stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: Add DigestUpsertRequest and LockEntity models
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details

Browse Source 
- Introduced DigestUpsertRequest for handling digest upsert requests with properties like ChannelId, Recipient, DigestKey, Events, and CollectUntil.
- Created LockEntity to represent a lightweight distributed lock entry with properties such as Id, TenantId, Resource, Owner, ExpiresAt, and CreatedAt.

feat: Implement ILockRepository interface and LockRepository class

- Defined ILockRepository interface with methods for acquiring and releasing locks.
- Implemented LockRepository class with methods to try acquiring a lock and releasing it, using SQL for upsert operations.

feat: Add SurfaceManifestPointer record for manifest pointers

- Introduced SurfaceManifestPointer to represent a minimal pointer to a Surface.FS manifest associated with an image digest.

feat: Create PolicySimulationInputLock and related validation logic

- Added PolicySimulationInputLock record to describe policy simulation inputs and expected digests.
- Implemented validation logic for policy simulation inputs, including checks for digest drift and shadow mode requirements.

test: Add unit tests for ReplayVerificationService and ReplayVerifier

- Created ReplayVerificationServiceTests to validate the behavior of the ReplayVerificationService under various scenarios.
- Developed ReplayVerifierTests to ensure the correctness of the ReplayVerifier logic.

test: Implement PolicySimulationInputLockValidatorTests

- Added tests for PolicySimulationInputLockValidator to verify the validation logic against expected inputs and conditions.

chore: Add cosign key example and signing scripts

- Included a placeholder cosign key example for development purposes.
- Added a script for signing Signals artifacts using cosign with support for both v2 and v3.

chore: Create script for uploading evidence to the evidence locker

- Developed a script to upload evidence to the evidence locker, ensuring required environment variables are set.
This commit is contained in:
StellaOps Bot
2025-12-03 07:51:50 +02:00
parent 37cba83708
commit e923880694
171 changed files with 6567 additions and 2952 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
src/Authority/__Libraries/StellaOps.Authority.Storage.Postgres/Backfill/AuthorityBackfillService.cs
View File

@@ -1,155 +0,0 @@
using Microsoft.Extensions.Logging;
using StellaOps.Authority.Storage.Postgres.Models;
using StellaOps.Authority.Storage.Postgres.Repositories;
using System.Security.Cryptography;
using System.Text;
namespace StellaOps.Authority.Storage.Postgres.Backfill;
/// <summary>
/// Performs one-way backfill from the secondary (legacy) store into the primary PostgreSQL store.
/// </summary>
public sealed class AuthorityBackfillService
{
private readonly ITokenRepository _primaryTokens;
private readonly ISecondaryTokenRepository _secondaryTokens;
private readonly IRefreshTokenRepository _primaryRefreshTokens;
private readonly ISecondaryRefreshTokenRepository _secondaryRefreshTokens;
private readonly IUserRepository _primaryUsers;
private readonly ISecondaryUserRepository _secondaryUsers;
private readonly ILogger<AuthorityBackfillService> _logger;
public AuthorityBackfillService(
ITokenRepository primaryTokens,
ISecondaryTokenRepository secondaryTokens,
IRefreshTokenRepository primaryRefreshTokens,
ISecondaryRefreshTokenRepository secondaryRefreshTokens,
IUserRepository primaryUsers,
ISecondaryUserRepository secondaryUsers,
ILogger<AuthorityBackfillService> logger)
{
_primaryTokens = primaryTokens;
_secondaryTokens = secondaryTokens;
_primaryRefreshTokens = primaryRefreshTokens;
_secondaryRefreshTokens = secondaryRefreshTokens;
_primaryUsers = primaryUsers;
_secondaryUsers = secondaryUsers;
_logger = logger;
}
public async Task<BackfillResult> BackfillAsync(string tenantId, CancellationToken cancellationToken = default)
{
var users = await _secondaryUsers.GetAllAsync(tenantId, null, int.MaxValue, 0, cancellationToken).ConfigureAwait(false);
var tokensCopied = 0;
var tokensSkipped = 0;
var refreshCopied = 0;
var refreshSkipped = 0;
var primaryTokensSnapshot = new List<TokenEntity>();
var secondaryTokensSnapshot = new List<TokenEntity>();
var primaryRefreshSnapshot = new List<RefreshTokenEntity>();
var secondaryRefreshSnapshot = new List<RefreshTokenEntity>();
foreach (var user in users)
{
cancellationToken.ThrowIfCancellationRequested();
var primaryUser = await _primaryUsers.GetByIdAsync(tenantId, user.Id, cancellationToken).ConfigureAwait(false);
if (primaryUser is null)
{
await _primaryUsers.CreateAsync(user, cancellationToken).ConfigureAwait(false);
}
var secondaryTokens = await _secondaryTokens.GetByUserIdAsync(tenantId, user.Id, cancellationToken).ConfigureAwait(false);
var primaryTokens = await _primaryTokens.GetByUserIdAsync(tenantId, user.Id, cancellationToken).ConfigureAwait(false);
primaryTokensSnapshot.AddRange(primaryTokens);
secondaryTokensSnapshot.AddRange(secondaryTokens);
foreach (var token in secondaryTokens)
{
if (await _primaryTokens.GetByIdAsync(tenantId, token.Id, cancellationToken).ConfigureAwait(false) is null)
{
await _primaryTokens.CreateAsync(tenantId, token, cancellationToken).ConfigureAwait(false);
primaryTokensSnapshot.Add(token);
tokensCopied++;
}
else
{
tokensSkipped++;
}
}
var secondaryRefreshTokens = await _secondaryRefreshTokens.GetByUserIdAsync(tenantId, user.Id, cancellationToken).ConfigureAwait(false);
var primaryRefreshTokens = await _primaryRefreshTokens.GetByUserIdAsync(tenantId, user.Id, cancellationToken).ConfigureAwait(false);
primaryRefreshSnapshot.AddRange(primaryRefreshTokens);
secondaryRefreshSnapshot.AddRange(secondaryRefreshTokens);
foreach (var refresh in secondaryRefreshTokens)
{
if (await _primaryRefreshTokens.GetByIdAsync(tenantId, refresh.Id, cancellationToken).ConfigureAwait(false) is null)
{
await _primaryRefreshTokens.CreateAsync(tenantId, refresh, cancellationToken).ConfigureAwait(false);
primaryRefreshSnapshot.Add(refresh);
refreshCopied++;
}
else
{
refreshSkipped++;
}
}
}
var secondaryChecksum = ComputeChecksums(secondaryTokensSnapshot, secondaryRefreshSnapshot);
var primaryChecksum = ComputeChecksums(primaryTokensSnapshot, primaryRefreshSnapshot);
return new BackfillResult(
tenantId,
users.Count,
tokensCopied,
tokensSkipped,
refreshCopied,
refreshSkipped,
primaryChecksum,
secondaryChecksum);
}
private static BackfillChecksum ComputeChecksums(
IReadOnlyCollection<TokenEntity> tokens,
IReadOnlyCollection<RefreshTokenEntity> refreshTokens)
{
var tokenHash = ComputeHash(tokens.Select(t =>
$"{t.Id}|{t.TenantId}|{t.UserId}|{t.TokenHash}|{t.TokenType}|{t.ExpiresAt.UtcDateTime:o}|{t.RevokedAt?.UtcDateTime:o}|{t.RevokedBy}|{string.Join(',', t.Scopes)}"));
var refreshHash = ComputeHash(refreshTokens.Select(t =>
$"{t.Id}|{t.TenantId}|{t.UserId}|{t.TokenHash}|{t.AccessTokenId}|{t.ClientId}|{t.ExpiresAt.UtcDateTime:o}|{t.RevokedAt?.UtcDateTime:o}|{t.RevokedBy}|{t.ReplacedBy}"));
return new BackfillChecksum(tokens.Count, refreshTokens.Count, tokenHash, refreshHash);
}
private static string ComputeHash(IEnumerable<string> lines)
{
using var sha = SHA256.Create();
foreach (var line in lines.OrderBy(l => l, StringComparer.Ordinal))
{
var bytes = Encoding.UTF8.GetBytes(line);
sha.TransformBlock(bytes, 0, bytes.Length, null, 0);
}
sha.TransformFinalBlock(Array.Empty<byte>(), 0, 0);
return Convert.ToHexString(sha.Hash ?? Array.Empty<byte>());
}
}
public sealed record BackfillChecksum(int TokenCount, int RefreshTokenCount, string TokenChecksum, string RefreshTokenChecksum);
public sealed record BackfillResult(
string TenantId,
int UsersProcessed,
int TokensCopied,
int TokensSkipped,
int RefreshTokensCopied,
int RefreshTokensSkipped,
BackfillChecksum PrimaryChecksum,
BackfillChecksum SecondaryChecksum)
{
public bool ChecksumsMatch =>
PrimaryChecksum.TokenChecksum == SecondaryChecksum.TokenChecksum &&
PrimaryChecksum.RefreshTokenChecksum == SecondaryChecksum.RefreshTokenChecksum &&
PrimaryChecksum.TokenCount == SecondaryChecksum.TokenCount &&
PrimaryChecksum.RefreshTokenCount == SecondaryChecksum.RefreshTokenCount;
}

31
src/Authority/__Libraries/StellaOps.Authority.Storage.Postgres/DualWriteMetrics.cs
View File

@@ -1,31 +0,0 @@
using System.Diagnostics.Metrics;
using System.Threading;
namespace StellaOps.Authority.Storage.Postgres;
/// <summary>
/// Captures counters for dual-write operations to aid verification during cutover.
/// </summary>
public sealed class DualWriteMetrics : IDisposable
{
private readonly Meter _meter = new("StellaOps.Authority.Storage.Postgres.DualWrite", "1.0.0");
private readonly Counter<long> _primaryWrites;
private readonly Counter<long> _secondaryWrites;
private readonly Counter<long> _secondaryWriteFailures;
private readonly Counter<long> _fallbackReads;
public DualWriteMetrics()
{
_primaryWrites = _meter.CreateCounter<long>("authority.dualwrite.primary.writes");
_secondaryWrites = _meter.CreateCounter<long>("authority.dualwrite.secondary.writes");
_secondaryWriteFailures = _meter.CreateCounter<long>("authority.dualwrite.secondary.write.failures");
_fallbackReads = _meter.CreateCounter<long>("authority.dualwrite.fallback.reads");
}
public void RecordPrimaryWrite() => _primaryWrites.Add(1);
public void RecordSecondaryWrite() => _secondaryWrites.Add(1);
public void RecordSecondaryWriteFailure() => _secondaryWriteFailures.Add(1);
public void RecordFallbackRead() => _fallbackReads.Add(1);
public void Dispose() => _meter.Dispose();
}

46
src/Authority/__Libraries/StellaOps.Authority.Storage.Postgres/DualWriteOptions.cs
View File

@@ -1,46 +0,0 @@
using System.Diagnostics.CodeAnalysis;
namespace StellaOps.Authority.Storage.Postgres;
/// <summary>
/// Options controlling dual-write behaviour during Mongo → PostgreSQL cutover.
/// </summary>
public sealed class DualWriteOptions
{
/// <summary>
/// Whether dual-write is enabled. When false, repositories run primary-only.
/// </summary>
public bool Enabled { get; set; }
/// <summary>
/// When true, write operations are attempted against both primary and secondary repositories.
/// </summary>
public bool WriteSecondary { get; set; } = true;
/// <summary>
/// When true, reads will fall back to the secondary repository if the primary has no result.
/// </summary>
public bool FallbackToSecondary { get; set; } = true;
/// <summary>
/// When true, any secondary write failure is logged but does not throw; primary success is preserved.
/// </summary>
public bool LogSecondaryFailuresOnly { get; set; } = true;
/// <summary>
/// When true, secondary write/read failures propagate to callers.
/// </summary>
public bool FailFastOnSecondary { get; set; }
/// <summary>
/// Optional tag describing which backend is primary (for metrics/logging only).
/// </summary>
[AllowNull]
public string PrimaryBackend { get; set; } = "Postgres";
/// <summary>
/// Optional tag describing which backend is secondary (for metrics/logging only).
/// </summary>
[AllowNull]
public string? SecondaryBackend { get; set; } = "Mongo";
}

175
src/Authority/__Libraries/StellaOps.Authority.Storage.Postgres/Repositories/DualWriteRefreshTokenRepository.cs
View File

@@ -1,175 +0,0 @@
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Authority.Storage.Postgres.Models;
namespace StellaOps.Authority.Storage.Postgres.Repositories;
/// <summary>
/// Decorator that writes refresh tokens to both primary and secondary stores during cutover.
/// </summary>
public sealed class DualWriteRefreshTokenRepository : IRefreshTokenRepository
{
private readonly IRefreshTokenRepository _primary;
private readonly ISecondaryRefreshTokenRepository _secondary;
private readonly DualWriteOptions _options;
private readonly DualWriteMetrics _metrics;
private readonly ILogger<DualWriteRefreshTokenRepository> _logger;
public DualWriteRefreshTokenRepository(
IRefreshTokenRepository primary,
ISecondaryRefreshTokenRepository secondary,
IOptions<DualWriteOptions> options,
DualWriteMetrics metrics,
ILogger<DualWriteRefreshTokenRepository> logger)
{
_primary = primary;
_secondary = secondary;
_options = options.Value;
_metrics = metrics;
_logger = logger;
}
public async Task<RefreshTokenEntity?> GetByIdAsync(string tenantId, Guid id, CancellationToken cancellationToken = default)
{
var primary = await _primary.GetByIdAsync(tenantId, id, cancellationToken).ConfigureAwait(false);
if (primary is not null || !_options.FallbackToSecondary)
{
return primary;
}
var secondary = await SafeSecondaryCall(() => _secondary.GetByIdAsync(tenantId, id, cancellationToken)).ConfigureAwait(false);
if (secondary is not null)
{
_metrics.RecordFallbackRead();
_logger.LogInformation("Dual-write fallback refresh token hit for tenant {TenantId} token {TokenId}", tenantId, id);
}
return secondary;
}
public async Task<RefreshTokenEntity?> GetByHashAsync(string tokenHash, CancellationToken cancellationToken = default)
{
var primary = await _primary.GetByHashAsync(tokenHash, cancellationToken).ConfigureAwait(false);
if (primary is not null || !_options.FallbackToSecondary)
{
return primary;
}
var secondary = await SafeSecondaryCall(() => _secondary.GetByHashAsync(tokenHash, cancellationToken)).ConfigureAwait(false);
if (secondary is not null)
{
_metrics.RecordFallbackRead();
_logger.LogInformation("Dual-write fallback refresh token hash hit for {Hash}", tokenHash);
}
return secondary;
}
public async Task<IReadOnlyList<RefreshTokenEntity>> GetByUserIdAsync(string tenantId, Guid userId, CancellationToken cancellationToken = default)
{
var primary = await _primary.GetByUserIdAsync(tenantId, userId, cancellationToken).ConfigureAwait(false);
if (primary.Count > 0 || !_options.FallbackToSecondary)
{
return primary;
}
var secondary = await SafeSecondaryCall(() => _secondary.GetByUserIdAsync(tenantId, userId, cancellationToken)).ConfigureAwait(false);
if (secondary.Count > 0)
{
_metrics.RecordFallbackRead();
_logger.LogInformation("Dual-write fallback refresh tokens for tenant {TenantId} user {UserId}", tenantId, userId);
}
return secondary;
}
public async Task<Guid> CreateAsync(string tenantId, RefreshTokenEntity token, CancellationToken cancellationToken = default)
{
var id = await _primary.CreateAsync(tenantId, token, cancellationToken).ConfigureAwait(false);
_metrics.RecordPrimaryWrite();
if (_options.WriteSecondary)
{
await SafeSecondaryWrite(async () =>
{
await _secondary.CreateAsync(tenantId, token, cancellationToken).ConfigureAwait(false);
}, tenantId, token.Id);
}
return id;
}
public async Task RevokeAsync(string tenantId, Guid id, string revokedBy, Guid? replacedBy, CancellationToken cancellationToken = default)
{
await _primary.RevokeAsync(tenantId, id, revokedBy, replacedBy, cancellationToken).ConfigureAwait(false);
_metrics.RecordPrimaryWrite();
if (_options.WriteSecondary)
{
await SafeSecondaryWrite(() => _secondary.RevokeAsync(tenantId, id, revokedBy, replacedBy, cancellationToken), tenantId, id);
}
}
public async Task RevokeByUserIdAsync(string tenantId, Guid userId, string revokedBy, CancellationToken cancellationToken = default)
{
await _primary.RevokeByUserIdAsync(tenantId, userId, revokedBy, cancellationToken).ConfigureAwait(false);
_metrics.RecordPrimaryWrite();
if (_options.WriteSecondary)
{
await SafeSecondaryWrite(() => _secondary.RevokeByUserIdAsync(tenantId, userId, revokedBy, cancellationToken), tenantId, userId);
}
}
public async Task DeleteExpiredAsync(CancellationToken cancellationToken = default)
{
await _primary.DeleteExpiredAsync(cancellationToken).ConfigureAwait(false);
_metrics.RecordPrimaryWrite();
if (_options.WriteSecondary)
{
await SafeSecondaryWrite(() => _secondary.DeleteExpiredAsync(cancellationToken), tenantId: "system", id: Guid.Empty);
}
}
private async Task<T> SafeSecondaryCall<T>(Func<Task<T>> call)
{
try
{
return await call().ConfigureAwait(false);
}
catch (Exception ex)
{
_logger.LogWarning(ex, "Dual-write secondary refresh read failed for backend {Backend}", _options.SecondaryBackend);
if (_options.FailFastOnSecondary && !_options.LogSecondaryFailuresOnly)
{
throw;
}
return default!;
}
}
private async Task SafeSecondaryWrite(Func<Task> call, string tenantId, Guid id)
{
try
{
await call().ConfigureAwait(false);
_metrics.RecordSecondaryWrite();
}
catch (Exception ex)
{
_metrics.RecordSecondaryWriteFailure();
_logger.LogWarning(ex,
"Dual-write secondary refresh write failed for tenant {TenantId}, id {Id}, primary={Primary}, secondary={Secondary}",
tenantId,
id,
_options.PrimaryBackend,
_options.SecondaryBackend);
if (_options.FailFastOnSecondary && !_options.LogSecondaryFailuresOnly)
{
throw;
}
}
}
}

175
src/Authority/__Libraries/StellaOps.Authority.Storage.Postgres/Repositories/DualWriteTokenRepository.cs
View File

@@ -1,175 +0,0 @@
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Authority.Storage.Postgres.Models;
namespace StellaOps.Authority.Storage.Postgres.Repositories;
/// <summary>
/// Decorator that writes to both primary (PostgreSQL) and secondary (legacy/Mongo) stores during cutover.
/// </summary>
public sealed class DualWriteTokenRepository : ITokenRepository
{
private readonly ITokenRepository _primary;
private readonly ISecondaryTokenRepository _secondary;
private readonly DualWriteOptions _options;
private readonly DualWriteMetrics _metrics;
private readonly ILogger<DualWriteTokenRepository> _logger;
public DualWriteTokenRepository(
ITokenRepository primary,
ISecondaryTokenRepository secondary,
IOptions<DualWriteOptions> options,
DualWriteMetrics metrics,
ILogger<DualWriteTokenRepository> logger)
{
_primary = primary;
_secondary = secondary;
_options = options.Value;
_metrics = metrics;
_logger = logger;
}
public async Task<TokenEntity?> GetByIdAsync(string tenantId, Guid id, CancellationToken cancellationToken = default)
{
var primary = await _primary.GetByIdAsync(tenantId, id, cancellationToken).ConfigureAwait(false);
if (primary is not null || !_options.FallbackToSecondary)
{
return primary;
}
var secondary = await SafeSecondaryCall(() => _secondary.GetByIdAsync(tenantId, id, cancellationToken)).ConfigureAwait(false);
if (secondary is not null)
{
_metrics.RecordFallbackRead();
_logger.LogInformation("Dual-write fallback token hit for tenant {TenantId} token {TokenId}", tenantId, id);
}
return secondary;
}
public async Task<TokenEntity?> GetByHashAsync(string tokenHash, CancellationToken cancellationToken = default)
{
var primary = await _primary.GetByHashAsync(tokenHash, cancellationToken).ConfigureAwait(false);
if (primary is not null || !_options.FallbackToSecondary)
{
return primary;
}
var secondary = await SafeSecondaryCall(() => _secondary.GetByHashAsync(tokenHash, cancellationToken)).ConfigureAwait(false);
if (secondary is not null)
{
_metrics.RecordFallbackRead();
_logger.LogInformation("Dual-write fallback token hash hit for {Hash}", tokenHash);
}
return secondary;
}
public async Task<IReadOnlyList<TokenEntity>> GetByUserIdAsync(string tenantId, Guid userId, CancellationToken cancellationToken = default)
{
var primary = await _primary.GetByUserIdAsync(tenantId, userId, cancellationToken).ConfigureAwait(false);
if (primary.Count > 0 || !_options.FallbackToSecondary)
{
return primary;
}
var secondary = await SafeSecondaryCall(() => _secondary.GetByUserIdAsync(tenantId, userId, cancellationToken)).ConfigureAwait(false);
if (secondary.Count > 0)
{
_metrics.RecordFallbackRead();
_logger.LogInformation("Dual-write fallback tokens for tenant {TenantId} user {UserId}", tenantId, userId);
}
return secondary;
}
public async Task<Guid> CreateAsync(string tenantId, TokenEntity token, CancellationToken cancellationToken = default)
{
var id = await _primary.CreateAsync(tenantId, token, cancellationToken).ConfigureAwait(false);
_metrics.RecordPrimaryWrite();
if (_options.WriteSecondary)
{
await SafeSecondaryWrite(async () =>
{
await _secondary.CreateAsync(tenantId, token, cancellationToken).ConfigureAwait(false);
}, tenantId, token.Id);
}
return id;
}
public async Task RevokeAsync(string tenantId, Guid id, string revokedBy, CancellationToken cancellationToken = default)
{
await _primary.RevokeAsync(tenantId, id, revokedBy, cancellationToken).ConfigureAwait(false);
_metrics.RecordPrimaryWrite();
if (_options.WriteSecondary)
{
await SafeSecondaryWrite(() => _secondary.RevokeAsync(tenantId, id, revokedBy, cancellationToken), tenantId, id);
}
}
public async Task RevokeByUserIdAsync(string tenantId, Guid userId, string revokedBy, CancellationToken cancellationToken = default)
{
await _primary.RevokeByUserIdAsync(tenantId, userId, revokedBy, cancellationToken).ConfigureAwait(false);
_metrics.RecordPrimaryWrite();
if (_options.WriteSecondary)
{
await SafeSecondaryWrite(() => _secondary.RevokeByUserIdAsync(tenantId, userId, revokedBy, cancellationToken), tenantId, userId);
}
}
public async Task DeleteExpiredAsync(CancellationToken cancellationToken = default)
{
await _primary.DeleteExpiredAsync(cancellationToken).ConfigureAwait(false);
_metrics.RecordPrimaryWrite();
if (_options.WriteSecondary)
{
await SafeSecondaryWrite(() => _secondary.DeleteExpiredAsync(cancellationToken), tenantId: "system", id: Guid.Empty);
}
}
private async Task<T> SafeSecondaryCall<T>(Func<Task<T>> call)
{
try
{
return await call().ConfigureAwait(false);
}
catch (Exception ex)
{
_logger.LogWarning(ex, "Dual-write secondary read failed for backend {Backend}", _options.SecondaryBackend);
if (_options.FailFastOnSecondary && !_options.LogSecondaryFailuresOnly)
{
throw;
}
return default!;
}
}
private async Task SafeSecondaryWrite(Func<Task> call, string tenantId, Guid id)
{
try
{
await call().ConfigureAwait(false);
_metrics.RecordSecondaryWrite();
}
catch (Exception ex)
{
_metrics.RecordSecondaryWriteFailure();
_logger.LogWarning(ex,
"Dual-write secondary write failed for tenant {TenantId}, id {Id}, primary={Primary}, secondary={Secondary}",
tenantId,
id,
_options.PrimaryBackend,
_options.SecondaryBackend);
if (_options.FailFastOnSecondary && !_options.LogSecondaryFailuresOnly)
{
throw;
}
}
}
}

106
src/Authority/__Libraries/StellaOps.Authority.Storage.Postgres/Repositories/SecondaryRepositories.cs
View File

@@ -1,106 +0,0 @@
using StellaOps.Authority.Storage.Postgres.Models;
namespace StellaOps.Authority.Storage.Postgres.Repositories;
/// <summary>
/// Marker interface for secondary (legacy/Mongo) token repository.
/// </summary>
public interface ISecondaryTokenRepository : ITokenRepository { }
/// <summary>
/// Marker interface for secondary refresh token repository.
/// </summary>
public interface ISecondaryRefreshTokenRepository : IRefreshTokenRepository { }
/// <summary>
/// Marker interface for secondary user repository.
/// </summary>
public interface ISecondaryUserRepository : IUserRepository { }
/// <summary>
/// No-op secondary token repository used when dual-write is enabled without a configured secondary backend.
/// </summary>
internal sealed class NullSecondaryTokenRepository : ISecondaryTokenRepository
{
public Task<TokenEntity?> GetByIdAsync(string tenantId, Guid id, CancellationToken cancellationToken = default) =>
Task.FromResult<TokenEntity?>(null);
public Task<TokenEntity?> GetByHashAsync(string tokenHash, CancellationToken cancellationToken = default) =>
Task.FromResult<TokenEntity?>(null);
public Task<IReadOnlyList<TokenEntity>> GetByUserIdAsync(string tenantId, Guid userId, CancellationToken cancellationToken = default) =>
Task.FromResult<IReadOnlyList<TokenEntity>>(Array.Empty<TokenEntity>());
public Task<Guid> CreateAsync(string tenantId, TokenEntity token, CancellationToken cancellationToken = default) =>
Task.FromResult(token.Id == Guid.Empty ? Guid.NewGuid() : token.Id);
public Task RevokeAsync(string tenantId, Guid id, string revokedBy, CancellationToken cancellationToken = default) =>
Task.CompletedTask;
public Task RevokeByUserIdAsync(string tenantId, Guid userId, string revokedBy, CancellationToken cancellationToken = default) =>
Task.CompletedTask;
public Task DeleteExpiredAsync(CancellationToken cancellationToken = default) => Task.CompletedTask;
}
/// <summary>
/// No-op secondary refresh token repository used when dual-write is enabled without a configured secondary backend.
/// </summary>
internal sealed class NullSecondaryRefreshTokenRepository : ISecondaryRefreshTokenRepository
{
public Task<RefreshTokenEntity?> GetByIdAsync(string tenantId, Guid id, CancellationToken cancellationToken = default) =>
Task.FromResult<RefreshTokenEntity?>(null);
public Task<RefreshTokenEntity?> GetByHashAsync(string tokenHash, CancellationToken cancellationToken = default) =>
Task.FromResult<RefreshTokenEntity?>(null);
public Task<IReadOnlyList<RefreshTokenEntity>> GetByUserIdAsync(string tenantId, Guid userId, CancellationToken cancellationToken = default) =>
Task.FromResult<IReadOnlyList<RefreshTokenEntity>>(Array.Empty<RefreshTokenEntity>());
public Task<Guid> CreateAsync(string tenantId, RefreshTokenEntity token, CancellationToken cancellationToken = default) =>
Task.FromResult(token.Id == Guid.Empty ? Guid.NewGuid() : token.Id);
public Task RevokeAsync(string tenantId, Guid id, string revokedBy, Guid? replacedBy, CancellationToken cancellationToken = default) =>
Task.CompletedTask;
public Task RevokeByUserIdAsync(string tenantId, Guid userId, string revokedBy, CancellationToken cancellationToken = default) =>
Task.CompletedTask;
public Task DeleteExpiredAsync(CancellationToken cancellationToken = default) => Task.CompletedTask;
}
/// <summary>
/// No-op secondary user repository used when dual-write is enabled without a configured secondary backend.
/// </summary>
internal sealed class NullSecondaryUserRepository : ISecondaryUserRepository
{
public Task<UserEntity> CreateAsync(UserEntity user, CancellationToken cancellationToken = default) =>
Task.FromResult(user);
public Task<UserEntity?> GetByIdAsync(string tenantId, Guid id, CancellationToken cancellationToken = default) =>
Task.FromResult<UserEntity?>(null);
public Task<UserEntity?> GetByUsernameAsync(string tenantId, string username, CancellationToken cancellationToken = default) =>
Task.FromResult<UserEntity?>(null);
public Task<UserEntity?> GetByEmailAsync(string tenantId, string email, CancellationToken cancellationToken = default) =>
Task.FromResult<UserEntity?>(null);
public Task<IReadOnlyList<UserEntity>> GetAllAsync(string tenantId, bool? enabled = null, int limit = 100, int offset = 0, CancellationToken cancellationToken = default) =>
Task.FromResult<IReadOnlyList<UserEntity>>(Array.Empty<UserEntity>());
public Task<bool> UpdateAsync(UserEntity user, CancellationToken cancellationToken = default) =>
Task.FromResult(false);
public Task<bool> DeleteAsync(string tenantId, Guid id, CancellationToken cancellationToken = default) =>
Task.FromResult(false);
public Task<bool> UpdatePasswordAsync(string tenantId, Guid userId, string passwordHash, string passwordSalt, CancellationToken cancellationToken = default) =>
Task.FromResult(false);
public Task<int> RecordFailedLoginAsync(string tenantId, Guid userId, DateTimeOffset? lockUntil = null, CancellationToken cancellationToken = default) =>
Task.FromResult(0);
public Task RecordSuccessfulLoginAsync(string tenantId, Guid userId, CancellationToken cancellationToken = default) =>
Task.CompletedTask;
}

48
src/Authority/__Libraries/StellaOps.Authority.Storage.Postgres/ServiceCollectionExtensions.cs
View File

@@ -1,9 +1,5 @@
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using StellaOps.Authority.Storage.Postgres.Backfill;
using StellaOps.Authority.Storage.Postgres.Repositories;
using StellaOps.Infrastructure.Postgres;
using StellaOps.Infrastructure.Postgres.Options;
@@ -28,11 +24,7 @@ public static class ServiceCollectionExtensions
string sectionName = "Postgres:Authority")
{
services.Configure<PostgresOptions>(sectionName, configuration.GetSection(sectionName));
var dualWriteSection = configuration.GetSection($"{sectionName}:DualWrite");
services.Configure<DualWriteOptions>(dualWriteSection);
var dualWriteEnabled = dualWriteSection.GetValue<bool>("Enabled");
RegisterAuthorityServices(services, dualWriteEnabled);
RegisterAuthorityServices(services);
return services;
}
@@ -47,16 +39,13 @@ public static class ServiceCollectionExtensions
Action<PostgresOptions> configureOptions)
{
services.Configure(configureOptions);
RegisterAuthorityServices(services, dualWriteEnabled: false);
RegisterAuthorityServices(services);
return services;
}
private static void RegisterAuthorityServices(IServiceCollection services, bool dualWriteEnabled)
private static void RegisterAuthorityServices(IServiceCollection services)
{
services.AddSingleton<AuthorityDataSource>();
services.AddSingleton<DualWriteMetrics>();
// Primary repositories
services.AddScoped<TenantRepository>();
services.AddScoped<UserRepository>();
services.AddScoped<RoleRepository>();
@@ -75,34 +64,7 @@ public static class ServiceCollectionExtensions
services.AddScoped<IApiKeyRepository>(sp => sp.GetRequiredService<ApiKeyRepository>());
services.AddScoped<ISessionRepository>(sp => sp.GetRequiredService<SessionRepository>());
services.AddScoped<IAuditRepository>(sp => sp.GetRequiredService<AuditRepository>());
if (dualWriteEnabled)
{
services.TryAddScoped<ISecondaryTokenRepository, NullSecondaryTokenRepository>();
services.TryAddScoped<ISecondaryRefreshTokenRepository, NullSecondaryRefreshTokenRepository>();
services.TryAddScoped<ISecondaryUserRepository, NullSecondaryUserRepository>();
services.AddScoped<ITokenRepository>(sp => new DualWriteTokenRepository(
sp.GetRequiredService<TokenRepository>(),
sp.GetRequiredService<ISecondaryTokenRepository>(),
sp.GetRequiredService<IOptions<DualWriteOptions>>(),
sp.GetRequiredService<DualWriteMetrics>(),
sp.GetRequiredService<ILogger<DualWriteTokenRepository>>()));
services.AddScoped<IRefreshTokenRepository>(sp => new DualWriteRefreshTokenRepository(
sp.GetRequiredService<RefreshTokenRepository>(),
sp.GetRequiredService<ISecondaryRefreshTokenRepository>(),
sp.GetRequiredService<IOptions<DualWriteOptions>>(),
sp.GetRequiredService<DualWriteMetrics>(),
sp.GetRequiredService<ILogger<DualWriteRefreshTokenRepository>>()));
// Backfill service available only when dual-write is enabled.
services.AddScoped<AuthorityBackfillService>();
}
else
{
services.AddScoped<ITokenRepository>(sp => sp.GetRequiredService<TokenRepository>());
services.AddScoped<IRefreshTokenRepository>(sp => sp.GetRequiredService<RefreshTokenRepository>());
}
services.AddScoped<ITokenRepository>(sp => sp.GetRequiredService<TokenRepository>());
services.AddScoped<IRefreshTokenRepository>(sp => sp.GetRequiredService<RefreshTokenRepository>());
}
}

90
src/Authority/__Tests/StellaOps.Authority.Storage.Postgres.Tests/BackfillVerificationTests.cs
View File

@@ -1,90 +0,0 @@
using FluentAssertions;
using Microsoft.Extensions.Logging.Abstractions;
using StellaOps.Authority.Storage.Postgres.Backfill;
using StellaOps.Authority.Storage.Postgres.Models;
using StellaOps.Authority.Storage.Postgres.Repositories;
using StellaOps.Authority.Storage.Postgres.Tests.TestDoubles;
namespace StellaOps.Authority.Storage.Postgres.Tests;
public sealed class BackfillVerificationTests
{
[Fact]
public async Task Backfill_copies_tokens_and_refresh_tokens_and_checksums_match()
{
var tenantId = "tenant-a";
var primaryTokens = new InMemoryTokenRepository();
var secondaryTokens = new InMemoryTokenRepository();
var primaryRefresh = new InMemoryRefreshTokenRepository();
var secondaryRefresh = new InMemoryRefreshTokenRepository();
var primaryUsers = new InMemoryUserRepository();
var secondaryUsers = new InMemoryUserRepository();
var user = BuildUser(tenantId);
await secondaryUsers.CreateAsync(user);
var token = BuildToken(tenantId, user.Id);
var refresh = BuildRefreshToken(tenantId, user.Id, token.Id);
await secondaryTokens.CreateAsync(tenantId, token);
await secondaryRefresh.CreateAsync(tenantId, refresh);
var backfill = new AuthorityBackfillService(
primaryTokens,
secondaryTokens,
primaryRefresh,
secondaryRefresh,
primaryUsers,
secondaryUsers,
NullLogger<AuthorityBackfillService>.Instance);
var result = await backfill.BackfillAsync(tenantId);
result.TokensCopied.Should().Be(1);
result.RefreshTokensCopied.Should().Be(1);
result.ChecksumsMatch.Should().BeTrue();
primaryTokens.Snapshot().Should().ContainSingle(t => t.Id == token.Id);
primaryRefresh.Snapshot().Should().ContainSingle(t => t.Id == refresh.Id);
}
private static UserEntity BuildUser(string tenantId) => new()
{
Id = Guid.NewGuid(),
TenantId = tenantId,
Username = "user1",
Email = "user1@example.com",
Enabled = true,
EmailVerified = true,
MfaEnabled = false,
FailedLoginAttempts = 0,
Settings = "{}",
Metadata = "{}",
CreatedAt = DateTimeOffset.UtcNow,
UpdatedAt = DateTimeOffset.UtcNow
};
private static TokenEntity BuildToken(string tenantId, Guid userId) => new()
{
Id = Guid.NewGuid(),
TenantId = tenantId,
UserId = userId,
TokenHash = "hash-primary",
TokenType = TokenType.Access,
Scopes = new[] { "scope-a" },
ClientId = "client",
IssuedAt = DateTimeOffset.UtcNow,
ExpiresAt = DateTimeOffset.UtcNow.AddHours(1),
Metadata = "{}"
};
private static RefreshTokenEntity BuildRefreshToken(string tenantId, Guid userId, Guid accessTokenId) => new()
{
Id = Guid.NewGuid(),
TenantId = tenantId,
UserId = userId,
TokenHash = "r-hash",
AccessTokenId = accessTokenId,
ClientId = "client",
IssuedAt = DateTimeOffset.UtcNow,
ExpiresAt = DateTimeOffset.UtcNow.AddDays(1),
Metadata = "{}"
};
}

107
src/Authority/__Tests/StellaOps.Authority.Storage.Postgres.Tests/DualWriteRepositoryTests.cs
View File

@@ -1,107 +0,0 @@
using FluentAssertions;
using Microsoft.Extensions.Logging.Abstractions;
using Microsoft.Extensions.Options;
using StellaOps.Authority.Storage.Postgres;
using StellaOps.Authority.Storage.Postgres.Models;
using StellaOps.Authority.Storage.Postgres.Repositories;
using StellaOps.Authority.Storage.Postgres.Tests.TestDoubles;
namespace StellaOps.Authority.Storage.Postgres.Tests;
public sealed class DualWriteRepositoryTests
{
private static DualWriteOptions DefaultOptions() => new()
{
Enabled = true,
WriteSecondary = true,
FallbackToSecondary = true,
LogSecondaryFailuresOnly = true
};
[Fact]
public async Task Create_writes_to_primary_and_secondary()
{
var primary = new InMemoryTokenRepository();
var secondary = new InMemoryTokenRepository();
var sut = new DualWriteTokenRepository(primary, secondary, Options.Create(DefaultOptions()), new DualWriteMetrics(), NullLogger<DualWriteTokenRepository>.Instance);
var token = BuildToken();
var id = await sut.CreateAsync("tenant-a", token);
id.Should().NotBe(Guid.Empty);
primary.Snapshot().Should().ContainSingle(t => t.Id == id);
secondary.Snapshot().Should().ContainSingle(t => t.Id == id);
}
[Fact]
public async Task Read_falls_back_to_secondary_when_primary_missing()
{
var primary = new InMemoryTokenRepository();
var secondary = new InMemoryTokenRepository();
var token = BuildToken();
await secondary.CreateAsync(token.TenantId, token);
var sut = new DualWriteTokenRepository(primary, secondary, Options.Create(DefaultOptions()), new DualWriteMetrics(), NullLogger<DualWriteTokenRepository>.Instance);
var fetched = await sut.GetByIdAsync(token.TenantId, token.Id);
fetched.Should().NotBeNull();
fetched!.Id.Should().Be(token.Id);
}
[Fact]
public async Task Secondary_failure_does_not_block_primary_when_failfast_disabled()
{
var primary = new InMemoryTokenRepository();
var secondary = new InMemoryTokenRepository { FailWrites = true };
var options = DefaultOptions();
options.FailFastOnSecondary = false;
options.LogSecondaryFailuresOnly = true;
var sut = new DualWriteTokenRepository(primary, secondary, Options.Create(options), new DualWriteMetrics(), NullLogger<DualWriteTokenRepository>.Instance);
var token = BuildToken();
await sut.Invoking(s => s.CreateAsync(token.TenantId, token)).Should().NotThrowAsync();
primary.Snapshot().Should().ContainSingle(t => t.Id == token.Id);
}
[Fact]
public async Task Refresh_tokens_dual_write_honours_secondary()
{
var primary = new InMemoryRefreshTokenRepository();
var secondary = new InMemoryRefreshTokenRepository();
var options = DefaultOptions();
var sut = new DualWriteRefreshTokenRepository(primary, secondary, Options.Create(options), new DualWriteMetrics(), NullLogger<DualWriteRefreshTokenRepository>.Instance);
var token = BuildRefreshToken();
var id = await sut.CreateAsync(token.TenantId, token);
primary.Snapshot().Should().ContainSingle(t => t.Id == id);
secondary.Snapshot().Should().ContainSingle(t => t.Id == id);
}
private static TokenEntity BuildToken() => new()
{
Id = Guid.NewGuid(),
TenantId = "tenant-a",
UserId = Guid.NewGuid(),
TokenHash = "hash-123",
TokenType = TokenType.Access,
Scopes = new[] { "scope1", "scope2" },
ClientId = "client",
IssuedAt = DateTimeOffset.UtcNow,
ExpiresAt = DateTimeOffset.UtcNow.AddHours(1),
Metadata = "{}"
};
private static RefreshTokenEntity BuildRefreshToken() => new()
{
Id = Guid.NewGuid(),
TenantId = "tenant-a",
UserId = Guid.NewGuid(),
TokenHash = "r-hash-1",
AccessTokenId = Guid.NewGuid(),
ClientId = "client",
IssuedAt = DateTimeOffset.UtcNow,
ExpiresAt = DateTimeOffset.UtcNow.AddDays(1),
Metadata = "{}"
};
}