Skip to content

Feature/Develop MVP July 2025 #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 29 commits into from
Jul 16, 2025
Merged

Feature/Develop MVP July 2025 #8

merged 29 commits into from
Jul 16, 2025

Conversation

@devpro
Copy link
Owner

@devpro devpro commented Jul 13, 2025
edited
Loading

Features

  • State lock/unlock features
  • Integration tests with 60% of code coverage
  • NuGet package upgrade
  • Basic sample
  • Pipeline upgrade
  • Secured container image (with SUSE BCI)
  • CONTRIBUTING file
  • User repository with password hash

devpro added 21 commits July 13, 2025 13:31
@devpro
Delete automation doc
4ad5eef
@devpro
Cosmetic code changes to Docker sample
bc06bc0
@devpro
Dump version to 1.1.0
aaeb1c6
@devpro
Use SUSE Base container images
72a175c
@devpro
Improve README and update action version in GitLab Actions
8502f54
@devpro
Update max CVE to 0 in container scan
ba881a9
@devpro
Update packages
c459bd9
@devpro
Use ThrowIfNull in RawRequestBodyFormatter CanRead method
8b4cef7
@devpro
Add CI/CD pipelines section in CONTRIBUTING
22fafe4
@devpro
Update Sonar key in badge
b8e7319
@devpro
Fix Sonar warning about Dockerfile
232c956
@devpro
Code improvements following update to .NET 8
deeba66
@devpro
Use file scoped namespace
0db3475
@devpro
Add HealthCheckResource_Create_ReturnsOk integration test
11ed03a
@devpro
Add HealthCheckResource_Create_ReturnsOk integration test
1e53810
@devpro
Improve BehaviorServiceCollectionExtensions
144c0e2
@devpro
Add HealthCheckResource_GetNotExisting_ReturnsOk test
1d12e04 
Replace FluentAssertions with AwesomeAssertions
Move files to libraries when not specific to project
@devpro
Add integration tests and start implementing state lock
544c2ab
@devpro
Add terraform-local-exec
494448e
@devpro
Finalize tests
c510166
@devpro
Improve test and doc
6dcf7d8
@devpro devpro changed the title Feature/Fix GitHub Actions (pipelines) Feature/Develop MVP Jul 14, 2025
@devpro devpro changed the title Feature/Develop MVP Feature/Develop MVP July 2025 Jul 14, 2025
@jjkola
Copy link
Contributor

jjkola commented Jul 14, 2025
edited
Loading

I would prefer that the branch is kept reasonably small. I wanted to contribute a basic implementation for user management but now I don't know when/if I should do that (was waiting for the PR to close so that I have a stable code base to work on). Nevertheless this your project and you are free to do whatever you want.

@devpro
Copy link
Owner Author

devpro commented Jul 15, 2025

I would prefer that the branch is kept reasonably small. I wanted to contribute a basic implementation for user management but now I don't know when/if I should do that (was waiting for the PR to close so that I have a stable code base to work on). Nevertheless this your project and you are free to do whatever you want.

Understood. This is an unusual "big" PR as there are many changes that I wanted to deliver quickly. It will be merged tomorrow. Sorry for the delay. I will be interested to have your inputs/contributions. Hope you'll appreciate the new changes. I really believe in this project, didn't have the time to work on it before.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 16, 2025

Quality Gate Passed Quality Gate passed

Issues
9 New issues
0 Accepted issues

Measures
0 Security Hotspots
83.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@devpro devpro merged commit be7d910 into main Jul 16, 2025
4 checks passed
@devpro devpro deleted the feature/pipeline-fix branch July 16, 2025 21:25
jjkola
jjkola reviewed Jul 17, 2025
View reviewed changes
src/Common.AspNetCore.WebApi/Builder/PolicyBuilderExtensions.cs
}

return app;
app.UseHttpsRedirection();
Copy link
Contributor

@jjkola jjkola Jul 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@devpro This may lead to hard to debug issues as the HTTPS redirection may and will cause required headers to be stripped. Users may be left with the impression that issue is with credentials when the real issue is configuration issue. Also, this may not work with non-standard ports out of the box. Microsoft recommends using HTTPS redirection only with normal websites and advises against it with API sites. The recommended action is not listening at all to HTTP port, or alternatively reacting with HTTP status code 400 (Bad Request).

Also, in some cases users may not have HTTPS available. For example, I will have the certificate system available after I will be able to setup TF and bring up a server which will handle certificates. And, yes I could hack something, but I would like to rather make it work correctly the first time.

Copy link
Contributor

@jjkola jjkola Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the noise, I didn't realize that you had just changed the file to use scoped namespace. But, still, the issues mentioned in my previous comment are valid (if you take out the original thought that redirection is always forced, and thus being configurable).

jjkola
jjkola reviewed Jul 17, 2025
View reviewed changes
src/WebApi/Controllers/StateController.cs
/// <param name="tenant"></param>
/// <param name="name">The name of the Terraform state</param>
/// <returns>Raw string</returns>
[HttpGet("{name:regex([[a-zA-Z]]+)}", Name = "GetState")]
Copy link
Contributor

@jjkola jjkola Jul 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@devpro Why only a-z (and their uppercase variants)? Wouldn't it be better to use a typed value which will be checked within the type. This will make it testable and most likely more performant as there is no guarantee how many times this regex is created when in the case of typed value it needs to be instantiated only once during the lifetime.

Copy link
Owner Author

@devpro devpro Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't find another solution but happy to change.
Problem was to differenciate the calls between {state} and {state}/lock (POST/DELETE).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jjkola jjkola jjkola left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@devpro @jjkola