stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

e2e observation fixes

Browse Source
This commit is contained in:
master
2026-02-18 22:47:34 +02:00
parent 1bcab39a2c
commit cb3e361fcf
35 changed files with 1127 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/StellaOpsAuthorizationPolicyBuilderExtensions.cs
View File

@@ -1,7 +1,6 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.Extensions.DependencyInjection;
using StellaOps.Auth.Abstractions;
using System;
namespace StellaOps.Auth.ServerIntegration;
@@ -22,7 +21,6 @@ public static class StellaOpsAuthorizationPolicyBuilderExtensions
var requirement = new StellaOpsScopeRequirement(scopes);
builder.AddRequirements(requirement);
builder.AddAuthenticationSchemes(StellaOpsAuthenticationDefaults.AuthenticationScheme);
return builder;
}
@@ -39,7 +37,6 @@ public static class StellaOpsAuthorizationPolicyBuilderExtensions
options.AddPolicy(policyName, policy =>
{
policy.AddAuthenticationSchemes(StellaOpsAuthenticationDefaults.AuthenticationScheme);
policy.Requirements.Add(new StellaOpsScopeRequirement(scopes));
});
}

21
src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/StellaOpsLocalHostnameExtensions.cs
View File

@@ -81,8 +81,13 @@ public static class StellaOpsLocalHostnameExtensions
return builder;
}
var httpsAvailable = IsPortAvailable(HttpsPort, resolvedIp);
var httpAvailable = IsPortAvailable(HttpPort, resolvedIp);
// When hostname resolves to a non-loopback address (common in Docker),
// bind on all interfaces so published host ports work regardless of
// which container interface Docker targets.
var bindIp = IPAddress.IsLoopback(resolvedIp) ? resolvedIp : IPAddress.Any;
var httpsAvailable = IsPortAvailable(HttpsPort, bindIp);
var httpAvailable = IsPortAvailable(HttpPort, bindIp);
if (!httpsAvailable && !httpAvailable)
{
@@ -92,14 +97,14 @@ public static class StellaOpsLocalHostnameExtensions
builder.Configuration[LocalBindingBoundKey] = "true";
// Bind to the specific loopback IP (not hostname) so Kestrel uses only
// this address, leaving other 127.1.0.x IPs available for other services.
// UseUrls("https://hostname") would bind to [::]:443 (all interfaces).
// Loopback-hostname mode: bind to the specific loopback IP so multiple
// local services can share 80/443 across different 127.1.0.x addresses.
// Container/non-loopback mode: bind to 0.0.0.0 so host port publishing
// works across all attached container interfaces.
//
// When ConfigureKestrel uses explicit Listen() calls, Kestrel ignores UseUrls.
// So we must also re-add the dev-port bindings from launchSettings.json.
var currentUrls = builder.WebHost.GetSetting(WebHostDefaults.ServerUrlsKey) ?? "";
var ip = resolvedIp;
builder.WebHost.ConfigureKestrel((context, kestrel) =>
{
// Re-add dev-port bindings from launchSettings.json / ASPNETCORE_URLS
@@ -126,7 +131,7 @@ public static class StellaOpsLocalHostnameExtensions
// Add .stella-ops.local bindings on the dedicated loopback IP
if (httpsAvailable)
{
kestrel.Listen(ip, HttpsPort, listenOptions =>
kestrel.Listen(bindIp, HttpsPort, listenOptions =>
{
listenOptions.UseHttps();
});
@@ -134,7 +139,7 @@ public static class StellaOpsLocalHostnameExtensions
if (httpAvailable)
{
kestrel.Listen(ip, HttpPort);
kestrel.Listen(bindIp, HttpPort);
}
});

1
src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/TASKS.md
View File

@@ -5,6 +5,7 @@ Source of truth: `docs-archived/implplan/2025-12-29-csproj-audit/SPRINT_20251229
| Task ID | Status | Notes |
| --- | --- | --- |
| U-002-AUTH-POLICY | DOING | Sprint `docs/implplan/SPRINT_20260218_004_Platform_local_setup_usability_hardening.md`: remove hard auth-scheme binding that caused console-admin policy endpoints to throw when bearer scheme is not explicitly registered. |
| AUDIT-0083-M | DONE | Revalidated 2026-01-06. |
| AUDIT-0083-T | DONE | Revalidated 2026-01-06 (tests cover metadata caching, bypass checks, scope normalization). |
| AUDIT-0083-A | TODO | Reopened 2026-01-06: remove Guid.NewGuid fallback for correlation IDs; keep tests deterministic. |