Keep trust-signing flows under setup routes

2026-03-07 00:57:32 +02:00
parent bcf708d688
commit 9e73048bd5
7 changed files with 141 additions and 9 deletions
--- a/src/Web/StellaOps.Web/tests/e2e/prealpha-canonical-full-sweep.spec.ts
+++ b/src/Web/StellaOps.Web/tests/e2e/prealpha-canonical-full-sweep.spec.ts
@@ -163,6 +163,7 @@ const canonicalRoutes = [
  '/setup/notifications',
  '/setup/usage',
  '/setup/system',
+  '/setup/trust-signing',
  '/setup/topology',
  '/setup/topology/overview',
  '/setup/topology/map',
@@ -191,6 +192,10 @@ const strictRouteExpectations: Partial<Record<(typeof canonicalRoutes)[number],
    title: /Reachability/i,
    texts: ['Reachability Center'],
  },
+  '/setup/trust-signing': {
+    title: /Trust/i,
+    texts: ['Trust Management'],
+  },
  '/ops/policy': {
    title: /Policy/i,
    texts: ['Policy Governance', 'Risk Budget Overview'],
@@ -773,6 +778,119 @@ async function setupHarness(page: Page): Promise<void> {
      });
    },
  );
+  await page.route('**/api/v1/trust/dashboard**', (route) =>
+    route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify({
+        keys: {
+          total: 3,
+          active: 1,
+          expiringSoon: 1,
+          expired: 1,
+          revoked: 0,
+          pendingRotation: 0,
+        },
+        issuers: {
+          total: 3,
+          fullTrust: 2,
+          partialTrust: 1,
+          minimalTrust: 0,
+          untrusted: 0,
+          blocked: 0,
+          averageTrustScore: 87.3,
+        },
+        certificates: {
+          total: 3,
+          valid: 2,
+          expiringSoon: 1,
+          expired: 0,
+          revoked: 0,
+          invalidChains: 0,
+        },
+        recentEvents: [],
+        expiryAlerts: [
+          {
+            keyId: 'key-002',
+            keyName: 'SBOM Signing Key',
+            expiresAt: '2026-04-15T00:00:00.000Z',
+            daysUntilExpiry: 39,
+            severity: 'warning',
+            purpose: 'sbom_signing',
+            suggestedAction: 'Schedule key rotation before expiry.',
+          },
+        ],
+      }),
+    }),
+  );
+  await page.route('**/api/v1/trust/keys/expiry-alerts**', (route) =>
+    route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify([
+        {
+          keyId: 'key-002',
+          keyName: 'SBOM Signing Key',
+          purpose: 'sbom_signing',
+          expiresAt: '2026-04-15T00:00:00.000Z',
+          daysUntilExpiry: 39,
+          severity: 'warning',
+          suggestedAction: 'Schedule key rotation before expiry.',
+        },
+      ]),
+    }),
+  );
+  await page.route('**/api/v1/trust/keys**', (route) => {
+    const pathname = new URL(route.request().url()).pathname;
+    if (!pathname.endsWith('/api/v1/trust/keys')) {
+      return route.fallback();
+    }
+
+    return route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify({
+        items: [
+          {
+            keyId: 'key-001',
+            tenantId: adminSession.tenant,
+            name: 'Production Key',
+            description: 'Main signing key',
+            keyType: 'asymmetric',
+            algorithm: 'RS256',
+            keySize: 2048,
+            purpose: 'attestation',
+            status: 'active',
+            publicKeyFingerprint: 'sha256:prod-key',
+            createdAt: '2026-01-01T00:00:00.000Z',
+            expiresAt: '2027-01-01T00:00:00.000Z',
+            lastUsedAt: '2026-03-06T10:00:00.000Z',
+            usageCount: 100,
+          },
+          {
+            keyId: 'key-002',
+            tenantId: adminSession.tenant,
+            name: 'SBOM Signing Key',
+            description: 'Secondary signing key',
+            keyType: 'asymmetric',
+            algorithm: 'RS256',
+            keySize: 2048,
+            purpose: 'sbom_signing',
+            status: 'expiring_soon',
+            publicKeyFingerprint: 'sha256:sbom-key',
+            createdAt: '2026-01-15T00:00:00.000Z',
+            expiresAt: '2026-04-15T00:00:00.000Z',
+            lastUsedAt: '2026-03-05T09:00:00.000Z',
+            usageCount: 50,
+          },
+        ],
+        totalCount: 2,
+        pageNumber: 1,
+        pageSize: 20,
+        totalPages: 1,
+      }),
+    });
+  });
  await page.route('**/policy/api/risk/profiles**', (route) => {
    if (route.request().method() !== 'GET') {
      return route.fulfill({
@@ -1105,6 +1223,7 @@ async function setupHarness(page: Page): Promise<void> {
      requestUrl.includes('/api/v2/context/') ||
      requestUrl.includes('/api/v2/security/sbom-explorer') ||
      requestUrl.includes('/policy/api/') ||
+      requestUrl.includes('/api/v1/trust/') ||
      requestUrl.includes('/api/v1/audit/') ||
      requestUrl.includes('/api/v1/authority/quotas') ||
      requestUrl.includes('/api/v1/gateway/rate-limits') ||
@@ -1294,6 +1413,15 @@ test.describe('Pre-alpha key end-user interactions', () => {
    await expect(page.locator('#main-content')).toContainText('Reachability Center');
  });

+  test('setup trust-signing tabs stay under setup routes', async ({ page }) => {
+    await page.goto('/setup/trust-signing', { waitUntil: 'domcontentloaded' });
+    await expect(page.locator('#main-content')).toContainText('Trust Management');
+
+    await page.locator('#main-content a:has-text("Signing Keys")').first().click();
+    await expect(page).toHaveURL(/\/setup\/trust-signing\/keys$/);
+    await expect(page.locator('#main-content')).toContainText('Trust Management');
+  });
+
  test('sidebar root navigation works for all canonical workspaces', async ({ page }) => {
    await page.goto('/mission-control/board', { waitUntil: 'domcontentloaded' });
    await page.locator('aside.sidebar a[href="/releases/overview"]').first().click();