feat(auth): ScadaBridge TransportExport excludes inbound API keys (re-arch C4; methods-only, import ignores legacy key sections); keys re-issued per environment
This commit is contained in:
Joseph Doherty
@@ -6,6 +6,12 @@ namespace ZB.MOM.WW.ScadaBridge.Commons.Messages.Management;
|
||||
/// Exports a bundle. Names rather than IDs in the selection so test scripts can
|
||||
/// be written without an ID lookup step. <c>All=true</c> overrides the per-type
|
||||
/// name lists and exports every entity of every supported type.
|
||||
/// <para>
|
||||
/// Inbound API keys are intentionally not selectable: per the inbound-API-key
|
||||
/// re-architecture (C4) keys are not transported between environments; only API
|
||||
/// methods travel. Re-create keys and re-grant their method scopes on the
|
||||
/// destination via the admin UI/CLI.
|
||||
/// </para>
|
||||
/// </summary>
|
||||
public sealed record ExportBundleCommand(
|
||||
bool All,
|
||||
@@ -15,7 +21,6 @@ public sealed record ExportBundleCommand(
|
||||
IReadOnlyList<string>? DatabaseConnectionNames,
|
||||
IReadOnlyList<string>? NotificationListNames,
|
||||
IReadOnlyList<string>? SmtpConfigurationNames,
|
||||
IReadOnlyList<string>? ApiKeyNames,
|
||||
IReadOnlyList<string>? ApiMethodNames,
|
||||
bool IncludeDependencies,
|
||||
string? Passphrase,
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
namespace ZB.MOM.WW.ScadaBridge.Commons.Types.Transport;
|
||||
|
||||
// ApiKeys is intentionally absent: inbound API keys are not transported between
|
||||
// environments (re-arch C4). Only API methods are summarised.
|
||||
public sealed record BundleSummary(
|
||||
int Templates,
|
||||
int TemplateFolders,
|
||||
@@ -8,5 +10,4 @@ public sealed record BundleSummary(
|
||||
int DbConnections,
|
||||
int NotificationLists,
|
||||
int SmtpConfigs,
|
||||
int ApiKeys,
|
||||
int ApiMethods);
|
||||
|
||||
@@ -1,5 +1,10 @@
|
||||
namespace ZB.MOM.WW.ScadaBridge.Commons.Types.Transport;
|
||||
|
||||
// Inbound API keys are intentionally absent from the transport selection: per the
|
||||
// inbound-API-key re-architecture (commit C4) keys are NOT carried between
|
||||
// environments. They live in the per-environment SQLite store (per-env pepper +
|
||||
// secret-shown-once) and are re-created/re-granted via the admin UI/CLI on the
|
||||
// destination. Only API *methods* travel in a bundle.
|
||||
public sealed record ExportSelection(
|
||||
IReadOnlyList<int> TemplateIds,
|
||||
IReadOnlyList<int> SharedScriptIds,
|
||||
@@ -7,6 +12,5 @@ public sealed record ExportSelection(
|
||||
IReadOnlyList<int> DatabaseConnectionIds,
|
||||
IReadOnlyList<int> NotificationListIds,
|
||||
IReadOnlyList<int> SmtpConfigurationIds,
|
||||
IReadOnlyList<int> ApiKeyIds,
|
||||
IReadOnlyList<int> ApiMethodIds,
|
||||
bool IncludeDependencies);
|
||||
|
||||
@@ -7,4 +7,8 @@ public sealed record ImportResult(
|
||||
int Skipped,
|
||||
int Renamed,
|
||||
IReadOnlyList<int> StaleInstanceIds,
|
||||
string AuditEventCorrelation);
|
||||
string AuditEventCorrelation,
|
||||
// Number of legacy inbound API keys found in the bundle that were ignored
|
||||
// (re-arch C4 — keys are not transported; re-create them on this environment).
|
||||
// Defaults to 0 so existing positional construction sites stay source-compatible.
|
||||
int ApiKeysIgnored = 0);
|
||||
|
||||
Reference in New Issue
Block a user