feat(ui): ship quota health aoc operations cutover

2026-03-08 08:18:51 +02:00
parent c9484c33ee
commit ac22ee3ce2
31 changed files with 1241 additions and 93 deletions
--- a/src/Web/StellaOps.Web/tests/e2e/quota-health-aoc-operations.spec.ts
+++ b/src/Web/StellaOps.Web/tests/e2e/quota-health-aoc-operations.spec.ts
@@ -0,0 +1,214 @@
+import { expect, test, type Page, type Route } from '@playwright/test';
+
+import type { StubAuthSession } from '../../src/app/testing/auth-fixtures';
+
+const adminSession: StubAuthSession = {
+  subjectId: 'ops-cutover-user',
+  tenant: 'tenant-default',
+  scopes: [
+    'admin',
+    'ui.read',
+    'ui.admin',
+    'orch:read',
+    'orch:operate',
+    'health:read',
+    'policy:read',
+  ],
+};
+
+const mockConfig = {
+  authority: {
+    issuer: '/authority',
+    clientId: 'stella-ops-ui',
+    authorizeEndpoint: '/authority/connect/authorize',
+    tokenEndpoint: '/authority/connect/token',
+    logoutEndpoint: '/authority/connect/logout',
+    redirectUri: 'https://127.0.0.1:4400/auth/callback',
+    postLogoutRedirectUri: 'https://127.0.0.1:4400/',
+    scope: 'openid profile email ui.read',
+    audience: '/gateway',
+    dpopAlgorithms: ['ES256'],
+    refreshLeewaySeconds: 60,
+  },
+  apiBaseUrls: {
+    authority: '/authority',
+    scanner: '/scanner',
+    policy: '/policy',
+    concelier: '/concelier',
+    attestor: '/attestor',
+    gateway: '/gateway',
+  },
+  quickstartMode: true,
+  setup: 'complete',
+};
+
+async function fulfillJson(route: Route, body: unknown): Promise<void> {
+  await route.fulfill({
+    status: 200,
+    contentType: 'application/json',
+    body: JSON.stringify(body),
+  });
+}
+
+async function navigateClientSide(page: Page, target: string): Promise<void> {
+  await page.evaluate((url) => {
+    window.history.pushState({}, '', url);
+    window.dispatchEvent(new PopStateEvent('popstate', { state: window.history.state }));
+  }, target);
+}
+
+test.beforeEach(async ({ page }) => {
+  await page.addInitScript((session) => {
+    (window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
+  }, adminSession);
+
+  await page.route('**/platform/envsettings.json', (route) => fulfillJson(route, mockConfig));
+  await page.route('**/config.json', (route) => fulfillJson(route, mockConfig));
+  await page.route('**/.well-known/openid-configuration', (route) =>
+    fulfillJson(route, {
+      issuer: 'https://127.0.0.1:4400/authority',
+      authorization_endpoint: 'https://127.0.0.1:4400/authority/connect/authorize',
+      token_endpoint: 'https://127.0.0.1:4400/authority/connect/token',
+      jwks_uri: 'https://127.0.0.1:4400/authority/.well-known/jwks.json',
+      response_types_supported: ['code'],
+      subject_types_supported: ['public'],
+      id_token_signing_alg_values_supported: ['RS256'],
+    }),
+  );
+  await page.route('**/authority/.well-known/jwks.json', (route) => fulfillJson(route, { keys: [] }));
+  await page.route('**/console/profile**', (route) =>
+    fulfillJson(route, {
+      subjectId: adminSession.subjectId,
+      username: 'ops-cutover',
+      displayName: 'Ops Cutover',
+      tenant: adminSession.tenant,
+      roles: ['admin'],
+      scopes: adminSession.scopes,
+    }),
+  );
+  await page.route('**/console/token/introspect**', (route) =>
+    fulfillJson(route, {
+      active: true,
+      tenant: adminSession.tenant,
+      subject: adminSession.subjectId,
+      scopes: adminSession.scopes,
+    }),
+  );
+  await page.route('**/api/v2/context/regions', (route) =>
+    fulfillJson(route, [{ regionId: 'eu-west', displayName: 'EU West', sortOrder: 1, enabled: true }]),
+  );
+  await page.route('**/api/v2/context/environments**', (route) =>
+    fulfillJson(route, [
+      {
+        environmentId: 'prod',
+        regionId: 'eu-west',
+        environmentType: 'prod',
+        displayName: 'Prod',
+        sortOrder: 1,
+        enabled: true,
+      },
+    ]),
+  );
+  await page.route('**/api/v2/context/preferences', (route) =>
+    fulfillJson(route, {
+      tenantId: adminSession.tenant,
+      actorId: adminSession.subjectId,
+      regions: ['eu-west'],
+      environments: ['prod'],
+      timeWindow: '24h',
+      stage: 'all',
+      updatedAt: '2026-03-08T10:00:00Z',
+      updatedBy: adminSession.subjectId,
+    }),
+  );
+
+  await page.route('**/api/v1/authority/quotas/alerts', (route) =>
+    fulfillJson(route, {
+      thresholds: [
+        { category: 'license', enabled: true, warningThreshold: 80, criticalThreshold: 95 },
+        { category: 'jobs', enabled: true, warningThreshold: 70, criticalThreshold: 90 },
+        { category: 'api', enabled: true, warningThreshold: 85, criticalThreshold: 95 },
+      ],
+      channels: [{ type: 'email', enabled: true, target: 'ops@example.com', events: ['warning', 'critical'] }],
+      escalationMinutes: 30,
+    }),
+  );
+
+  await page.route('**/api/v1/platform/health/services/scanner', (route) =>
+    fulfillJson(route, {
+      service: {
+        name: 'scanner',
+        displayName: 'Scanner',
+        state: 'healthy',
+        uptime: 99.98,
+        latencyP50Ms: 12,
+        latencyP95Ms: 45,
+        latencyP99Ms: 91,
+        errorRate: 0.12,
+        checks: [{ name: 'db', status: 'pass', lastChecked: '2026-03-08T10:00:00Z' }],
+        lastUpdated: '2026-03-08T10:00:00Z',
+        version: '1.4.2',
+        dependencies: ['authority'],
+      },
+      dependencyStatus: [],
+      metricHistory: [],
+      recentErrors: [],
+    }),
+  );
+  await page.route('**/api/v1/platform/health/services/scanner/alerts/config', (route) =>
+    fulfillJson(route, {
+      degradedThreshold: { errorRatePercent: 1, latencyP95Ms: 200 },
+      unhealthyThreshold: { errorRatePercent: 5, latencyP95Ms: 500 },
+      notificationChannels: ['email'],
+      enabled: true,
+    }),
+  );
+
+  await page.route('**/gateway/api/v1/aoc/provenance/validate', async (route) => {
+    const request = route.request();
+    const body = request.postDataJSON() as { inputType: string; inputValue: string };
+    await fulfillJson(route, {
+      inputValue: body.inputValue,
+      inputType: body.inputType,
+      isComplete: true,
+      validatedAt: '2026-03-08T10:05:00Z',
+      validationErrors: [],
+      steps: [
+        {
+          stepType: 'ingestion',
+          status: 'valid',
+          timestamp: '2026-03-08T10:00:00Z',
+          label: `Validated ${body.inputValue}`,
+          hash: 'sha256:1234567890abcdef',
+        },
+      ],
+    });
+  });
+});
+
+test('old quota alert deep links land on canonical operations route', async ({ page }) => {
+  await page.goto('/ops/operations', { waitUntil: 'networkidle' });
+  await navigateClientSide(page, '/ops/quotas/alerts?category=api');
+
+  await expect(page).toHaveURL(/\/ops\/operations\/quotas\/alerts\?category=api(?:&.*)?$/);
+  await expect(page.getByRole('heading', { name: 'Quota Alert Configuration' })).toBeVisible();
+  await expect(page.getByText('API Rate Limit')).toBeVisible();
+});
+
+test('legacy platform health detail bookmarks land on canonical health route', async ({ page }) => {
+  await page.goto('/ops/operations', { waitUntil: 'networkidle' });
+  await navigateClientSide(page, '/platform/ops/health-slo/services/scanner');
+
+  await expect(page).toHaveURL(/\/ops\/operations\/health-slo\/services\/scanner(?:\?.*)?$/);
+  await expect(page.getByRole('heading', { name: 'Scanner' })).toBeVisible();
+});
+
+test('legacy AOC provenance links land on canonical route and keep validation input', async ({ page }) => {
+  await page.goto('/ops/operations', { waitUntil: 'networkidle' });
+  await navigateClientSide(page, '/ops/aoc/provenance?type=cve_id&value=CVE-2026-0001');
+
+  await expect(page).toHaveURL(/\/ops\/operations\/aoc\/provenance\?type=cve_id&value=CVE-2026-0001(?:&.*)?$/);
+  await expect(page.getByRole('heading', { name: 'Provenance Chain Validator' })).toBeVisible();
+  await expect(page.getByText('Complete Chain')).toBeVisible();
+  await expect(page.getByText('Validated CVE-2026-0001')).toBeVisible();
+});