AgileWebs/thalos-dal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: AgileWebs:aac5efb01bd4729f45b91f4bfcb99f8ae4bba324
Branches Tags
AgileWebs:development
..
compare: AgileWebs:3f83efec42510192697b173b67ab625d629cd011
Branches Tags
AgileWebs:development

No commits in common. "aac5efb01bd4729f45b91f4bfcb99f8ae4bba324" and "3f83efec42510192697b173b67ab625d629cd011" have entirely different histories.
aac5efb01b ... 3f83efec42

39 changed files with 54 additions and 945 deletions
Show Stats Expand all files Collapse all files

9
.dockerignore
View File

@ -1,9 +0,0 @@
**/bin/
**/obj/
.vs/
TestResults/
.git/
.repo-tasks/
.repo-context/
.tasks/
.agile/

60
.gitignore vendored
View File

@ -1,23 +1,53 @@
# Repository orchestration folders (local only)
.repo-tasks/
.repo-context/
# AgileWebs local orchestration
.tasks/
.agile/
# .NET build outputs
**/bin/
**/obj/
# Build artifacts
**/[Bb]in/
**/[Oo]bj/
/**/out/
/**/artifacts/
# IDE and editor files
.vs/
TestResults/
**/TestResults/
*.user
*.suo
*.rsuser
# IDE
.idea/
.vscode/
*.suo
*.user
*.userosscache
*.sln.docstates
*.rsuser
*.swp
*.swo
# Package artifacts
# NuGet
*.nupkg
*.snupkg
artifacts/
**/packages/*
!**/packages/build/
# Test output
**/TestResults/
*.trx
*.coverage
*.coveragexml
# Logs
*.log
logs/
# Local environment files
.env
.env.*
!.env.example
# Docker
.docker/
**/.docker/
*.pid
docker-compose.override.yml
docker-compose.*.override.yml
# OS files
.DS_Store
Thumbs.db

20
Dockerfile
View File

@ -1,20 +0,0 @@
# syntax=docker/dockerfile:1.7
ARG SDK_IMAGE=mcr.microsoft.com/dotnet/sdk:10.0
ARG RUNTIME_IMAGE=mcr.microsoft.com/dotnet/aspnet:10.0
FROM ${SDK_IMAGE} AS build
ARG NUGET_FEED_URL=https://gitea.dream-views.com/api/packages/AgileWebs/nuget/index.json
ARG NUGET_FEED_USERNAME=
ARG NUGET_FEED_TOKEN=
WORKDIR /src
COPY . .
RUN if [ -n "$NUGET_FEED_USERNAME" ] && [ -n "$NUGET_FEED_TOKEN" ]; then dotnet nuget add source "$NUGET_FEED_URL" --name gitea-org --username "$NUGET_FEED_USERNAME" --password "$NUGET_FEED_TOKEN" --store-password-in-clear-text --allow-insecure-connections --configfile /root/.nuget/NuGet/NuGet.Config; fi
RUN dotnet restore "src/Thalos.DAL.Host/Thalos.DAL.Host.csproj" --configfile /root/.nuget/NuGet/NuGet.Config
RUN dotnet publish "src/Thalos.DAL.Host/Thalos.DAL.Host.csproj" -c Release -o /app/publish /p:UseAppHost=false --no-restore
FROM ${RUNTIME_IMAGE} AS runtime
WORKDIR /app
ENV ASPNETCORE_URLS=http://+:8080 ASPNETCORE_ENVIRONMENT=Production
EXPOSE 8080
COPY --from=build /app/publish .
ENTRYPOINT ["dotnet", "Thalos.DAL.Host.dll"]

1
Thalos.DAL.slnx
View File

@ -1,6 +1,5 @@
<Solution>
<Folder Name="/src/">
<Project Path="src/Thalos.DAL.Host/Thalos.DAL.Host.csproj" />
<Project Path="src/Thalos.DAL/Thalos.DAL.csproj" />
</Folder>
<Folder Name="/tests/">

13
docs/architecture/dal-domain-alignment.md
View File

@ -1,13 +0,0 @@
# Thalos DAL Domain Alignment
## Goal
Align DAL with thalos-domain abstractions while keeping DAL technical.
## DAL Responsibilities
- Identity persistence and retrieval
- Technical data translation
- Provider/repository boundaries
## Prohibited
- Identity policy decision ownership
- Service orchestration concerns

4
docs/dal/identity-provider-boundaries.md
View File

@ -16,7 +16,3 @@
- Provider boundaries remain internal to Thalos DAL.
- DAL interfaces expose only transport-neutral contracts and read ports.
- Identity abstractions remain Thalos-owned.
- Runtime provider routes currently support:
- `InternalJwt`
- `AzureAd`
- `Google`

26
docs/dal/package-consumption-baseline.md
View File

@ -1,26 +0,0 @@
# Thalos DAL Package Consumption Baseline
## Objective
Remove cross-repo source coupling from `Thalos.DAL` and consume shared contracts through NuGet packages.
## Applied Baseline
`Thalos.DAL.csproj` now consumes:
- `BuildingBlock.Identity.Contracts` `0.2.0`
- `Core.Blueprint.Common` `0.2.0`
## Feed Configuration
Repository-level `nuget.config` includes:
- `gitea-org`: `https://gitea.dream-views.com/api/packages/AgileWebs/nuget/index.json`
- `nuget.org`
Because feed is currently HTTP, `allowInsecureConnections="true"` is required for the Gitea source.
## Boundary Notes
- No cross-repo `ProjectReference` remains in `src/Thalos.DAL/Thalos.DAL.csproj`.
- DAL retains technical/provider ownership only.

6
docs/migration/dal-port-alignment-map.md
View File

@ -1,6 +0,0 @@
# Thalos DAL Port Alignment Map
## Alignment Areas
- DAL read/write ports map to domain contracts.
- Technical DTO translation remains in DAL adapters.
- Domain policy semantics are not reimplemented in DAL.

6
docs/migration/technical-mapping-rules.md
View File

@ -1,6 +0,0 @@
# Thalos DAL Technical Mapping Rules
## Rules
- Mapping logic remains technical and deterministic.
- No policy evaluation branching in DAL mapping layer.
- Correlation and metadata pass-through remains unchanged.

23
docs/runbooks/containerization.md
View File

@ -1,23 +0,0 @@
# Containerization Runbook
## Image Build
```bash
docker build --build-arg NUGET_FEED_USERNAME=<gitea-login> --build-arg NUGET_FEED_TOKEN=<gitea-token> -t agilewebs/thalos-dal:dev .
```
## Local Run
```bash
docker run --rm -p 8080:8080 --name thalos-dal agilewebs/thalos-dal:dev
```
## Health Probe
- Path: `/health`
- Fallback path: `/healthz`
- Port: `8080`
## Runtime Notes
- Exposes internal DAL lookup endpoints for identity token, policy, and permissions data.

8
nuget.config
View File

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<clear />
<add key="gitea-org" value="https://gitea.dream-views.com/api/packages/AgileWebs/nuget/index.json" allowInsecureConnections="true" />
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
</packageSources>
</configuration>

71
src/Thalos.DAL.Host/Program.cs
View File

@ -1,71 +0,0 @@
using Microsoft.Extensions.Primitives;
using Thalos.DAL.Contracts;
using Thalos.DAL.DependencyInjection;
using Thalos.DAL.Repositories;
using IdentityAuthProvider = BuildingBlock.Identity.Contracts.Conventions.IdentityAuthProvider;
const string CorrelationHeaderName = "x-correlation-id";
const string ContractVersion = "v1";
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddHealthChecks();
builder.Services.AddThalosDalRuntime();
var app = builder.Build();
app.MapGet("/internal/thalos-dal/token", async (
string subjectId,
string tenantId,
string? externalToken,
IIdentityRepository repository,
HttpContext context,
CancellationToken ct) =>
{
var envelope = new IdentityContractEnvelope(ContractVersion, ResolveCorrelationId(context));
var request = new IdentityTokenLookupRequest(envelope, subjectId, tenantId, IdentityAuthProvider.InternalJwt, externalToken ?? string.Empty);
var record = await repository.ReadIdentityTokenAsync(request, ct);
return record is null ? Results.NotFound() : Results.Ok(record);
});
app.MapGet("/internal/thalos-dal/policy", async (
string subjectId,
string tenantId,
string permissionCode,
IIdentityRepository repository,
HttpContext context,
CancellationToken ct) =>
{
var envelope = new IdentityContractEnvelope(ContractVersion, ResolveCorrelationId(context));
var request = new IdentityPolicyLookupRequest(envelope, subjectId, tenantId, permissionCode);
var record = await repository.ReadIdentityPolicyAsync(request, ct);
return record is null ? Results.NotFound() : Results.Ok(record);
});
app.MapGet("/internal/thalos-dal/permissions", async (
string subjectId,
string tenantId,
IIdentityRepository repository,
HttpContext context,
CancellationToken ct) =>
{
var envelope = new IdentityContractEnvelope(ContractVersion, ResolveCorrelationId(context));
var request = new IdentityPermissionSetLookupRequest(envelope, subjectId, tenantId);
var records = await repository.ReadPermissionSetAsync(request, ct);
return Results.Ok(records);
});
app.MapHealthChecks("/health");
app.MapHealthChecks("/healthz");
app.Run();
static string ResolveCorrelationId(HttpContext context)
{
if (context.Request.Headers.TryGetValue(CorrelationHeaderName, out var headerValue) &&
!StringValues.IsNullOrEmpty(headerValue))
{
return headerValue.ToString();
}
return context.TraceIdentifier;
}

23
src/Thalos.DAL.Host/Properties/launchSettings.json
View File

@ -1,23 +0,0 @@
{
"$schema": "https://json.schemastore.org/launchsettings.json",
"profiles": {
"http": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": true,
"applicationUrl": "http://localhost:0",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"https": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": true,
"applicationUrl": "https://localhost:0;http://localhost:0",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}

13
src/Thalos.DAL.Host/Thalos.DAL.Host.csproj
View File

@ -1,13 +0,0 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
<ItemGroup>
<ProjectReference Include="..\Thalos.DAL\Thalos.DAL.csproj" />
</ItemGroup>
</Project>

8
src/Thalos.DAL.Host/appsettings.Development.json
View File

@ -1,8 +0,0 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
}
}

9
src/Thalos.DAL.Host/appsettings.json
View File

@ -1,9 +0,0 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*"
}

47
src/Thalos.DAL/Adapters/IdentityDalGrpcContractAdapter.cs
View File

@ -1,47 +0,0 @@
using Core.Blueprint.Common.Runtime;
using Thalos.DAL.Contracts;
using Thalos.DAL.Grpc;
namespace Thalos.DAL.Adapters;
/// <summary>
/// Default adapter implementation for DAL gRPC contract translation.
/// </summary>
public sealed class IdentityDalGrpcContractAdapter(IBlueprintSystemClock clock) : IIdentityDalGrpcContractAdapter
{
/// <inheritdoc />
public IdentityPolicyDalGrpcContract ToGrpcPolicyRequest(IdentityPolicyLookupRequest request)
{
return new IdentityPolicyDalGrpcContract(request.SubjectId, request.TenantId, request.PermissionCode);
}
/// <inheritdoc />
public IdentityPolicyLookupRequest FromGrpcPolicyRequest(IdentityPolicyDalGrpcContract contract)
{
return new IdentityPolicyLookupRequest(
CreateEnvelope(),
contract.SubjectId,
contract.TenantId,
contract.PermissionCode);
}
/// <inheritdoc />
public IdentityTokenDalGrpcContract ToGrpcTokenRequest(IdentityTokenLookupRequest request)
{
return new IdentityTokenDalGrpcContract(request.SubjectId, request.TenantId);
}
/// <inheritdoc />
public IdentityTokenLookupRequest FromGrpcTokenRequest(IdentityTokenDalGrpcContract contract)
{
return new IdentityTokenLookupRequest(
CreateEnvelope(),
contract.SubjectId,
contract.TenantId);
}
private IdentityContractEnvelope CreateEnvelope()
{
return new IdentityContractEnvelope("1.0.0", $"corr-{clock.UtcNow:yyyyMMddHHmmssfff}");
}
}

6
src/Thalos.DAL/Contracts/IdentityPermissionRecord.cs
View File

@ -1,5 +1,3 @@
using BuildingBlock.Identity.Contracts.Conventions;
namespace Thalos.DAL.Contracts;
/// <summary>
@ -8,9 +6,7 @@ namespace Thalos.DAL.Contracts;
/// <param name="Envelope">Contract envelope metadata.</param>
/// <param name="PermissionCode">Permission code identifier.</param>
/// <param name="SourceRoleCode">Role code that grants the permission.</param>
/// <param name="Provider">Auth provider for the permission grant.</param>
public sealed record IdentityPermissionRecord(
IdentityContractEnvelope Envelope,
string PermissionCode,
string SourceRoleCode,
IdentityAuthProvider Provider = IdentityAuthProvider.InternalJwt);
string SourceRoleCode);

6
src/Thalos.DAL/Contracts/IdentityPermissionSetLookupRequest.cs
View File

@ -1,5 +1,3 @@
using BuildingBlock.Identity.Contracts.Conventions;
namespace Thalos.DAL.Contracts;
/// <summary>
@ -8,9 +6,7 @@ namespace Thalos.DAL.Contracts;
/// <param name="Envelope">Contract envelope metadata.</param>
/// <param name="SubjectId">Identity subject identifier.</param>
/// <param name="TenantId">Tenant scope identifier.</param>
/// <param name="Provider">Auth provider for the lookup flow.</param>
public sealed record IdentityPermissionSetLookupRequest(
IdentityContractEnvelope Envelope,
string SubjectId,
string TenantId,
IdentityAuthProvider Provider = IdentityAuthProvider.InternalJwt);
string TenantId);

6
src/Thalos.DAL/Contracts/IdentityPolicyLookupRequest.cs
View File

@ -1,5 +1,3 @@
using BuildingBlock.Identity.Contracts.Conventions;
namespace Thalos.DAL.Contracts;
/// <summary>
@ -9,10 +7,8 @@ namespace Thalos.DAL.Contracts;
/// <param name="SubjectId">Identity subject identifier.</param>
/// <param name="TenantId">Tenant scope identifier.</param>
/// <param name="PermissionCode">Permission code to evaluate.</param>
/// <param name="Provider">Auth provider for the lookup flow.</param>
public sealed record IdentityPolicyLookupRequest(
IdentityContractEnvelope Envelope,
string SubjectId,
string TenantId,
string PermissionCode,
IdentityAuthProvider Provider = IdentityAuthProvider.InternalJwt);
string PermissionCode);

6
src/Thalos.DAL/Contracts/IdentityPolicyRecord.cs
View File

@ -1,5 +1,3 @@
using BuildingBlock.Identity.Contracts.Conventions;
namespace Thalos.DAL.Contracts;
/// <summary>
@ -9,10 +7,8 @@ namespace Thalos.DAL.Contracts;
/// <param name="SubjectId">Identity subject identifier.</param>
/// <param name="PermissionCode">Permission code evaluated.</param>
/// <param name="ContextSatisfied">Indicates whether policy context is satisfied.</param>
/// <param name="Provider">Auth provider used for policy evaluation.</param>
public sealed record IdentityPolicyRecord(
IdentityContractEnvelope Envelope,
string SubjectId,
string PermissionCode,
bool ContextSatisfied,
IdentityAuthProvider Provider = IdentityAuthProvider.InternalJwt);
bool ContextSatisfied);

11
src/Thalos.DAL/Contracts/IdentityTokenLookupRequest.cs
View File

@ -1,5 +1,3 @@
using BuildingBlock.Identity.Contracts.Conventions;
namespace Thalos.DAL.Contracts;
/// <summary>
@ -8,11 +6,4 @@ namespace Thalos.DAL.Contracts;
/// <param name="Envelope">Contract envelope metadata.</param>
/// <param name="SubjectId">Identity subject identifier.</param>
/// <param name="TenantId">Tenant scope identifier.</param>
/// <param name="Provider">Auth provider for the lookup flow.</param>
/// <param name="ExternalToken">External provider token when applicable.</param>
public sealed record IdentityTokenLookupRequest(
IdentityContractEnvelope Envelope,
string SubjectId,
string TenantId,
IdentityAuthProvider Provider = IdentityAuthProvider.InternalJwt,
string ExternalToken = "");
public sealed record IdentityTokenLookupRequest(IdentityContractEnvelope Envelope, string SubjectId, string TenantId);

6
src/Thalos.DAL/Contracts/IdentityTokenRecord.cs
View File

@ -1,5 +1,3 @@
using BuildingBlock.Identity.Contracts.Conventions;
namespace Thalos.DAL.Contracts;
/// <summary>
@ -10,11 +8,9 @@ namespace Thalos.DAL.Contracts;
/// <param name="TenantId">Tenant scope identifier.</param>
/// <param name="Token">Issued access token value.</param>
/// <param name="ExpiresInSeconds">Token expiration in seconds.</param>
/// <param name="Provider">Auth provider used for token issuance.</param>
public sealed record IdentityTokenRecord(
IdentityContractEnvelope Envelope,
string SubjectId,
string TenantId,
string Token,
int ExpiresInSeconds,
IdentityAuthProvider Provider = IdentityAuthProvider.InternalJwt);
int ExpiresInSeconds);

12
src/Thalos.DAL/Contracts/IdentityUserLookupRequest.cs
View File

@ -1,5 +1,3 @@
using BuildingBlock.Identity.Contracts.Conventions;
namespace Thalos.DAL.Contracts;
/// <summary>
@ -7,12 +5,4 @@ namespace Thalos.DAL.Contracts;
/// </summary>
/// <param name="Envelope">Contract envelope metadata.</param>
/// <param name="SubjectId">Identity subject identifier.</param>
/// <param name="TenantId">Tenant identifier.</param>
/// <param name="Provider">Auth provider for the lookup flow.</param>
/// <param name="ExternalToken">External provider token when applicable.</param>
public sealed record IdentityUserLookupRequest(
IdentityContractEnvelope Envelope,
string SubjectId,
string TenantId,
IdentityAuthProvider Provider = IdentityAuthProvider.InternalJwt,
string ExternalToken = "");
public sealed record IdentityUserLookupRequest(IdentityContractEnvelope Envelope, string SubjectId);

8
src/Thalos.DAL/Contracts/IdentityUserRecord.cs
View File

@ -7,14 +7,8 @@ namespace Thalos.DAL.Contracts;
/// <param name="SubjectId">Identity subject identifier.</param>
/// <param name="TenantId">Tenant scope identifier.</param>
/// <param name="Status">Current user status.</param>
/// <param name="Token">Persisted token projection for subject/tenant.</param>
/// <param name="ExpiresInSeconds">Persisted token expiration in seconds.</param>
/// <param name="ContextSatisfied">Persisted policy context projection.</param>
public sealed record IdentityUserRecord(
IdentityContractEnvelope Envelope,
string SubjectId,
string TenantId,
string Status,
string Token,
int ExpiresInSeconds,
bool ContextSatisfied);
string Status);

46
src/Thalos.DAL/DependencyInjection/ThalosDalServiceCollectionExtensions.cs
View File

@ -1,46 +0,0 @@
using Core.Blueprint.Common.DependencyInjection;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Thalos.DAL.Adapters;
using Thalos.DAL.Health;
using Thalos.DAL.Providers;
using Thalos.DAL.Providers.InMemory;
using Thalos.DAL.Repositories;
namespace Thalos.DAL.DependencyInjection;
/// <summary>
/// Registers thalos dal runtime provider, repository, and adapter implementations.
/// </summary>
public static class ThalosDalServiceCollectionExtensions
{
/// <summary>
/// Adds thalos dal runtime implementations aligned with blueprint runtime core.
/// </summary>
/// <param name="services">Service collection.</param>
/// <returns>Service collection for fluent chaining.</returns>
public static IServiceCollection AddThalosDalRuntime(this IServiceCollection services)
{
services.AddBlueprintRuntimeCore();
services.TryAddSingleton<InternalJwtUserDataProvider>();
services.TryAddSingleton<AzureAdUserDataProvider>();
services.TryAddSingleton<GoogleUserDataProvider>();
services.TryAddSingleton<IUserDataProvider, RoutedUserDataProvider>();
services.TryAddSingleton<InternalJwtPermissionDataProvider>();
services.TryAddSingleton<AzureAdPermissionDataProvider>();
services.TryAddSingleton<GooglePermissionDataProvider>();
services.TryAddSingleton<IPermissionDataProvider, RoutedPermissionDataProvider>();
services.TryAddSingleton<IRoleDataProvider, InMemoryRoleDataProvider>();
services.TryAddSingleton<IModuleDataProvider, InMemoryModuleDataProvider>();
services.TryAddSingleton<ITenantDataProvider, InMemoryTenantDataProvider>();
services.TryAddSingleton<IIdentityRepository, IdentityRepository>();
services.TryAddSingleton<IIdentityDalGrpcContractAdapter, IdentityDalGrpcContractAdapter>();
services.TryAddSingleton<IDalDependencyHealthCheck, DalDependencyHealthCheck>();
return services;
}
}

27
src/Thalos.DAL/Health/DalDependencyHealthCheck.cs
View File

@ -1,27 +0,0 @@
using Core.Blueprint.Common.Runtime;
using Thalos.DAL.Contracts;
namespace Thalos.DAL.Health;
/// <summary>
/// Default DAL dependency health check implementation.
/// </summary>
public sealed class DalDependencyHealthCheck(IBlueprintSystemClock clock) : IDalDependencyHealthCheck
{
/// <inheritdoc />
public Task<DalDependencyHealthStatus> CheckAsync(CancellationToken cancellationToken = default)
{
var envelope = new IdentityContractEnvelope("1.0.0", $"corr-{clock.UtcNow:yyyyMMddHHmmssfff}");
IReadOnlyList<string> dependencyNames =
[
"IUserDataProvider",
"IRoleDataProvider",
"IPermissionDataProvider",
"IModuleDataProvider",
"ITenantDataProvider"
];
var status = new DalDependencyHealthStatus(envelope, true, dependencyNames);
return Task.FromResult(status);
}
}

22
src/Thalos.DAL/Providers/InMemory/InMemoryModuleDataProvider.cs
View File

@ -1,22 +0,0 @@
using Thalos.DAL.Contracts;
namespace Thalos.DAL.Providers.InMemory;
/// <summary>
/// In-memory provider for identity module lookup contracts.
/// </summary>
public sealed class InMemoryModuleDataProvider : IModuleDataProvider
{
/// <inheritdoc />
public Task<IReadOnlyList<IdentityModuleRecord>> ReadModulesAsync(
IdentityModuleLookupRequest request,
CancellationToken cancellationToken = default)
{
IReadOnlyList<IdentityModuleRecord> records =
[
new IdentityModuleRecord(request.Envelope, "identity", true)
];
return Task.FromResult(records);
}
}

23
src/Thalos.DAL/Providers/InMemory/InMemoryPermissionDataProvider.cs
View File

@ -1,23 +0,0 @@
using Thalos.DAL.Contracts;
namespace Thalos.DAL.Providers.InMemory;
/// <summary>
/// In-memory provider for identity permission lookup contracts.
/// </summary>
public sealed class InMemoryPermissionDataProvider : IPermissionDataProvider
{
/// <inheritdoc />
public Task<IReadOnlyList<IdentityPermissionRecord>> ReadPermissionsAsync(
IdentityPermissionSetLookupRequest request,
CancellationToken cancellationToken = default)
{
IReadOnlyList<IdentityPermissionRecord> records =
[
new IdentityPermissionRecord(request.Envelope, "identity.token.issue", "identity.admin"),
new IdentityPermissionRecord(request.Envelope, "identity.policy.evaluate", "identity.admin")
];
return Task.FromResult(records);
}
}

22
src/Thalos.DAL/Providers/InMemory/InMemoryRoleDataProvider.cs
View File

@ -1,22 +0,0 @@
using Thalos.DAL.Contracts;
namespace Thalos.DAL.Providers.InMemory;
/// <summary>
/// In-memory provider for identity role lookup contracts.
/// </summary>
public sealed class InMemoryRoleDataProvider : IRoleDataProvider
{
/// <inheritdoc />
public Task<IReadOnlyList<IdentityRoleRecord>> ReadRolesAsync(
IdentityRoleLookupRequest request,
CancellationToken cancellationToken = default)
{
IReadOnlyList<IdentityRoleRecord> records =
[
new IdentityRoleRecord(request.Envelope, "identity.admin", request.TenantId)
];
return Task.FromResult(records);
}
}

23
src/Thalos.DAL/Providers/InMemory/InMemoryTenantDataProvider.cs
View File

@ -1,23 +0,0 @@
using Thalos.DAL.Contracts;
namespace Thalos.DAL.Providers.InMemory;
/// <summary>
/// In-memory provider for identity tenant lookup contracts.
/// </summary>
public sealed class InMemoryTenantDataProvider : ITenantDataProvider
{
/// <inheritdoc />
public Task<IdentityTenantRecord?> ReadTenantAsync(
IdentityTenantLookupRequest request,
CancellationToken cancellationToken = default)
{
var record = new IdentityTenantRecord(
request.Envelope,
request.TenantId,
$"tenant-{request.TenantId}",
true);
return Task.FromResult<IdentityTenantRecord?>(record);
}
}

31
src/Thalos.DAL/Providers/InMemory/InMemoryUserDataProvider.cs
View File

@ -1,31 +0,0 @@
using Thalos.DAL.Contracts;
namespace Thalos.DAL.Providers.InMemory;
/// <summary>
/// In-memory provider for identity user lookup contracts.
/// </summary>
public sealed class InMemoryUserDataProvider : IUserDataProvider
{
/// <inheritdoc />
public Task<IdentityUserRecord?> ReadUserAsync(
IdentityUserLookupRequest request,
CancellationToken cancellationToken = default)
{
if (request.SubjectId.StartsWith("missing-", StringComparison.OrdinalIgnoreCase))
{
return Task.FromResult<IdentityUserRecord?>(null);
}
var record = new IdentityUserRecord(
request.Envelope,
request.SubjectId,
request.TenantId,
"active",
$"{request.SubjectId}:{request.TenantId}:token",
1800,
true);
return Task.FromResult<IdentityUserRecord?>(record);
}
}

89
src/Thalos.DAL/Providers/ProviderPermissionDataProviders.cs
View File

@ -1,89 +0,0 @@
using BuildingBlock.Identity.Contracts.Conventions;
using Thalos.DAL.Contracts;
namespace Thalos.DAL.Providers;
/// <summary>
/// Internal JWT permission provider implementation.
/// </summary>
public sealed class InternalJwtPermissionDataProvider : IPermissionDataProvider
{
/// <inheritdoc />
public Task<IReadOnlyList<IdentityPermissionRecord>> ReadPermissionsAsync(
IdentityPermissionSetLookupRequest request,
CancellationToken cancellationToken = default)
{
IReadOnlyList<IdentityPermissionRecord> records =
[
new IdentityPermissionRecord(request.Envelope, "identity.token.issue", "identity.admin", IdentityAuthProvider.InternalJwt),
new IdentityPermissionRecord(request.Envelope, "identity.policy.evaluate", "identity.admin", IdentityAuthProvider.InternalJwt)
];
return Task.FromResult(records);
}
}
/// <summary>
/// Azure AD permission provider implementation.
/// </summary>
public sealed class AzureAdPermissionDataProvider : IPermissionDataProvider
{
/// <inheritdoc />
public Task<IReadOnlyList<IdentityPermissionRecord>> ReadPermissionsAsync(
IdentityPermissionSetLookupRequest request,
CancellationToken cancellationToken = default)
{
IReadOnlyList<IdentityPermissionRecord> records =
[
new IdentityPermissionRecord(request.Envelope, "identity.token.issue", "identity.azure.user", IdentityAuthProvider.AzureAd),
new IdentityPermissionRecord(request.Envelope, "identity.policy.evaluate", "identity.azure.user", IdentityAuthProvider.AzureAd),
new IdentityPermissionRecord(request.Envelope, "identity.oauth.exchange", "identity.azure.user", IdentityAuthProvider.AzureAd)
];
return Task.FromResult(records);
}
}
/// <summary>
/// Google permission provider implementation.
/// </summary>
public sealed class GooglePermissionDataProvider : IPermissionDataProvider
{
/// <inheritdoc />
public Task<IReadOnlyList<IdentityPermissionRecord>> ReadPermissionsAsync(
IdentityPermissionSetLookupRequest request,
CancellationToken cancellationToken = default)
{
IReadOnlyList<IdentityPermissionRecord> records =
[
new IdentityPermissionRecord(request.Envelope, "identity.token.issue", "identity.google.user", IdentityAuthProvider.Google),
new IdentityPermissionRecord(request.Envelope, "identity.policy.evaluate", "identity.google.user", IdentityAuthProvider.Google),
new IdentityPermissionRecord(request.Envelope, "identity.oauth.exchange", "identity.google.user", IdentityAuthProvider.Google)
];
return Task.FromResult(records);
}
}
/// <summary>
/// Routes permission lookups to the matching provider implementation.
/// </summary>
public sealed class RoutedPermissionDataProvider(
InternalJwtPermissionDataProvider internalJwtProvider,
AzureAdPermissionDataProvider azureProvider,
GooglePermissionDataProvider googleProvider) : IPermissionDataProvider
{
/// <inheritdoc />
public Task<IReadOnlyList<IdentityPermissionRecord>> ReadPermissionsAsync(
IdentityPermissionSetLookupRequest request,
CancellationToken cancellationToken = default)
{
return request.Provider switch
{
IdentityAuthProvider.InternalJwt => internalJwtProvider.ReadPermissionsAsync(request, cancellationToken),
IdentityAuthProvider.AzureAd => azureProvider.ReadPermissionsAsync(request, cancellationToken),
IdentityAuthProvider.Google => googleProvider.ReadPermissionsAsync(request, cancellationToken),
_ => Task.FromResult<IReadOnlyList<IdentityPermissionRecord>>([])
};
}
}

143
src/Thalos.DAL/Providers/ProviderUserDataProviders.cs
View File

@ -1,143 +0,0 @@
using BuildingBlock.Identity.Contracts.Conventions;
using Thalos.DAL.Contracts;
namespace Thalos.DAL.Providers;
/// <summary>
/// Internal JWT provider implementation for identity user reads.
/// </summary>
public sealed class InternalJwtUserDataProvider : IUserDataProvider
{
/// <inheritdoc />
public Task<IdentityUserRecord?> ReadUserAsync(
IdentityUserLookupRequest request,
CancellationToken cancellationToken = default)
{
if (request.SubjectId.StartsWith("missing-", StringComparison.OrdinalIgnoreCase))
{
return Task.FromResult<IdentityUserRecord?>(null);
}
var record = new IdentityUserRecord(
request.Envelope,
request.SubjectId,
request.TenantId,
"active",
$"{request.SubjectId}:{request.TenantId}:token",
1800,
true);
return Task.FromResult<IdentityUserRecord?>(record);
}
}
/// <summary>
/// Azure AD provider implementation for identity user reads.
/// </summary>
public sealed class AzureAdUserDataProvider : IUserDataProvider
{
/// <inheritdoc />
public Task<IdentityUserRecord?> ReadUserAsync(
IdentityUserLookupRequest request,
CancellationToken cancellationToken = default)
{
var subjectId = ResolveSubjectId(request, "azure-sub");
if (string.IsNullOrWhiteSpace(subjectId))
{
return Task.FromResult<IdentityUserRecord?>(null);
}
var record = new IdentityUserRecord(
request.Envelope,
subjectId,
request.TenantId,
"active",
$"azure:{subjectId}:{request.TenantId}:token",
3600,
true);
return Task.FromResult<IdentityUserRecord?>(record);
}
private static string ResolveSubjectId(IdentityUserLookupRequest request, string prefix)
{
if (!string.IsNullOrWhiteSpace(request.SubjectId))
{
return request.SubjectId;
}
if (string.IsNullOrWhiteSpace(request.ExternalToken))
{
return string.Empty;
}
return $"{prefix}-{Math.Abs(request.ExternalToken.GetHashCode(StringComparison.Ordinal))}";
}
}
/// <summary>
/// Google provider implementation for identity user reads.
/// </summary>
public sealed class GoogleUserDataProvider : IUserDataProvider
{
/// <inheritdoc />
public Task<IdentityUserRecord?> ReadUserAsync(
IdentityUserLookupRequest request,
CancellationToken cancellationToken = default)
{
var subjectId = ResolveSubjectId(request, "google-sub");
if (string.IsNullOrWhiteSpace(subjectId))
{
return Task.FromResult<IdentityUserRecord?>(null);
}
var record = new IdentityUserRecord(
request.Envelope,
subjectId,
request.TenantId,
"active",
$"google:{subjectId}:{request.TenantId}:token",
3000,
true);
return Task.FromResult<IdentityUserRecord?>(record);
}
private static string ResolveSubjectId(IdentityUserLookupRequest request, string prefix)
{
if (!string.IsNullOrWhiteSpace(request.SubjectId))
{
return request.SubjectId;
}
if (string.IsNullOrWhiteSpace(request.ExternalToken))
{
return string.Empty;
}
return $"{prefix}-{Math.Abs(request.ExternalToken.GetHashCode(StringComparison.Ordinal))}";
}
}
/// <summary>
/// Routes user lookups to the matching provider implementation.
/// </summary>
public sealed class RoutedUserDataProvider(
InternalJwtUserDataProvider internalJwtProvider,
AzureAdUserDataProvider azureProvider,
GoogleUserDataProvider googleProvider) : IUserDataProvider
{
/// <inheritdoc />
public Task<IdentityUserRecord?> ReadUserAsync(
IdentityUserLookupRequest request,
CancellationToken cancellationToken = default)
{
return request.Provider switch
{
IdentityAuthProvider.InternalJwt => internalJwtProvider.ReadUserAsync(request, cancellationToken),
IdentityAuthProvider.AzureAd => azureProvider.ReadUserAsync(request, cancellationToken),
IdentityAuthProvider.Google => googleProvider.ReadUserAsync(request, cancellationToken),
_ => Task.FromResult<IdentityUserRecord?>(null)
};
}
}

70
src/Thalos.DAL/Repositories/IdentityRepository.cs
View File

@ -1,70 +0,0 @@
using Thalos.DAL.Contracts;
using Thalos.DAL.Providers;
namespace Thalos.DAL.Repositories;
/// <summary>
/// Default identity repository implementation composed from DAL providers.
/// </summary>
public sealed class IdentityRepository(
IUserDataProvider userDataProvider,
IPermissionDataProvider permissionDataProvider) : IIdentityRepository
{
/// <inheritdoc />
public async Task<IdentityTokenRecord?> ReadIdentityTokenAsync(
IdentityTokenLookupRequest request,
CancellationToken cancellationToken = default)
{
var userRequest = new IdentityUserLookupRequest(
request.Envelope,
request.SubjectId,
request.TenantId,
request.Provider,
request.ExternalToken);
var userRecord = await userDataProvider.ReadUserAsync(userRequest, cancellationToken);
if (userRecord is null)
{
return null;
}
return new IdentityTokenRecord(
request.Envelope,
userRecord.SubjectId,
request.TenantId,
userRecord.Token,
userRecord.ExpiresInSeconds,
request.Provider);
}
/// <inheritdoc />
public async Task<IdentityPolicyRecord?> ReadIdentityPolicyAsync(
IdentityPolicyLookupRequest request,
CancellationToken cancellationToken = default)
{
var userRequest = new IdentityUserLookupRequest(
request.Envelope,
request.SubjectId,
request.TenantId,
request.Provider);
var userRecord = await userDataProvider.ReadUserAsync(userRequest, cancellationToken);
if (userRecord is null)
{
return null;
}
return new IdentityPolicyRecord(
request.Envelope,
userRecord.SubjectId,
request.PermissionCode,
userRecord.ContextSatisfied,
request.Provider);
}
/// <inheritdoc />
public Task<IReadOnlyList<IdentityPermissionRecord>> ReadPermissionSetAsync(
IdentityPermissionSetLookupRequest request,
CancellationToken cancellationToken = default)
{
return permissionDataProvider.ReadPermissionsAsync(request, cancellationToken);
}
}

4
src/Thalos.DAL/Thalos.DAL.csproj
View File

@ -5,8 +5,6 @@
<Nullable>enable</Nullable>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.0" />
<PackageReference Include="BuildingBlock.Identity.Contracts" Version="0.2.0" />
<PackageReference Include="Core.Blueprint.Common" Version="0.2.0" />
<ProjectReference Include="..\..\..\blueprint-platform\src\Core.Blueprint.Common\Core.Blueprint.Common.csproj" />
</ItemGroup>
</Project>

2
tests/Thalos.DAL.UnitTests/ContractShapeTests.cs
View File

@ -16,7 +16,6 @@ public class ContractShapeTests
Assert.Equal("user-1", request.SubjectId);
Assert.Equal("tenant-1", request.TenantId);
Assert.Equal("identity.token.issue", request.PermissionCode);
Assert.Equal(BuildingBlock.Identity.Contracts.Conventions.IdentityAuthProvider.InternalJwt, request.Provider);
}
[Fact]
@ -31,7 +30,6 @@ public class ContractShapeTests
Assert.Equal("tenant-1", record.TenantId);
Assert.Equal("token-xyz", record.Token);
Assert.Equal(1800, record.ExpiresInSeconds);
Assert.Equal(BuildingBlock.Identity.Contracts.Conventions.IdentityAuthProvider.InternalJwt, record.Provider);
}
[Fact]

88
tests/Thalos.DAL.UnitTests/RuntimeWiringTests.cs
View File

@ -1,88 +0,0 @@
using Microsoft.Extensions.DependencyInjection;
using Thalos.DAL.Adapters;
using Thalos.DAL.Contracts;
using Thalos.DAL.DependencyInjection;
using Thalos.DAL.Health;
using Thalos.DAL.Repositories;
namespace Thalos.DAL.UnitTests;
public class RuntimeWiringTests
{
[Fact]
public async Task AddThalosDalRuntime_WhenResolved_WiresRepositoryAndProviders()
{
var services = new ServiceCollection();
services.AddThalosDalRuntime();
using var provider = services.BuildServiceProvider();
var repository = provider.GetRequiredService<IIdentityRepository>();
var request = new IdentityTokenLookupRequest(
new IdentityContractEnvelope("1.0.0", "corr-123"),
"user-1",
"tenant-1");
var response = await repository.ReadIdentityTokenAsync(request);
Assert.NotNull(response);
Assert.Equal("user-1", response.SubjectId);
Assert.Equal("tenant-1", response.TenantId);
Assert.Equal(1800, response.ExpiresInSeconds);
Assert.Equal(BuildingBlock.Identity.Contracts.Conventions.IdentityAuthProvider.InternalJwt, response.Provider);
}
[Fact]
public async Task AddThalosDalRuntime_WhenExternalProviderUsed_ResolvesProviderSpecificToken()
{
var services = new ServiceCollection();
services.AddThalosDalRuntime();
using var provider = services.BuildServiceProvider();
var repository = provider.GetRequiredService<IIdentityRepository>();
var request = new IdentityTokenLookupRequest(
new IdentityContractEnvelope("1.0.0", "corr-ext"),
string.Empty,
"tenant-2",
BuildingBlock.Identity.Contracts.Conventions.IdentityAuthProvider.AzureAd,
"external-azure-token");
var response = await repository.ReadIdentityTokenAsync(request);
Assert.NotNull(response);
Assert.Equal(BuildingBlock.Identity.Contracts.Conventions.IdentityAuthProvider.AzureAd, response.Provider);
Assert.StartsWith("azure:", response.Token);
}
[Fact]
public void AddThalosDalRuntime_WhenResolved_WiresGrpcContractAdapter()
{
var services = new ServiceCollection();
services.AddThalosDalRuntime();
using var provider = services.BuildServiceProvider();
var adapter = provider.GetRequiredService<IIdentityDalGrpcContractAdapter>();
var grpcContract = new Thalos.DAL.Grpc.IdentityTokenDalGrpcContract("user-2", "tenant-2");
var request = adapter.FromGrpcTokenRequest(grpcContract);
Assert.Equal("user-2", request.SubjectId);
Assert.Equal("tenant-2", request.TenantId);
Assert.NotEmpty(request.Envelope.CorrelationId);
}
[Fact]
public async Task AddThalosDalRuntime_WhenResolved_WiresDependencyHealthCheck()
{
var services = new ServiceCollection();
services.AddThalosDalRuntime();
using var provider = services.BuildServiceProvider();
var healthCheck = provider.GetRequiredService<IDalDependencyHealthCheck>();
var status = await healthCheck.CheckAsync();
Assert.True(status.IsHealthy);
Assert.Contains("IUserDataProvider", status.DependencyNames);
Assert.Contains("IPermissionDataProvider", status.DependencyNames);
}
}

1
tests/Thalos.DAL.UnitTests/Thalos.DAL.UnitTests.csproj
View File

@ -7,7 +7,6 @@
</PropertyGroup>
<ItemGroup>
<PackageReference Include="coverlet.collector" Version="6.0.4" />
<PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="10.0.0" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
<PackageReference Include="xunit" Version="2.9.3" />
<PackageReference Include="xunit.runner.visualstudio" Version="3.1.4" />