Archive live search ingestion browser validation sprint
This commit is contained in:
master
@@ -218,6 +218,33 @@ export const routes: Routes = [
|
||||
{ path: '**', redirectTo: '/administration' },
|
||||
],
|
||||
},
|
||||
{
|
||||
path: 'analyze',
|
||||
children: [
|
||||
{ path: 'unknowns', redirectTo: preserveAppRedirect('/security/unknowns'), pathMatch: 'full' },
|
||||
{
|
||||
path: 'unknowns/queue/grey',
|
||||
redirectTo: preserveAppRedirect('/security/unknowns/queue/grey'),
|
||||
pathMatch: 'full',
|
||||
},
|
||||
{
|
||||
path: 'unknowns/:unknownId/determinization',
|
||||
redirectTo: preserveAppRedirect('/security/unknowns/:unknownId/determinization'),
|
||||
pathMatch: 'full',
|
||||
},
|
||||
{
|
||||
path: 'unknowns/:unknownId',
|
||||
redirectTo: preserveAppRedirect('/security/unknowns/:unknownId'),
|
||||
pathMatch: 'full',
|
||||
},
|
||||
{ path: '**', redirectTo: '/security', pathMatch: 'full' },
|
||||
],
|
||||
},
|
||||
{
|
||||
path: 'notify',
|
||||
redirectTo: preserveAppRedirect('/ops/operations/notifications'),
|
||||
pathMatch: 'full',
|
||||
},
|
||||
{
|
||||
path: 'platform-ops',
|
||||
loadChildren: () => import('./routes/platform-ops.routes').then((m) => m.PLATFORM_OPS_ROUTES),
|
||||
|
||||
@@ -61,14 +61,14 @@ export const NAVIGATION_GROUPS: NavGroup[] = [
|
||||
{
|
||||
id: 'lineage',
|
||||
label: 'Lineage',
|
||||
route: '/lineage',
|
||||
route: '/security/lineage',
|
||||
icon: 'git-branch',
|
||||
tooltip: 'Explore SBOM lineage and smart diff',
|
||||
},
|
||||
{
|
||||
id: 'reachability',
|
||||
label: 'Reachability',
|
||||
route: '/reachability',
|
||||
route: '/security/reachability',
|
||||
icon: 'network',
|
||||
tooltip: 'Reachability analysis and coverage',
|
||||
},
|
||||
@@ -82,14 +82,14 @@ export const NAVIGATION_GROUPS: NavGroup[] = [
|
||||
{
|
||||
id: 'unknowns',
|
||||
label: 'Unknowns',
|
||||
route: '/analyze/unknowns',
|
||||
route: '/security/unknowns',
|
||||
icon: 'help-circle',
|
||||
tooltip: 'Track and identify unknown components',
|
||||
},
|
||||
{
|
||||
id: 'patch-map',
|
||||
label: 'Patch Map',
|
||||
route: '/analyze/patch-map',
|
||||
route: '/security/patch-map',
|
||||
icon: 'grid',
|
||||
tooltip: 'Fleet-wide binary patch coverage heatmap',
|
||||
},
|
||||
@@ -470,7 +470,7 @@ export const NAVIGATION_GROUPS: NavGroup[] = [
|
||||
{
|
||||
id: 'notifications',
|
||||
label: 'Notifications',
|
||||
route: '/notify',
|
||||
route: OPERATIONS_PATHS.notifications,
|
||||
icon: 'notification',
|
||||
tooltip: 'Notification center',
|
||||
},
|
||||
|
||||
@@ -29,11 +29,11 @@ import { GreyQueuePanelComponent } from '../unknowns/grey-queue-panel.component'
|
||||
<nav class="mb-6 text-sm">
|
||||
<ol class="flex items-center space-x-2">
|
||||
<li>
|
||||
<a routerLink="/analyze/unknowns" class="text-blue-600 hover:underline">Unknowns</a>
|
||||
<a routerLink="/security/unknowns" class="text-blue-600 hover:underline">Unknowns</a>
|
||||
</li>
|
||||
<li class="text-gray-400">/</li>
|
||||
<li>
|
||||
<a [routerLink]="['/analyze/unknowns', unknownId()]" class="text-blue-600 hover:underline">
|
||||
<a [routerLink]="['/security/unknowns', unknownId()]" class="text-blue-600 hover:underline">
|
||||
{{ unknownId() | slice:0:8 }}...
|
||||
</a>
|
||||
</li>
|
||||
@@ -228,7 +228,7 @@ import { GreyQueuePanelComponent } from '../unknowns/grey-queue-panel.component'
|
||||
Export Proof JSON
|
||||
</button>
|
||||
<a
|
||||
[routerLink]="['/analyze/unknowns', unknownId()]"
|
||||
[routerLink]="['/security/unknowns', unknownId()]"
|
||||
class="block w-full px-3 py-2 text-sm text-left rounded border hover:bg-gray-50"
|
||||
>
|
||||
Back to Unknown Detail
|
||||
|
||||
@@ -26,7 +26,7 @@ import {
|
||||
<!-- Header -->
|
||||
<div class="mb-6">
|
||||
<nav class="text-sm mb-2">
|
||||
<a routerLink="/analyze/unknowns" class="text-blue-600 hover:underline">Unknowns</a>
|
||||
<a routerLink="/security/unknowns" class="text-blue-600 hover:underline">Unknowns</a>
|
||||
<span class="text-gray-400 mx-2">/</span>
|
||||
<span class="text-gray-600">Grey Queue</span>
|
||||
</nav>
|
||||
@@ -164,7 +164,7 @@ import {
|
||||
</td>
|
||||
<td class="px-4 py-3 text-right">
|
||||
<a
|
||||
[routerLink]="['/analyze/unknowns', item.id, 'determinization']"
|
||||
[routerLink]="['/security/unknowns', item.id, 'determinization']"
|
||||
class="text-blue-600 hover:underline text-sm"
|
||||
>
|
||||
Review
|
||||
|
||||
@@ -35,7 +35,8 @@ describe('AppSidebarComponent', () => {
|
||||
|
||||
const text = fixture.nativeElement.textContent as string;
|
||||
expect(text).toContain('Dashboard');
|
||||
expect(text).toContain('Security & Risk');
|
||||
expect(text).toContain('Alerts');
|
||||
expect(text).toContain('Activity');
|
||||
expect(text).not.toContain('Analytics');
|
||||
});
|
||||
|
||||
@@ -69,6 +70,25 @@ describe('AppSidebarComponent', () => {
|
||||
expect(fixture.nativeElement.textContent).toContain('Trust & Signing');
|
||||
});
|
||||
|
||||
it('surfaces mission, unknowns, and notifications leaves in the live sidebar shells', () => {
|
||||
setScopes([
|
||||
StellaOpsScopes.UI_READ,
|
||||
StellaOpsScopes.RELEASE_READ,
|
||||
StellaOpsScopes.SCANNER_READ,
|
||||
StellaOpsScopes.UI_ADMIN,
|
||||
StellaOpsScopes.ORCH_READ,
|
||||
StellaOpsScopes.NOTIFY_VIEWER,
|
||||
]);
|
||||
const fixture = createComponent();
|
||||
const links = Array.from(fixture.nativeElement.querySelectorAll('a')) as HTMLAnchorElement[];
|
||||
const hrefs = links.map((link) => link.getAttribute('href'));
|
||||
|
||||
expect(hrefs).toContain('/mission-control/alerts');
|
||||
expect(hrefs).toContain('/mission-control/activity');
|
||||
expect(hrefs).toContain('/security/unknowns');
|
||||
expect(hrefs).toContain('/ops/operations/notifications');
|
||||
});
|
||||
|
||||
function setScopes(scopes: readonly StellaOpsScope[]): void {
|
||||
const baseUser = authService.user();
|
||||
if (!baseUser) {
|
||||
|
||||
@@ -723,6 +723,12 @@ export class AppSidebarComponent implements AfterViewInit {
|
||||
StellaOpsScopes.RELEASE_READ,
|
||||
StellaOpsScopes.SCANNER_READ,
|
||||
],
|
||||
children: [
|
||||
{ id: 'mc-alerts', label: 'Alerts', route: '/mission-control/alerts', icon: 'bell' },
|
||||
{ id: 'mc-activity', label: 'Activity', route: '/mission-control/activity', icon: 'clock' },
|
||||
{ id: 'mc-release-health', label: 'Release Health', route: '/mission-control/release-health', icon: 'activity' },
|
||||
{ id: 'mc-security-posture', label: 'Security Posture', route: '/mission-control/security-posture', icon: 'shield' },
|
||||
],
|
||||
},
|
||||
{
|
||||
id: 'releases',
|
||||
@@ -797,6 +803,7 @@ export class AppSidebarComponent implements AfterViewInit {
|
||||
{ id: 'sec-audit-bundles', label: 'Audit Bundles', route: '/triage/audit-bundles', icon: 'archive' },
|
||||
{ id: 'sec-supply-chain', label: 'Supply-Chain Data', route: '/security/supply-chain-data', icon: 'graph' },
|
||||
{ id: 'sec-reachability', label: 'Reachability', route: '/security/reachability', icon: 'cpu' },
|
||||
{ id: 'sec-unknowns', label: 'Unknowns', route: '/security/unknowns', icon: 'help-circle' },
|
||||
{ id: 'sec-reports', label: 'Reports', route: '/security/reports', icon: 'book-open' },
|
||||
],
|
||||
},
|
||||
@@ -841,6 +848,7 @@ export class AppSidebarComponent implements AfterViewInit {
|
||||
children: [
|
||||
{ id: 'ops-policy', label: 'Policy', route: '/ops/policy', icon: 'shield' },
|
||||
{ id: 'ops-platform-setup', label: 'Platform Setup', route: '/ops/platform-setup', icon: 'cog' },
|
||||
{ id: 'ops-notifications', label: 'Notifications', route: '/ops/operations/notifications', icon: 'bell' },
|
||||
],
|
||||
},
|
||||
{
|
||||
|
||||
@@ -0,0 +1,74 @@
|
||||
import { TestBed } from '@angular/core/testing';
|
||||
import { provideRouter, Route, Router } from '@angular/router';
|
||||
|
||||
import { routes } from '../../app/app.routes';
|
||||
import { NAVIGATION_GROUPS } from '../../app/core/navigation/navigation.config';
|
||||
|
||||
function resolveRedirect(route: Route | undefined, params: Record<string, string> = {}): string | undefined {
|
||||
const redirect = route?.redirectTo;
|
||||
if (typeof redirect === 'string') {
|
||||
return redirect;
|
||||
}
|
||||
|
||||
if (typeof redirect !== 'function') {
|
||||
return undefined;
|
||||
}
|
||||
|
||||
return TestBed.runInInjectionContext(() => {
|
||||
const router = TestBed.inject(Router);
|
||||
const target = redirect({
|
||||
params,
|
||||
queryParams: {},
|
||||
fragment: null,
|
||||
} as never) as unknown;
|
||||
|
||||
return typeof target === 'string' ? target : router.serializeUrl(target as never);
|
||||
});
|
||||
}
|
||||
|
||||
describe('security operations leaves cutover contract', () => {
|
||||
beforeEach(() => {
|
||||
TestBed.configureTestingModule({
|
||||
providers: [provideRouter([])],
|
||||
});
|
||||
});
|
||||
|
||||
it('redirects stale analyze unknowns entry points into canonical security routes', () => {
|
||||
const analyze = routes.find((route) => route.path === 'analyze');
|
||||
const children = analyze?.children ?? [];
|
||||
|
||||
expect(resolveRedirect(children.find((route) => route.path === 'unknowns'))).toBe('/security/unknowns');
|
||||
expect(resolveRedirect(children.find((route) => route.path === 'unknowns/queue/grey'))).toBe(
|
||||
'/security/unknowns/queue/grey',
|
||||
);
|
||||
expect(resolveRedirect(children.find((route) => route.path === 'unknowns/:unknownId'), { unknownId: 'unk-101' })).toBe(
|
||||
'/security/unknowns/unk-101',
|
||||
);
|
||||
expect(
|
||||
resolveRedirect(children.find((route) => route.path === 'unknowns/:unknownId/determinization'), {
|
||||
unknownId: 'unk-101',
|
||||
}),
|
||||
).toBe('/security/unknowns/unk-101/determinization');
|
||||
});
|
||||
|
||||
it('redirects the legacy notify root into canonical operations notifications', () => {
|
||||
expect(resolveRedirect(routes.find((route) => route.path === 'notify'))).toBe('/ops/operations/notifications');
|
||||
});
|
||||
|
||||
it('retargets security analyze and notify navigation leaves to canonical owners', () => {
|
||||
const analyzeGroup = NAVIGATION_GROUPS.find((group) => group.id === 'analyze');
|
||||
const notifyGroup = NAVIGATION_GROUPS.find((group) => group.id === 'notify');
|
||||
|
||||
expect(analyzeGroup).toBeDefined();
|
||||
expect(notifyGroup).toBeDefined();
|
||||
|
||||
const analyzeRoutes = new Map((analyzeGroup?.items ?? []).map((item) => [item.id, item.route]));
|
||||
const notifyRoutes = new Map((notifyGroup?.items ?? []).map((item) => [item.id, item.route]));
|
||||
|
||||
expect(analyzeRoutes.get('lineage')).toBe('/security/lineage');
|
||||
expect(analyzeRoutes.get('reachability')).toBe('/security/reachability');
|
||||
expect(analyzeRoutes.get('unknowns')).toBe('/security/unknowns');
|
||||
expect(analyzeRoutes.get('patch-map')).toBe('/security/patch-map');
|
||||
expect(notifyRoutes.get('notifications')).toBe('/ops/operations/notifications');
|
||||
});
|
||||
});
|
||||
@@ -0,0 +1,138 @@
|
||||
import { ComponentFixture, TestBed } from '@angular/core/testing';
|
||||
import { ActivatedRoute, provideRouter } from '@angular/router';
|
||||
import { of } from 'rxjs';
|
||||
|
||||
import { UnknownsClient } from '../../app/core/api/unknowns.client';
|
||||
import { DeterminizationReviewComponent } from '../../app/features/unknowns-tracking/determinization-review.component';
|
||||
import { GreyQueueDashboardComponent } from '../../app/features/unknowns-tracking/grey-queue-dashboard.component';
|
||||
|
||||
describe('unknowns route handoffs', () => {
|
||||
it('keeps grey queue review links inside canonical security unknowns routes', async () => {
|
||||
const unknownsClient = {
|
||||
getPolicyUnknownsSummary: jasmine.createSpy('getPolicyUnknownsSummary').and.returnValue(
|
||||
of({ hot: 1, warm: 0, cold: 0, resolved: 0, total: 1 }),
|
||||
),
|
||||
listPolicyUnknowns: jasmine.createSpy('listPolicyUnknowns').and.returnValue(
|
||||
of({
|
||||
items: [
|
||||
{
|
||||
id: 'unknown-grey-1',
|
||||
packageId: 'openssl',
|
||||
packageVersion: '3.0.14',
|
||||
band: 'hot',
|
||||
score: 94,
|
||||
uncertaintyFactor: 0.2,
|
||||
exploitPressure: 0.5,
|
||||
firstSeenAt: '2026-03-08T07:00:00Z',
|
||||
lastEvaluatedAt: '2026-03-08T07:30:00Z',
|
||||
reasonCode: 'policy.unknown',
|
||||
reasonCodeShort: 'Unknown',
|
||||
observationState: 'ManualReviewRequired',
|
||||
conflictInfo: {
|
||||
hasConflict: true,
|
||||
severity: 0.71,
|
||||
suggestedPath: 'Manual review',
|
||||
conflicts: [
|
||||
{
|
||||
signal1: 'vex:a',
|
||||
signal2: 'vex:b',
|
||||
type: 'issuer-conflict',
|
||||
description: 'Issuer disagreement requires review.',
|
||||
severity: 0.71,
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
],
|
||||
totalCount: 1,
|
||||
}),
|
||||
),
|
||||
};
|
||||
|
||||
await TestBed.configureTestingModule({
|
||||
imports: [GreyQueueDashboardComponent],
|
||||
providers: [
|
||||
provideRouter([]),
|
||||
{ provide: UnknownsClient, useValue: unknownsClient as unknown as UnknownsClient },
|
||||
],
|
||||
}).compileComponents();
|
||||
|
||||
const fixture = TestBed.createComponent(GreyQueueDashboardComponent);
|
||||
fixture.detectChanges();
|
||||
await fixture.whenStable();
|
||||
fixture.detectChanges();
|
||||
|
||||
const links = Array.from(fixture.nativeElement.querySelectorAll('a')) as HTMLAnchorElement[];
|
||||
const hrefs = links.map((link) => link.getAttribute('href'));
|
||||
|
||||
expect(hrefs).toContain('/security/unknowns');
|
||||
expect(hrefs).toContain('/security/unknowns/unknown-grey-1/determinization');
|
||||
});
|
||||
|
||||
it('keeps determinization breadcrumbs and return links inside canonical security unknowns routes', async () => {
|
||||
const unknownsClient = {
|
||||
getPolicyUnknownDetail: jasmine.createSpy('getPolicyUnknownDetail').and.returnValue(
|
||||
of({
|
||||
unknown: {
|
||||
id: 'unknown-grey-1',
|
||||
packageId: 'openssl',
|
||||
packageVersion: '3.0.14',
|
||||
band: 'hot',
|
||||
score: 94,
|
||||
uncertaintyFactor: 0.2,
|
||||
exploitPressure: 0.5,
|
||||
firstSeenAt: '2026-03-08T07:00:00Z',
|
||||
lastEvaluatedAt: '2026-03-08T07:30:00Z',
|
||||
reasonCode: 'policy.unknown',
|
||||
reasonCodeShort: 'Unknown',
|
||||
observationState: 'ManualReviewRequired',
|
||||
conflictInfo: {
|
||||
hasConflict: true,
|
||||
severity: 0.71,
|
||||
suggestedPath: 'Manual review',
|
||||
conflicts: [
|
||||
{
|
||||
signal1: 'vex:a',
|
||||
signal2: 'vex:b',
|
||||
type: 'issuer-conflict',
|
||||
description: 'Issuer disagreement requires review.',
|
||||
severity: 0.71,
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
}),
|
||||
),
|
||||
triageUnknown: jasmine.createSpy('triageUnknown'),
|
||||
};
|
||||
|
||||
await TestBed.configureTestingModule({
|
||||
imports: [DeterminizationReviewComponent],
|
||||
providers: [
|
||||
provideRouter([]),
|
||||
{ provide: UnknownsClient, useValue: unknownsClient as unknown as UnknownsClient },
|
||||
{
|
||||
provide: ActivatedRoute,
|
||||
useValue: {
|
||||
snapshot: {
|
||||
paramMap: {
|
||||
get: (key: string) => (key === 'unknownId' ? 'unknown-grey-1' : null),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
],
|
||||
}).compileComponents();
|
||||
|
||||
const fixture = TestBed.createComponent(DeterminizationReviewComponent);
|
||||
fixture.detectChanges();
|
||||
await fixture.whenStable();
|
||||
fixture.detectChanges();
|
||||
|
||||
const links = Array.from(fixture.nativeElement.querySelectorAll('a')) as HTMLAnchorElement[];
|
||||
const hrefs = links.map((link) => link.getAttribute('href'));
|
||||
|
||||
expect(hrefs).toContain('/security/unknowns');
|
||||
expect(hrefs).toContain('/security/unknowns/unknown-grey-1');
|
||||
});
|
||||
});
|
||||
@@ -0,0 +1,328 @@
|
||||
import { expect, test, type Page, type Route } from '@playwright/test';
|
||||
|
||||
import type { StubAuthSession } from '../../src/app/testing/auth-fixtures';
|
||||
|
||||
const operatorSession: StubAuthSession = {
|
||||
subjectId: 'security-ops-e2e-user',
|
||||
tenant: 'tenant-default',
|
||||
scopes: [
|
||||
'admin',
|
||||
'ui.read',
|
||||
'ui.admin',
|
||||
'release:read',
|
||||
'scanner:read',
|
||||
'sbom:read',
|
||||
'orch:read',
|
||||
'notify.viewer',
|
||||
'signer:read',
|
||||
],
|
||||
};
|
||||
|
||||
const mockConfig = {
|
||||
authority: {
|
||||
issuer: '/authority',
|
||||
clientId: 'stella-ops-ui',
|
||||
authorizeEndpoint: '/authority/connect/authorize',
|
||||
tokenEndpoint: '/authority/connect/token',
|
||||
logoutEndpoint: '/authority/connect/logout',
|
||||
redirectUri: 'https://127.0.0.1:4400/auth/callback',
|
||||
postLogoutRedirectUri: 'https://127.0.0.1:4400/',
|
||||
scope: 'openid profile email ui.read',
|
||||
audience: '/gateway',
|
||||
dpopAlgorithms: ['ES256'],
|
||||
refreshLeewaySeconds: 60,
|
||||
},
|
||||
apiBaseUrls: {
|
||||
authority: '/authority',
|
||||
scanner: '/scanner',
|
||||
policy: '/policy',
|
||||
concelier: '/concelier',
|
||||
attestor: '/attestor',
|
||||
gateway: '/gateway',
|
||||
},
|
||||
quickstartMode: true,
|
||||
setup: 'complete',
|
||||
};
|
||||
|
||||
const unknownsList = {
|
||||
items: [
|
||||
{
|
||||
id: 'unknown-101',
|
||||
type: 'binary',
|
||||
name: 'openssl',
|
||||
path: '/usr/lib/libssl.so',
|
||||
artifactDigest: 'sha256:artifact-a',
|
||||
artifactRef: 'registry.example/app@sha256:artifact-a',
|
||||
sha256: 'sha256:file-a',
|
||||
status: 'open',
|
||||
confidence: 92,
|
||||
createdAt: '2026-03-08T07:00:00Z',
|
||||
updatedAt: '2026-03-08T07:10:00Z',
|
||||
},
|
||||
],
|
||||
total: 1,
|
||||
};
|
||||
|
||||
const unknownsStats = {
|
||||
total: 7,
|
||||
byType: {
|
||||
binary: 4,
|
||||
symbol: 2,
|
||||
package: 1,
|
||||
file: 0,
|
||||
license: 0,
|
||||
},
|
||||
byStatus: {
|
||||
open: 5,
|
||||
pending: 1,
|
||||
resolved: 1,
|
||||
unresolvable: 0,
|
||||
},
|
||||
resolutionRate: 14.2,
|
||||
avgConfidence: 73.4,
|
||||
lastUpdated: '2026-03-08T07:10:00Z',
|
||||
};
|
||||
|
||||
const unknownDetail = {
|
||||
unknown: {
|
||||
id: 'unknown-101',
|
||||
type: 'binary',
|
||||
name: 'openssl',
|
||||
path: '/usr/lib/libssl.so',
|
||||
artifactDigest: 'sha256:artifact-a',
|
||||
artifactRef: 'registry.example/app@sha256:artifact-a',
|
||||
sha256: 'sha256:file-a',
|
||||
status: 'open',
|
||||
confidence: 92,
|
||||
createdAt: '2026-03-08T07:00:00Z',
|
||||
updatedAt: '2026-03-08T07:10:00Z',
|
||||
},
|
||||
candidates: [
|
||||
{
|
||||
rank: 1,
|
||||
name: 'openssl',
|
||||
purl: 'pkg:generic/openssl@3.0.14',
|
||||
cpe: 'cpe:2.3:a:openssl:openssl:3.0.14:*:*:*:*:*:*:*',
|
||||
confidence: 96,
|
||||
source: 'fingerprint',
|
||||
matchDetails: 'Fingerprint digest match',
|
||||
},
|
||||
],
|
||||
fingerprintAnalysis: {
|
||||
matchType: 'exact',
|
||||
matchPercentage: 98,
|
||||
missingInfo: [],
|
||||
},
|
||||
symbolResolution: {
|
||||
totalSymbols: 15,
|
||||
resolvedSymbols: 14,
|
||||
missingSymbols: ['SSL_CTX_new'],
|
||||
symbolServerStatus: 'partial',
|
||||
},
|
||||
similarCount: 3,
|
||||
sbomImpact: {
|
||||
currentCompleteness: 91,
|
||||
impactDelta: 4,
|
||||
knownCves: 2,
|
||||
message: 'Resolution improves SBOM completeness and vulnerability attribution.',
|
||||
},
|
||||
};
|
||||
|
||||
const notifyChannels = [
|
||||
{
|
||||
channelId: 'chn-alerts',
|
||||
tenantId: 'tenant-default',
|
||||
name: 'slack-alerts',
|
||||
displayName: 'Slack Alerts',
|
||||
type: 'Slack',
|
||||
enabled: true,
|
||||
config: {
|
||||
secretRef: 'secret://notify/slack-alerts',
|
||||
target: '#security-alerts',
|
||||
},
|
||||
labels: {},
|
||||
metadata: {},
|
||||
createdAt: '2026-03-08T07:00:00Z',
|
||||
updatedAt: '2026-03-08T07:10:00Z',
|
||||
},
|
||||
];
|
||||
|
||||
const notifyRules = [
|
||||
{
|
||||
ruleId: 'rule-alerts',
|
||||
tenantId: 'tenant-default',
|
||||
name: 'Critical findings',
|
||||
enabled: true,
|
||||
match: {
|
||||
minSeverity: 'critical',
|
||||
eventKinds: ['scanner.report.ready'],
|
||||
},
|
||||
actions: [
|
||||
{
|
||||
actionId: 'act-alerts',
|
||||
channel: 'chn-alerts',
|
||||
digest: 'instant',
|
||||
enabled: true,
|
||||
},
|
||||
],
|
||||
createdAt: '2026-03-08T07:00:00Z',
|
||||
updatedAt: '2026-03-08T07:10:00Z',
|
||||
},
|
||||
];
|
||||
|
||||
const notifyDeliveries = {
|
||||
items: [
|
||||
{
|
||||
deliveryId: 'delivery-001',
|
||||
tenantId: 'tenant-default',
|
||||
ruleId: 'rule-alerts',
|
||||
actionId: 'act-alerts',
|
||||
eventId: 'event-001',
|
||||
kind: 'scanner.report.ready',
|
||||
status: 'Sent',
|
||||
rendered: {
|
||||
channelType: 'Slack',
|
||||
format: 'Slack',
|
||||
target: '#security-alerts',
|
||||
title: 'Critical finding detected',
|
||||
body: 'A critical finding requires operator review.',
|
||||
},
|
||||
createdAt: '2026-03-08T07:10:00Z',
|
||||
},
|
||||
],
|
||||
count: 1,
|
||||
continuationToken: null,
|
||||
};
|
||||
|
||||
async function fulfillJson(route: Route, body: unknown, status = 200): Promise<void> {
|
||||
await route.fulfill({
|
||||
status,
|
||||
contentType: 'application/json',
|
||||
body: JSON.stringify(body),
|
||||
});
|
||||
}
|
||||
|
||||
async function setupHarness(page: Page): Promise<void> {
|
||||
await page.addInitScript((session) => {
|
||||
(window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
|
||||
}, operatorSession);
|
||||
|
||||
await page.route('**/api/**', (route) => fulfillJson(route, {}));
|
||||
await page.route('**/platform/envsettings.json', (route) => fulfillJson(route, mockConfig));
|
||||
await page.route('**/platform/i18n/*.json', (route) => fulfillJson(route, {}));
|
||||
await page.route('**/config.json', (route) => fulfillJson(route, mockConfig));
|
||||
await page.route('**/.well-known/openid-configuration', (route) =>
|
||||
fulfillJson(route, {
|
||||
issuer: 'https://127.0.0.1:4400/authority',
|
||||
authorization_endpoint: 'https://127.0.0.1:4400/authority/connect/authorize',
|
||||
token_endpoint: 'https://127.0.0.1:4400/authority/connect/token',
|
||||
jwks_uri: 'https://127.0.0.1:4400/authority/.well-known/jwks.json',
|
||||
response_types_supported: ['code'],
|
||||
subject_types_supported: ['public'],
|
||||
id_token_signing_alg_values_supported: ['RS256'],
|
||||
}),
|
||||
);
|
||||
await page.route('**/authority/.well-known/jwks.json', (route) => fulfillJson(route, { keys: [] }));
|
||||
await page.route('**/console/branding**', (route) =>
|
||||
fulfillJson(route, {
|
||||
tenantId: operatorSession.tenant,
|
||||
appName: 'Stella Ops',
|
||||
logoUrl: null,
|
||||
cssVariables: {},
|
||||
}),
|
||||
);
|
||||
await page.route('**/console/profile**', (route) =>
|
||||
fulfillJson(route, {
|
||||
subjectId: operatorSession.subjectId,
|
||||
username: 'security-ops-e2e',
|
||||
displayName: 'Security Ops E2E',
|
||||
tenant: operatorSession.tenant,
|
||||
roles: ['platform-admin'],
|
||||
scopes: operatorSession.scopes,
|
||||
}),
|
||||
);
|
||||
await page.route('**/console/token/introspect**', (route) =>
|
||||
fulfillJson(route, {
|
||||
active: true,
|
||||
tenant: operatorSession.tenant,
|
||||
subject: operatorSession.subjectId,
|
||||
scopes: operatorSession.scopes,
|
||||
}),
|
||||
);
|
||||
await page.route('**/authority/console/tenants**', (route) =>
|
||||
fulfillJson(route, {
|
||||
tenants: [
|
||||
{
|
||||
tenantId: operatorSession.tenant,
|
||||
displayName: 'Default Tenant',
|
||||
isDefault: true,
|
||||
isActive: true,
|
||||
},
|
||||
],
|
||||
}),
|
||||
);
|
||||
await page.route('**/api/v2/context/regions**', (route) =>
|
||||
fulfillJson(route, [{ regionId: 'eu-west', displayName: 'EU West', sortOrder: 1, enabled: true }]),
|
||||
);
|
||||
await page.route('**/api/v2/context/environments**', (route) =>
|
||||
fulfillJson(route, [
|
||||
{
|
||||
environmentId: 'prod',
|
||||
regionId: 'eu-west',
|
||||
environmentType: 'prod',
|
||||
displayName: 'Production',
|
||||
sortOrder: 1,
|
||||
enabled: true,
|
||||
},
|
||||
]),
|
||||
);
|
||||
await page.route('**/api/v2/context/preferences**', (route) =>
|
||||
fulfillJson(route, {
|
||||
tenantId: operatorSession.tenant,
|
||||
actorId: operatorSession.subjectId,
|
||||
regions: ['eu-west'],
|
||||
environments: ['prod'],
|
||||
timeWindow: '24h',
|
||||
stage: 'all',
|
||||
updatedAt: '2026-03-08T07:00:00Z',
|
||||
updatedBy: operatorSession.subjectId,
|
||||
}),
|
||||
);
|
||||
|
||||
await page.route(/\/api\/v1\/scanner\/unknowns\/stats(?:\?.*)?$/, (route) => fulfillJson(route, unknownsStats));
|
||||
await page.route(/\/api\/v1\/scanner\/unknowns\/unknown-101(?:\?.*)?$/, (route) => fulfillJson(route, unknownDetail));
|
||||
await page.route(/\/api\/v1\/scanner\/unknowns(?:\?.*)?$/, (route) => fulfillJson(route, unknownsList));
|
||||
await page.route(/\/api\/v1\/notify\/channels(?:\?.*)?$/, (route) => fulfillJson(route, notifyChannels));
|
||||
await page.route(/\/api\/v1\/notify\/rules(?:\?.*)?$/, (route) => fulfillJson(route, notifyRules));
|
||||
await page.route(/\/api\/v1\/notify\/deliveries(?:\?.*)?$/, (route) => fulfillJson(route, notifyDeliveries));
|
||||
}
|
||||
|
||||
test.beforeEach(async ({ page }) => {
|
||||
await setupHarness(page);
|
||||
});
|
||||
|
||||
test('security operations leaves keep aliases and canonical shells usable', async ({ page }) => {
|
||||
await page.goto('/analyze/unknowns', { waitUntil: 'networkidle' });
|
||||
await expect(page).toHaveURL(/\/security\/unknowns(?:\?.*)?$/);
|
||||
await expect(page.getByRole('heading', { name: 'Unknowns Tracking' })).toBeVisible();
|
||||
await page.getByRole('link', { name: 'Identify' }).click();
|
||||
await expect(page).toHaveURL(/\/security\/unknowns\/unknown-101(?:\?.*)?$/);
|
||||
await expect(page.getByRole('heading', { name: 'openssl' })).toBeVisible();
|
||||
|
||||
// `/notify` is reserved by the local dev proxy, so the alias contract is verified
|
||||
// in route-level tests while the browser run covers the mounted canonical page.
|
||||
await page.goto('/ops/operations/notifications', { waitUntil: 'networkidle' });
|
||||
await expect(page).toHaveURL(/\/ops\/operations\/notifications(?:\?.*)?$/);
|
||||
await expect(page.getByRole('heading', { name: 'Notify control plane' })).toBeVisible();
|
||||
await expect(page.getByRole('link', { name: 'Review watchlist alerts' })).toBeVisible();
|
||||
|
||||
await page.goto('/mission-control/alerts', { waitUntil: 'networkidle' });
|
||||
await expect(page.getByRole('heading', { name: 'Mission Alerts' })).toBeVisible();
|
||||
await expect(
|
||||
page.getByRole('link', { name: 'Identity watchlist alert requires signer review' }),
|
||||
).toBeVisible();
|
||||
|
||||
await page.goto('/mission-control/activity', { waitUntil: 'networkidle' });
|
||||
await expect(page.getByRole('heading', { name: 'Mission Activity' })).toBeVisible();
|
||||
await expect(page.getByRole('link', { name: 'Open Audit Log' })).toBeVisible();
|
||||
});
|
||||
Reference in New Issue
Block a user