d2a6107cdb
CentralDbTestEnvironment sets five process-wide environment variables, and
Program's AddEnvironmentVariables() reads them at an unpredictable point during
host boot. With xUnit collection parallelization on, one fixture's teardown
could clear a var mid-boot for a sibling. Since the secrets adoption (G-4)
three of those keys are ${secret:...} references that fail closed, turning a
previously benign empty value into a SecretNotFoundException that aborts the
boot — an intermittent CI failure.
Adds a HostBootCollection that serializes every fixture booting a real host
while depending on that shared state, folding in the narrower "ActorSystem"
collection so its members stay serialized with each other as before. Site-role
fixtures stay parallel: they call Configuration.Sources.Clear(), dropping the
env-var provider, so they cannot participate in the race.
CentralDbTestEnvironment now also fails fast if two instances are ever live at
once, making a regression (a fixture added outside the collection) deterministic
rather than intermittent — this is what surfaced the disposed-CTS defect fixed
in the previous commit. Fixture teardown is try/finally so a throwing host
teardown can no longer strand the vars for the rest of the run.
Cost: Host.Tests runs ~2m30s -> ~4m10s; the serialized Central-boot classes are
most of the assembly's parallelism.
Fixes: Gitea #15
121 lines
6.6 KiB
C#
121 lines
6.6 KiB
C#
namespace ZB.MOM.WW.ScadaBridge.Host.Tests;
|
|
|
|
/// <summary>
|
|
/// Host-003: <c>appsettings.Central.json</c> no longer commits database connection
|
|
/// strings — they are externalised to environment variables. Tests that exercise the
|
|
/// full <c>Program</c> startup pipeline against the real SQL provider must therefore
|
|
/// supply the local dev connection string the way a deployment would: via an
|
|
/// environment variable (<c>Program</c>'s configuration builder calls
|
|
/// <c>AddEnvironmentVariables()</c>).
|
|
///
|
|
/// Also supplies <c>ScadaBridge__InboundApi__ApiKeyPepper</c> so the Central-role
|
|
/// StartupValidator preflight (added in 1fcc4f5) does not fail for tests that set
|
|
/// <c>DOTNET_ENVIRONMENT=Central</c> without an explicit pepper env var.
|
|
///
|
|
/// Also supplies <c>ScadaBridge__Database__MachineDataDb</c> so the Central-role
|
|
/// StartupValidator preflight (reverts Host-008, REQ-HOST-3/4, M2.9 #17) does not
|
|
/// fail for tests that set <c>DOTNET_ENVIRONMENT=Central</c> without an explicit
|
|
/// MachineDataDb env var.
|
|
///
|
|
/// G-4 (secrets adoption): <c>appsettings.Central.json</c> now carries
|
|
/// <c>${secret:...}</c> references for the ConfigurationDb connection string, the
|
|
/// LDAP service-account password and the JWT signing key. The pre-host secrets
|
|
/// expander (Program.cs) resolves those before StartupValidator runs and fails
|
|
/// closed on an unseeded reference. Supplying the concrete values as whole-key
|
|
/// environment overrides (the sanctioned rollback path) makes the expander skip
|
|
/// the tokens entirely — so tests that boot the real <c>Program</c> pipeline do
|
|
/// not need a seeded secrets store. All vars are restored on Dispose so tests
|
|
/// stay isolated.
|
|
///
|
|
/// Every var below is <b>process-wide</b>, and the reader — <c>Program</c>'s
|
|
/// <c>AddEnvironmentVariables()</c> — runs at an unpredictable point during host boot.
|
|
/// Two live instances therefore cannot be allowed to overlap: one's Dispose would
|
|
/// restore/clear a var while the other's boot is still reading it, and the fail-closed
|
|
/// secrets expander turns that into a <c>SecretNotFoundException</c>. Serialization via
|
|
/// <see cref="HostBootCollection"/> is what enforces the invariant; the overlap check in
|
|
/// the constructor makes a regression fail deterministically instead of intermittently.
|
|
/// </summary>
|
|
internal sealed class CentralDbTestEnvironment : IDisposable
|
|
{
|
|
// Local dev/test database — same credentials the infra docker-compose stack uses.
|
|
// This is a test fixture value, not a committed production secret.
|
|
private const string ConfigurationDb =
|
|
"Server=localhost,1433;Database=ScadaBridgeConfig;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true";
|
|
|
|
private const string ConfigKey = "ScadaBridge__Database__ConfigurationDb";
|
|
|
|
private const string MachineDataDb =
|
|
"Server=localhost,1433;Database=ScadaBridgeMachineData;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true";
|
|
|
|
private const string MachineDataKey = "ScadaBridge__Database__MachineDataDb";
|
|
|
|
// Test-only pepper — satisfies the ≥16-char StartupValidator requirement without
|
|
// committing a real secret. The env-var name uses the double-underscore delimiter
|
|
// so AddEnvironmentVariables() maps it to ScadaBridge:InboundApi:ApiKeyPepper.
|
|
internal const string TestPepper = "test-pepper-01234567890";
|
|
private const string PepperKey = "ScadaBridge__InboundApi__ApiKeyPepper";
|
|
|
|
// G-4: whole-key overrides for the two remaining ${secret:...} config references
|
|
// in appsettings.Central.json (the LDAP service-account password and JWT signing
|
|
// key). Test-only placeholder values — non-empty, and the JWT key clears the
|
|
// ≥32-char StartupValidator length rule. Applied via env so the pre-host expander
|
|
// sees the concrete value and never evaluates the token.
|
|
private const string LdapServiceAccountPassword = "test-ldap-service-account-password";
|
|
private const string LdapPasswordKey = "ScadaBridge__Security__Ldap__ServiceAccountPassword";
|
|
|
|
private const string JwtSigningKey = "test-signing-key-must-be-at-least-32-chars-long!";
|
|
private const string JwtSigningKeyKey = "ScadaBridge__Security__JwtSigningKey";
|
|
|
|
private readonly string? _previousConfig;
|
|
private readonly string? _previousMachineData;
|
|
private readonly string? _previousPepper;
|
|
private readonly string? _previousLdapPassword;
|
|
private readonly string? _previousJwtSigningKey;
|
|
|
|
/// <summary>
|
|
/// Number of live instances. Only ever 0 or 1 while every consuming fixture is a
|
|
/// member of <see cref="HostBootCollection"/>; see the overlap check below.
|
|
/// </summary>
|
|
private static int _liveCount;
|
|
|
|
public CentralDbTestEnvironment()
|
|
{
|
|
if (Interlocked.Increment(ref _liveCount) != 1)
|
|
{
|
|
Interlocked.Decrement(ref _liveCount);
|
|
throw new InvalidOperationException(
|
|
$"Two {nameof(CentralDbTestEnvironment)} instances are live at once, so one fixture's " +
|
|
"teardown can clear the process-wide environment variables another fixture's host boot " +
|
|
$"is reading. Add the offending test class to the \"{HostBootCollection.Name}\" collection " +
|
|
$"([Collection({nameof(HostBootCollection)}.Name)]) so xUnit runs it sequentially with the " +
|
|
"other host-boot fixtures.");
|
|
}
|
|
|
|
_previousConfig = Environment.GetEnvironmentVariable(ConfigKey);
|
|
Environment.SetEnvironmentVariable(ConfigKey, ConfigurationDb);
|
|
|
|
_previousMachineData = Environment.GetEnvironmentVariable(MachineDataKey);
|
|
Environment.SetEnvironmentVariable(MachineDataKey, MachineDataDb);
|
|
|
|
_previousPepper = Environment.GetEnvironmentVariable(PepperKey);
|
|
Environment.SetEnvironmentVariable(PepperKey, TestPepper);
|
|
|
|
_previousLdapPassword = Environment.GetEnvironmentVariable(LdapPasswordKey);
|
|
Environment.SetEnvironmentVariable(LdapPasswordKey, LdapServiceAccountPassword);
|
|
|
|
_previousJwtSigningKey = Environment.GetEnvironmentVariable(JwtSigningKeyKey);
|
|
Environment.SetEnvironmentVariable(JwtSigningKeyKey, JwtSigningKey);
|
|
}
|
|
|
|
public void Dispose()
|
|
{
|
|
Environment.SetEnvironmentVariable(ConfigKey, _previousConfig);
|
|
Environment.SetEnvironmentVariable(MachineDataKey, _previousMachineData);
|
|
Environment.SetEnvironmentVariable(PepperKey, _previousPepper);
|
|
Environment.SetEnvironmentVariable(LdapPasswordKey, _previousLdapPassword);
|
|
Environment.SetEnvironmentVariable(JwtSigningKeyKey, _previousJwtSigningKey);
|
|
|
|
Interlocked.Decrement(ref _liveCount);
|
|
}
|
|
}
|