refactor(thalos-service): delegate to domain
This commit is contained in:
José René White Enciso
parent
5974ce6fa6
commit
654a808c54
13
docs/architecture/service-orchestration-boundary.md
Normal file
13
docs/architecture/service-orchestration-boundary.md
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# Thalos Service Orchestration Boundary
|
||||||
|
|
||||||
|
## Purpose
|
||||||
|
Constrain thalos-service to orchestration responsibilities after thalos-domain extraction.
|
||||||
|
|
||||||
|
## Service Responsibilities
|
||||||
|
- Coordinate identity use-case flow
|
||||||
|
- Delegate policy/token decisions to thalos-domain abstractions
|
||||||
|
- Adapt transport contracts
|
||||||
|
|
||||||
|
## Prohibited Responsibilities
|
||||||
|
- Owning identity decision policies
|
||||||
|
- Owning persistence decision concerns
|
||||||
10
docs/migration/domain-delegation-plan.md
Normal file
10
docs/migration/domain-delegation-plan.md
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# Thalos Domain Delegation Plan
|
||||||
|
|
||||||
|
## Delegation Model
|
||||||
|
- Use cases invoke thalos-domain abstractions for policy and token decisions.
|
||||||
|
- Service adapters retain technical contract mapping only.
|
||||||
|
|
||||||
|
## Transition Steps
|
||||||
|
1. Replace in-service decision branches with domain calls.
|
||||||
|
2. Keep service contract shapes stable.
|
||||||
|
3. Validate orchestration-only responsibilities.
|
||||||
10
docs/migration/identity-service-regression-checks.md
Normal file
10
docs/migration/identity-service-regression-checks.md
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# Identity Service Regression Checks
|
||||||
|
|
||||||
|
## Checks
|
||||||
|
- Service no longer contains policy/token decision branches.
|
||||||
|
- Service still orchestrates required dependencies.
|
||||||
|
- Transport contract outputs remain stable.
|
||||||
|
|
||||||
|
## Evidence
|
||||||
|
- Updated architecture docs
|
||||||
|
- Delegation map confirmation
|
||||||
@ -1,26 +0,0 @@
|
|||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
|
||||||
|
|
||||||
namespace Thalos.Service.Application.Adapters;
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Defines adapter boundary for integrating identity contracts into policy use cases.
|
|
||||||
/// </summary>
|
|
||||||
public interface IIdentityCapabilityContractAdapter
|
|
||||||
{
|
|
||||||
/// <summary>
|
|
||||||
/// Creates a transport-neutral context request for policy evaluation.
|
|
||||||
/// </summary>
|
|
||||||
/// <param name="identityRequest">Identity policy request.</param>
|
|
||||||
/// <returns>Identity policy context request.</returns>
|
|
||||||
IdentityPolicyContextRequest CreatePolicyContext(EvaluateIdentityPolicyRequest identityRequest);
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Maps policy context response into identity policy response.
|
|
||||||
/// </summary>
|
|
||||||
/// <param name="identityRequest">Identity policy request.</param>
|
|
||||||
/// <param name="contextResponse">Identity policy context response.</param>
|
|
||||||
/// <returns>Identity policy response.</returns>
|
|
||||||
EvaluateIdentityPolicyResponse MapPolicyResponse(
|
|
||||||
EvaluateIdentityPolicyRequest identityRequest,
|
|
||||||
IdentityPolicyContextResponse contextResponse);
|
|
||||||
}
|
|
||||||
@ -1,5 +1,5 @@
|
|||||||
using Thalos.Service.Application.Grpc;
|
using Thalos.Service.Application.Grpc;
|
||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.Adapters;
|
namespace Thalos.Service.Application.Adapters;
|
||||||
|
|
||||||
|
|||||||
@ -1,29 +0,0 @@
|
|||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
|
||||||
|
|
||||||
namespace Thalos.Service.Application.Adapters;
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Default adapter implementation for identity policy contract composition.
|
|
||||||
/// </summary>
|
|
||||||
public sealed class IdentityCapabilityContractAdapter : IIdentityCapabilityContractAdapter
|
|
||||||
{
|
|
||||||
/// <inheritdoc />
|
|
||||||
public IdentityPolicyContextRequest CreatePolicyContext(EvaluateIdentityPolicyRequest identityRequest)
|
|
||||||
{
|
|
||||||
return new IdentityPolicyContextRequest(
|
|
||||||
identityRequest.SubjectId,
|
|
||||||
identityRequest.TenantId,
|
|
||||||
identityRequest.PermissionCode);
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <inheritdoc />
|
|
||||||
public EvaluateIdentityPolicyResponse MapPolicyResponse(
|
|
||||||
EvaluateIdentityPolicyRequest identityRequest,
|
|
||||||
IdentityPolicyContextResponse contextResponse)
|
|
||||||
{
|
|
||||||
return new EvaluateIdentityPolicyResponse(
|
|
||||||
identityRequest.SubjectId,
|
|
||||||
identityRequest.PermissionCode,
|
|
||||||
contextResponse.ContextSatisfied);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -1,5 +1,5 @@
|
|||||||
using Thalos.Service.Application.Grpc;
|
using Thalos.Service.Application.Grpc;
|
||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.Adapters;
|
namespace Thalos.Service.Application.Adapters;
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
using Core.Blueprint.Common.DependencyInjection;
|
using Core.Blueprint.Common.DependencyInjection;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
using Microsoft.Extensions.DependencyInjection.Extensions;
|
using Microsoft.Extensions.DependencyInjection.Extensions;
|
||||||
|
using Thalos.Domain.Decisions;
|
||||||
using Thalos.DAL.DependencyInjection;
|
using Thalos.DAL.DependencyInjection;
|
||||||
using Thalos.Service.Application.Adapters;
|
using Thalos.Service.Application.Adapters;
|
||||||
using Thalos.Service.Application.Ports;
|
using Thalos.Service.Application.Ports;
|
||||||
@ -22,8 +23,9 @@ public static class ThalosServiceRuntimeServiceCollectionExtensions
|
|||||||
{
|
{
|
||||||
services.AddBlueprintRuntimeCore();
|
services.AddBlueprintRuntimeCore();
|
||||||
services.AddThalosDalRuntime();
|
services.AddThalosDalRuntime();
|
||||||
|
services.TryAddSingleton<IIdentityPolicyDecisionService, IdentityPolicyDecisionService>();
|
||||||
|
services.TryAddSingleton<IIdentityTokenDecisionService, IdentityTokenDecisionService>();
|
||||||
|
|
||||||
services.TryAddSingleton<IIdentityCapabilityContractAdapter, IdentityCapabilityContractAdapter>();
|
|
||||||
services.TryAddSingleton<IIdentityPolicyGrpcContractAdapter, IdentityPolicyGrpcContractAdapter>();
|
services.TryAddSingleton<IIdentityPolicyGrpcContractAdapter, IdentityPolicyGrpcContractAdapter>();
|
||||||
|
|
||||||
services.TryAddSingleton<IIdentityTokenReadPort, IdentityTokenReadPortDalAdapter>();
|
services.TryAddSingleton<IIdentityTokenReadPort, IdentityTokenReadPortDalAdapter>();
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
|
using Thalos.Domain.Contracts;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.Ports;
|
namespace Thalos.Service.Application.Ports;
|
||||||
|
|
||||||
@ -12,5 +13,5 @@ public interface IIdentityPolicyContextReadPort
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="request">Identity policy context request.</param>
|
/// <param name="request">Identity policy context request.</param>
|
||||||
/// <returns>Identity policy context response.</returns>
|
/// <returns>Identity policy context response.</returns>
|
||||||
Task<IdentityPolicyContextResponse> ReadPolicyContextAsync(IdentityPolicyContextRequest request);
|
Task<IdentityPolicyContextData> ReadPolicyContextAsync(IdentityPolicyContextRequest request);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
|
using Thalos.Domain.Contracts;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.Ports;
|
namespace Thalos.Service.Application.Ports;
|
||||||
|
|
||||||
@ -12,5 +13,5 @@ public interface IIdentityTokenReadPort
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="request">Token request contract.</param>
|
/// <param name="request">Token request contract.</param>
|
||||||
/// <returns>Token response contract.</returns>
|
/// <returns>Token response contract.</returns>
|
||||||
Task<IssueIdentityTokenResponse> IssueTokenAsync(IssueIdentityTokenRequest request);
|
Task<IdentityTokenData> ReadTokenAsync(IssueIdentityTokenRequest request);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,8 @@
|
|||||||
using Core.Blueprint.Common.Runtime;
|
using Core.Blueprint.Common.Runtime;
|
||||||
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
using Thalos.DAL.Contracts;
|
using Thalos.DAL.Contracts;
|
||||||
using Thalos.DAL.Repositories;
|
using Thalos.DAL.Repositories;
|
||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using Thalos.Domain.Contracts;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.Ports;
|
namespace Thalos.Service.Application.Ports;
|
||||||
|
|
||||||
@ -13,7 +14,7 @@ public sealed class IdentityPolicyContextReadPortDalAdapter(
|
|||||||
IBlueprintSystemClock clock) : IIdentityPolicyContextReadPort
|
IBlueprintSystemClock clock) : IIdentityPolicyContextReadPort
|
||||||
{
|
{
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public async Task<IdentityPolicyContextResponse> ReadPolicyContextAsync(IdentityPolicyContextRequest request)
|
public async Task<IdentityPolicyContextData> ReadPolicyContextAsync(IdentityPolicyContextRequest request)
|
||||||
{
|
{
|
||||||
var policyLookupRequest = new IdentityPolicyLookupRequest(
|
var policyLookupRequest = new IdentityPolicyLookupRequest(
|
||||||
CreateEnvelope(),
|
CreateEnvelope(),
|
||||||
@ -24,7 +25,11 @@ public sealed class IdentityPolicyContextReadPortDalAdapter(
|
|||||||
var policyRecord = await identityRepository.ReadIdentityPolicyAsync(policyLookupRequest);
|
var policyRecord = await identityRepository.ReadIdentityPolicyAsync(policyLookupRequest);
|
||||||
if (policyRecord is null)
|
if (policyRecord is null)
|
||||||
{
|
{
|
||||||
return new IdentityPolicyContextResponse(request.SubjectId, request.PermissionCode, false);
|
return new IdentityPolicyContextData(
|
||||||
|
request.SubjectId,
|
||||||
|
request.PermissionCode,
|
||||||
|
false,
|
||||||
|
[]);
|
||||||
}
|
}
|
||||||
|
|
||||||
var permissionSetRequest = new IdentityPermissionSetLookupRequest(
|
var permissionSetRequest = new IdentityPermissionSetLookupRequest(
|
||||||
@ -33,13 +38,15 @@ public sealed class IdentityPolicyContextReadPortDalAdapter(
|
|||||||
request.TenantId);
|
request.TenantId);
|
||||||
|
|
||||||
var permissions = await identityRepository.ReadPermissionSetAsync(permissionSetRequest);
|
var permissions = await identityRepository.ReadPermissionSetAsync(permissionSetRequest);
|
||||||
var permissionMatched = permissions.Any(permission =>
|
var grantedPermissions = permissions
|
||||||
string.Equals(permission.PermissionCode, request.PermissionCode, StringComparison.OrdinalIgnoreCase));
|
.Select(permission => permission.PermissionCode)
|
||||||
|
.ToArray();
|
||||||
|
|
||||||
return new IdentityPolicyContextResponse(
|
return new IdentityPolicyContextData(
|
||||||
request.SubjectId,
|
request.SubjectId,
|
||||||
request.PermissionCode,
|
request.PermissionCode,
|
||||||
policyRecord.ContextSatisfied && permissionMatched);
|
policyRecord.ContextSatisfied,
|
||||||
|
grantedPermissions);
|
||||||
}
|
}
|
||||||
|
|
||||||
private IdentityContractEnvelope CreateEnvelope()
|
private IdentityContractEnvelope CreateEnvelope()
|
||||||
|
|||||||
@ -1,7 +1,8 @@
|
|||||||
using Core.Blueprint.Common.Runtime;
|
using Core.Blueprint.Common.Runtime;
|
||||||
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
using Thalos.DAL.Contracts;
|
using Thalos.DAL.Contracts;
|
||||||
using Thalos.DAL.Repositories;
|
using Thalos.DAL.Repositories;
|
||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using Thalos.Domain.Contracts;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.Ports;
|
namespace Thalos.Service.Application.Ports;
|
||||||
|
|
||||||
@ -13,7 +14,7 @@ public sealed class IdentityTokenReadPortDalAdapter(
|
|||||||
IBlueprintSystemClock clock) : IIdentityTokenReadPort
|
IBlueprintSystemClock clock) : IIdentityTokenReadPort
|
||||||
{
|
{
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public async Task<IssueIdentityTokenResponse> IssueTokenAsync(IssueIdentityTokenRequest request)
|
public async Task<IdentityTokenData> ReadTokenAsync(IssueIdentityTokenRequest request)
|
||||||
{
|
{
|
||||||
var lookupRequest = new IdentityTokenLookupRequest(
|
var lookupRequest = new IdentityTokenLookupRequest(
|
||||||
CreateEnvelope(),
|
CreateEnvelope(),
|
||||||
@ -23,10 +24,10 @@ public sealed class IdentityTokenReadPortDalAdapter(
|
|||||||
var tokenRecord = await identityRepository.ReadIdentityTokenAsync(lookupRequest);
|
var tokenRecord = await identityRepository.ReadIdentityTokenAsync(lookupRequest);
|
||||||
if (tokenRecord is null)
|
if (tokenRecord is null)
|
||||||
{
|
{
|
||||||
return new IssueIdentityTokenResponse(string.Empty, 0);
|
return new IdentityTokenData(null, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
return new IssueIdentityTokenResponse(tokenRecord.Token, tokenRecord.ExpiresInSeconds);
|
return new IdentityTokenData(tokenRecord.Token, tokenRecord.ExpiresInSeconds);
|
||||||
}
|
}
|
||||||
|
|
||||||
private IdentityContractEnvelope CreateEnvelope()
|
private IdentityContractEnvelope CreateEnvelope()
|
||||||
|
|||||||
@ -6,7 +6,8 @@
|
|||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.0" />
|
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.0" />
|
||||||
|
<ProjectReference Include="..\..\..\building-block-identity\src\BuildingBlock.Identity.Contracts\BuildingBlock.Identity.Contracts.csproj" />
|
||||||
|
<ProjectReference Include="..\..\..\thalos-domain\src\Thalos.Domain\Thalos.Domain.csproj" />
|
||||||
<ProjectReference Include="..\..\..\thalos-dal\src\Thalos.DAL\Thalos.DAL.csproj" />
|
<ProjectReference Include="..\..\..\thalos-dal\src\Thalos.DAL\Thalos.DAL.csproj" />
|
||||||
<ProjectReference Include="..\Thalos.Service.Identity.Abstractions\Thalos.Service.Identity.Abstractions.csproj" />
|
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
</Project>
|
</Project>
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
using Thalos.Service.Application.Adapters;
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
|
using BuildingBlock.Identity.Contracts.Responses;
|
||||||
using Thalos.Service.Application.Ports;
|
using Thalos.Service.Application.Ports;
|
||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using Thalos.Domain.Decisions;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.UseCases;
|
namespace Thalos.Service.Application.UseCases;
|
||||||
|
|
||||||
@ -8,16 +9,16 @@ namespace Thalos.Service.Application.UseCases;
|
|||||||
/// Default orchestration implementation for identity policy evaluation.
|
/// Default orchestration implementation for identity policy evaluation.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public sealed class EvaluateIdentityPolicyUseCase(
|
public sealed class EvaluateIdentityPolicyUseCase(
|
||||||
IIdentityCapabilityContractAdapter contractAdapter,
|
IIdentityPolicyDecisionService decisionService,
|
||||||
IIdentityPolicyContextReadPort policyContextReadPort)
|
IIdentityPolicyContextReadPort policyContextReadPort)
|
||||||
: IEvaluateIdentityPolicyUseCase
|
: IEvaluateIdentityPolicyUseCase
|
||||||
{
|
{
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public async Task<EvaluateIdentityPolicyResponse> HandleAsync(EvaluateIdentityPolicyRequest request)
|
public async Task<EvaluateIdentityPolicyResponse> HandleAsync(EvaluateIdentityPolicyRequest request)
|
||||||
{
|
{
|
||||||
var policyContextRequest = contractAdapter.CreatePolicyContext(request);
|
var policyContextRequest = decisionService.BuildPolicyContextRequest(request);
|
||||||
var policyContextResponse = await policyContextReadPort.ReadPolicyContextAsync(policyContextRequest);
|
var policyContextData = await policyContextReadPort.ReadPolicyContextAsync(policyContextRequest);
|
||||||
|
|
||||||
return contractAdapter.MapPolicyResponse(request, policyContextResponse);
|
return decisionService.Evaluate(request, policyContextData);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
|
using BuildingBlock.Identity.Contracts.Responses;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.UseCases;
|
namespace Thalos.Service.Application.UseCases;
|
||||||
|
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
|
using BuildingBlock.Identity.Contracts.Responses;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.UseCases;
|
namespace Thalos.Service.Application.UseCases;
|
||||||
|
|
||||||
|
|||||||
@ -1,17 +1,22 @@
|
|||||||
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
|
using BuildingBlock.Identity.Contracts.Responses;
|
||||||
using Thalos.Service.Application.Ports;
|
using Thalos.Service.Application.Ports;
|
||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using Thalos.Domain.Decisions;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.UseCases;
|
namespace Thalos.Service.Application.UseCases;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Default orchestration implementation for identity token issuance.
|
/// Default orchestration implementation for identity token issuance.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public sealed class IssueIdentityTokenUseCase(IIdentityTokenReadPort readPort)
|
public sealed class IssueIdentityTokenUseCase(
|
||||||
|
IIdentityTokenReadPort readPort,
|
||||||
|
IIdentityTokenDecisionService decisionService)
|
||||||
: IIssueIdentityTokenUseCase
|
: IIssueIdentityTokenUseCase
|
||||||
{
|
{
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public Task<IssueIdentityTokenResponse> HandleAsync(IssueIdentityTokenRequest request)
|
public async Task<IssueIdentityTokenResponse> HandleAsync(IssueIdentityTokenRequest request)
|
||||||
{
|
{
|
||||||
return readPort.IssueTokenAsync(request);
|
var tokenData = await readPort.ReadTokenAsync(request);
|
||||||
|
return decisionService.BuildIssuedTokenResponse(tokenData);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2,7 +2,7 @@ using Grpc.Core;
|
|||||||
using Thalos.Service.Application.Adapters;
|
using Thalos.Service.Application.Adapters;
|
||||||
using Thalos.Service.Application.Grpc;
|
using Thalos.Service.Application.Grpc;
|
||||||
using Thalos.Service.Application.UseCases;
|
using Thalos.Service.Application.UseCases;
|
||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
|
|
||||||
namespace Thalos.Service.Grpc.Services;
|
namespace Thalos.Service.Grpc.Services;
|
||||||
|
|
||||||
|
|||||||
@ -14,6 +14,5 @@
|
|||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<Protobuf Include="Protos\identity_runtime.proto" GrpcServices="Server" />
|
<Protobuf Include="Protos\identity_runtime.proto" GrpcServices="Server" />
|
||||||
<ProjectReference Include="..\Thalos.Service.Application\Thalos.Service.Application.csproj" />
|
<ProjectReference Include="..\Thalos.Service.Application\Thalos.Service.Application.csproj" />
|
||||||
<ProjectReference Include="..\Thalos.Service.Identity.Abstractions\Thalos.Service.Identity.Abstractions.csproj" />
|
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
</Project>
|
</Project>
|
||||||
|
|||||||
@ -1,7 +1,9 @@
|
|||||||
using Thalos.Service.Application.Adapters;
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
|
using BuildingBlock.Identity.Contracts.Responses;
|
||||||
using Thalos.Service.Application.Ports;
|
using Thalos.Service.Application.Ports;
|
||||||
using Thalos.Service.Application.UseCases;
|
using Thalos.Service.Application.UseCases;
|
||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using Thalos.Domain.Contracts;
|
||||||
|
using Thalos.Domain.Decisions;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.UnitTests;
|
namespace Thalos.Service.Application.UnitTests;
|
||||||
|
|
||||||
@ -11,7 +13,7 @@ public class EvaluateIdentityPolicyUseCaseTests
|
|||||||
public async Task HandleAsync_WhenCalled_UsesIdentityContractsAndReturnsMappedResponse()
|
public async Task HandleAsync_WhenCalled_UsesIdentityContractsAndReturnsMappedResponse()
|
||||||
{
|
{
|
||||||
var useCase = new EvaluateIdentityPolicyUseCase(
|
var useCase = new EvaluateIdentityPolicyUseCase(
|
||||||
new FakeIdentityCapabilityContractAdapter(),
|
new FakeIdentityPolicyDecisionService(),
|
||||||
new FakeIdentityPolicyContextReadPort());
|
new FakeIdentityPolicyContextReadPort());
|
||||||
|
|
||||||
var response = await useCase.HandleAsync(new EvaluateIdentityPolicyRequest("subject-1", "tenant-1", "perm.read"));
|
var response = await useCase.HandleAsync(new EvaluateIdentityPolicyRequest("subject-1", "tenant-1", "perm.read"));
|
||||||
@ -21,29 +23,33 @@ public class EvaluateIdentityPolicyUseCaseTests
|
|||||||
Assert.True(response.IsAllowed);
|
Assert.True(response.IsAllowed);
|
||||||
}
|
}
|
||||||
|
|
||||||
private sealed class FakeIdentityCapabilityContractAdapter : IIdentityCapabilityContractAdapter
|
private sealed class FakeIdentityPolicyDecisionService : IIdentityPolicyDecisionService
|
||||||
{
|
{
|
||||||
public IdentityPolicyContextRequest CreatePolicyContext(EvaluateIdentityPolicyRequest identityRequest)
|
public IdentityPolicyContextRequest BuildPolicyContextRequest(EvaluateIdentityPolicyRequest request)
|
||||||
{
|
{
|
||||||
return new IdentityPolicyContextRequest(identityRequest.SubjectId, identityRequest.TenantId, identityRequest.PermissionCode);
|
return new IdentityPolicyContextRequest(request.SubjectId, request.TenantId, request.PermissionCode);
|
||||||
}
|
}
|
||||||
|
|
||||||
public EvaluateIdentityPolicyResponse MapPolicyResponse(
|
public EvaluateIdentityPolicyResponse Evaluate(
|
||||||
EvaluateIdentityPolicyRequest identityRequest,
|
EvaluateIdentityPolicyRequest request,
|
||||||
IdentityPolicyContextResponse contextResponse)
|
IdentityPolicyContextData policyContextData)
|
||||||
{
|
{
|
||||||
return new EvaluateIdentityPolicyResponse(
|
return new EvaluateIdentityPolicyResponse(
|
||||||
identityRequest.SubjectId,
|
request.SubjectId,
|
||||||
identityRequest.PermissionCode,
|
request.PermissionCode,
|
||||||
contextResponse.ContextSatisfied);
|
policyContextData.ContextSatisfied);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private sealed class FakeIdentityPolicyContextReadPort : IIdentityPolicyContextReadPort
|
private sealed class FakeIdentityPolicyContextReadPort : IIdentityPolicyContextReadPort
|
||||||
{
|
{
|
||||||
public Task<IdentityPolicyContextResponse> ReadPolicyContextAsync(IdentityPolicyContextRequest request)
|
public Task<IdentityPolicyContextData> ReadPolicyContextAsync(IdentityPolicyContextRequest request)
|
||||||
{
|
{
|
||||||
return Task.FromResult(new IdentityPolicyContextResponse(request.SubjectId, request.PermissionCode, true));
|
return Task.FromResult(new IdentityPolicyContextData(
|
||||||
|
request.SubjectId,
|
||||||
|
request.PermissionCode,
|
||||||
|
true,
|
||||||
|
[request.PermissionCode]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,6 +1,8 @@
|
|||||||
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
using Thalos.Service.Application.Ports;
|
using Thalos.Service.Application.Ports;
|
||||||
using Thalos.Service.Application.UseCases;
|
using Thalos.Service.Application.UseCases;
|
||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
using Thalos.Domain.Contracts;
|
||||||
|
using Thalos.Domain.Decisions;
|
||||||
|
|
||||||
namespace Thalos.Service.Application.UnitTests;
|
namespace Thalos.Service.Application.UnitTests;
|
||||||
|
|
||||||
@ -9,8 +11,9 @@ public class IssueIdentityTokenUseCaseTests
|
|||||||
[Fact]
|
[Fact]
|
||||||
public async Task HandleAsync_WhenCalled_DelegatesToReadPort()
|
public async Task HandleAsync_WhenCalled_DelegatesToReadPort()
|
||||||
{
|
{
|
||||||
|
var decisionService = new IdentityTokenDecisionService();
|
||||||
var port = new FakeIdentityTokenReadPort();
|
var port = new FakeIdentityTokenReadPort();
|
||||||
var useCase = new IssueIdentityTokenUseCase(port);
|
var useCase = new IssueIdentityTokenUseCase(port, decisionService);
|
||||||
|
|
||||||
var response = await useCase.HandleAsync(new IssueIdentityTokenRequest("user-1", "tenant-1"));
|
var response = await useCase.HandleAsync(new IssueIdentityTokenRequest("user-1", "tenant-1"));
|
||||||
|
|
||||||
@ -20,9 +23,9 @@ public class IssueIdentityTokenUseCaseTests
|
|||||||
|
|
||||||
private sealed class FakeIdentityTokenReadPort : IIdentityTokenReadPort
|
private sealed class FakeIdentityTokenReadPort : IIdentityTokenReadPort
|
||||||
{
|
{
|
||||||
public Task<IssueIdentityTokenResponse> IssueTokenAsync(IssueIdentityTokenRequest request)
|
public Task<IdentityTokenData> ReadTokenAsync(IssueIdentityTokenRequest request)
|
||||||
{
|
{
|
||||||
return Task.FromResult(new IssueIdentityTokenResponse("token-123", 3600));
|
return Task.FromResult(new IdentityTokenData("token-123", 3600));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,9 +1,9 @@
|
|||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using BuildingBlock.Identity.Contracts.Requests;
|
||||||
using Thalos.Service.Application.Adapters;
|
using Thalos.Service.Application.Adapters;
|
||||||
using Thalos.Service.Application.DependencyInjection;
|
using Thalos.Service.Application.DependencyInjection;
|
||||||
using Thalos.Service.Application.Grpc;
|
using Thalos.Service.Application.Grpc;
|
||||||
using Thalos.Service.Application.UseCases;
|
using Thalos.Service.Application.UseCases;
|
||||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
|
||||||
|
|
||||||
namespace Thalos.Service.Application.UnitTests;
|
namespace Thalos.Service.Application.UnitTests;
|
||||||
|
|
||||||
|
|||||||
@ -17,6 +17,5 @@
|
|||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ProjectReference Include="..\..\src\Thalos.Service.Application\Thalos.Service.Application.csproj" />
|
<ProjectReference Include="..\..\src\Thalos.Service.Application\Thalos.Service.Application.csproj" />
|
||||||
<ProjectReference Include="..\..\src\Thalos.Service.Identity.Abstractions\Thalos.Service.Identity.Abstractions.csproj" />
|
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
</Project>
|
</Project>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user