257caa7bd1
feat(auth): cut OtOpcUa over to ZB.MOM.WW.Auth.Ldap; preserve DevStubMode; route roles via IGroupRoleMapper (Task 1.2/1.4)
2026-06-02 00:55:10 -04:00
6534875476
feat(auth): add IGroupRoleMapper<string> seam (Task 1.1)
2026-06-02 00:29:45 -04:00
2844180865
fix: honor LdapOptions.Enabled at runtime; dedupe ILdapAuthService registration; +SearchBase test, doc fix
v2-ci / build (push) Failing after 41s
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests) (push) Has been skipped
2026-06-01 23:03:12 -04:00
d3ab2bfbaf
fix: bind OtOpcUa LdapOptions from real Security:Ldap section; gate validator on DevStubMode
2026-06-01 22:46:09 -04:00
88e773af36
feat: validate OpcUa host options at startup (route through IOptions + ValidateOnStart)
2026-06-01 18:45:55 -04:00
f35ebd7aaf
feat: add fail-fast LDAP options validation in OtOpcUa via ZB.MOM.WW.Configuration
2026-06-01 18:32:44 -04:00
7ff7a60ae0
feat(otopcua): config-driven OTLP exporter opt-in (default Prometheus)
2026-06-01 16:40:24 -04:00
60017177cb
feat(otopcua): adopt AddZbSerilog (shared enrichers + trace correlation); sinks to config
2026-06-01 15:41:21 -04:00
26bae36f8b
feat(otopcua): wire OTel via AddZbTelemetry (shared Resource + std instrumentation)
2026-06-01 15:33:28 -04:00
368390ea9d
build(otopcua): reference ZB.MOM.WW.Telemetry packages from Gitea feed
2026-06-01 15:29:46 -04:00
1d729fb0f8
feat: adopt shared ZB.MOM.WW.Health probes (preserve tiers + OtOpcUaCompat policy)
2026-06-01 13:36:28 -04:00
0b99aceacb
build: reference ZB.MOM.WW.Health packages from the Gitea feed
2026-06-01 13:30:13 -04:00
61193629b6
fix(adminui): wire Test Connect probes + live panels on admin-only nodes
...
v2-ci / build (push) Failing after 36s
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests) (push) Has been skipped
Both bugs surfaced only on split-role deployments (the MAIN cluster's
admin-only nodes), where the AdminUI runs without the driver role.
- Test Connect returned "No probe registered" for every driver: the
IDriverProbe set was registered only under the driver role, but the
admin-operations singleton that consumes it is pinned to admin. Extract
AddOtOpcUaDriverProbes() (idempotent via TryAddEnumerable) and call it
in the hasAdmin path too.
- Live driver-status/alerts/script-log panels showed "SignalR error:
Connection refused": these Blazor Server components opened a HubConnection
to their own hub via the browser's public URL, which server-side code
can't reach behind Traefik (host :9200 -> container :9000). Read the
in-process source directly instead -- DriverStatus via
IDriverStatusSnapshotStore.SnapshotChanged, Alerts/ScriptLog via a new
IInProcessBroadcaster<T>. Fleet status was unaffected (reads DB/ActorSystem).
Adds unit tests for probe registration, the snapshot-store event, and the
broadcaster.
2026-05-29 16:38:32 -04:00
e3a27422a1
fix(adminui): Galaxy editor 500 — read DriverConfig case-insensitively + null-safe FromRecord
...
v2-ci / build (push) Failing after 39s
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests) (push) Has been skipped
GalaxyDriverPage deserialized DriverConfig with case-sensitive camelCase opts, but the
persisted/seeded config is PascalCase (the runtime reads it case-insensitively). So all four
nested option records read as null -> FromRecord NRE (HTTP 500) on edit, and the form would
have shown defaults instead of the real config (risking a clobber on save). Fix: add
PropertyNameCaseInsensitive=true (matches the runtime) so real values load, plus null-coalesce
the nested records in FromRecord as defense-in-depth. Regression test asserts the seeded
PascalCase config loads its real values.
2026-05-29 12:45:44 -04:00
32d7fd7cc9
fix(galaxy): complete PR 7.2 rename — use canonical GalaxyMxGateway driver type
...
v2-ci / build (push) Failing after 48s
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests) (push) Has been skipped
The driver/factory/seed use 'GalaxyMxGateway' (legacy 'Galaxy' was retired),
but the AdminUI editor router, GalaxyDriverPage, address picker, identity
dropdown, the Galaxy browser/probe, and DraftValidator still keyed on 'Galaxy'.
Result: the seeded GalaxyMxGateway driver couldn't be edited ('no editor
registered'), UI-created Galaxy drivers wrote a type with no factory, and a
SystemPlatform-bound GalaxyMxGateway driver failed publish validation.
Align all stragglers to GalaxyMxGateway (+ failing-test-first DraftValidator
coverage). ShouldStub's 'Galaxy' legacy safety-net left intact.
2026-05-29 12:31:55 -04:00
869be660fd
fix(adminui): strip stale Phase C.2 / rebuild-plan roadmap notes from cluster list pages
...
v2-ci / build (push) Failing after 49s
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests) (push) Has been skipped
Removes the internal-roadmap deferral banners (the original request that
seeded this work); kept the genuinely useful operator descriptions.
2026-05-29 10:12:15 -04:00
a8916c3e08
docs(adminui): correct stale follow-up source comments (F15/F16/Phase4/TODO 3.3-3.4)
v2-ci / build (push) Failing after 46s
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests) (push) Has been skipped
2026-05-29 10:00:58 -04:00
79b2345834
fix(adminui): disable RoleGrants buttons during save (review)
2026-05-29 09:58:05 -04:00
4df5b849ac
fix(security): let OperationCanceledException propagate from login role merge (review)
2026-05-29 09:56:09 -04:00
a58151e99e
feat(adminui): editable DB-backed LDAP role map (global, FleetAdmin-gated)
2026-05-29 09:55:07 -04:00
f210f09caf
feat(security): merge DB-backed LDAP role grants into login claims
2026-05-29 09:51:22 -04:00
042f3b6a65
feat(security): add FleetAdmin authorization policy
2026-05-29 09:48:31 -04:00
b719194046
feat(security): RoleMapper.Merge — additive DB-backed role grants
2026-05-29 09:43:12 -04:00
7570df76d3
feat(adminui): editable OpcUaClient endpoint URL list via CollectionEditor
2026-05-29 09:41:09 -04:00
244949caa3
feat(adminui): editable S7 tag list via CollectionEditor
2026-05-29 09:37:12 -04:00
a5a0d06dbe
feat(adminui): editable FOCAS device + tag lists via CollectionEditor
2026-05-29 09:33:53 -04:00
6882761f4c
feat(adminui): editable TwinCAT device + tag lists via CollectionEditor
2026-05-29 09:29:57 -04:00
15f3797f1e
feat(adminui): editable AbLegacy device + tag lists via CollectionEditor
2026-05-29 09:26:25 -04:00
534d670b21
feat(adminui): editable AbCip device + tag lists via CollectionEditor
2026-05-29 09:22:51 -04:00
b351a81c8f
fix(adminui): preserve un-edited Modbus tag fields across edit (review)
...
Capture the original ModbusTagDefinition as _source in ModbusTagRow and
rewrite ToDefinition() to use 'with {}', so StringByteOrder, ArrayCount,
Deadband, UnitId, and CoalesceProhibited survive a load→edit→save cycle.
2026-05-29 09:18:36 -04:00
f655efc570
feat(adminui): typed resilience override form replaces JSON textarea
2026-05-29 09:15:54 -04:00
c4116e54c9
feat(adminui): editable Modbus tag list via CollectionEditor
2026-05-29 09:14:06 -04:00
c3fec1426c
fix(adminui): case-insensitive resilience policy keys + malformed-json test (review)
2026-05-29 09:10:41 -04:00
a2761e4b98
fix(adminui): key CollectionEditor rows by identity (code review)
2026-05-29 09:08:02 -04:00
4a469fbe06
feat(adminui): typed resilience override form model + tests
2026-05-29 09:06:45 -04:00
e2fa6754bb
feat(adminui): add generic CollectionEditor<TRow> modal list editor
2026-05-29 09:03:03 -04:00
5622e51006
fix(adminui): clean up dev-migration note on Home page
...
Removed the F15 follow-up annotation that was visible to end users.
Replaced with a one-line orientation pointer to the nav.
2026-05-29 08:02:57 -04:00
b64d670303
style(security): use Authorization namespace import (code-review cleanup)
2026-05-29 07:51:29 -04:00
c83e9397e6
chore(security): drop Microsoft.AspNetCore.Authentication.JwtBearer (unused)
2026-05-29 07:50:47 -04:00
74b9218a92
refactor(security): drop JwtBearer parallel scheme, externalize cookie config
...
Single Cookie auth scheme; framework default challenge restores 302 → /login
for browsers + 401 for AJAX. OtOpcUaCookieOptions now flows through to
CookieAuthenticationOptions via PostConfigure (fixes a latent bug where the
options class was bound but ignored). Cookie name moves to
ZB.MOM.WW.OtOpcUa.Auth; existing sessions get a one-time forced sign-out.
2026-05-29 07:47:58 -04:00
532e9933f3
feat(security): extend OtOpcUaCookieOptions with RequireHttpsCookie + ZB.MOM.WW cookie name default
2026-05-29 07:44:33 -04:00
ef17d2e595
fix(adminui): picker DisposeAsync is fire-and-forget per design
2026-05-28 16:21:24 -04:00
e439100937
fix(adminui): DriverBrowseTree uses local field, not parameter mutation
2026-05-28 16:18:58 -04:00
7c9621040e
feat(adminui): wire Galaxy picker to live browser + attribute side-panel
2026-05-28 16:17:34 -04:00
1b0baf7025
feat(adminui): wire OpcUaClient picker to live browser
2026-05-28 16:16:37 -04:00
6e365ef1a9
feat(adminui): shared lazy DriverBrowseTree component with per-node filter
2026-05-28 16:13:03 -04:00
1dbd3b2a6d
feat(adminui): register browse services in AddAdminUI
2026-05-28 16:11:13 -04:00
dc8a2dd52c
test(adminui): browse session registry, reaper, service
2026-05-28 15:44:20 -04:00
bec2988309
feat(adminui): in-process browse session registry + TTL reaper + service
2026-05-28 15:36:19 -04:00
0d3ec46c14
fix(adminui): capture audit username at click time, not at panel init
...
v2-ci / build (push) Failing after 48s
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests) (push) Has been skipped
DriverStatusPanel previously cached the username in a field at
OnInitializedAsync and forwarded the cached value into RestartDriver
/ ReconnectDriver messages. A token refresh or claim change mid-
circuit would land the stale name in the audit ConfigEdit row.
Re-reads AuthenticationStateProvider at button-click time so the
audit entry reflects the current principal.
2026-05-28 11:58:12 -04:00
Joseph Doherty