feat: add deployment zone overlays

This commit is contained in:
2026-05-24 15:55:05 +02:00
parent 62236f6453
commit ff1c4ce05b
28 changed files with 1282 additions and 26 deletions

View File

@@ -0,0 +1,47 @@
from __future__ import annotations
from pathlib import Path
import yaml
def test_deployment_zone_inventory_covers_current_scenarios() -> None:
inventory = yaml.safe_load(
Path("fabric/discovery/snapshots/2026-05-24-deployment-zone-inventory.yaml").read_text(encoding="utf-8")
)
surfaces = inventory["surfaces"]
scenarios = {surface["deployment_scenario"] for surface in surfaces}
environments = {surface["deployment_environment"] for surface in surfaces}
assert {"bernd-laptop", "coulombcore", "railiance01"} <= scenarios
assert {"dev", "test", "prod"} <= environments
dev_routes = [
surface["route_evidence"]
for surface in surfaces
if surface["deployment_environment"] == "dev"
]
assert {route["port"] for route in dev_routes} >= {3000, 8000, 8001, 8765, 8876}
test_routes = [
surface
for surface in surfaces
if surface["deployment_scenario"] == "coulombcore"
]
assert all(surface["routing_authority"] == "ops-bridge" for surface in test_routes)
assert all(surface["policy_authority"] == "ops-bridge-ssh" for surface in test_routes)
prod_hosts = {
surface["route_evidence"]["hostname"]
for surface in surfaces
if surface["deployment_scenario"] == "railiance01"
}
assert {"gitea.coulomb.social", "vergabe-teilnahme.whywhynot.de", "auth.coulomb.social"} <= prod_hosts
ambiguity_ids = {item["id"] for item in inventory["ambiguities"]}
assert "railiance01-coulombcore-ip-conflict" in ambiguity_ids
assert {item["surface_id"] for item in inventory["missing_policy_authority"]} >= {
"prod.railiance01.gitea",
"prod.railiance01.vergabe-teilnahme",
}

View File

@@ -52,6 +52,11 @@ def test_graph_explorer_manifest_and_payload_validate() -> None:
}
filter_labels = {field["id"]: field["label"] for field in manifest["filter"]["fields"]}
assert filter_labels["layer"] == "Node Type"
assert filter_labels["deploymentEnvironment"] == "Deployment Environment"
assert filter_labels["accessZone"] == "Access Zone"
assert {"by-deployment-environment", "by-deployment-scenario", "by-routing-authority", "by-access-zone"} <= {
mode["id"] for mode in manifest["modes"]
}
nodes = [element for element in payload["elements"] if "source" not in element["data"]]
edges = [element for element in payload["elements"] if "source" in element["data"]]
registered_only = next(
@@ -164,7 +169,19 @@ def test_graph_explorer_presents_legacy_server_nodes_as_runtime_entities() -> No
"repo": "fixture-repo",
"domain": "testing",
"lifecycle": "active",
"attributes": {"host": "gitea.example.test", "server_type": "ingress-host"},
"attributes": {
"host": "gitea.example.test",
"server_type": "ingress-host",
"deployment_overlay": {
"deployment_environment": "test",
"deployment_scenario": "coulombcore",
"routing_authority": "kubernetes",
"access_zone": "early-access",
"policy_authority": "netkingdom-iam",
"exposure_class": "early-access",
"route_evidence": {"hostname": "gitea.example.test", "port": 443, "protocol": "tcp"},
},
},
},
{
"id": "fixture.server.gitea.default.svc.cluster.local",
@@ -217,6 +234,12 @@ def test_graph_explorer_presents_legacy_server_nodes_as_runtime_entities() -> No
assert nodes_by_id["fixture.server.gitea.example.test"]["kind"] == "ApplicationEndpoint"
assert nodes_by_id["fixture.server.gitea.example.test"]["layer"] == "application"
assert nodes_by_id["fixture.server.gitea.example.test"]["deploymentEnvironment"] == "test"
assert nodes_by_id["fixture.server.gitea.example.test"]["deploymentScenario"] == "coulombcore"
assert nodes_by_id["fixture.server.gitea.example.test"]["accessZone"] == "early-access"
assert nodes_by_id["fixture.server.gitea.example.test"]["policyAuthority"] == "netkingdom-iam"
assert nodes_by_id["fixture.server.gitea.example.test"]["routeHostname"] == "gitea.example.test"
assert nodes_by_id["fixture.server.gitea.example.test"]["routePort"] == 443
assert nodes_by_id["fixture.server.gitea.default.svc.cluster.local"]["kind"] == "RuntimeService"
assert nodes_by_id["fixture.server.gitea.default.svc.cluster.local"]["layer"] == "runtime_service"
edge_types = {
@@ -387,6 +410,12 @@ def test_registry_serves_graph_explorer_exports(tmp_path: Path) -> None:
assert "updateLabelVisibility" in page
assert "ruleActionFor" in page
assert "ruleRemovalSignature" in page
assert "zoneModeFields" in page
assert "renderMapOverview" in page
assert "route without policy authority" in page
assert "deploymentEnvironment" in page
assert "routingAuthority" in page
assert "accessZone" in page
assert "Remove and redraw" in page
assert "Rules are applied top to bottom" in page
assert "showHelp" in page

View File

@@ -309,6 +309,8 @@ def test_registry_accepts_financial_graph_and_materializes_vnext_fields(tmp_path
assert graph["apiVersion"] == "railiance.fabric/v1alpha2"
assert graph["schema_version"] == "financial-fabric-v1"
assert graph["nodes"][0]["evidence"]["review_state"] == "accepted"
assert graph["nodes"][0]["deployment_overlay"]["deployment_environment"] == "dev"
assert graph["nodes"][0]["deployment_overlay"]["deployment_scenario"] == "bernd-laptop"
assert edge["relationship_category"] == "utility"
assert edge["boundary"]["crosses_fabric_boundary"] is False
assert edge["boundary"]["crosses_subfabric_boundary"] is True
@@ -558,6 +560,15 @@ def _financial_graph() -> dict:
"subfabric_id": None,
"environment": "local",
},
"deployment_overlay": {
"deployment_environment": "dev",
"deployment_scenario": "bernd-laptop",
"routing_authority": "loopback",
"access_zone": "private-dev",
"policy_authority": "local-loopback-binding",
"exposure_class": "local-only",
"route_evidence": {"host": "127.0.0.1", "port": 8000, "protocol": "tcp"},
},
"ownership": {
"owner_actor_id": "actor.railiance.primary-lord",
"owner_role": "lord",

View File

@@ -44,6 +44,14 @@ def test_scan_repo_emits_schema_valid_deterministic_snapshot(tmp_path: Path) ->
assert nodes_by_label[("Lockfile", "package-lock.json")]["attributes"]["path"] == "package-lock.json"
assert nodes_by_label[("ServiceConfig", "application.yaml")]["attributes"]["format"] == "yaml"
assert nodes_by_label[("Server", "127.0.0.1")]["attributes"]["runtime_target_type"] == "compose-host"
dev_overlay = nodes_by_label[("Server", "127.0.0.1")]["attributes"]["deployment_overlay"]
assert dev_overlay["deployment_environment"] == "dev"
assert dev_overlay["deployment_scenario"] == "bernd-laptop"
assert dev_overlay["access_zone"] == "private-dev"
assert dev_overlay["policy_authority"] == "local-loopback-binding"
assert dev_overlay["exposure_class"] == "local-only"
assert dev_overlay["routing_authority"] == "docker-compose"
assert dev_overlay["route_evidence"]["port"] == 8080
assert (
nodes_by_label[("RuntimeService", "fixture-api.testing.svc.cluster.local")]["attributes"]["runtime_target_type"]
== "kubernetes-service-dns"