dohertj2/scadaproj
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

plan(phase1): ScadaBridge re-arch C3 done+reviewed (CentralUI onto seam); C4 next

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-02 04:50:09 -04:00
parent 406ede19dd
commit 9b5535ea47
2 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/plans/2026-06-02-auth-audit-normalization-phase1.md
+11 -2
View File
@@ -250,8 +250,17 @@ CentralUI blast radius (string keyId + scopes replace int Id + ApprovedApiKeyIds
audit on no-op update/delete/set-methods); empty `Methods` rejected server-side (prevents unusable key on create + stealth-
disable via `set-methods ""`); token advisory→stderr. Green: ManagementService 125, CLI 188, + Security/InboundAPI/Host/
CentralUI unchanged. CentralUI + SQL Server `ApiKey` entity/repo untouched (C3/C5).
- **C3/C4/C5 — PENDING** (C3 next: CentralUI pages onto the seam — incl. the ApiMethodForm "approved keys ↔ key scopes"
inversion via `GetKeysForMethodAsync`/`SetMethodsAsync`).
- **C3 — DONE + reviewed** (SB commits `107e524` rewire, `d1191fd` review fixes). CentralUI `Admin/ApiKeys.razor`,
`Admin/ApiKeyForm.razor`, `Design/ApiMethodForm.razor`, `Dashboard.razor` onto `IInboundApiKeyAdmin`: string keyId,
method-NAME scopes replace the `ApprovedApiKeyIds` CSV, one-time token display on create, key Name fixed-after-create
(no rename in the lib model). The "approved keys ↔ key scopes" inversion is a pure tested helper
`CentralUI/Services/ApiMethodKeyScopeReconciler.cs` (save method entity first, then reconcile each affected key's full
scope set fresh; empty-last-scope revoke is blocked with a clear message, never pushes an empty set). Spec PASS,
code-review APPROVED after fixes: seam `bool` not-found now surfaced (no silent success), partial-reconcile-failure
guidance ("method saved, key scopes partially applied — review on API Keys page"), create validation order, concurrent-
edit reconciler test. CentralUI.Tests 595 green; all other suites unchanged. TransportExport + SQL Server entities/repo
untouched (C4/C5). (Also removed a stray `Name` artifact file from an accidental redirect — not committed.)
- **C4/C5 — PENDING** (C4 next: TransportExport excludes API keys — methods-only; then C5 retires the SQL Server entity).
## Resolved decisions (2026-06-02)