feat(secrets): switch Central config secrets to ${secret:} tokens (ScadaBridge G-4 T4)
Switch the three literal ${SCADABRIDGE_*} placeholders in appsettings.Central.json
to ${secret:} references resolved by the pre-host secrets expander, and update the
_secrets doc note. Fix Host.Tests fixtures that boot the real Program pipeline against
Central config: CentralDbTestEnvironment now also supplies the LDAP service-account
password and JWT signing key as whole-key env overrides (rollback path) so the expander
skips the tokens without a seeded store; the three fixtures that managed env vars
inline now use CentralDbTestEnvironment.
This commit is contained in:
@@ -23,23 +23,19 @@ public class CentralActorPathTests : IAsyncLifetime
|
||||
private WebApplicationFactory<Program>? _factory;
|
||||
private ActorSystem? _actorSystem;
|
||||
private string? _previousEnv;
|
||||
private CentralDbTestEnvironment? _dbEnv;
|
||||
|
||||
public Task InitializeAsync()
|
||||
{
|
||||
_previousEnv = Environment.GetEnvironmentVariable("DOTNET_ENVIRONMENT");
|
||||
Environment.SetEnvironmentVariable("DOTNET_ENVIRONMENT", "Central");
|
||||
|
||||
// Supply the pepper so the Central-role StartupValidator preflight (1fcc4f5)
|
||||
// passes before WebApplicationFactory gets a chance to overlay DI config.
|
||||
// The pre-host config builder includes AddEnvironmentVariables(), so this
|
||||
// env var is visible to StartupValidator.Validate() at Program.cs line 42.
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__InboundApi__ApiKeyPepper",
|
||||
CentralDbTestEnvironment.TestPepper);
|
||||
// Supply MachineDataDb so the reverted Host-008 Require (REQ-HOST-3/4, M2.9 #17)
|
||||
// passes for Central-role StartupValidator. A non-empty placeholder satisfies
|
||||
// the preflight; the DI override below replaces the real DbContext anyway.
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__Database__MachineDataDb",
|
||||
"Server=localhost;Database=MachineData;");
|
||||
// Supply the pepper, MachineDataDb and the G-4 secret-backed keys
|
||||
// (ConfigurationDb / LDAP service-account password / JWT signing key) as
|
||||
// whole-key env overrides so the pre-host config builder — which calls
|
||||
// AddEnvironmentVariables() before the ${secret:...} expander runs — sees
|
||||
// concrete values and the Central-role StartupValidator preflight passes.
|
||||
_dbEnv = new CentralDbTestEnvironment();
|
||||
|
||||
_factory = new WebApplicationFactory<Program>()
|
||||
.WithWebHostBuilder(builder =>
|
||||
@@ -99,8 +95,7 @@ public class CentralActorPathTests : IAsyncLifetime
|
||||
{
|
||||
_factory?.Dispose();
|
||||
Environment.SetEnvironmentVariable("DOTNET_ENVIRONMENT", _previousEnv);
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__InboundApi__ApiKeyPepper", null);
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__Database__MachineDataDb", null);
|
||||
_dbEnv?.Dispose();
|
||||
await Task.CompletedTask;
|
||||
}
|
||||
|
||||
|
||||
@@ -90,22 +90,19 @@ public class CentralAuditWiringTests : IDisposable
|
||||
{
|
||||
private readonly WebApplicationFactory<Program> _factory;
|
||||
private readonly string? _previousEnv;
|
||||
private readonly CentralDbTestEnvironment _dbEnv;
|
||||
|
||||
public CentralAuditWiringTests()
|
||||
{
|
||||
_previousEnv = Environment.GetEnvironmentVariable("DOTNET_ENVIRONMENT");
|
||||
Environment.SetEnvironmentVariable("DOTNET_ENVIRONMENT", "Central");
|
||||
|
||||
// Supply the pepper so the Central-role StartupValidator preflight (1fcc4f5)
|
||||
// passes. The pre-host config builder uses AddEnvironmentVariables(), which
|
||||
// runs before WithWebHostBuilder.ConfigureAppConfiguration applies DI config.
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__InboundApi__ApiKeyPepper",
|
||||
CentralDbTestEnvironment.TestPepper);
|
||||
// Supply MachineDataDb so the reverted Host-008 Require (REQ-HOST-3/4, M2.9 #17)
|
||||
// passes for Central-role StartupValidator. A non-empty placeholder satisfies
|
||||
// the preflight; the DI override below replaces the real DbContext anyway.
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__Database__MachineDataDb",
|
||||
"Server=localhost;Database=MachineData;");
|
||||
// Supply the pepper, MachineDataDb and the G-4 secret-backed keys
|
||||
// (ConfigurationDb / LDAP service-account password / JWT signing key) as
|
||||
// whole-key env overrides so the pre-host config builder — which calls
|
||||
// AddEnvironmentVariables() before the ${secret:...} expander runs — sees
|
||||
// concrete values and the Central-role StartupValidator preflight passes.
|
||||
_dbEnv = new CentralDbTestEnvironment();
|
||||
|
||||
_factory = new WebApplicationFactory<Program>()
|
||||
.WithWebHostBuilder(builder =>
|
||||
@@ -161,8 +158,7 @@ public class CentralAuditWiringTests : IDisposable
|
||||
{
|
||||
_factory.Dispose();
|
||||
Environment.SetEnvironmentVariable("DOTNET_ENVIRONMENT", _previousEnv);
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__InboundApi__ApiKeyPepper", null);
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__Database__MachineDataDb", null);
|
||||
_dbEnv.Dispose();
|
||||
}
|
||||
|
||||
[Fact]
|
||||
|
||||
@@ -15,7 +15,17 @@ namespace ZB.MOM.WW.ScadaBridge.Host.Tests;
|
||||
/// Also supplies <c>ScadaBridge__Database__MachineDataDb</c> so the Central-role
|
||||
/// StartupValidator preflight (reverts Host-008, REQ-HOST-3/4, M2.9 #17) does not
|
||||
/// fail for tests that set <c>DOTNET_ENVIRONMENT=Central</c> without an explicit
|
||||
/// MachineDataDb env var. All vars are restored on Dispose so tests stay isolated.
|
||||
/// MachineDataDb env var.
|
||||
///
|
||||
/// G-4 (secrets adoption): <c>appsettings.Central.json</c> now carries
|
||||
/// <c>${secret:...}</c> references for the ConfigurationDb connection string, the
|
||||
/// LDAP service-account password and the JWT signing key. The pre-host secrets
|
||||
/// expander (Program.cs) resolves those before StartupValidator runs and fails
|
||||
/// closed on an unseeded reference. Supplying the concrete values as whole-key
|
||||
/// environment overrides (the sanctioned rollback path) makes the expander skip
|
||||
/// the tokens entirely — so tests that boot the real <c>Program</c> pipeline do
|
||||
/// not need a seeded secrets store. All vars are restored on Dispose so tests
|
||||
/// stay isolated.
|
||||
/// </summary>
|
||||
internal sealed class CentralDbTestEnvironment : IDisposable
|
||||
{
|
||||
@@ -37,9 +47,22 @@ internal sealed class CentralDbTestEnvironment : IDisposable
|
||||
internal const string TestPepper = "test-pepper-01234567890";
|
||||
private const string PepperKey = "ScadaBridge__InboundApi__ApiKeyPepper";
|
||||
|
||||
// G-4: whole-key overrides for the two remaining ${secret:...} config references
|
||||
// in appsettings.Central.json (the LDAP service-account password and JWT signing
|
||||
// key). Test-only placeholder values — non-empty, and the JWT key clears the
|
||||
// ≥32-char StartupValidator length rule. Applied via env so the pre-host expander
|
||||
// sees the concrete value and never evaluates the token.
|
||||
private const string LdapServiceAccountPassword = "test-ldap-service-account-password";
|
||||
private const string LdapPasswordKey = "ScadaBridge__Security__Ldap__ServiceAccountPassword";
|
||||
|
||||
private const string JwtSigningKey = "test-signing-key-must-be-at-least-32-chars-long!";
|
||||
private const string JwtSigningKeyKey = "ScadaBridge__Security__JwtSigningKey";
|
||||
|
||||
private readonly string? _previousConfig;
|
||||
private readonly string? _previousMachineData;
|
||||
private readonly string? _previousPepper;
|
||||
private readonly string? _previousLdapPassword;
|
||||
private readonly string? _previousJwtSigningKey;
|
||||
|
||||
public CentralDbTestEnvironment()
|
||||
{
|
||||
@@ -51,6 +74,12 @@ internal sealed class CentralDbTestEnvironment : IDisposable
|
||||
|
||||
_previousPepper = Environment.GetEnvironmentVariable(PepperKey);
|
||||
Environment.SetEnvironmentVariable(PepperKey, TestPepper);
|
||||
|
||||
_previousLdapPassword = Environment.GetEnvironmentVariable(LdapPasswordKey);
|
||||
Environment.SetEnvironmentVariable(LdapPasswordKey, LdapServiceAccountPassword);
|
||||
|
||||
_previousJwtSigningKey = Environment.GetEnvironmentVariable(JwtSigningKeyKey);
|
||||
Environment.SetEnvironmentVariable(JwtSigningKeyKey, JwtSigningKey);
|
||||
}
|
||||
|
||||
public void Dispose()
|
||||
@@ -58,5 +87,7 @@ internal sealed class CentralDbTestEnvironment : IDisposable
|
||||
Environment.SetEnvironmentVariable(ConfigKey, _previousConfig);
|
||||
Environment.SetEnvironmentVariable(MachineDataKey, _previousMachineData);
|
||||
Environment.SetEnvironmentVariable(PepperKey, _previousPepper);
|
||||
Environment.SetEnvironmentVariable(LdapPasswordKey, _previousLdapPassword);
|
||||
Environment.SetEnvironmentVariable(JwtSigningKeyKey, _previousJwtSigningKey);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -84,22 +84,19 @@ public class CentralCompositionRootTests : IDisposable
|
||||
{
|
||||
private readonly WebApplicationFactory<Program> _factory;
|
||||
private readonly string? _previousEnv;
|
||||
private readonly CentralDbTestEnvironment _dbEnv;
|
||||
|
||||
public CentralCompositionRootTests()
|
||||
{
|
||||
_previousEnv = Environment.GetEnvironmentVariable("DOTNET_ENVIRONMENT");
|
||||
Environment.SetEnvironmentVariable("DOTNET_ENVIRONMENT", "Central");
|
||||
|
||||
// Supply the pepper so the Central-role StartupValidator preflight (1fcc4f5)
|
||||
// passes. The pre-host config builder uses AddEnvironmentVariables(), which
|
||||
// runs before WithWebHostBuilder.ConfigureAppConfiguration applies DI config.
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__InboundApi__ApiKeyPepper",
|
||||
CentralDbTestEnvironment.TestPepper);
|
||||
// Supply MachineDataDb so the reverted Host-008 Require (REQ-HOST-3/4, M2.9 #17)
|
||||
// passes for Central-role StartupValidator. A non-empty placeholder satisfies
|
||||
// the preflight; the DI override below replaces the real DbContext anyway.
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__Database__MachineDataDb",
|
||||
"Server=localhost;Database=MachineData;");
|
||||
// Supply the pepper, MachineDataDb and the G-4 secret-backed keys
|
||||
// (ConfigurationDb / LDAP service-account password / JWT signing key) as
|
||||
// whole-key env overrides so the pre-host config builder — which calls
|
||||
// AddEnvironmentVariables() before the ${secret:...} expander runs — sees
|
||||
// concrete values and the Central-role StartupValidator preflight passes.
|
||||
_dbEnv = new CentralDbTestEnvironment();
|
||||
|
||||
_factory = new WebApplicationFactory<Program>()
|
||||
.WithWebHostBuilder(builder =>
|
||||
@@ -164,8 +161,7 @@ public class CentralCompositionRootTests : IDisposable
|
||||
{
|
||||
_factory.Dispose();
|
||||
Environment.SetEnvironmentVariable("DOTNET_ENVIRONMENT", _previousEnv);
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__InboundApi__ApiKeyPepper", null);
|
||||
Environment.SetEnvironmentVariable("ScadaBridge__Database__MachineDataDb", null);
|
||||
_dbEnv.Dispose();
|
||||
}
|
||||
|
||||
// --- Singletons ---
|
||||
|
||||
Reference in New Issue
Block a user