b104760b3a
feat(auth)!: ScadaBridge canonical roles + SoD collapse (Audit→Administrator, AuditReadOnly→Viewer) + config-DB migration (Task 1.7)
...
Standardize role string VALUES on the canonical vocabulary
(Administrator/Designer/Deployer/Viewer; Operator/Engineer unused here):
Admin -> Administrator
Design -> Designer
Deployment -> Deployer
Audit -> Administrator (COLLAPSE; accepted privilege escalation)
AuditReadOnly-> Viewer (COLLAPSE; keeps audit-read, no export)
SoD: OperationalAuditRoles = { Administrator, Viewer },
AuditExportRoles = { Administrator }
so Viewer reads the audit log + nav but cannot bulk-export, while
Administrator does both + holds the full admin surface (the documented,
accepted auditor/admin SoD collapse).
Atomic move across every enforcement site:
- Roles constants; AuthorizationPolicies (RequireClaim values + SoD arrays +
honest XML-doc); RoleMapper Deployer check.
- ManagementActor.GetRequiredRole switch + the hard-coded site-scope
admin-bypass (now Roles.Administrator at all 6 sites). Site-scoping logic
is otherwise unchanged.
- DebugStreamHub Administrator/Deployer gates (Deployer kept case-sensitive).
- CentralUI BrowseService/BindingTester Designer guards; LdapMappingForm
dropdown now offers canonical values (incl. Viewer).
- Config-DB seed (LdapGroupMappings Id 1-4) + EF migration CanonicalizeRoles:
Id-keyed UpdateData for seed rows + idempotent raw catch-all UPDATEs for
operator-added rows. Down is lossy on the collapse (documented in-file).
No pending model changes.
Tests reworked to the collapsed model across Security/CentralUI/
ManagementService/ConfigurationDatabase/Integration suites, incl. explicit
Viewer-reads-not-exports and former-Audit-now-Administrator-escalation cases.
CHANGELOG: BREAKING security note documenting the canonicalization + SoD
collapse.
2026-06-02 08:00:47 -04:00
6ae605160c
chore(auth): ScadaBridge unify dev LDAP base DN to dc=zb,dc=local (Task 1.6)
...
Replace dc=scadabridge,dc=local with dc=zb,dc=local in all dev/test LDAP
references — app config, docker test-cluster node configs (docker/ and
docker-env2/), GLAuth fixture, dev tooling, Host.Tests fixtures,
IntegrationTests factory, and operational test_infra docs. OU structure
(ou=SCADA-Admins,ou=users,etc.) preserved throughout. Email domains
(@scadabridge.local), hostnames, and container names are untouched.
Historical plan docs (2026-05-24-second-environment.md,
2026-05-31-folder-repo-rename-scadabridge-design.md) excluded as
point-in-time records. No synthetic dc=example,dc=com placeholders touched.
2026-06-02 06:54:14 -04:00
c185a567f5
fix(auth): ScadaBridge Task 1.5 review — use JwtTokenService.RoleClaimType constant in CentralUI tests (canonical spelling)
2026-06-02 06:29:16 -04:00
a0938f708b
feat(auth): ScadaBridge full canonical claims (ZbClaimTypes role/scope) + ZbCookieDefaults, keep cookie name (Task 1.5)
2026-06-02 06:23:15 -04:00
afa55981d5
feat(auth)!: ScadaBridge retire SQL Server ApiKey entity + ApprovedApiKeyIds + legacy hashing; EF migration RetireInboundApiKeyStore; re-issue runbook + CHANGELOG (re-arch C5/E) — BREAKING: X-API-Key -> Bearer sbk_, keys re-issued
2026-06-02 05:39:59 -04:00
b13d7b3d28
fix(auth): C4 review polish — document backward-compat JSON tolerance, shared BundleJsonOptions, PreviewAsync legacy-bundle test, doc fix (review I-2/I-3/M-1/M-2; I-1 intentionally skipped)
2026-06-02 05:15:50 -04:00
731cfd3bfc
feat(auth): ScadaBridge TransportExport excludes inbound API keys (re-arch C4; methods-only, import ignores legacy key sections); keys re-issued per environment
2026-06-02 05:06:40 -04:00
d1191fddf9
fix(auth): C3 review — surface seam not-found (no silent success), partial-reconcile-failure guidance, create validation order, concurrent-edit reconciler test
2026-06-02 04:46:32 -04:00
107e524914
feat(auth): ScadaBridge CentralUI pages onto IInboundApiKeyAdmin seam (re-arch C3; string keyId, method-scopes replace ApprovedApiKeyIds, token-once display, approved-keys<->scopes inversion)
2026-06-02 04:36:50 -04:00
8219b8ee18
fix(auth): C2 review — not-found throws (no spurious audit) on update/delete/set-methods, reject empty methods (unusable-key/stealth-disable), richer set-methods response, token advisory to stderr
2026-06-02 04:21:28 -04:00
6518e93424
feat(auth): ScadaBridge ManagementActor + CLI + Commons messages onto IInboundApiKeyAdmin seam (re-arch C2; int->string keyId, +Methods, +SetApiKeyMethods)
2026-06-02 04:11:44 -04:00
7f7ea3f3c9
fix(auth): C1 review polish — guard name at seam, document seam contract (throws/O(n)), explicit cookie test (review #1/#2/#3/#5/#8)
2026-06-02 04:01:43 -04:00
55099b19f6
fix(auth): move AddZbLdapAuth to Host composition root so component-lib AddSecurity() drops IConfiguration param (satisfy OptionsTests arch rule; fix pre-existing ac34dac red); behaviour-preserving
2026-06-02 03:50:16 -04:00
7e25efa790
test(host): supply Central test ApiKeyPepper so StartupValidator preflight passes (fix pre-existing 1fcc4f5 red); lock pepper-required behavior
...
Commit 1fcc4f51fcc4f5
2026-06-02 03:40:56 -04:00
d09def2be0
feat(auth): ScadaBridge re-pin Auth 0.1.3 + add IInboundApiKeyAdmin seam over library admin facade (re-arch C1, additive)
2026-06-02 03:32:25 -04:00
1fcc4f5c2b
fix(auth): ScadaBridge inbound auth review fixes — scope-before-DB, pinned 403 body, pepper fail-fast, log category
2026-06-02 02:50:10 -04:00
a94558c289
feat(auth): ScadaBridge inbound API — adopt ZB.MOM.WW.Auth.ApiKeys verifier + Bearer + scope=method (re-arch A+B); additive, old path retired later
2026-06-02 02:40:18 -04:00
4db8c373af
fix(auth): ScadaBridge 1.2 review fixes — secret-test repoint, checklist, Scope guard, 0.1.1 pin
2026-06-02 01:23:52 -04:00
ac34dac479
feat(auth): cut ScadaBridge over to ZB.MOM.WW.Auth.Ldap; nest+rename Ldap config; roles+sitescope via IGroupRoleMapper (Task 1.2/1.4)
2026-06-02 01:04:34 -04:00
9230afa25f
feat(auth): add IGroupRoleMapper<string> seam (Task 1.1)
2026-06-02 00:30:42 -04:00
a5f8651b0f
feat(scadabridge): track scadabridge.site.connection.up over site-stream lifetime (balanced open/close)
2026-06-01 17:11:39 -04:00
15a626390b
fix(scadabridge): queue-depth seed uses Add (no lost concurrent enqueue) + clarify registration/discard comments
2026-06-01 17:07:03 -04:00
782fb73015
feat(scadabridge): emit scadabridge.inbound_api.requests (by method) at inbound API entry
2026-06-01 17:03:10 -04:00
547b685a42
feat(scadabridge): wire scadabridge.store_and_forward.queue.depth gauge to buffered count
2026-06-01 16:58:09 -04:00
877f2e200b
feat(scadabridge): emit scadabridge.deployments.applied on deployment success
2026-06-01 16:52:09 -04:00
c41cb41c7b
fix(scadabridge): default MetricsPort to 8084 (avoid site RemotingPort collision) + validate port distinctness
2026-06-01 16:46:59 -04:00
fe25ac3e51
feat(scadabridge): add ScadaBridgeTelemetry meter + 4 instruments; register with OTel
2026-06-01 16:41:52 -04:00
b3070c0bda
feat(scadabridge): wire AddZbTelemetry + /metrics in both composition roots
2026-06-01 15:36:55 -04:00
bbff1d19b5
feat: adopt shared ZB.MOM.WW.Health probes; add /healthz; canonical writer
2026-06-01 13:46:49 -04:00
2a7ff03718
feat: bridge ActorSystem into DI (transient) for shared health checks
2026-06-01 13:37:21 -04:00
c899cb162c
refactor: scrub residual ScadaLink refs → ScadaBridge (env vars, config keys, assembly name, SQL login)
...
Renames the 13 SCADALINK_* runtime env vars → SCADABRIDGE_*, the ScadaLink__
.NET config keys → ScadaBridge__, the stale ScadaLink.Host.exe assembly name
→ ZB.MOM.WW.ScadaBridge.Host.exe, the scadalink_app SQL login → scadabridge_app,
and residual identifiers/comments/docs. Migration records (prior rename
tooling/design, DB-rename helper, this scrub script) carved out.
Adds tools/scrub-scadalink-refs.sh.
2026-05-31 21:50:38 -04:00
add7210d9e
fix(dcl): route native alarm subscribe/unsubscribe through DataConnectionManagerActor
...
The NativeAlarmActor sends SubscribeAlarmsRequest to the DCL manager, but the
manager only routed tag/write/browse messages to the per-connection
DataConnectionActor — alarm subscribe/unsubscribe were unhandled and dead-lettered,
so native alarms never subscribed at runtime. Caught by live T28 deployment.
Mirrors the existing HandleRoute forwarding.
2026-05-31 03:25:28 -04:00
27d5701d99
test(dcl): OPC UA A&C live smoke (skippable) + test-infra A&C note
2026-05-31 03:05:44 -04:00
046797e699
feat(ui): instance configure native alarm source override panel
2026-05-31 02:46:54 -04:00
60f8e2c9a7
feat(ui): template editor Native Alarm Sources subsection
2026-05-31 02:40:52 -04:00
1f6c4207df
feat(ui): enrich DebugView alarm table with severity + condition state + native metadata
2026-05-31 02:34:12 -04:00
a6dcbf62cd
feat(cli): native-alarm-source commands (template add/list/remove + instance set/clear)
2026-05-31 02:30:05 -04:00
3bf1d26d79
feat(management): handlers for native alarm source CRUD
2026-05-31 02:23:17 -04:00
b1df6d5beb
feat(commons): management command contracts for native alarm sources
2026-05-31 02:18:37 -04:00
0c6f9a9cff
feat(communication): map enriched alarm fields across gRPC (server + client)
2026-05-31 02:16:43 -04:00
bca21ffb95
test(siteruntime): assert computed alarms carry unified condition state
2026-05-31 02:07:54 -04:00
6d318586d1
feat(siteruntime): InstanceActor spawns NativeAlarmActors + enriched alarm snapshot; clear native state on redeploy/undeploy
2026-05-31 02:06:39 -04:00
fda7ac9c50
feat(siteruntime): NativeAlarmActor mirrors source alarms (snapshot swap, retention, persistence)
2026-05-31 01:49:28 -04:00
24fd7bee53
feat(siteruntime): site SQLite native_alarm_state store
2026-05-31 01:44:40 -04:00
c7411700dc
feat(dcl): MxGateway StreamAlarms adapter (snapshot + live transitions, reconnecting)
...
Adds IAlarmSubscribableConnection to MxGatewayDataConnection (shared session-less
feed, ref-counted), IMxGatewayClient.RunAlarmStreamAsync over the package
StreamAlarmsAsync with internal reconnect, and MxGatewayAlarmMapper
(AlarmFeedMessage/OnAlarmTransitionEvent -> NativeAlarmTransition). Behavior
verified against a live gateway in Task 28; mapper unit-tested.
2026-05-29 16:49:25 -04:00
1fbb814daa
feat(dcl): OPC UA A&C field mapper (Task 11 part 1 — pure, unit-tested)
2026-05-29 16:13:02 -04:00
d3b3d15018
feat(dcl): DataConnectionActor native alarm subscribe + source-ref routing + unavailable signal
2026-05-29 16:09:31 -04:00
ba278736af
feat(templateengine): validate native alarm source connection + source reference
2026-05-29 16:04:01 -04:00
e5392d2c7b
feat(templateengine): flatten native alarm sources (inherit/compose/override)
2026-05-29 16:00:10 -04:00
aedd17ca7f
feat(configdb): native alarm source repository CRUD + eager-load includes
2026-05-29 15:56:35 -04:00
Joseph Doherty