mirror of
https://github.com/azaion/missions.git
synced 2026-06-22 09:51:07 +00:00
[AZ-576] Add e2e test infrastructure (xUnit + jwks-mock + reporting)
ci/woodpecker/push/build-arm Pipeline failed
ci/woodpecker/push/build-arm Pipeline failed
Scaffold the blackbox test project the rest of epic AZ-575 (AZ-577..AZ-586) will build on. Two new csprojs under tests/, plus the TLS materials and TRX->CSV reporting hand-off the existing docker-compose.test.yml already calls for. JWKS mock (tests/Azaion.Missions.JwksMock/): - ASP.NET Core minimal API on .NET 10, no NuGet deps; JWS is hand-rolled to keep the surface tight and avoid version drift with the SUT - KeyStore with one in-memory ECDSA P-256 keypair + retired-key grace window for NFT-RES-07 / NFT-SEC-11 rotation observability - Endpoints: GET /.well-known/jwks.json, POST /sign, POST /rotate-key - Mock-only alg_override / kid_override switches drive NFT-SEC-09/10/11 - TLS keypair committed under tls/; tests/jwks-mock-ca.crt is a copy mounted into both missions and e2e-consumer per docker-compose.test.yml E2E consumer (tests/Azaion.Missions.E2E.Tests/): - xUnit 2.9.2 + Bogus 35.6.1 + Npgsql 10.0.2 + Xunit.SkippableFact 1.4.13 - TestBase / TokenMinter scaffolding for downstream tasks - Fixtures/ for DbReset, DbSeed, ComposeRestart, JwksRotate, JwksMockReverse - Helpers/ for DbAssertions (side-channel), HttpAssertions, FixtureSql - 8 Tests/<category>/Sanity.cs discovery smoke tests (AC-3) - Tests/InfrastructureSanity.cs SkippableFacts for AC-1/2/5/6 - Tests/AaaPatternEnforcement.cs greps source files for AC-7 - Tests/Reporting/TrxToCsvPostProcessorTests.cs covers AC-4 - Reporting/TrxToCsvPostProcessor.cs handles VSTest TRX -> environment.md CSV; xUnit traits are not propagated by the TRX logger so the converter reflects them out of the test DLL via GetCustomAttributesData - Reporting.Cli/ is a separate console csproj that links the converter source files (test project excludes Reporting.Cli/** from compile) - Dockerfile + entrypoint.sh wire dotnet test -> trx -> csv inside the e2e-consumer container the compose file already references Local verification: 13 pass, 3 skip (with explicit reasons), 0 fail. End-to-end TRX->CSV manually verified against environment.md header spec. Docker stack build is handed off to autodev Step 7 (test-run skill). Reports under _docs/03_implementation/. AZ-576 task spec moved to _docs/tasks/done/. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
@@ -0,0 +1,58 @@
|
||||
using System.Net.Http.Json;
|
||||
using System.Text.Json.Serialization;
|
||||
|
||||
namespace Azaion.Missions.E2E;
|
||||
|
||||
/// <summary>
|
||||
/// Wraps <c>POST {jwks-mock}/sign</c>. Token signing happens ONLY inside the
|
||||
/// jwks-mock container — the consumer never imports a JWT signing library.
|
||||
/// </summary>
|
||||
public sealed class TokenMinter : IDisposable
|
||||
{
|
||||
private readonly HttpClient _http;
|
||||
private readonly Uri _signUrl;
|
||||
|
||||
public TokenMinter(string signUrl)
|
||||
{
|
||||
_signUrl = new Uri(signUrl);
|
||||
// The jwks-mock CA is added to the container OS trust bundle by
|
||||
// docker-entrypoint.sh; an HttpClient with default handler picks it up
|
||||
// through OpenSSL.
|
||||
_http = new HttpClient { Timeout = TimeSpan.FromSeconds(10) };
|
||||
}
|
||||
|
||||
public Task<MintedToken> MintDefaultAsync(CancellationToken ct = default)
|
||||
=> MintAsync(new SignRequest(Permissions: "FL"), ct);
|
||||
|
||||
public async Task<MintedToken> MintAsync(SignRequest request, CancellationToken ct = default)
|
||||
{
|
||||
using var response = await _http.PostAsJsonAsync(_signUrl, request, ct).ConfigureAwait(false);
|
||||
response.EnsureSuccessStatusCode();
|
||||
var body = await response.Content
|
||||
.ReadFromJsonAsync<SignResponse>(cancellationToken: ct)
|
||||
.ConfigureAwait(false);
|
||||
if (body is null)
|
||||
throw new InvalidOperationException("jwks-mock /sign returned an empty body");
|
||||
return new MintedToken(body.Token, body.Kid);
|
||||
}
|
||||
|
||||
public void Dispose() => _http.Dispose();
|
||||
}
|
||||
|
||||
public sealed record SignRequest(
|
||||
[property: JsonPropertyName("iss")] string? Iss = null,
|
||||
[property: JsonPropertyName("aud")] string? Aud = null,
|
||||
[property: JsonPropertyName("sub")] string? Sub = null,
|
||||
[property: JsonPropertyName("exp_offset_seconds")] int? ExpOffsetSeconds = null,
|
||||
[property: JsonPropertyName("permissions")] string? Permissions = null,
|
||||
[property: JsonPropertyName("alg_override")] string? AlgOverride = null,
|
||||
[property: JsonPropertyName("kid_override")] string? KidOverride = null);
|
||||
|
||||
internal sealed record SignResponse(
|
||||
[property: JsonPropertyName("token")] string Token,
|
||||
[property: JsonPropertyName("kid")] string Kid);
|
||||
|
||||
public sealed record MintedToken(string Jwt, string Kid)
|
||||
{
|
||||
public string AsBearer() => $"Bearer {Jwt}";
|
||||
}
|
||||
Reference in New Issue
Block a user