Add unit tests and implementations for MongoDB index models and OpenAPI metadata

- Implemented `MongoIndexModelTests` to verify index models for various stores. - Created `OpenApiMetadataFactory` with methods to generate OpenAPI metadata. - Added tests for `OpenApiMetadataFactory` to ensure expected defaults and URL overrides. - Introduced `ObserverSurfaceSecrets` and `WebhookSurfaceSecrets` for managing secrets. - Developed `RuntimeSurfaceFsClient` and `WebhookSurfaceFsClient` for manifest retrieval. - Added dependency injection tests for `SurfaceEnvironmentRegistration` in both Observer and Webhook contexts. - Implemented tests for secret resolution in `ObserverSurfaceSecretsTests` and `WebhookSurfaceSecretsTests`. - Created `EnsureLinkNotMergeCollectionsMigrationTests` to validate MongoDB migration logic. - Added project files for MongoDB tests and NuGet package mirroring.
2025-11-17 21:21:56 +02:00
parent d3128aec24
commit 9075bad2d9
146 changed files with 152183 additions and 82 deletions
--- a/docs/api/notify-sdk-examples.md
+++ b/docs/api/notify-sdk-examples.md
@@ -0,0 +1,137 @@
+# Notifier SDK Usage Examples (rules, incidents, quiet hours)
+
+> Work of this type must also be applied everywhere it should be applied. Keep examples air-gap friendly and deterministic.
+
+## Prerequisites
+- Token with scopes: `notify.viewer` for reads, `notify.operator` for writes (tenant-scoped).
+- Tenant header: `X-StellaOps-Tenant: <tenant-id>`.
+- Base URL: `https://api.stellaops.example.com`.
+- OpenAPI document: `/.well-known/openapi` (served by Notifier).
+
+## Rules CRUD
+### cURL
+```bash
+# Create rule
+curl -X POST "$BASE/api/v1/notify/rules" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "X-StellaOps-Tenant: acme-prod" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "ruleId": "rule-attest-fail",
+    "tenantId": "acme-prod",
+    "name": "Attestation failures to SOC",
+    "match": { "eventKinds": ["attestor.verification.failed"] },
+    "actions": [{
+      "actionId": "act-soc",
+      "channel": "chn-soc-webhook",
+      "template": "tmpl-attest-verify-fail",
+      "digest": "instant"
+    }]
+  }'
+
+# List rules (paginated)
+curl -H "Authorization: Bearer $TOKEN" \
+     -H "X-StellaOps-Tenant: acme-prod" \
+     "$BASE/api/v1/notify/rules?pageSize=50"
+```
+
+### TypeScript (OpenAPI-generated client)
+```ts
+import { RulesApi, Configuration } from "./generated/notify-client";
+
+const api = new RulesApi(new Configuration({
+  basePath: process.env.BASE,
+  accessToken: process.env.TOKEN
+}));
+
+await api.createRule({
+  xStellaOpsTenant: "acme-prod",
+  notifyRule: {
+    ruleId: "rule-attest-fail",
+    tenantId: "acme-prod",
+    name: "Attestation failures to SOC",
+    match: { eventKinds: ["attestor.verification.failed"] },
+    actions: [{
+      actionId: "act-soc",
+      channel: "chn-soc-webhook",
+      template: "tmpl-attest-verify-fail",
+      digest: "instant"
+    }]
+  }
+});
+```
+
+### Python (OpenAPI-generated client)
+```python
+from notify_client import RulesApi, Configuration, ApiClient
+
+config = Configuration(host=BASE, access_token=TOKEN)
+with ApiClient(config) as client:
+    api = RulesApi(client)
+    api.create_rule(
+        x_stella_ops_tenant="acme-prod",
+        notify_rule={
+            "ruleId": "rule-attest-fail",
+            "tenantId": "acme-prod",
+            "name": "Attestation failures to SOC",
+            "match": {"eventKinds": ["attestor.verification.failed"]},
+            "actions": [{
+                "actionId": "act-soc",
+                "channel": "chn-soc-webhook",
+                "template": "tmpl-attest-verify-fail",
+                "digest": "instant"
+            }]
+        }
+    )
+```
+
+## Incident acknowledge
+### cURL
+```bash
+curl -X POST "$BASE/api/v1/notify/incidents/inc-telemetry/ack" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "X-StellaOps-Tenant: acme-prod" \
+  -H "Content-Type: application/json" \
+  -d '{"ackToken":"<dsse-token>"}' \
+  -i
+```
+
+### TypeScript
+```ts
+import { IncidentsApi } from "./generated/notify-client";
+await new IncidentsApi(config).ackIncident({
+  incidentId: "inc-telemetry",
+  xStellaOpsTenant: "acme-prod",
+  inlineObject: { ackToken: process.env.ACK_TOKEN }
+});
+```
+
+## Quiet hours
+### cURL
+```bash
+curl -X POST "$BASE/api/v1/notify/quiet-hours" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H "X-StellaOps-Tenant: acme-prod" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "quietHoursId": "qh-default",
+    "windows": [{
+      "timezone": "UTC",
+      "days": ["Mon","Tue","Wed","Thu","Fri"],
+      "start": "22:00",
+      "end": "06:00"
+    }],
+    "exemptions": [{
+      "eventKinds": ["attestor.verification.failed"],
+      "reason": "Always alert on attestation failures"
+    }]
+  }'
+```
+
+## Smoke-test recipe (SDK CI)
+- Generate client from `/.well-known/openapi` (ts/python/go) with deterministic options.
+- Run:
+  1) create rule → list rules → delete rule.
+  2) set quiet hours → get quiet hours.
+  3) ack incident with dummy token (expect 2xx or validation error envelope).
+- Assert deterministic headers: `X-OpenAPI-Scope=notify`, `ETag` stable for identical spec bytes.