feat(auth)!: ScadaBridge canonical roles + SoD collapse (Audit→Administrator, AuditReadOnly→Viewer) + config-DB migration (Task 1.7)
Standardize role string VALUES on the canonical vocabulary
(Administrator/Designer/Deployer/Viewer; Operator/Engineer unused here):
Admin -> Administrator
Design -> Designer
Deployment -> Deployer
Audit -> Administrator (COLLAPSE; accepted privilege escalation)
AuditReadOnly-> Viewer (COLLAPSE; keeps audit-read, no export)
SoD: OperationalAuditRoles = { Administrator, Viewer },
AuditExportRoles = { Administrator }
so Viewer reads the audit log + nav but cannot bulk-export, while
Administrator does both + holds the full admin surface (the documented,
accepted auditor/admin SoD collapse).
Atomic move across every enforcement site:
- Roles constants; AuthorizationPolicies (RequireClaim values + SoD arrays +
honest XML-doc); RoleMapper Deployer check.
- ManagementActor.GetRequiredRole switch + the hard-coded site-scope
admin-bypass (now Roles.Administrator at all 6 sites). Site-scoping logic
is otherwise unchanged.
- DebugStreamHub Administrator/Deployer gates (Deployer kept case-sensitive).
- CentralUI BrowseService/BindingTester Designer guards; LdapMappingForm
dropdown now offers canonical values (incl. Viewer).
- Config-DB seed (LdapGroupMappings Id 1-4) + EF migration CanonicalizeRoles:
Id-keyed UpdateData for seed rows + idempotent raw catch-all UPDATEs for
operator-added rows. Down is lossy on the collapse (documented in-file).
No pending model changes.
Tests reworked to the collapsed model across Security/CentralUI/
ManagementService/ConfigurationDatabase/Integration suites, incl. explicit
Viewer-reads-not-exports and former-Audit-now-Administrator-escalation cases.
CHANGELOG: BREAKING security note documenting the canonicalization + SoD
collapse.
This commit is contained in:
Joseph Doherty
@@ -118,7 +118,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
[Fact]
|
||||
public void AuditLogPage_Renders_PageHeading()
|
||||
{
|
||||
var cut = RenderAuditLogPage("Admin");
|
||||
var cut = RenderAuditLogPage("Administrator");
|
||||
|
||||
cut.WaitForAssertion(() =>
|
||||
{
|
||||
@@ -132,7 +132,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
[Fact]
|
||||
public void NavMenu_Contains_AuditGroup_With_AuditLog_Link()
|
||||
{
|
||||
var cut = RenderNavMenu("Admin", "Design", "Deployment");
|
||||
var cut = RenderNavMenu("Administrator", "Designer", "Deployer");
|
||||
ExpandNavSection(cut, "Audit");
|
||||
|
||||
cut.WaitForAssertion(() =>
|
||||
@@ -145,7 +145,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
[Fact]
|
||||
public void NavMenu_Contains_ConfigurationAuditLog_Link_UnderAuditGroup()
|
||||
{
|
||||
var cut = RenderNavMenu("Admin", "Design", "Deployment");
|
||||
var cut = RenderNavMenu("Administrator", "Designer", "Deployer");
|
||||
ExpandNavSection(cut, "Audit");
|
||||
|
||||
cut.WaitForAssertion(() =>
|
||||
@@ -178,7 +178,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
||||
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
||||
|
||||
var cut = RenderAuditLogPageWithQuery($"correlationId={corr}", "Admin");
|
||||
var cut = RenderAuditLogPageWithQuery($"correlationId={corr}", "Administrator");
|
||||
|
||||
cut.WaitForAssertion(() =>
|
||||
{
|
||||
@@ -201,7 +201,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
||||
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
||||
|
||||
var cut = RenderAuditLogPageWithQuery($"executionId={executionId}", "Admin");
|
||||
var cut = RenderAuditLogPageWithQuery($"executionId={executionId}", "Administrator");
|
||||
|
||||
cut.WaitForAssertion(() =>
|
||||
{
|
||||
@@ -217,7 +217,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
{
|
||||
_queryService = Substitute.For<IAuditLogQueryService>();
|
||||
|
||||
var cut = RenderAuditLogPageWithQuery("executionId=not-a-guid", "Admin");
|
||||
var cut = RenderAuditLogPageWithQuery("executionId=not-a-guid", "Administrator");
|
||||
|
||||
// An unparseable executionId leaves ExecutionId null. With no other filter
|
||||
// params present the page renders but does NOT call the query service.
|
||||
@@ -239,7 +239,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
||||
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
||||
|
||||
var cut = RenderAuditLogPageWithQuery($"parentExecutionId={parentExecutionId}", "Admin");
|
||||
var cut = RenderAuditLogPageWithQuery($"parentExecutionId={parentExecutionId}", "Administrator");
|
||||
|
||||
cut.WaitForAssertion(() =>
|
||||
{
|
||||
@@ -255,7 +255,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
{
|
||||
_queryService = Substitute.For<IAuditLogQueryService>();
|
||||
|
||||
var cut = RenderAuditLogPageWithQuery("parentExecutionId=not-a-guid", "Admin");
|
||||
var cut = RenderAuditLogPageWithQuery("parentExecutionId=not-a-guid", "Administrator");
|
||||
|
||||
// An unparseable parentExecutionId leaves ParentExecutionId null. With no
|
||||
// other filter params present the page renders but does NOT call the query
|
||||
@@ -274,7 +274,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
||||
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
||||
|
||||
var cut = RenderAuditLogPageWithQuery("target=ExternalSystem-Alpha", "Admin");
|
||||
var cut = RenderAuditLogPageWithQuery("target=ExternalSystem-Alpha", "Administrator");
|
||||
|
||||
cut.WaitForAssertion(() =>
|
||||
{
|
||||
@@ -292,7 +292,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
||||
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
||||
|
||||
var cut = RenderAuditLogPageWithQuery("site=plant-a", "Admin");
|
||||
var cut = RenderAuditLogPageWithQuery("site=plant-a", "Administrator");
|
||||
|
||||
cut.WaitForAssertion(() =>
|
||||
{
|
||||
@@ -314,7 +314,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
_queryService.QueryAsync(Arg.Any<AuditLogQueryFilter>(), Arg.Any<AuditLogPaging?>(), Arg.Any<CancellationToken>())
|
||||
.Returns(Task.FromResult<IReadOnlyList<AuditEvent>>(new List<AuditEvent>()));
|
||||
|
||||
var cut = RenderAuditLogPageWithQuery("status=Failed", "Admin");
|
||||
var cut = RenderAuditLogPageWithQuery("status=Failed", "Administrator");
|
||||
|
||||
cut.WaitForAssertion(() =>
|
||||
{
|
||||
@@ -331,7 +331,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
{
|
||||
_queryService = Substitute.For<IAuditLogQueryService>();
|
||||
|
||||
var cut = RenderAuditLogPageWithQuery("status=NotARealStatus", "Admin");
|
||||
var cut = RenderAuditLogPageWithQuery("status=NotARealStatus", "Administrator");
|
||||
|
||||
// An unparseable status value leaves Status null. With no other filter
|
||||
// params present the page renders but does NOT call the query service
|
||||
@@ -348,7 +348,7 @@ public class AuditLogPageScaffoldTests : BunitContext
|
||||
{
|
||||
_queryService = Substitute.For<IAuditLogQueryService>();
|
||||
|
||||
var cut = RenderAuditLogPage("Admin");
|
||||
var cut = RenderAuditLogPage("Administrator");
|
||||
|
||||
// The grid is in "no filter" state — the page heading renders, but the
|
||||
// query service must NOT be hit because nothing told us to load.
|
||||
|
||||
Reference in New Issue
Block a user