refactor: rename ScadaLink → ZB.MOM.WW.ScadaBridge (code + projects + namespaces)
Solution + 23 src projects + 26 test projects renamed; folders, csproj, namespaces, and ScadaLinkDbContext/ScadaBridgeDbContext class updated. ActorSystem "scadalink" → "scadabridge", Akka seed-node URLs migrated. SQL roles/logins, LDAP domains, CLI command name, and CLI config dir (~/.scadalink → ~/.scadabridge) also renamed. Build green; 5 Host.Tests fail awaiting SQL login rename in next commit. Pre-existing StaleTagMonitor timing flakes unchanged. Rename script committed at tools/rename-to-scadabridge.sh.
This commit is contained in:
Joseph Doherty
@@ -2,7 +2,7 @@
|
||||
|
||||
| Field | Value |
|
||||
|-------|-------|
|
||||
| Module | `src/ScadaLink.ManagementService` |
|
||||
| Module | `src/ZB.MOM.WW.ScadaBridge.ManagementService` |
|
||||
| Design doc | `docs/requirements/Component-ManagementService.md` |
|
||||
| Status | Reviewed |
|
||||
| Last reviewed | 2026-05-28 |
|
||||
@@ -31,7 +31,7 @@ authorization bypass with no workaround.
|
||||
#### Re-review 2026-05-17 (commit `39d737e`)
|
||||
|
||||
All thirteen prior findings remain correctly closed; the source under
|
||||
`src/ScadaLink.ManagementService` is byte-identical between the previously reviewed state
|
||||
`src/ZB.MOM.WW.ScadaBridge.ManagementService` is byte-identical between the previously reviewed state
|
||||
and `39d737e` (the resolution commits of findings 001–013 are folded into the history at or
|
||||
before `39d737e`). ManagementService-012 was re-checked and its **Deferred** status still
|
||||
holds: `ManagementEnvelope.Command` is still typed `object`, and the marker-interface fix
|
||||
@@ -111,7 +111,7 @@ _Re-review (2026-05-28, `1eb6e97`):_
|
||||
| Severity | High |
|
||||
| Category | Security |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:1465`, `:1481`, `:1493`, `:641`, `:649` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:1465`, `:1481`, `:1493`, `:641`, `:649` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -153,7 +153,7 @@ Resolved 2026-05-16 (commit `<pending>`). Threaded `AuthenticatedUser` into
|
||||
| Severity | High |
|
||||
| Category | Security |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:510`, `:673`, `:733`, `:774`, `:631`, `:624` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:510`, `:673`, `:733`, `:774`, `:631`, `:624` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -192,7 +192,7 @@ the resolved entity's site ID (instance `SiteId`, site `Id`, data-connection `Si
|
||||
| Severity | High |
|
||||
| Category | Security |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/DebugStreamHub.cs:104` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/DebugStreamHub.cs:104` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -231,7 +231,7 @@ tests: `IsInstanceAccessAllowed_SiteScopedUser_OutOfScopeInstance_Denied`,
|
||||
| Severity | Medium |
|
||||
| Category | Akka.NET conventions |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:61` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:61` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -271,7 +271,7 @@ mapping tests confirm behaviour is preserved.
|
||||
| Severity | Low |
|
||||
| Category | Akka.NET conventions |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:33` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:33` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -306,7 +306,7 @@ children today, so this is a forward-looking correctness fix. Regression tests:
|
||||
| Severity | Medium |
|
||||
| Category | Performance & resource management |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementEndpoints.cs:83`, `:112` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementEndpoints.cs:83`, `:112` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -342,7 +342,7 @@ string rather than parsing a throwaway document. Regression tests:
|
||||
| Severity | Medium |
|
||||
| Category | Code organization & conventions |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:67`; `src/ScadaLink.ManagementService/ManagementEndpoints.cs:113` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:67`; `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementEndpoints.cs:113` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -380,7 +380,7 @@ Regression tests: `SerializeResult_WithCyclicGraph_DoesNotThrow`,
|
||||
| Severity | Low |
|
||||
| Category | Correctness & logic bugs |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:285` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:285` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -403,7 +403,7 @@ Resolved 2026-05-16 (commit pending). Confirmed: `HandleResolveRoles` did
|
||||
(the two-step ResolveRoles flow is retired). Resolving 011 by deleting the
|
||||
`ResolveRolesCommand` dispatch case and `HandleResolveRoles` handler also removes the only
|
||||
manually-constructed `RoleMapper` in the module, so the DI-bypass no longer exists. No
|
||||
remaining `new RoleMapper` in `src/ScadaLink.ManagementService`. Regression covered by
|
||||
remaining `new RoleMapper` in `src/ZB.MOM.WW.ScadaBridge.ManagementService`. Regression covered by
|
||||
`ResolveRolesCommand_IsNoLongerDispatched_ReturnsManagementError`.
|
||||
|
||||
### ManagementService-009 — Audit logging applied inconsistently across mutating handlers
|
||||
@@ -413,7 +413,7 @@ remaining `new RoleMapper` in `src/ScadaLink.ManagementService`. Regression cove
|
||||
| Severity | Low — re-triaged from Medium; the claimed audit gap does not exist (see Description), leaving only an undocumented-convention issue. |
|
||||
| Category | Code organization & conventions |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:357`, `:1134`, `:1085`, `:526`, `:1275` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:357`, `:1134`, `:1085`, `:526`, `:1275` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -461,7 +461,7 @@ covers the explicit-audit path.
|
||||
| Severity | Low |
|
||||
| Category | Design-document adherence |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementServiceOptions.cs:5`; `src/ScadaLink.ManagementService/ManagementEndpoints.cs:16` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementServiceOptions.cs:5`; `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementEndpoints.cs:16` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -497,7 +497,7 @@ Regression tests: `ResolveAskTimeout_UsesConfiguredCommandTimeout`,
|
||||
| Severity | Low |
|
||||
| Category | Correctness & logic bugs |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:273`, `:283` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:273`, `:283` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -526,7 +526,7 @@ falls through to the `NotSupportedException` default and gets a uniform `Managem
|
||||
(closing the unauthenticated role-mapping enumeration surface, since `GetRequiredRole`
|
||||
returned null for it). A code comment at the former dispatch site documents the intentional
|
||||
omission. Note: the `ResolveRolesCommand` *record* itself lives in
|
||||
`src/ScadaLink.Commons/Messages/Management/SecurityCommands.cs` and was left in place — that
|
||||
`src/ZB.MOM.WW.ScadaBridge.Commons/Messages/Management/SecurityCommands.cs` and was left in place — that
|
||||
file is outside this module's permitted edit scope; deleting the orphan record should be done
|
||||
as a Commons-module follow-up. With the handler removed it is now an inert,
|
||||
registry-only type with no behaviour. Regression test:
|
||||
@@ -539,7 +539,7 @@ registry-only type with no behaviour. Regression test:
|
||||
| Severity | Low |
|
||||
| Category | Akka.NET conventions |
|
||||
| Status | Deferred |
|
||||
| Location | `src/ScadaLink.Commons/Messages/Management/ManagementEnvelope.cs:7`; `src/ScadaLink.ManagementService/ManagementActor.cs:132` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.Commons/Messages/Management/ManagementEnvelope.cs:7`; `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:132` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -561,8 +561,8 @@ flag unhandled cases, and keeps `ManagementCommandRegistry`'s reflection scan pr
|
||||
Deferred 2026-05-16. Finding verified as genuine: `ManagementEnvelope.Command` is typed
|
||||
`object` and the recommended `IManagementCommand` marker-interface fix is sound. However, the
|
||||
fix cannot be implemented within the `ManagementService` module: both `ManagementEnvelope` and
|
||||
all ~50 `*Command` records live in `src/ScadaLink.Commons/Messages/Management/` (17 files),
|
||||
which is outside this work item's permitted edit scope (`src/ScadaLink.ManagementService/**`,
|
||||
all ~50 `*Command` records live in `src/ZB.MOM.WW.ScadaBridge.Commons/Messages/Management/` (17 files),
|
||||
which is outside this work item's permitted edit scope (`src/ZB.MOM.WW.ScadaBridge.ManagementService/**`,
|
||||
its tests, and this findings file only). Adding the marker interface, retyping the envelope,
|
||||
and having `ManagementCommandRegistry` constrain its reflection scan to `IManagementCommand`
|
||||
implementers is a cohesive Commons-module change and must be done there — also so the Commons
|
||||
@@ -576,7 +576,7 @@ work item; no `ManagementService`-local change is appropriate.
|
||||
| Severity | Medium |
|
||||
| Category | Testing coverage |
|
||||
| Status | Resolved |
|
||||
| Location | `tests/ScadaLink.ManagementService.Tests/ManagementActorTests.cs:1` |
|
||||
| Location | `tests/ZB.MOM.WW.ScadaBridge.ManagementService.Tests/ManagementActorTests.cs:1` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -618,7 +618,7 @@ pre-existing site-scope and DebugStreamHub suites. `dotnet test` -> 48 passed.
|
||||
| Severity | High |
|
||||
| Category | Security |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:306`, `:1174` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:306`, `:1174` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -672,7 +672,7 @@ Regression tests: `QueryDeployments_WithDesignRole_ReturnsUnauthorized`,
|
||||
| Severity | Medium |
|
||||
| Category | Error handling & resilience |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:647`–`:659` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:647`–`:659` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -716,7 +716,7 @@ this residual is documented in a code comment on the handler. Regression tests:
|
||||
| Severity | Low |
|
||||
| Category | Security |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:121`–`:131` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:121`–`:131` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -761,7 +761,7 @@ leaked.
|
||||
| Severity | Low |
|
||||
| Category | Testing coverage |
|
||||
| Status | Resolved |
|
||||
| Location | `tests/ScadaLink.ManagementService.Tests/ManagementActorTests.cs:1` |
|
||||
| Location | `tests/ZB.MOM.WW.ScadaBridge.ManagementService.Tests/ManagementActorTests.cs:1` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -797,7 +797,7 @@ Deployment user and an Admin user, in- and out-of-scope
|
||||
| Severity | High |
|
||||
| Category | Security |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:153`–`:207`, `:336`, `:1302` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:153`–`:207`, `:336`, `:1302` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -858,7 +858,7 @@ pre-fix code (the command fell through to "any authenticated user") and pass aft
|
||||
| Severity | Medium |
|
||||
| Category | Security |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/AuditEndpoints.cs:358`–`:368`, `:397`–`:437` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/AuditEndpoints.cs:358`–`:368`, `:397`–`:437` |
|
||||
|
||||
**Description**
|
||||
|
||||
@@ -928,7 +928,7 @@ mixed-set intersected.
|
||||
| Severity | Medium |
|
||||
| Category | Security |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:1136`–`:1153` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:1136`–`:1153` |
|
||||
|
||||
**Resolution (2026-05-28):** Added `SmtpConfigPublicShape` projection that
|
||||
returns every non-secret field plus a `HasCredentials` bool — never the
|
||||
@@ -989,7 +989,7 @@ Add regression tests: `UpdateSmtpConfig_DoesNotEchoCredentialsInResponse` and
|
||||
| Severity | Medium |
|
||||
| Category | Testing coverage |
|
||||
| Status | Resolved |
|
||||
| Location | `tests/ScadaLink.ManagementService.Tests/ManagementActorTests.cs:1`; `src/ScadaLink.ManagementService/ManagementActor.cs:1717`–`:1897` |
|
||||
| Location | `tests/ZB.MOM.WW.ScadaBridge.ManagementService.Tests/ManagementActorTests.cs:1`; `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:1717`–`:1897` |
|
||||
|
||||
**Resolution (2026-05-28):** Added six `ManagementActorTests` cases covering the load-bearing bundle behaviours. Role gating: `ExportBundleCommand_WithAdminRole_ReturnsUnauthorized` (Export needs Design), `PreviewBundleCommand_WithDesignRole_ReturnsUnauthorized`, and `ImportBundleCommand_WithDesignRole_ReturnsUnauthorized` (Preview/Import need Admin). Name resolution: `ExportBundleCommand_WithUnknownTemplateName_ReturnsManagementError` proves the `ResolveIds` `ManagementCommandException` surfaces verbatim with the missing entity type + name. Handler logic: `ImportBundleCommand_WithBlockerRow_AbortsBeforeApply` seeds a `ConflictKind.Blocker` preview and asserts `IBundleImporter.ApplyAsync` is never called and the error names the blocker; `ImportBundleCommand_DuplicatePreviewItems_DedupePerEntityTypeAndName` seeds three rows for the same `(Template, "Dup")` key (Identical, Modified, Identical) and asserts only one resolution reaches `ApplyAsync` with last-write-wins (`Skip`, overriding the prior `Modified`/`Overwrite`). All bundle tests use substituted `IBundleExporter`/`IBundleImporter` via a new `AddBundleSubstitutes()` helper plus stub `GetAll*Async` repository returns. 106/106 ManagementService.Tests pass.
|
||||
|
||||
@@ -1095,7 +1095,7 @@ Update `Component-ManagementService.md`:
|
||||
| Severity | Low |
|
||||
| Category | Performance & resource management |
|
||||
| Status | Resolved |
|
||||
| Location | `src/ScadaLink.ManagementService/ManagementActor.cs:1276`–`:1295` |
|
||||
| Location | `src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs:1276`–`:1295` |
|
||||
|
||||
**Resolution (2026-05-28):** Swapped the per-`InstanceId` `GetInstanceByIdAsync` lookup loop for a single `templateRepo.GetAllInstancesAsync()` bulk fetch, projected into a `Dictionary<int, int?>` keyed by `Instance.Id`. The unfiltered branch now hits the configuration database exactly twice (deployment records + instances) regardless of fleet size. Existing test `QueryDeployments_UnfilteredForSiteScopedUser_DropsOutOfScopeRecords` was updated to mock the bulk path and to assert `GetInstanceByIdAsync` is no longer used on the unfiltered branch; new regression test `QueryDeployments_UnfilteredForSiteScopedUser_UsesBulkInstanceLoad_NotPerRecordLookup` pins `GetAllInstancesAsync` is invoked exactly once even with duplicate-instance records.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user