stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

setup and mock fixes

Browse Source
This commit is contained in:
master
2026-02-21 20:14:23 +02:00
parent 1edce73165
commit a29f438f53
29 changed files with 1624 additions and 721 deletions
Download Patch File Download Diff File Expand all files Collapse all files

327
src/Platform/StellaOps.Platform.WebService/Endpoints/SeedEndpoints.cs
View File

@@ -1,19 +1,20 @@
// Copyright (c) StellaOps. All rights reserved.
// Licensed under BUSL-1.1. See LICENSE in the project root.
// Description: Admin endpoint for seeding demo data into all module databases.
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
using StellaOps.Infrastructure.Postgres.Migrations;
using StellaOps.Authority.Persistence.Postgres;
using StellaOps.Scheduler.Persistence.Postgres;
using StellaOps.Concelier.Persistence.Postgres;
using StellaOps.Policy.Persistence.Postgres;
using StellaOps.Notify.Persistence.Postgres;
using StellaOps.Excititor.Persistence.Postgres;
using StellaOps.Infrastructure.Postgres.Migrations;
using StellaOps.Notify.Persistence.Postgres;
using StellaOps.Platform.WebService.Constants;
using StellaOps.Policy.Persistence.Postgres;
using StellaOps.Scheduler.Persistence.Postgres;
using System;
using System.Collections.Generic;
using System.Linq;
@@ -24,23 +25,26 @@ using System.Threading.Tasks;
namespace StellaOps.Platform.WebService.Endpoints;
/// <summary>
/// Admin-only endpoint for seeding databases with demo data.
/// Gated by STELLAOPS_ENABLE_DEMO_SEED environment variable.
/// Admin endpoint for seeding demo data into module schemas.
/// </summary>
public static class SeedEndpoints
{
private const string DemoSeedEnabledKey = "STELLAOPS_ENABLE_DEMO_SEED";
public static IEndpointRouteBuilder MapSeedEndpoints(this IEndpointRouteBuilder app)
{
var seed = app.MapGroup("/api/v1/admin")
.WithTags("Admin - Demo Seed")
.RequireAuthorization("admin");
.RequireAuthorization(PlatformPolicies.SetupAdmin);
seed.MapPost("/seed-demo", HandleSeedDemoAsync)
.WithName("SeedDemo")
.WithSummary("Seed all databases with demo data")
.Produces<SeedDemoResponse>(StatusCodes.Status200OK)
.Produces(StatusCodes.Status403Forbidden)
.Produces(StatusCodes.Status503ServiceUnavailable);
.Produces<ProblemDetails>(StatusCodes.Status400BadRequest)
.Produces<ProblemDetails>(StatusCodes.Status403Forbidden)
.Produces<ProblemDetails>(StatusCodes.Status503ServiceUnavailable)
.Produces<ProblemDetails>(StatusCodes.Status500InternalServerError);
return app;
}
@@ -51,97 +55,185 @@ public static class SeedEndpoints
ILoggerFactory loggerFactory,
CancellationToken ct)
{
var enabled = configuration.GetValue<bool>("STELLAOPS_ENABLE_DEMO_SEED",
bool.TryParse(Environment.GetEnvironmentVariable("STELLAOPS_ENABLE_DEMO_SEED"), out var envVal) && envVal);
if (!enabled)
{
return Results.Json(new { error = "Demo seeding is disabled. Set STELLAOPS_ENABLE_DEMO_SEED=true to enable." },
statusCode: StatusCodes.Status503ServiceUnavailable);
}
var modules = request?.Modules ?? ["all"];
var dryRun = request?.DryRun ?? false;
var logger = loggerFactory.CreateLogger("SeedEndpoints");
logger.LogInformation("Demo seed requested. Modules={Modules}, DryRun={DryRun}", string.Join(",", modules), dryRun);
// Resolve connection string
var connectionString = ResolveConnectionString(configuration);
if (string.IsNullOrEmpty(connectionString))
try
{
return Results.Json(new { error = "No PostgreSQL connection string configured." },
statusCode: StatusCodes.Status503ServiceUnavailable);
if (!IsDemoSeedingEnabled(configuration))
{
return Results.Problem(
statusCode: StatusCodes.Status503ServiceUnavailable,
title: "Demo seeding is disabled",
detail: $"Set {DemoSeedEnabledKey}=true to enable this endpoint.");
}
var moduleValidation = ValidateRequestedModules(request?.Modules);
if (moduleValidation.Error is not null)
{
return Results.Problem(
statusCode: StatusCodes.Status400BadRequest,
title: "Invalid module filter",
detail: moduleValidation.Error);
}
var modules = moduleValidation.Modules;
var dryRun = request?.DryRun ?? false;
var moduleInfos = GetSeedModules(modules);
if (moduleInfos.Count == 0)
{
return Results.Problem(
statusCode: StatusCodes.Status400BadRequest,
title: "No modules selected",
detail: "The request did not resolve to any seedable module.");
}
logger.LogInformation(
"Demo seed requested. Modules={Modules}, DryRun={DryRun}",
string.Join(",", modules),
dryRun);
var connectionString = ResolveConnectionString(configuration);
if (string.IsNullOrWhiteSpace(connectionString))
{
return Results.Problem(
statusCode: StatusCodes.Status503ServiceUnavailable,
title: "Database connection unavailable",
detail: "No PostgreSQL connection string configured for demo seeding.");
}
var results = new List<SeedModuleResult>(moduleInfos.Count);
foreach (var module in moduleInfos)
{
try
{
var runner = new MigrationRunner(
connectionString,
module.SchemaName,
module.Name,
loggerFactory.CreateLogger($"migration.seed.{module.Name}"));
var options = new MigrationRunOptions
{
CategoryFilter = MigrationCategory.Seed,
DryRun = dryRun,
TimeoutSeconds = 300,
ValidateChecksums = true,
FailOnChecksumMismatch = true,
};
var result = await runner.RunFromAssemblyAsync(
module.Assembly,
module.ResourcePrefix,
options,
ct).ConfigureAwait(false);
results.Add(new SeedModuleResult
{
Module = module.Name,
Success = result.Success,
Applied = result.AppliedCount,
Skipped = result.SkippedCount,
DurationMs = result.DurationMs,
Error = result.ErrorMessage,
});
}
catch (Exception ex)
{
logger.LogError(ex, "Seed failed for module {Module}", module.Name);
results.Add(new SeedModuleResult
{
Module = module.Name,
Success = false,
Error = ex.Message,
});
}
}
var allSuccess = results.All(static result => result.Success);
var response = new SeedDemoResponse
{
Success = allSuccess,
DryRun = dryRun,
Modules = results,
Message = allSuccess
? (dryRun ? "Dry run complete. No data was modified." : "Demo data seeded successfully.")
: "Some modules failed to seed. Check individual module results.",
};
return Results.Ok(response);
}
catch (Exception ex)
{
logger.LogError(ex, "Unhandled seed endpoint failure");
return Results.Problem(
statusCode: StatusCodes.Status500InternalServerError,
title: "Demo seeding failed",
detail: "Unexpected server error while processing demo seeding.");
}
}
private static bool IsDemoSeedingEnabled(IConfiguration configuration)
{
var configured = configuration.GetValue<bool?>(DemoSeedEnabledKey);
if (configured.HasValue)
{
return configured.Value;
}
var results = new List<SeedModuleResult>();
return bool.TryParse(Environment.GetEnvironmentVariable(DemoSeedEnabledKey), out var envVal) && envVal;
}
// Get the module definitions matching MigrationModuleRegistry in the CLI
var moduleInfos = GetSeedModules(modules);
private static (string[] Modules, string? Error) ValidateRequestedModules(string[]? requestedModules)
{
var modules = requestedModules?
.Where(static module => !string.IsNullOrWhiteSpace(module))
.Select(static module => module.Trim())
.ToArray() ?? [];
foreach (var module in moduleInfos)
if (modules.Length == 0)
{
try
{
var runner = new MigrationRunner(
connectionString,
module.SchemaName,
module.Name,
loggerFactory.CreateLogger($"migration.seed.{module.Name}"));
var options = new MigrationRunOptions
{
CategoryFilter = MigrationCategory.Seed,
DryRun = dryRun,
TimeoutSeconds = 300,
ValidateChecksums = true,
FailOnChecksumMismatch = true,
};
var result = await runner.RunFromAssemblyAsync(
module.Assembly, module.ResourcePrefix, options, ct);
results.Add(new SeedModuleResult
{
Module = module.Name,
Success = result.Success,
Applied = result.AppliedCount,
Skipped = result.SkippedCount,
DurationMs = result.DurationMs,
Error = result.ErrorMessage,
});
}
catch (Exception ex)
{
logger.LogError(ex, "Seed failed for module {Module}", module.Name);
results.Add(new SeedModuleResult
{
Module = module.Name,
Success = false,
Error = ex.Message,
});
}
modules = ["all"];
}
var allSuccess = results.All(r => r.Success);
var response = new SeedDemoResponse
var hasAll = modules.Any(static module => module.Equals("all", StringComparison.OrdinalIgnoreCase));
if (hasAll && modules.Length > 1)
{
Success = allSuccess,
DryRun = dryRun,
Modules = results,
Message = allSuccess
? (dryRun ? "Dry run complete. No data was modified." : "Demo data seeded successfully.")
: "Some modules failed to seed. Check individual module results.",
};
return (Array.Empty<string>(), "Module list cannot mix 'all' with specific module names.");
}
return Results.Ok(response);
if (hasAll)
{
return (["all"], null);
}
var knownModules = GetAllSeedModules()
.Select(static module => module.Name)
.ToHashSet(StringComparer.OrdinalIgnoreCase);
var unknownModules = modules
.Where(module => !knownModules.Contains(module))
.OrderBy(module => module, StringComparer.OrdinalIgnoreCase)
.ToArray();
if (unknownModules.Length > 0)
{
var known = string.Join(", ", knownModules.OrderBy(static module => module, StringComparer.OrdinalIgnoreCase));
var unknown = string.Join(", ", unknownModules);
return (Array.Empty<string>(), $"Unknown module(s): {unknown}. Known modules: {known}.");
}
return (modules, null);
}
private static string? ResolveConnectionString(IConfiguration configuration)
{
// Check env vars first, then configuration
var candidates = new[]
{
configuration.GetConnectionString("Default"),
configuration["ConnectionStrings:Default"],
configuration["ConnectionStrings:Postgres"],
Environment.GetEnvironmentVariable("STELLAOPS_POSTGRES_CONNECTION"),
Environment.GetEnvironmentVariable("STELLAOPS_DB_CONNECTION"),
configuration["StellaOps:Postgres:ConnectionString"],
@@ -149,32 +241,12 @@ public static class SeedEndpoints
configuration["Database:ConnectionString"],
};
return candidates.FirstOrDefault(c => !string.IsNullOrWhiteSpace(c));
return candidates.FirstOrDefault(static candidate => !string.IsNullOrWhiteSpace(candidate));
}
private static List<SeedModuleInfo> GetSeedModules(string[] moduleFilter)
{
var all = new List<SeedModuleInfo>
{
new("Authority", "authority",
typeof(AuthorityDataSource).Assembly,
"StellaOps.Authority.Persistence.Migrations"),
new("Scheduler", "scheduler",
typeof(SchedulerDataSource).Assembly,
"StellaOps.Scheduler.Persistence.Migrations"),
new("Concelier", "vuln",
typeof(ConcelierDataSource).Assembly,
"StellaOps.Concelier.Persistence.Migrations"),
new("Policy", "policy",
typeof(PolicyDataSource).Assembly,
"StellaOps.Policy.Persistence.Migrations"),
new("Notify", "notify",
typeof(NotifyDataSource).Assembly,
"StellaOps.Notify.Persistence.Migrations"),
new("Excititor", "vex",
typeof(ExcititorDataSource).Assembly,
"StellaOps.Excititor.Persistence.Migrations"),
};
var all = GetAllSeedModules();
if (moduleFilter.Length == 1 && moduleFilter[0].Equals("all", StringComparison.OrdinalIgnoreCase))
{
@@ -182,10 +254,47 @@ public static class SeedEndpoints
}
var filterSet = new HashSet<string>(moduleFilter, StringComparer.OrdinalIgnoreCase);
return all.Where(m => filterSet.Contains(m.Name)).ToList();
return all
.Where(module => filterSet.Contains(module.Name))
.ToList();
}
// ── DTOs ──────────────────────────────────────────────────────────────────
private static List<SeedModuleInfo> GetAllSeedModules()
{
return
[
new SeedModuleInfo(
Name: "Authority",
SchemaName: "authority",
Assembly: typeof(AuthorityDataSource).Assembly,
ResourcePrefix: "StellaOps.Authority.Persistence.Migrations"),
new SeedModuleInfo(
Name: "Scheduler",
SchemaName: "scheduler",
Assembly: typeof(SchedulerDataSource).Assembly,
ResourcePrefix: "StellaOps.Scheduler.Persistence.Migrations"),
new SeedModuleInfo(
Name: "Concelier",
SchemaName: "vuln",
Assembly: typeof(ConcelierDataSource).Assembly,
ResourcePrefix: "StellaOps.Concelier.Persistence.Migrations"),
new SeedModuleInfo(
Name: "Policy",
SchemaName: "policy",
Assembly: typeof(PolicyDataSource).Assembly,
ResourcePrefix: "StellaOps.Policy.Persistence.Migrations"),
new SeedModuleInfo(
Name: "Notify",
SchemaName: "notify",
Assembly: typeof(NotifyDataSource).Assembly,
ResourcePrefix: "StellaOps.Notify.Persistence.Migrations"),
new SeedModuleInfo(
Name: "Excititor",
SchemaName: "vex",
Assembly: typeof(ExcititorDataSource).Assembly,
ResourcePrefix: "StellaOps.Excititor.Persistence.Migrations"),
];
}
private sealed record SeedModuleInfo(
string Name,
@@ -203,13 +312,13 @@ public static class SeedEndpoints
{
public bool Success { get; set; }
public bool DryRun { get; set; }
public string Message { get; set; } = "";
public string Message { get; set; } = string.Empty;
public List<SeedModuleResult> Modules { get; set; } = [];
}
public sealed class SeedModuleResult
{
public string Module { get; set; } = "";
public string Module { get; set; } = string.Empty;
public bool Success { get; set; }
public int Applied { get; set; }
public int Skipped { get; set; }

3
src/Platform/StellaOps.Platform.WebService/TASKS.md
View File

@@ -1,10 +1,11 @@
# Platform WebService Task Board
# Platform WebService Task Board
This board mirrors active sprint tasks for this module.
Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
| Task ID | Status | Notes |
| --- | --- | --- |
| SPRINT_20260221_043-PLATFORM-SEED-001 | DONE | Sprint `docs/implplan/SPRINT_20260221_043_DOCS_setup_seed_error_handling_stabilization.md`: fix seed endpoint authorization policy wiring and return structured non-500 error responses for expected failures. |
| PACK-ADM-01 | DONE | Sprint `docs-archived/implplan/SPRINT_20260219_016_Orchestrator_pack_backend_contract_enrichment_exists_adapt.md`: implemented Pack-21 Administration A1-A7 adapter endpoints under `/api/v1/administration/*` with deterministic migration alias metadata. |
| PACK-ADM-02 | DONE | Sprint `docs-archived/implplan/SPRINT_20260219_016_Orchestrator_pack_backend_contract_enrichment_exists_adapt.md`: implemented trust owner mutation/read endpoints under `/api/v1/administration/trust-signing/*` with `trust:write`/`trust:admin` policy mapping and DB backing via migration `046_TrustSigningAdministration.sql`. |
| B22-01 | DONE | Sprint `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`: shipped `/api/v2/context/*` endpoints, context scope/policy wiring, deterministic preference persistence baseline, and migration `047_GlobalContextAndFilters.sql`. |

206
src/Platform/__Tests/StellaOps.Platform.WebService.Tests/SeedEndpointsTests.cs Normal file
View File

@@ -0,0 +1,206 @@
using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Http.Json;
using System.Text.Encodings.Web;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Testing;
using Microsoft.AspNetCore.TestHost;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.TestKit;
using Xunit;
namespace StellaOps.Platform.WebService.Tests;
public sealed class SeedEndpointsTests : IClassFixture<PlatformWebApplicationFactory>
{
private readonly PlatformWebApplicationFactory _factory;
public SeedEndpointsTests(PlatformWebApplicationFactory factory)
{
_factory = factory;
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task SeedDemo_WhenDisabled_ReturnsServiceUnavailableProblem()
{
using var client = _factory.CreateClient();
client.DefaultRequestHeaders.Add("X-StellaOps-Tenant", $"tenant-seed-disabled-{Guid.NewGuid():N}");
client.DefaultRequestHeaders.Add("X-StellaOps-Actor", "seed-tester");
var response = await client.PostAsJsonAsync(
"/api/v1/admin/seed-demo",
new { dryRun = true },
TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.ServiceUnavailable, response.StatusCode);
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>(
TestContext.Current.CancellationToken);
Assert.NotNull(problem);
Assert.Equal("Demo seeding is disabled", problem!.Title);
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task SeedDemo_WhenModuleFilterMixesAllAndSpecific_ReturnsBadRequestProblem()
{
using WebApplicationFactory<Program> enabledFactory = _factory.WithWebHostBuilder(builder =>
{
builder.ConfigureAppConfiguration((_, config) =>
{
config.AddInMemoryCollection(new Dictionary<string, string?>
{
["STELLAOPS_ENABLE_DEMO_SEED"] = "true",
});
});
});
using var client = enabledFactory.CreateClient();
client.DefaultRequestHeaders.Add("X-StellaOps-Tenant", $"tenant-seed-invalid-{Guid.NewGuid():N}");
client.DefaultRequestHeaders.Add("X-StellaOps-Actor", "seed-tester");
var response = await client.PostAsJsonAsync(
"/api/v1/admin/seed-demo",
new
{
dryRun = true,
modules = new[] { "all", "policy" },
},
TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>(
TestContext.Current.CancellationToken);
Assert.NotNull(problem);
Assert.Equal("Invalid module filter", problem!.Title);
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task SeedDemo_WhenConnectionMissing_ReturnsServiceUnavailableProblem()
{
using WebApplicationFactory<Program> enabledFactory = _factory.WithWebHostBuilder(builder =>
{
builder.ConfigureAppConfiguration((_, config) =>
{
config.AddInMemoryCollection(new Dictionary<string, string?>
{
["STELLAOPS_ENABLE_DEMO_SEED"] = "true",
});
});
});
using var client = enabledFactory.CreateClient();
client.DefaultRequestHeaders.Add("X-StellaOps-Tenant", $"tenant-seed-missing-conn-{Guid.NewGuid():N}");
client.DefaultRequestHeaders.Add("X-StellaOps-Actor", "seed-tester");
var response = await client.PostAsJsonAsync(
"/api/v1/admin/seed-demo",
new { dryRun = true },
TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.ServiceUnavailable, response.StatusCode);
var problem = await response.Content.ReadFromJsonAsync<ProblemDetails>(
TestContext.Current.CancellationToken);
Assert.NotNull(problem);
Assert.Equal("Database connection unavailable", problem!.Title);
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task SeedDemo_WhenUnauthenticated_ReturnsUnauthorized()
{
using WebApplicationFactory<Program> unauthenticatedFactory = _factory.WithWebHostBuilder(builder =>
{
builder.ConfigureTestServices(services =>
{
services.AddAuthentication(RejectingAuthHandler.SchemeName)
.AddScheme<AuthenticationSchemeOptions, RejectingAuthHandler>(
RejectingAuthHandler.SchemeName, _ => { });
services.PostConfigureAll<AuthenticationOptions>(options =>
{
options.DefaultAuthenticateScheme = RejectingAuthHandler.SchemeName;
options.DefaultChallengeScheme = RejectingAuthHandler.SchemeName;
options.DefaultScheme = RejectingAuthHandler.SchemeName;
});
services.RemoveAll<IAuthorizationHandler>();
services.AddSingleton<IAuthorizationHandler, DenyAllAuthorizationHandler>();
});
});
using var client = unauthenticatedFactory.CreateClient();
var response = await client.PostAsJsonAsync(
"/api/v1/admin/seed-demo",
new { dryRun = true },
TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
}
[Trait("Category", TestCategories.Unit)]
[Fact]
public async Task SeedDemo_WhenAuthorizationFails_ReturnsForbidden()
{
using WebApplicationFactory<Program> forbiddenFactory = _factory.WithWebHostBuilder(builder =>
{
builder.ConfigureTestServices(services =>
{
services.RemoveAll<IAuthorizationHandler>();
services.AddSingleton<IAuthorizationHandler, DenyAllAuthorizationHandler>();
});
});
using var client = forbiddenFactory.CreateClient();
client.DefaultRequestHeaders.Add("X-StellaOps-Tenant", $"tenant-seed-forbidden-{Guid.NewGuid():N}");
client.DefaultRequestHeaders.Add("X-StellaOps-Actor", "seed-tester");
var response = await client.PostAsJsonAsync(
"/api/v1/admin/seed-demo",
new { dryRun = true },
TestContext.Current.CancellationToken);
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
private sealed class RejectingAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
public const string SchemeName = "SeedRejectingScheme";
public RejectingAuthHandler(
IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder)
: base(options, logger, encoder)
{
}
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
return Task.FromResult(AuthenticateResult.NoResult());
}
}
private sealed class DenyAllAuthorizationHandler : IAuthorizationHandler
{
public Task HandleAsync(AuthorizationHandlerContext context)
{
return Task.CompletedTask;
}
}
}