Joseph Doherty
819f1b4665
Each finding is a focused validation guard or upper bound at a trust boundary.
Highlights:
- Commons-015: EncryptionMetadata ctor now validates Algorithm (AES-256-GCM
only), Kdf (PBKDF2-SHA256 only), Iterations ([100k, 10M]), non-null Salt/IV.
- Transport-004: new BundleUnlockRateLimiter (sliding-window, per-key,
singleton) wired into BundleImporter.LoadAsync; over-budget callers see
BundleUnlockRateLimitedException. Per-bundle 3-strike + per-window cap.
- ESG-022: ExternalSystemClient.InvokeHttpAsync allow-lists the documented
GET/POST/PUT/PATCH/DELETE set (case-insensitive); unknown verbs throw.
- SEL-015: SiteEventLogger queue now bounded (10k cap, DropOldest); dropped
events fault their Task and increment FailedWriteCount so the drop is
observable instead of an unbounded memory growth.
- SEL-017: EventLogQueryService clamps caller-supplied PageSize to a new
MaxQueryPageSize cap (default 500) so int.MaxValue can't OOM the host.
- SEL-020: LogEventAsync rejects severities outside {Info, Warning, Error}
(matches SQLite BINARY-collation query filter).
- InboundAPI-020: ContentType "json" check now case-insensitive
(application/JSON no longer slips through as not-json).
- InboundAPI-024: _knownBadMethods capped at 1000 entries (drops new entries
once full); per-request DB lookup remains the correctness path.
- SR-025: HandleSetStaticAttribute validates the attribute name against the
deployed config; unknown names now return Success=false instead of
leaking orphan override rows into the SQLite store.
- TE-021: MoveTemplateAsync runs the sibling-name-collision check at the
destination, mirroring TemplateFolderService.MoveFolderAsync.
- TE-022: LockEnforcer's once-locked-stays-locked rule now also covers
LockedInDerived (was previously only IsLocked).
New regression tests across 8 test projects (EncryptionMetadata, rate
limiter, ESG client allow-list, SEL bounded channel / PageSize clamp /
severity validation, InboundAPI ContentType + bad-methods cap, SiteRT
unknown-attribute, TemplateEngine MoveTemplate + LockedInDerived).
Build clean; affected suites all green. README regenerated: 93 open (was 104).
Note: a separate manual re-run was needed for the SiteEventLogging hunk
because its initial subagent's source edits never landed on disk despite
reporting success (file-collision-style failure mode).
562 lines
22 KiB
C#
562 lines
22 KiB
C#
using Microsoft.Extensions.Logging;
|
|
using Microsoft.Extensions.Logging.Abstractions;
|
|
using NSubstitute;
|
|
using ScadaLink.Commons.Entities.InboundApi;
|
|
using ScadaLink.Commons.Interfaces.Services;
|
|
using ScadaLink.Commons.Messages.InboundApi;
|
|
|
|
namespace ScadaLink.InboundAPI.Tests;
|
|
|
|
/// <summary>
|
|
/// WP-3: Tests for script execution on central — timeout, handler dispatch, error handling.
|
|
/// WP-5: Safe error messages.
|
|
/// </summary>
|
|
public class InboundScriptExecutorTests
|
|
{
|
|
private readonly InboundScriptExecutor _executor;
|
|
private readonly RouteHelper _route;
|
|
|
|
public InboundScriptExecutorTests()
|
|
{
|
|
_executor = new InboundScriptExecutor(NullLogger<InboundScriptExecutor>.Instance, Substitute.For<IServiceProvider>());
|
|
var locator = Substitute.For<IInstanceLocator>();
|
|
var router = Substitute.For<IInstanceRouter>();
|
|
_route = new RouteHelper(locator, router);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task RegisteredHandler_ExecutesSuccessfully()
|
|
{
|
|
var method = new ApiMethod("test", "return 42;") { Id = 1, TimeoutSeconds = 10 };
|
|
_executor.RegisterHandler("test", async ctx =>
|
|
{
|
|
await Task.CompletedTask;
|
|
return new { result = 42 };
|
|
});
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method,
|
|
new Dictionary<string, object?>(),
|
|
_route,
|
|
TimeSpan.FromSeconds(10));
|
|
|
|
Assert.True(result.Success);
|
|
Assert.NotNull(result.ResultJson);
|
|
Assert.Contains("42", result.ResultJson);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task UnregisteredHandler_InvalidScript_ReturnsCompilationFailure()
|
|
{
|
|
// Use an invalid script that cannot be compiled by Roslyn
|
|
var method = new ApiMethod("unknown", "%%% invalid C# %%%") { Id = 1, TimeoutSeconds = 10 };
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method,
|
|
new Dictionary<string, object?>(),
|
|
_route,
|
|
TimeSpan.FromSeconds(10));
|
|
|
|
Assert.False(result.Success);
|
|
Assert.Contains("Script compilation failed", result.ErrorMessage);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task UnregisteredHandler_ValidScript_LazyCompiles()
|
|
{
|
|
// Valid script that is not pre-registered triggers lazy compilation
|
|
var method = new ApiMethod("lazy", "return 1;") { Id = 1, TimeoutSeconds = 10 };
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method,
|
|
new Dictionary<string, object?>(),
|
|
_route,
|
|
TimeSpan.FromSeconds(10));
|
|
|
|
Assert.True(result.Success);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task HandlerThrows_ReturnsSafeErrorMessage()
|
|
{
|
|
var method = new ApiMethod("failing", "throw new Exception();") { Id = 1, TimeoutSeconds = 10 };
|
|
_executor.RegisterHandler("failing", _ => throw new InvalidOperationException("internal detail leak"));
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method,
|
|
new Dictionary<string, object?>(),
|
|
_route,
|
|
TimeSpan.FromSeconds(10));
|
|
|
|
Assert.False(result.Success);
|
|
// WP-5: Safe error message — should NOT contain "internal detail leak"
|
|
Assert.Equal("Internal script error", result.ErrorMessage);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task HandlerTimesOut_ReturnsTimeoutError()
|
|
{
|
|
var method = new ApiMethod("slow", "Thread.Sleep(60000);") { Id = 1, TimeoutSeconds = 1 };
|
|
_executor.RegisterHandler("slow", async ctx =>
|
|
{
|
|
await Task.Delay(TimeSpan.FromSeconds(60), ctx.CancellationToken);
|
|
return "never";
|
|
});
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method,
|
|
new Dictionary<string, object?>(),
|
|
_route,
|
|
TimeSpan.FromMilliseconds(100));
|
|
|
|
Assert.False(result.Success);
|
|
Assert.Contains("timed out", result.ErrorMessage);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task HandlerAccessesParameters()
|
|
{
|
|
var method = new ApiMethod("echo", "return params;") { Id = 1, TimeoutSeconds = 10 };
|
|
_executor.RegisterHandler("echo", async ctx =>
|
|
{
|
|
await Task.CompletedTask;
|
|
return ctx.Parameters["name"];
|
|
});
|
|
|
|
var parameters = new Dictionary<string, object?> { { "name", "ScadaLink" } };
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method, parameters, _route, TimeSpan.FromSeconds(10));
|
|
|
|
Assert.True(result.Success);
|
|
Assert.Contains("ScadaLink", result.ResultJson!);
|
|
}
|
|
|
|
// --- InboundAPI-001: concurrent lazy-compile must not corrupt the handler cache ---
|
|
|
|
[Fact]
|
|
public async Task ConcurrentLazyCompile_SameMethod_DoesNotCorruptCache()
|
|
{
|
|
// Many concurrent first-callers of an uncompiled method race the lazy-compile
|
|
// path. With an unsynchronized Dictionary this can throw or return a torn/null
|
|
// handler; all calls must succeed and produce the same result.
|
|
var method = new ApiMethod("concurrent", "return 7;") { Id = 1, TimeoutSeconds = 10 };
|
|
|
|
var tasks = Enumerable.Range(0, 64).Select(_ => Task.Run(() =>
|
|
_executor.ExecuteAsync(
|
|
method,
|
|
new Dictionary<string, object?>(),
|
|
_route,
|
|
TimeSpan.FromSeconds(10)))).ToArray();
|
|
|
|
var results = await Task.WhenAll(tasks);
|
|
|
|
Assert.All(results, r =>
|
|
{
|
|
Assert.True(r.Success, r.ErrorMessage);
|
|
Assert.Equal("7", r.ResultJson);
|
|
});
|
|
}
|
|
|
|
[Fact]
|
|
public async Task ConcurrentRegisterAndExecute_DoesNotThrow()
|
|
{
|
|
// RegisterHandler/RemoveHandler racing ExecuteAsync must not crash the process
|
|
// with an InvalidOperationException from concurrent Dictionary mutation.
|
|
var method = new ApiMethod("racy", "return 1;") { Id = 1, TimeoutSeconds = 10 };
|
|
|
|
var writers = Enumerable.Range(0, 32).Select(i => Task.Run(() =>
|
|
{
|
|
for (var n = 0; n < 50; n++)
|
|
{
|
|
_executor.RegisterHandler("racy", async ctx => { await Task.CompletedTask; return i; });
|
|
_executor.RemoveHandler("racy");
|
|
}
|
|
}));
|
|
|
|
var readers = Enumerable.Range(0, 32).Select(_ => Task.Run(async () =>
|
|
{
|
|
for (var n = 0; n < 50; n++)
|
|
{
|
|
await _executor.ExecuteAsync(
|
|
method, new Dictionary<string, object?>(), _route, TimeSpan.FromSeconds(10));
|
|
}
|
|
}));
|
|
|
|
// Should complete without an unhandled concurrency exception.
|
|
await Task.WhenAll(writers.Concat(readers));
|
|
}
|
|
|
|
// --- InboundAPI-005: compiled scripts must not bypass the script trust model ---
|
|
|
|
[Theory]
|
|
[InlineData("System.IO.File.Delete(\"/tmp/x\"); return null;")]
|
|
[InlineData("System.Diagnostics.Process.Start(\"/bin/sh\"); return null;")]
|
|
[InlineData("var t = System.Reflection.Assembly.GetExecutingAssembly(); return null;")]
|
|
[InlineData("new System.Threading.Thread(() => {}).Start(); return null;")]
|
|
[InlineData("var s = new System.Net.Sockets.Socket(System.Net.Sockets.AddressFamily.InterNetwork, System.Net.Sockets.SocketType.Stream, System.Net.Sockets.ProtocolType.Tcp); return null;")]
|
|
public void CompileAndRegister_ForbiddenApi_RejectsScript(string script)
|
|
{
|
|
var method = new ApiMethod("forbidden", script) { Id = 1, TimeoutSeconds = 10 };
|
|
|
|
var registered = _executor.CompileAndRegister(method);
|
|
|
|
Assert.False(registered);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task ExecuteAsync_ForbiddenApiScript_DoesNotRunAndReturnsFailure()
|
|
{
|
|
// A fully-qualified forbidden API call must be rejected at compile/register time
|
|
// so the script never executes.
|
|
var marker = System.IO.Path.Combine(
|
|
System.IO.Path.GetTempPath(), $"scadalink-pwned-{Guid.NewGuid():N}");
|
|
System.IO.File.Delete(marker);
|
|
|
|
var method = new ApiMethod("evil", $"System.IO.File.WriteAllText(@\"{marker}\", \"x\"); return 1;")
|
|
{
|
|
Id = 1,
|
|
TimeoutSeconds = 10
|
|
};
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method, new Dictionary<string, object?>(), _route, TimeSpan.FromSeconds(10));
|
|
|
|
Assert.False(result.Success);
|
|
Assert.False(System.IO.File.Exists(marker));
|
|
}
|
|
|
|
[Fact]
|
|
public void CompileAndRegister_PermittedScript_StillRegisters()
|
|
{
|
|
// The trust-model check must not reject legitimate scripts.
|
|
var method = new ApiMethod("ok", "var list = new List<int> { 1, 2, 3 }; return list.Sum();")
|
|
{
|
|
Id = 1,
|
|
TimeoutSeconds = 10
|
|
};
|
|
|
|
Assert.True(_executor.CompileAndRegister(method));
|
|
}
|
|
|
|
// --- InboundAPI-002: lazy compile-and-fetch must be atomic, never KeyNotFoundException ---
|
|
|
|
[Fact]
|
|
public async Task LazyCompile_RacingRemoveHandler_NeverThrowsKeyNotFound()
|
|
{
|
|
// The lazy-compile path must compile-and-fetch atomically: a concurrent
|
|
// RemoveHandler must not be able to turn a first-call into an "Internal
|
|
// script error" (the old check-then-act re-read could throw KeyNotFoundException).
|
|
var method = new ApiMethod("atomic", "return 5;") { Id = 1, TimeoutSeconds = 10 };
|
|
|
|
var removers = Enumerable.Range(0, 16).Select(_ => Task.Run(() =>
|
|
{
|
|
for (var n = 0; n < 200; n++)
|
|
_executor.RemoveHandler("atomic");
|
|
}));
|
|
|
|
var callers = Enumerable.Range(0, 16).Select(_ => Task.Run(async () =>
|
|
{
|
|
for (var n = 0; n < 50; n++)
|
|
{
|
|
var r = await _executor.ExecuteAsync(
|
|
method, new Dictionary<string, object?>(), _route, TimeSpan.FromSeconds(10));
|
|
// Result must always be a clean success or a clean compilation
|
|
// failure — never the catch-all "Internal script error".
|
|
Assert.NotEqual("Internal script error", r.ErrorMessage);
|
|
}
|
|
}));
|
|
|
|
await Task.WhenAll(removers.Concat(callers));
|
|
}
|
|
|
|
// --- InboundAPI-004: a client disconnect must NOT be reported as a script timeout ---
|
|
|
|
[Fact]
|
|
public async Task ClientDisconnect_IsNotReportedAsTimeout()
|
|
{
|
|
// When the caller's request token is cancelled (client aborted the request),
|
|
// ExecuteAsync must report a client-cancelled failure, not "Script execution
|
|
// timed out" — that log line is reserved for genuine timeouts.
|
|
var method = new ApiMethod("aborted", "return 1;") { Id = 1, TimeoutSeconds = 30 };
|
|
_executor.RegisterHandler("aborted", async ctx =>
|
|
{
|
|
await Task.Delay(TimeSpan.FromSeconds(60), ctx.CancellationToken);
|
|
return "never";
|
|
});
|
|
|
|
using var clientAborted = new CancellationTokenSource();
|
|
clientAborted.CancelAfter(TimeSpan.FromMilliseconds(100));
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method,
|
|
new Dictionary<string, object?>(),
|
|
_route,
|
|
// Generous method timeout so the timeout CTS is NOT the cause.
|
|
TimeSpan.FromSeconds(30),
|
|
clientAborted.Token);
|
|
|
|
Assert.False(result.Success);
|
|
Assert.DoesNotContain("timed out", result.ErrorMessage ?? string.Empty);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task GenuineTimeout_StillReportedAsTimeout()
|
|
{
|
|
// A method that exceeds its timeout with no client abort must still be
|
|
// reported as "timed out" (regression guard for the InboundAPI-004 fix).
|
|
var method = new ApiMethod("genuine", "return 1;") { Id = 1, TimeoutSeconds = 1 };
|
|
_executor.RegisterHandler("genuine", async ctx =>
|
|
{
|
|
await Task.Delay(TimeSpan.FromSeconds(60), ctx.CancellationToken);
|
|
return "never";
|
|
});
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method,
|
|
new Dictionary<string, object?>(),
|
|
_route,
|
|
TimeSpan.FromMilliseconds(100),
|
|
CancellationToken.None);
|
|
|
|
Assert.False(result.Success);
|
|
Assert.Contains("timed out", result.ErrorMessage);
|
|
}
|
|
|
|
// --- InboundAPI-009: a script that fails to compile must be compiled at most
|
|
// once — repeated calls must not re-run the expensive Roslyn compilation. ---
|
|
|
|
[Fact]
|
|
public async Task FailedCompilation_IsNotRetriedOnEveryRequest()
|
|
{
|
|
// A broken script compiled once must be remembered as bad: subsequent
|
|
// ExecuteAsync calls must NOT recompile (CPU amplification vector — there is
|
|
// no rate limiting on the inbound API). Compilation is observed via the
|
|
// "compilation failed" log line, which must appear exactly once.
|
|
var counter = new CompileLogCounter();
|
|
var executor = new InboundScriptExecutor(
|
|
new CountingLogger<InboundScriptExecutor>(counter),
|
|
Substitute.For<IServiceProvider>());
|
|
|
|
var method = new ApiMethod("broken", "%%% invalid C# %%%") { Id = 1, TimeoutSeconds = 10 };
|
|
|
|
for (var i = 0; i < 5; i++)
|
|
{
|
|
var result = await executor.ExecuteAsync(
|
|
method, new Dictionary<string, object?>(), _route, TimeSpan.FromSeconds(10));
|
|
Assert.False(result.Success);
|
|
}
|
|
|
|
Assert.Equal(1, counter.CompilationFailures);
|
|
}
|
|
|
|
[Fact]
|
|
public void FailedCompilation_RecompilesAfterCompileAndRegisterCalledAgain()
|
|
{
|
|
// The failure cache must not be permanent: when the method definition is
|
|
// updated via CompileAndRegister, a now-valid script must register.
|
|
var bad = new ApiMethod("fixable", "%%% invalid %%%") { Id = 1, TimeoutSeconds = 10 };
|
|
Assert.False(_executor.CompileAndRegister(bad));
|
|
|
|
var good = new ApiMethod("fixable", "return 1;") { Id = 1, TimeoutSeconds = 10 };
|
|
Assert.True(_executor.CompileAndRegister(good));
|
|
}
|
|
|
|
// --- InboundAPI-024: _knownBadMethods must be bounded so a spam attack of
|
|
// unique method names cannot grow the cache without bound. ---
|
|
|
|
[Fact]
|
|
public void KnownBadMethodsCache_SizeNeverExceedsCap_UnderUniqueNameFlood()
|
|
{
|
|
// Flood the executor with bad-method names well past the cache cap. The
|
|
// cache must stabilise at or below the cap — any further unique bad name
|
|
// is dropped rather than added (the per-request DB lookup remains the
|
|
// correctness path; this cache is only a fast-fail optimisation).
|
|
const int cap = 1000;
|
|
const int floodCount = cap + 500;
|
|
|
|
for (var i = 0; i < floodCount; i++)
|
|
{
|
|
var bad = new ApiMethod($"bad-{i}", "%%% invalid %%%") { Id = i + 1, TimeoutSeconds = 10 };
|
|
Assert.False(_executor.CompileAndRegister(bad));
|
|
}
|
|
|
|
Assert.True(
|
|
_executor.KnownBadMethodCount <= cap,
|
|
$"known-bad cache size {_executor.KnownBadMethodCount} must not exceed cap {cap}");
|
|
}
|
|
|
|
[Fact]
|
|
public async Task KnownBadMethodsCache_LazyCompilePath_AlsoCappedUnderUniqueNameFlood()
|
|
{
|
|
// The lazy-compile path (ExecuteAsync on an unregistered method) records
|
|
// failures via the same capped helper as CompileAndRegister, so flooding
|
|
// it with unique URLs must not grow the cache without bound.
|
|
const int cap = 1000;
|
|
const int floodCount = cap + 250;
|
|
|
|
for (var i = 0; i < floodCount; i++)
|
|
{
|
|
var method = new ApiMethod($"lazy-bad-{i}", "%%% invalid %%%") { Id = i + 1, TimeoutSeconds = 10 };
|
|
var result = await _executor.ExecuteAsync(
|
|
method, new Dictionary<string, object?>(), _route, TimeSpan.FromSeconds(10));
|
|
Assert.False(result.Success);
|
|
}
|
|
|
|
Assert.True(
|
|
_executor.KnownBadMethodCount <= cap,
|
|
$"known-bad cache size {_executor.KnownBadMethodCount} must not exceed cap {cap}");
|
|
}
|
|
|
|
// --- InboundAPI-014: the script return value is validated against ReturnDefinition ---
|
|
|
|
[Fact]
|
|
public async Task ReturnValue_MatchingReturnDefinition_Succeeds()
|
|
{
|
|
var method = new ApiMethod("shaped", "return x;")
|
|
{
|
|
Id = 1,
|
|
TimeoutSeconds = 10,
|
|
ReturnDefinition = """[{"name":"siteName","type":"String"},{"name":"total","type":"Integer"}]""",
|
|
};
|
|
_executor.RegisterHandler("shaped", async ctx =>
|
|
{
|
|
await Task.CompletedTask;
|
|
return new { siteName = "Site Alpha", total = 14250 };
|
|
});
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method, new Dictionary<string, object?>(), _route, TimeSpan.FromSeconds(10));
|
|
|
|
Assert.True(result.Success, result.ErrorMessage);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task ReturnValue_NotMatchingReturnDefinition_ReturnsFailureNotMalformed200()
|
|
{
|
|
// The script returns a structure inconsistent with the declared return
|
|
// definition (missing 'total'). It must surface as a failure, not a 200.
|
|
var method = new ApiMethod("misshaped", "return x;")
|
|
{
|
|
Id = 1,
|
|
TimeoutSeconds = 10,
|
|
ReturnDefinition = """[{"name":"siteName","type":"String"},{"name":"total","type":"Integer"}]""",
|
|
};
|
|
_executor.RegisterHandler("misshaped", async ctx =>
|
|
{
|
|
await Task.CompletedTask;
|
|
return new { siteName = "Site Alpha" }; // 'total' missing
|
|
});
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method, new Dictionary<string, object?>(), _route, TimeSpan.FromSeconds(10));
|
|
|
|
Assert.False(result.Success);
|
|
Assert.Null(result.ResultJson);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task ReturnValue_NoReturnDefinition_IsUnconstrained()
|
|
{
|
|
// A method with no ReturnDefinition keeps the prior behaviour — the return
|
|
// value is serialized as-is.
|
|
var method = new ApiMethod("free", "return x;") { Id = 1, TimeoutSeconds = 10 };
|
|
_executor.RegisterHandler("free", async ctx =>
|
|
{
|
|
await Task.CompletedTask;
|
|
return new { whatever = 1 };
|
|
});
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method, new Dictionary<string, object?>(), _route, TimeSpan.FromSeconds(10));
|
|
|
|
Assert.True(result.Success, result.ErrorMessage);
|
|
Assert.Contains("whatever", result.ResultJson!);
|
|
}
|
|
|
|
// --- Audit Log #23 (ParentExecutionId, T3): the inbound request's
|
|
// ExecutionId is threaded through ExecuteAsync onto routed calls ---
|
|
|
|
[Fact]
|
|
public async Task ExecuteAsync_WithParentExecutionId_RoutedCallCarriesItAsParentExecutionId()
|
|
{
|
|
// The endpoint hands ExecuteAsync the inbound request's ExecutionId; a
|
|
// routed Route.To(...).Call(...) inside the script must stamp that id onto
|
|
// the RouteToCallRequest as ParentExecutionId.
|
|
var inboundExecutionId = Guid.NewGuid();
|
|
|
|
var locator = Substitute.For<IInstanceLocator>();
|
|
locator.GetSiteIdForInstanceAsync("inst-1", Arg.Any<CancellationToken>()).Returns("SiteA");
|
|
var router = Substitute.For<IInstanceRouter>();
|
|
RouteToCallRequest? captured = null;
|
|
router.RouteToCallAsync("SiteA", Arg.Do<RouteToCallRequest>(r => captured = r), Arg.Any<CancellationToken>())
|
|
.Returns(ci => new RouteToCallResponse(
|
|
((RouteToCallRequest)ci[1]).CorrelationId, true, null, null, DateTimeOffset.UtcNow));
|
|
var route = new RouteHelper(locator, router);
|
|
|
|
var method = new ApiMethod("routes", "return 1;") { Id = 1, TimeoutSeconds = 10 };
|
|
_executor.RegisterHandler("routes", async ctx =>
|
|
{
|
|
await ctx.Route.To("inst-1").Call("doWork");
|
|
return 1;
|
|
});
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method, new Dictionary<string, object?>(), route, TimeSpan.FromSeconds(10),
|
|
parentExecutionId: inboundExecutionId);
|
|
|
|
Assert.True(result.Success, result.ErrorMessage);
|
|
Assert.NotNull(captured);
|
|
Assert.Equal(inboundExecutionId, captured!.ParentExecutionId);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task ExecuteAsync_WithoutParentExecutionId_RoutedCallHasNullParentExecutionId()
|
|
{
|
|
// ExecuteAsync called without a parent execution id (the default) routes
|
|
// calls with ParentExecutionId null.
|
|
var locator = Substitute.For<IInstanceLocator>();
|
|
locator.GetSiteIdForInstanceAsync("inst-1", Arg.Any<CancellationToken>()).Returns("SiteA");
|
|
var router = Substitute.For<IInstanceRouter>();
|
|
RouteToCallRequest? captured = null;
|
|
router.RouteToCallAsync("SiteA", Arg.Do<RouteToCallRequest>(r => captured = r), Arg.Any<CancellationToken>())
|
|
.Returns(ci => new RouteToCallResponse(
|
|
((RouteToCallRequest)ci[1]).CorrelationId, true, null, null, DateTimeOffset.UtcNow));
|
|
var route = new RouteHelper(locator, router);
|
|
|
|
var method = new ApiMethod("routes2", "return 1;") { Id = 1, TimeoutSeconds = 10 };
|
|
_executor.RegisterHandler("routes2", async ctx =>
|
|
{
|
|
await ctx.Route.To("inst-1").Call("doWork");
|
|
return 1;
|
|
});
|
|
|
|
var result = await _executor.ExecuteAsync(
|
|
method, new Dictionary<string, object?>(), route, TimeSpan.FromSeconds(10));
|
|
|
|
Assert.True(result.Success, result.ErrorMessage);
|
|
Assert.NotNull(captured);
|
|
Assert.Null(captured!.ParentExecutionId);
|
|
}
|
|
|
|
private sealed class CompileLogCounter
|
|
{
|
|
public int CompilationFailures;
|
|
}
|
|
|
|
private sealed class CountingLogger<T>(CompileLogCounter counter) : ILogger<T>
|
|
{
|
|
public IDisposable? BeginScope<TState>(TState state) where TState : notnull => null;
|
|
public bool IsEnabled(LogLevel logLevel) => true;
|
|
|
|
public void Log<TState>(
|
|
LogLevel logLevel, EventId eventId, TState state, Exception? exception,
|
|
Func<TState, Exception?, string> formatter)
|
|
{
|
|
var message = formatter(state, exception);
|
|
if (message.Contains("script compilation failed", StringComparison.OrdinalIgnoreCase))
|
|
Interlocked.Increment(ref counter.CompilationFailures);
|
|
}
|
|
}
|
|
}
|