dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(auth): ScadaBridge TransportExport excludes inbound API keys (re-arch C4; methods-only, import ignores legacy key sections); keys re-issued per environment

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-02 05:06:40 -04:00
parent d1191fddf9
commit 731cfd3bfc
34 changed files with 212 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/BundleSummary.cs
+2 -1
View File
@@ -1,5 +1,7 @@
namespace ZB.MOM.WW.ScadaBridge.Commons.Types.Transport;
// ApiKeys is intentionally absent: inbound API keys are not transported between
// environments (re-arch C4). Only API methods are summarised.
public sealed record BundleSummary(
int Templates,
int TemplateFolders,
@@ -8,5 +10,4 @@ public sealed record BundleSummary(
int DbConnections,
int NotificationLists,
int SmtpConfigs,
int ApiKeys,
int ApiMethods);
src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/ExportSelection.cs
+5 -1
View File
@@ -1,5 +1,10 @@
namespace ZB.MOM.WW.ScadaBridge.Commons.Types.Transport;
// Inbound API keys are intentionally absent from the transport selection: per the
// inbound-API-key re-architecture (commit C4) keys are NOT carried between
// environments. They live in the per-environment SQLite store (per-env pepper +
// secret-shown-once) and are re-created/re-granted via the admin UI/CLI on the
// destination. Only API *methods* travel in a bundle.
public sealed record ExportSelection(
IReadOnlyList<int> TemplateIds,
IReadOnlyList<int> SharedScriptIds,
@@ -7,6 +12,5 @@ public sealed record ExportSelection(
IReadOnlyList<int> DatabaseConnectionIds,
IReadOnlyList<int> NotificationListIds,
IReadOnlyList<int> SmtpConfigurationIds,
IReadOnlyList<int> ApiKeyIds,
IReadOnlyList<int> ApiMethodIds,
bool IncludeDependencies);
src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/ImportResult.cs
+5 -1
View File
@@ -7,4 +7,8 @@ public sealed record ImportResult(
int Skipped,
int Renamed,
IReadOnlyList<int> StaleInstanceIds,
string AuditEventCorrelation);
string AuditEventCorrelation,
// Number of legacy inbound API keys found in the bundle that were ignored
// (re-arch C4 — keys are not transported; re-create them on this environment).
// Defaults to 0 so existing positional construction sites stay source-compatible.
int ApiKeysIgnored = 0);