134-T | DONE | Test coverage audit for StellaOps.Cartographer. |
-| AUDIT-0134-A | TODO | Pending approval for changes. |
+| AUDIT-0134-A | DONE | Applied WebService wiring, options validation, health checks, and tests. |
--- a/src/Cartographer/__Tests/StellaOps.Cartographer.Tests/CartographerProgramTests.cs
+++ b/src/Cartographer/__Tests/StellaOps.Cartographer.Tests/CartographerProgramTests.cs
@@ -0,0 +1,46 @@
+using System.Net;
+using FluentAssertions;
+using Microsoft.AspNetCore.Mvc.Testing;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+using Xunit;
+
+namespace StellaOps.Cartographer.Tests;
+
+public class CartographerProgramTests
+{
+    [Fact]
+    public async Task HealthEndpoints_ReturnOk()
+    {
+        using var factory = new WebApplicationFactory<StellaOps.Cartographer.CartographerEntryPoint>();
+        using var client = factory.CreateClient();
+        var cancellationToken = TestContext.Current.CancellationToken;
+
+        var health = await client.GetAsync("/healthz", cancellationToken);
+        var ready = await client.GetAsync("/readyz", cancellationToken);
+
+        health.StatusCode.Should().Be(HttpStatusCode.OK);
+        ready.StatusCode.Should().Be(HttpStatusCode.OK);
+    }
+
+    [Fact]
+    public void AuthorityOptions_InvalidIssuer_ThrowsOnStart()
+    {
+        using var factory = new WebApplicationFactory<StellaOps.Cartographer.CartographerEntryPoint>().WithWebHostBuilder(builder =>
+        {
+            builder.ConfigureAppConfiguration((_, config) =>
+            {
+                var settings = new Dictionary<string, string?>
+                {
+                    ["Cartographer:Authority:Enabled"] = "true",
+                    ["Cartographer:Authority:Issuer"] = "invalid"
+                };
+
+                config.AddInMemoryCollection(settings);
+            });
+        });
+
+        Action act = () => factory.CreateClient();
+        act.Should().Throw<OptionsValidationException>();
+    }
+}
--- a/src/Cartographer/__Tests/StellaOps.Cartographer.Tests/StellaOps.Cartographer.Tests.csproj
+++ b/src/Cartographer/__Tests/StellaOps.Cartographer.Tests/StellaOps.Cartographer.Tests.csproj
@@ -9,4 +9,9 @@
  <ItemGroup>
    <ProjectReference Include="../../StellaOps.Cartographer/StellaOps.Cartographer.csproj" />
  </ItemGroup>
-</Project>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" />
+    <PackageReference Include="FluentAssertions" />
+  </ItemGroup>
+</Project>
--- a/src/Cartographer/__Tests/StellaOps.Cartographer.Tests/TASKS.md
+++ b/src/Cartographer/__Tests/StellaOps.Cartographer.Tests/TASKS.md
@@ -7,4 +7,4 @@ Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.
 | --- | --- | --- |
 | AUDIT-0135-M | DONE | Maintainability audit for StellaOps.Cartographer.Tests. |
 | AUDIT-0135-T | DONE | Test coverage audit for StellaOps.Cartographer.Tests. |
-| AUDIT-0135-A | TODO | Pending approval for changes. |
+| AUDIT-0135-A | TODO | Pending approval; added minimal health/options coverage for AUDIT-0134-A. |