dohertj2/lmxopcua
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 1 Streams B–E scaffold + Phase 2 Streams A–C scaffold — 8 new projects with ~70 new tests, all green alongside the 494 v1 IntegrationTests baseline (parity preserved: no v1 tests broken; legacy OtOpcUa.Host untouched). Phase 1 finish: Configuration project (16 entities + 10 enums + DbContext + DesignTimeDbContextFactory + InitialSchema/StoredProcedures/AuthorizationGrants migrations — 8 procs including sp_PublishGeneration with MERGE on ExternalIdReservation per decision #124, sp_RollbackToGeneration cloning rows into a new published generation, sp_ValidateDraft with cross-cluster-namespace + EquipmentUuid-immutability + ZTag/SAPID reservation pre-flight, sp_ComputeGenerationDiff with CHECKSUM-based row signature — plus OtOpcUaNode/OtOpcUaAdmin SQL roles with EXECUTE grants scoped to per-principal-class proc sets and DENY UPDATE/DELETE/INSERT/SELECT on dbo schema); managed DraftValidator covering UNS segment regex, path length, EquipmentUuid immutability across generations, same-cluster namespace binding (decision #122), reservation pre-flight, EquipmentId derivation (decision #125), driver↔namespace compatibility — returning every failing rule in one pass; LiteDB local cache with round-trip + ring pruning + corruption-fast-fail; GenerationApplier with per-entity Added/Removed/Modified diff and dependency-ordered callbacks (namespace → driver → device → equipment → poll-group → tag, Removed before Added); Core project with GenericDriverNodeManager (scaffold for the Phase 2 Galaxy port) and DriverHost lifecycle registry; Server project using Microsoft.Extensions.Hosting BackgroundService replacing TopShelf, with NodeBootstrap that falls back to LiteDB cache when the central DB is unreachable (decision #79); Admin project scaffolded as Blazor Server with Bootstrap 5 sidebar layout, cookie auth, three admin roles (ConfigViewer/ConfigEditor/FleetAdmin), Cluster + Generation services fronting the stored procs. Phase 2 scaffold: Driver.Galaxy.Shared (netstandard2.0) with full MessagePack IPC contract surface — Hello version negotiation, Open/CloseSession, Heartbeat, DiscoverHierarchy + GalaxyObjectInfo/GalaxyAttributeInfo, Read/WriteValues, Subscribe/Unsubscribe/OnDataChange, AlarmSubscribe/Event/Ack, HistoryRead, HostConnectivityStatus, Recycle — plus length-prefixed framing (decision #28) with a 16 MiB cap and thread-safe FrameWriter/FrameReader; Driver.Galaxy.Host (net48) implementing the Tier C cross-cutting protections from driver-stability.md — strict PipeAcl (allow configured server SID only, explicit deny on LocalSystem + Administrators), PipeServer with caller-SID verification via pipe.RunAsClient + WindowsIdentity.GetCurrent and per-process shared-secret Hello, Galaxy-specific MemoryWatchdog (warn at max(1.5×baseline, +200 MB), soft-recycle at max(2×baseline, +200 MB), hard ceiling 1.5 GB, slope ≥5 MB/min over 30-min rolling window), RecyclePolicy (1 soft recycle per hour cap + 03:00 local daily scheduled), PostMortemMmf (1000-entry ring buffer in %ProgramData%\OtOpcUa\driver-postmortem\galaxy.mmf, survives hard crash, readable cross-process), MxAccessHandle : SafeHandle (ReleaseHandle loops Marshal.ReleaseComObject until refcount=0 then calls optional unregister callback), StaPump with responsiveness probe (BlockingCollection dispatcher for Phase 1 — real Win32 GetMessage/DispatchMessage pump slots in with the same semantics when the Galaxy code lift happens), IsExternalInit shim for init setters on .NET 4.8; Driver.Galaxy.Proxy (net10) implementing IDriver + ITagDiscovery forwarding over the IPC channel with MX data-type and security-classification mapping, plus Supervisor pieces — Backoff (5s → 15s → 60s capped, reset-on-stable-run), CircuitBreaker (3 crashes per 5 min opens; 1h → 4h → manual cooldown escalation; sticky alert doesn't auto-clear), HeartbeatMonitor (2s cadence, 3 consecutive misses = host dead per driver-stability.md). Infrastructure: docker SQL Server remapped to host port 14330 to coexist with the native MSSQL14 Galaxy ZB DB instance on 1433; NuGetAuditSuppress applied per-project for two System.Security.Cryptography.Xml advisories that only reach via EF Core Design with PrivateAssets=all (fix ships in 11.0.0-preview); .slnx gains 14 project registrations. Deferred with explicit TODOs in docs/v2/implementation/phase-2-partial-exit-evidence.md: Phase 1 Stream E Admin UI pages (Generations listing + draft-diff-publish, Equipment CRUD with OPC 40010 fields, UNS Areas/Lines tabs, ACLs + permission simulator, Generic JSON config editor, SignalR real-time, Release-Reservation + Merge-Equipment workflows, LDAP login page, AppServer smoke test per decision #142), Phase 2 Stream D (Galaxy MXAccess code lift out of legacy OtOpcUa.Host, dual-service installer, appsettings → DriverConfig migration script, legacy Host deletion — blocked by parity), Phase 2 Stream E (v1 IntegrationTests against v2 topology, Client.CLI walkthrough diff, four 2026-04-13 stability findings regression tests, adversarial review — requires live MXAccess runtime).

Browse Source 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
2026-04-17 21:35:25 -04:00
parent fc0ce36308
commit 01fd90c178
128 changed files with 12352 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1208
src/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260417212220_InitialSchema.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

811
src/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260417212220_InitialSchema.cs Normal file
View File

@@ -0,0 +1,811 @@
using System;
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace ZB.MOM.WW.OtOpcUa.Configuration.Migrations
{
/// <inheritdoc />
public partial class InitialSchema : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateTable(
name: "ConfigAuditLog",
columns: table => new
{
AuditId = table.Column<long>(type: "bigint", nullable: false)
.Annotation("SqlServer:Identity", "1, 1"),
Timestamp = table.Column<DateTime>(type: "datetime2(3)", nullable: false, defaultValueSql: "SYSUTCDATETIME()"),
Principal = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: false),
EventType = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
ClusterId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
NodeId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
GenerationId = table.Column<long>(type: "bigint", nullable: true),
DetailsJson = table.Column<string>(type: "nvarchar(max)", nullable: true)
},
constraints: table =>
{
table.PrimaryKey("PK_ConfigAuditLog", x => x.AuditId);
table.CheckConstraint("CK_ConfigAuditLog_DetailsJson_IsJson", "DetailsJson IS NULL OR ISJSON(DetailsJson) = 1");
});
migrationBuilder.CreateTable(
name: "ExternalIdReservation",
columns: table => new
{
ReservationId = table.Column<Guid>(type: "uniqueidentifier", nullable: false, defaultValueSql: "NEWSEQUENTIALID()"),
Kind = table.Column<string>(type: "nvarchar(16)", maxLength: 16, nullable: false),
Value = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
EquipmentUuid = table.Column<Guid>(type: "uniqueidentifier", nullable: false),
ClusterId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
FirstPublishedAt = table.Column<DateTime>(type: "datetime2(3)", nullable: false, defaultValueSql: "SYSUTCDATETIME()"),
FirstPublishedBy = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: false),
LastPublishedAt = table.Column<DateTime>(type: "datetime2(3)", nullable: false, defaultValueSql: "SYSUTCDATETIME()"),
ReleasedAt = table.Column<DateTime>(type: "datetime2(3)", nullable: true),
ReleasedBy = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: true),
ReleaseReason = table.Column<string>(type: "nvarchar(512)", maxLength: 512, nullable: true)
},
constraints: table =>
{
table.PrimaryKey("PK_ExternalIdReservation", x => x.ReservationId);
});
migrationBuilder.CreateTable(
name: "ServerCluster",
columns: table => new
{
ClusterId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
Name = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: false),
Enterprise = table.Column<string>(type: "nvarchar(32)", maxLength: 32, nullable: false),
Site = table.Column<string>(type: "nvarchar(32)", maxLength: 32, nullable: false),
NodeCount = table.Column<byte>(type: "tinyint", nullable: false),
RedundancyMode = table.Column<string>(type: "nvarchar(16)", maxLength: 16, nullable: false),
Enabled = table.Column<bool>(type: "bit", nullable: false),
Notes = table.Column<string>(type: "nvarchar(1024)", maxLength: 1024, nullable: true),
CreatedAt = table.Column<DateTime>(type: "datetime2(3)", nullable: false, defaultValueSql: "SYSUTCDATETIME()"),
CreatedBy = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: false),
ModifiedAt = table.Column<DateTime>(type: "datetime2(3)", nullable: true),
ModifiedBy = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: true)
},
constraints: table =>
{
table.PrimaryKey("PK_ServerCluster", x => x.ClusterId);
table.CheckConstraint("CK_ServerCluster_RedundancyMode_NodeCount", "((NodeCount = 1 AND RedundancyMode = 'None') OR (NodeCount = 2 AND RedundancyMode IN ('Warm', 'Hot')))");
});
migrationBuilder.CreateTable(
name: "ClusterNode",
columns: table => new
{
NodeId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
ClusterId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
RedundancyRole = table.Column<string>(type: "nvarchar(16)", maxLength: 16, nullable: false),
Host = table.Column<string>(type: "nvarchar(255)", maxLength: 255, nullable: false),
OpcUaPort = table.Column<int>(type: "int", nullable: false),
DashboardPort = table.Column<int>(type: "int", nullable: false),
ApplicationUri = table.Column<string>(type: "nvarchar(256)", maxLength: 256, nullable: false),
ServiceLevelBase = table.Column<byte>(type: "tinyint", nullable: false),
DriverConfigOverridesJson = table.Column<string>(type: "nvarchar(max)", nullable: true),
Enabled = table.Column<bool>(type: "bit", nullable: false),
LastSeenAt = table.Column<DateTime>(type: "datetime2(3)", nullable: true),
CreatedAt = table.Column<DateTime>(type: "datetime2(3)", nullable: false, defaultValueSql: "SYSUTCDATETIME()"),
CreatedBy = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_ClusterNode", x => x.NodeId);
table.ForeignKey(
name: "FK_ClusterNode_ServerCluster_ClusterId",
column: x => x.ClusterId,
principalTable: "ServerCluster",
principalColumn: "ClusterId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "ConfigGeneration",
columns: table => new
{
GenerationId = table.Column<long>(type: "bigint", nullable: false)
.Annotation("SqlServer:Identity", "1, 1"),
ClusterId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
Status = table.Column<string>(type: "nvarchar(16)", maxLength: 16, nullable: false),
ParentGenerationId = table.Column<long>(type: "bigint", nullable: true),
PublishedAt = table.Column<DateTime>(type: "datetime2(3)", nullable: true),
PublishedBy = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: true),
Notes = table.Column<string>(type: "nvarchar(1024)", maxLength: 1024, nullable: true),
CreatedAt = table.Column<DateTime>(type: "datetime2(3)", nullable: false, defaultValueSql: "SYSUTCDATETIME()"),
CreatedBy = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_ConfigGeneration", x => x.GenerationId);
table.ForeignKey(
name: "FK_ConfigGeneration_ConfigGeneration_ParentGenerationId",
column: x => x.ParentGenerationId,
principalTable: "ConfigGeneration",
principalColumn: "GenerationId",
onDelete: ReferentialAction.Restrict);
table.ForeignKey(
name: "FK_ConfigGeneration_ServerCluster_ClusterId",
column: x => x.ClusterId,
principalTable: "ServerCluster",
principalColumn: "ClusterId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "ClusterNodeCredential",
columns: table => new
{
CredentialId = table.Column<Guid>(type: "uniqueidentifier", nullable: false, defaultValueSql: "NEWSEQUENTIALID()"),
NodeId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
Kind = table.Column<string>(type: "nvarchar(32)", maxLength: 32, nullable: false),
Value = table.Column<string>(type: "nvarchar(512)", maxLength: 512, nullable: false),
Enabled = table.Column<bool>(type: "bit", nullable: false),
RotatedAt = table.Column<DateTime>(type: "datetime2(3)", nullable: true),
CreatedAt = table.Column<DateTime>(type: "datetime2(3)", nullable: false, defaultValueSql: "SYSUTCDATETIME()"),
CreatedBy = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_ClusterNodeCredential", x => x.CredentialId);
table.ForeignKey(
name: "FK_ClusterNodeCredential_ClusterNode_NodeId",
column: x => x.NodeId,
principalTable: "ClusterNode",
principalColumn: "NodeId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "ClusterNodeGenerationState",
columns: table => new
{
NodeId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
CurrentGenerationId = table.Column<long>(type: "bigint", nullable: true),
LastAppliedAt = table.Column<DateTime>(type: "datetime2(3)", nullable: true),
LastAppliedStatus = table.Column<string>(type: "nvarchar(16)", maxLength: 16, nullable: true),
LastAppliedError = table.Column<string>(type: "nvarchar(2048)", maxLength: 2048, nullable: true),
LastSeenAt = table.Column<DateTime>(type: "datetime2(3)", nullable: true)
},
constraints: table =>
{
table.PrimaryKey("PK_ClusterNodeGenerationState", x => x.NodeId);
table.ForeignKey(
name: "FK_ClusterNodeGenerationState_ClusterNode_NodeId",
column: x => x.NodeId,
principalTable: "ClusterNode",
principalColumn: "NodeId",
onDelete: ReferentialAction.Restrict);
table.ForeignKey(
name: "FK_ClusterNodeGenerationState_ConfigGeneration_CurrentGenerationId",
column: x => x.CurrentGenerationId,
principalTable: "ConfigGeneration",
principalColumn: "GenerationId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "Device",
columns: table => new
{
DeviceRowId = table.Column<Guid>(type: "uniqueidentifier", nullable: false, defaultValueSql: "NEWSEQUENTIALID()"),
GenerationId = table.Column<long>(type: "bigint", nullable: false),
DeviceId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
DriverInstanceId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
Name = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: false),
Enabled = table.Column<bool>(type: "bit", nullable: false),
DeviceConfig = table.Column<string>(type: "nvarchar(max)", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_Device", x => x.DeviceRowId);
table.CheckConstraint("CK_Device_DeviceConfig_IsJson", "ISJSON(DeviceConfig) = 1");
table.ForeignKey(
name: "FK_Device_ConfigGeneration_GenerationId",
column: x => x.GenerationId,
principalTable: "ConfigGeneration",
principalColumn: "GenerationId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "DriverInstance",
columns: table => new
{
DriverInstanceRowId = table.Column<Guid>(type: "uniqueidentifier", nullable: false, defaultValueSql: "NEWSEQUENTIALID()"),
GenerationId = table.Column<long>(type: "bigint", nullable: false),
DriverInstanceId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
ClusterId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
NamespaceId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
Name = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: false),
DriverType = table.Column<string>(type: "nvarchar(32)", maxLength: 32, nullable: false),
Enabled = table.Column<bool>(type: "bit", nullable: false),
DriverConfig = table.Column<string>(type: "nvarchar(max)", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_DriverInstance", x => x.DriverInstanceRowId);
table.CheckConstraint("CK_DriverInstance_DriverConfig_IsJson", "ISJSON(DriverConfig) = 1");
table.ForeignKey(
name: "FK_DriverInstance_ConfigGeneration_GenerationId",
column: x => x.GenerationId,
principalTable: "ConfigGeneration",
principalColumn: "GenerationId",
onDelete: ReferentialAction.Restrict);
table.ForeignKey(
name: "FK_DriverInstance_ServerCluster_ClusterId",
column: x => x.ClusterId,
principalTable: "ServerCluster",
principalColumn: "ClusterId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "Equipment",
columns: table => new
{
EquipmentRowId = table.Column<Guid>(type: "uniqueidentifier", nullable: false, defaultValueSql: "NEWSEQUENTIALID()"),
GenerationId = table.Column<long>(type: "bigint", nullable: false),
EquipmentId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
EquipmentUuid = table.Column<Guid>(type: "uniqueidentifier", nullable: false),
DriverInstanceId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
DeviceId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
UnsLineId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
Name = table.Column<string>(type: "nvarchar(32)", maxLength: 32, nullable: false),
MachineCode = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
ZTag = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
SAPID = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
Manufacturer = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
Model = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
SerialNumber = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
HardwareRevision = table.Column<string>(type: "nvarchar(32)", maxLength: 32, nullable: true),
SoftwareRevision = table.Column<string>(type: "nvarchar(32)", maxLength: 32, nullable: true),
YearOfConstruction = table.Column<short>(type: "smallint", nullable: true),
AssetLocation = table.Column<string>(type: "nvarchar(256)", maxLength: 256, nullable: true),
ManufacturerUri = table.Column<string>(type: "nvarchar(512)", maxLength: 512, nullable: true),
DeviceManualUri = table.Column<string>(type: "nvarchar(512)", maxLength: 512, nullable: true),
EquipmentClassRef = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: true),
Enabled = table.Column<bool>(type: "bit", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_Equipment", x => x.EquipmentRowId);
table.ForeignKey(
name: "FK_Equipment_ConfigGeneration_GenerationId",
column: x => x.GenerationId,
principalTable: "ConfigGeneration",
principalColumn: "GenerationId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "Namespace",
columns: table => new
{
NamespaceRowId = table.Column<Guid>(type: "uniqueidentifier", nullable: false, defaultValueSql: "NEWSEQUENTIALID()"),
GenerationId = table.Column<long>(type: "bigint", nullable: false),
NamespaceId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
ClusterId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
Kind = table.Column<string>(type: "nvarchar(32)", maxLength: 32, nullable: false),
NamespaceUri = table.Column<string>(type: "nvarchar(256)", maxLength: 256, nullable: false),
Enabled = table.Column<bool>(type: "bit", nullable: false),
Notes = table.Column<string>(type: "nvarchar(1024)", maxLength: 1024, nullable: true)
},
constraints: table =>
{
table.PrimaryKey("PK_Namespace", x => x.NamespaceRowId);
table.ForeignKey(
name: "FK_Namespace_ConfigGeneration_GenerationId",
column: x => x.GenerationId,
principalTable: "ConfigGeneration",
principalColumn: "GenerationId",
onDelete: ReferentialAction.Restrict);
table.ForeignKey(
name: "FK_Namespace_ServerCluster_ClusterId",
column: x => x.ClusterId,
principalTable: "ServerCluster",
principalColumn: "ClusterId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "NodeAcl",
columns: table => new
{
NodeAclRowId = table.Column<Guid>(type: "uniqueidentifier", nullable: false, defaultValueSql: "NEWSEQUENTIALID()"),
GenerationId = table.Column<long>(type: "bigint", nullable: false),
NodeAclId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
ClusterId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
LdapGroup = table.Column<string>(type: "nvarchar(256)", maxLength: 256, nullable: false),
ScopeKind = table.Column<string>(type: "nvarchar(16)", maxLength: 16, nullable: false),
ScopeId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
PermissionFlags = table.Column<int>(type: "int", nullable: false),
Notes = table.Column<string>(type: "nvarchar(512)", maxLength: 512, nullable: true)
},
constraints: table =>
{
table.PrimaryKey("PK_NodeAcl", x => x.NodeAclRowId);
table.ForeignKey(
name: "FK_NodeAcl_ConfigGeneration_GenerationId",
column: x => x.GenerationId,
principalTable: "ConfigGeneration",
principalColumn: "GenerationId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "PollGroup",
columns: table => new
{
PollGroupRowId = table.Column<Guid>(type: "uniqueidentifier", nullable: false, defaultValueSql: "NEWSEQUENTIALID()"),
GenerationId = table.Column<long>(type: "bigint", nullable: false),
PollGroupId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
DriverInstanceId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
Name = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: false),
IntervalMs = table.Column<int>(type: "int", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_PollGroup", x => x.PollGroupRowId);
table.CheckConstraint("CK_PollGroup_IntervalMs_Min", "IntervalMs >= 50");
table.ForeignKey(
name: "FK_PollGroup_ConfigGeneration_GenerationId",
column: x => x.GenerationId,
principalTable: "ConfigGeneration",
principalColumn: "GenerationId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "Tag",
columns: table => new
{
TagRowId = table.Column<Guid>(type: "uniqueidentifier", nullable: false, defaultValueSql: "NEWSEQUENTIALID()"),
GenerationId = table.Column<long>(type: "bigint", nullable: false),
TagId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
DriverInstanceId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
DeviceId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
EquipmentId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
Name = table.Column<string>(type: "nvarchar(128)", maxLength: 128, nullable: false),
FolderPath = table.Column<string>(type: "nvarchar(512)", maxLength: 512, nullable: true),
DataType = table.Column<string>(type: "nvarchar(32)", maxLength: 32, nullable: false),
AccessLevel = table.Column<string>(type: "nvarchar(16)", maxLength: 16, nullable: false),
WriteIdempotent = table.Column<bool>(type: "bit", nullable: false),
PollGroupId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
TagConfig = table.Column<string>(type: "nvarchar(max)", nullable: false)
},
constraints: table =>
{
table.PrimaryKey("PK_Tag", x => x.TagRowId);
table.CheckConstraint("CK_Tag_TagConfig_IsJson", "ISJSON(TagConfig) = 1");
table.ForeignKey(
name: "FK_Tag_ConfigGeneration_GenerationId",
column: x => x.GenerationId,
principalTable: "ConfigGeneration",
principalColumn: "GenerationId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "UnsArea",
columns: table => new
{
UnsAreaRowId = table.Column<Guid>(type: "uniqueidentifier", nullable: false, defaultValueSql: "NEWSEQUENTIALID()"),
GenerationId = table.Column<long>(type: "bigint", nullable: false),
UnsAreaId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
ClusterId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
Name = table.Column<string>(type: "nvarchar(32)", maxLength: 32, nullable: false),
Notes = table.Column<string>(type: "nvarchar(512)", maxLength: 512, nullable: true)
},
constraints: table =>
{
table.PrimaryKey("PK_UnsArea", x => x.UnsAreaRowId);
table.ForeignKey(
name: "FK_UnsArea_ConfigGeneration_GenerationId",
column: x => x.GenerationId,
principalTable: "ConfigGeneration",
principalColumn: "GenerationId",
onDelete: ReferentialAction.Restrict);
table.ForeignKey(
name: "FK_UnsArea_ServerCluster_ClusterId",
column: x => x.ClusterId,
principalTable: "ServerCluster",
principalColumn: "ClusterId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateTable(
name: "UnsLine",
columns: table => new
{
UnsLineRowId = table.Column<Guid>(type: "uniqueidentifier", nullable: false, defaultValueSql: "NEWSEQUENTIALID()"),
GenerationId = table.Column<long>(type: "bigint", nullable: false),
UnsLineId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: true),
UnsAreaId = table.Column<string>(type: "nvarchar(64)", maxLength: 64, nullable: false),
Name = table.Column<string>(type: "nvarchar(32)", maxLength: 32, nullable: false),
Notes = table.Column<string>(type: "nvarchar(512)", maxLength: 512, nullable: true)
},
constraints: table =>
{
table.PrimaryKey("PK_UnsLine", x => x.UnsLineRowId);
table.ForeignKey(
name: "FK_UnsLine_ConfigGeneration_GenerationId",
column: x => x.GenerationId,
principalTable: "ConfigGeneration",
principalColumn: "GenerationId",
onDelete: ReferentialAction.Restrict);
});
migrationBuilder.CreateIndex(
name: "UX_ClusterNode_ApplicationUri",
table: "ClusterNode",
column: "ApplicationUri",
unique: true);
migrationBuilder.CreateIndex(
name: "UX_ClusterNode_Primary_Per_Cluster",
table: "ClusterNode",
column: "ClusterId",
unique: true,
filter: "[RedundancyRole] = 'Primary'");
migrationBuilder.CreateIndex(
name: "IX_ClusterNodeCredential_NodeId",
table: "ClusterNodeCredential",
columns: new[] { "NodeId", "Enabled" });
migrationBuilder.CreateIndex(
name: "UX_ClusterNodeCredential_Value",
table: "ClusterNodeCredential",
columns: new[] { "Kind", "Value" },
unique: true,
filter: "[Enabled] = 1");
migrationBuilder.CreateIndex(
name: "IX_ClusterNodeGenerationState_Generation",
table: "ClusterNodeGenerationState",
column: "CurrentGenerationId");
migrationBuilder.CreateIndex(
name: "IX_ConfigAuditLog_Cluster_Time",
table: "ConfigAuditLog",
columns: new[] { "ClusterId", "Timestamp" },
descending: new[] { false, true });
migrationBuilder.CreateIndex(
name: "IX_ConfigAuditLog_Generation",
table: "ConfigAuditLog",
column: "GenerationId",
filter: "[GenerationId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "IX_ConfigGeneration_Cluster_Published",
table: "ConfigGeneration",
columns: new[] { "ClusterId", "Status", "GenerationId" },
descending: new[] { false, false, true })
.Annotation("SqlServer:Include", new[] { "PublishedAt" });
migrationBuilder.CreateIndex(
name: "IX_ConfigGeneration_ParentGenerationId",
table: "ConfigGeneration",
column: "ParentGenerationId");
migrationBuilder.CreateIndex(
name: "UX_ConfigGeneration_Draft_Per_Cluster",
table: "ConfigGeneration",
column: "ClusterId",
unique: true,
filter: "[Status] = 'Draft'");
migrationBuilder.CreateIndex(
name: "IX_Device_Generation_Driver",
table: "Device",
columns: new[] { "GenerationId", "DriverInstanceId" });
migrationBuilder.CreateIndex(
name: "UX_Device_Generation_LogicalId",
table: "Device",
columns: new[] { "GenerationId", "DeviceId" },
unique: true,
filter: "[DeviceId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "IX_DriverInstance_ClusterId",
table: "DriverInstance",
column: "ClusterId");
migrationBuilder.CreateIndex(
name: "IX_DriverInstance_Generation_Cluster",
table: "DriverInstance",
columns: new[] { "GenerationId", "ClusterId" });
migrationBuilder.CreateIndex(
name: "IX_DriverInstance_Generation_Namespace",
table: "DriverInstance",
columns: new[] { "GenerationId", "NamespaceId" });
migrationBuilder.CreateIndex(
name: "UX_DriverInstance_Generation_LogicalId",
table: "DriverInstance",
columns: new[] { "GenerationId", "DriverInstanceId" },
unique: true,
filter: "[DriverInstanceId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "IX_Equipment_Generation_Driver",
table: "Equipment",
columns: new[] { "GenerationId", "DriverInstanceId" });
migrationBuilder.CreateIndex(
name: "IX_Equipment_Generation_Line",
table: "Equipment",
columns: new[] { "GenerationId", "UnsLineId" });
migrationBuilder.CreateIndex(
name: "IX_Equipment_Generation_MachineCode",
table: "Equipment",
columns: new[] { "GenerationId", "MachineCode" });
migrationBuilder.CreateIndex(
name: "IX_Equipment_Generation_SAPID",
table: "Equipment",
columns: new[] { "GenerationId", "SAPID" },
filter: "[SAPID] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "IX_Equipment_Generation_ZTag",
table: "Equipment",
columns: new[] { "GenerationId", "ZTag" },
filter: "[ZTag] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "UX_Equipment_Generation_LinePath",
table: "Equipment",
columns: new[] { "GenerationId", "UnsLineId", "Name" },
unique: true);
migrationBuilder.CreateIndex(
name: "UX_Equipment_Generation_LogicalId",
table: "Equipment",
columns: new[] { "GenerationId", "EquipmentId" },
unique: true,
filter: "[EquipmentId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "UX_Equipment_Generation_Uuid",
table: "Equipment",
columns: new[] { "GenerationId", "EquipmentUuid" },
unique: true);
migrationBuilder.CreateIndex(
name: "IX_ExternalIdReservation_Equipment",
table: "ExternalIdReservation",
column: "EquipmentUuid");
migrationBuilder.CreateIndex(
name: "UX_ExternalIdReservation_KindValue_Active",
table: "ExternalIdReservation",
columns: new[] { "Kind", "Value" },
unique: true,
filter: "[ReleasedAt] IS NULL");
migrationBuilder.CreateIndex(
name: "IX_Namespace_ClusterId",
table: "Namespace",
column: "ClusterId");
migrationBuilder.CreateIndex(
name: "IX_Namespace_Generation_Cluster",
table: "Namespace",
columns: new[] { "GenerationId", "ClusterId" });
migrationBuilder.CreateIndex(
name: "UX_Namespace_Generation_Cluster_Kind",
table: "Namespace",
columns: new[] { "GenerationId", "ClusterId", "Kind" },
unique: true);
migrationBuilder.CreateIndex(
name: "UX_Namespace_Generation_LogicalId",
table: "Namespace",
columns: new[] { "GenerationId", "NamespaceId" },
unique: true,
filter: "[NamespaceId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "UX_Namespace_Generation_LogicalId_Cluster",
table: "Namespace",
columns: new[] { "GenerationId", "NamespaceId", "ClusterId" },
unique: true,
filter: "[NamespaceId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "UX_Namespace_Generation_NamespaceUri",
table: "Namespace",
columns: new[] { "GenerationId", "NamespaceUri" },
unique: true);
migrationBuilder.CreateIndex(
name: "IX_NodeAcl_Generation_Cluster",
table: "NodeAcl",
columns: new[] { "GenerationId", "ClusterId" });
migrationBuilder.CreateIndex(
name: "IX_NodeAcl_Generation_Group",
table: "NodeAcl",
columns: new[] { "GenerationId", "LdapGroup" });
migrationBuilder.CreateIndex(
name: "IX_NodeAcl_Generation_Scope",
table: "NodeAcl",
columns: new[] { "GenerationId", "ScopeKind", "ScopeId" },
filter: "[ScopeId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "UX_NodeAcl_Generation_GroupScope",
table: "NodeAcl",
columns: new[] { "GenerationId", "ClusterId", "LdapGroup", "ScopeKind", "ScopeId" },
unique: true,
filter: "[ScopeId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "UX_NodeAcl_Generation_LogicalId",
table: "NodeAcl",
columns: new[] { "GenerationId", "NodeAclId" },
unique: true,
filter: "[NodeAclId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "IX_PollGroup_Generation_Driver",
table: "PollGroup",
columns: new[] { "GenerationId", "DriverInstanceId" });
migrationBuilder.CreateIndex(
name: "UX_PollGroup_Generation_LogicalId",
table: "PollGroup",
columns: new[] { "GenerationId", "PollGroupId" },
unique: true,
filter: "[PollGroupId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "IX_ServerCluster_Site",
table: "ServerCluster",
column: "Site");
migrationBuilder.CreateIndex(
name: "UX_ServerCluster_Name",
table: "ServerCluster",
column: "Name",
unique: true);
migrationBuilder.CreateIndex(
name: "IX_Tag_Generation_Driver_Device",
table: "Tag",
columns: new[] { "GenerationId", "DriverInstanceId", "DeviceId" });
migrationBuilder.CreateIndex(
name: "IX_Tag_Generation_Equipment",
table: "Tag",
columns: new[] { "GenerationId", "EquipmentId" },
filter: "[EquipmentId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "UX_Tag_Generation_EquipmentPath",
table: "Tag",
columns: new[] { "GenerationId", "EquipmentId", "Name" },
unique: true,
filter: "[EquipmentId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "UX_Tag_Generation_FolderPath",
table: "Tag",
columns: new[] { "GenerationId", "DriverInstanceId", "FolderPath", "Name" },
unique: true,
filter: "[EquipmentId] IS NULL");
migrationBuilder.CreateIndex(
name: "UX_Tag_Generation_LogicalId",
table: "Tag",
columns: new[] { "GenerationId", "TagId" },
unique: true,
filter: "[TagId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "IX_UnsArea_ClusterId",
table: "UnsArea",
column: "ClusterId");
migrationBuilder.CreateIndex(
name: "IX_UnsArea_Generation_Cluster",
table: "UnsArea",
columns: new[] { "GenerationId", "ClusterId" });
migrationBuilder.CreateIndex(
name: "UX_UnsArea_Generation_ClusterName",
table: "UnsArea",
columns: new[] { "GenerationId", "ClusterId", "Name" },
unique: true);
migrationBuilder.CreateIndex(
name: "UX_UnsArea_Generation_LogicalId",
table: "UnsArea",
columns: new[] { "GenerationId", "UnsAreaId" },
unique: true,
filter: "[UnsAreaId] IS NOT NULL");
migrationBuilder.CreateIndex(
name: "IX_UnsLine_Generation_Area",
table: "UnsLine",
columns: new[] { "GenerationId", "UnsAreaId" });
migrationBuilder.CreateIndex(
name: "UX_UnsLine_Generation_AreaName",
table: "UnsLine",
columns: new[] { "GenerationId", "UnsAreaId", "Name" },
unique: true);
migrationBuilder.CreateIndex(
name: "UX_UnsLine_Generation_LogicalId",
table: "UnsLine",
columns: new[] { "GenerationId", "UnsLineId" },
unique: true,
filter: "[UnsLineId] IS NOT NULL");
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropTable(
name: "ClusterNodeCredential");
migrationBuilder.DropTable(
name: "ClusterNodeGenerationState");
migrationBuilder.DropTable(
name: "ConfigAuditLog");
migrationBuilder.DropTable(
name: "Device");
migrationBuilder.DropTable(
name: "DriverInstance");
migrationBuilder.DropTable(
name: "Equipment");
migrationBuilder.DropTable(
name: "ExternalIdReservation");
migrationBuilder.DropTable(
name: "Namespace");
migrationBuilder.DropTable(
name: "NodeAcl");
migrationBuilder.DropTable(
name: "PollGroup");
migrationBuilder.DropTable(
name: "Tag");
migrationBuilder.DropTable(
name: "UnsArea");
migrationBuilder.DropTable(
name: "UnsLine");
migrationBuilder.DropTable(
name: "ClusterNode");
migrationBuilder.DropTable(
name: "ConfigGeneration");
migrationBuilder.DropTable(
name: "ServerCluster");
}
}
}

1208
src/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260417215224_StoredProcedures.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

473
src/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260417215224_StoredProcedures.cs Normal file
View File

@@ -0,0 +1,473 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace ZB.MOM.WW.OtOpcUa.Configuration.Migrations;
/// <summary>
/// Stored procedures per <c>config-db-schema.md §"Stored Procedures"</c>. All node + admin DB
/// access funnels through these — direct table writes are revoked in the AuthorizationGrants
/// migration that follows. CREATE OR ALTER style so procs version with the schema.
/// </summary>
public partial class StoredProcedures : Migration
{
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.Sql(Procs.GetCurrentGenerationForCluster);
migrationBuilder.Sql(Procs.GetGenerationContent);
migrationBuilder.Sql(Procs.RegisterNodeGenerationApplied);
migrationBuilder.Sql(Procs.ValidateDraft);
migrationBuilder.Sql(Procs.PublishGeneration);
migrationBuilder.Sql(Procs.RollbackToGeneration);
migrationBuilder.Sql(Procs.ComputeGenerationDiff);
migrationBuilder.Sql(Procs.ReleaseExternalIdReservation);
}
protected override void Down(MigrationBuilder migrationBuilder)
{
foreach (var name in new[]
{
"sp_ReleaseExternalIdReservation", "sp_ComputeGenerationDiff", "sp_RollbackToGeneration",
"sp_PublishGeneration", "sp_ValidateDraft", "sp_RegisterNodeGenerationApplied",
"sp_GetGenerationContent", "sp_GetCurrentGenerationForCluster",
})
{
migrationBuilder.Sql($"IF OBJECT_ID(N'dbo.{name}', N'P') IS NOT NULL DROP PROCEDURE dbo.{name};");
}
}
private static class Procs
{
public const string GetCurrentGenerationForCluster = @"
CREATE OR ALTER PROCEDURE dbo.sp_GetCurrentGenerationForCluster
@NodeId nvarchar(64),
@ClusterId nvarchar(64)
AS
BEGIN
SET NOCOUNT ON;
DECLARE @Caller nvarchar(128) = SUSER_SNAME();
IF NOT EXISTS (
SELECT 1 FROM dbo.ClusterNodeCredential
WHERE NodeId = @NodeId AND Value = @Caller AND Enabled = 1)
BEGIN
RAISERROR('Unauthorized: caller %s is not bound to NodeId %s', 16, 1, @Caller, @NodeId);
RETURN;
END
IF NOT EXISTS (
SELECT 1 FROM dbo.ClusterNode
WHERE NodeId = @NodeId AND ClusterId = @ClusterId AND Enabled = 1)
BEGIN
RAISERROR('Forbidden: NodeId %s does not belong to ClusterId %s', 16, 1, @NodeId, @ClusterId);
RETURN;
END
SELECT TOP 1 GenerationId, ClusterId, Status, PublishedAt, PublishedBy, Notes
FROM dbo.ConfigGeneration
WHERE ClusterId = @ClusterId AND Status = 'Published'
ORDER BY GenerationId DESC;
END
";
public const string GetGenerationContent = @"
CREATE OR ALTER PROCEDURE dbo.sp_GetGenerationContent
@NodeId nvarchar(64),
@GenerationId bigint
AS
BEGIN
SET NOCOUNT ON;
DECLARE @Caller nvarchar(128) = SUSER_SNAME();
DECLARE @ClusterId nvarchar(64);
SELECT @ClusterId = ClusterId FROM dbo.ConfigGeneration WHERE GenerationId = @GenerationId;
IF @ClusterId IS NULL
BEGIN
RAISERROR('GenerationId %I64d not found', 16, 1, @GenerationId);
RETURN;
END
IF NOT EXISTS (
SELECT 1
FROM dbo.ClusterNodeCredential c
JOIN dbo.ClusterNode n ON n.NodeId = c.NodeId
WHERE c.NodeId = @NodeId AND c.Value = @Caller AND c.Enabled = 1
AND n.ClusterId = @ClusterId AND n.Enabled = 1)
BEGIN
RAISERROR('Forbidden: caller %s not bound to a node in ClusterId %s', 16, 1, @Caller, @ClusterId);
RETURN;
END
SELECT * FROM dbo.Namespace WHERE GenerationId = @GenerationId;
SELECT * FROM dbo.UnsArea WHERE GenerationId = @GenerationId;
SELECT * FROM dbo.UnsLine WHERE GenerationId = @GenerationId;
SELECT * FROM dbo.DriverInstance WHERE GenerationId = @GenerationId;
SELECT * FROM dbo.Device WHERE GenerationId = @GenerationId;
SELECT * FROM dbo.Equipment WHERE GenerationId = @GenerationId;
SELECT * FROM dbo.PollGroup WHERE GenerationId = @GenerationId;
SELECT * FROM dbo.Tag WHERE GenerationId = @GenerationId;
SELECT * FROM dbo.NodeAcl WHERE GenerationId = @GenerationId;
END
";
public const string RegisterNodeGenerationApplied = @"
CREATE OR ALTER PROCEDURE dbo.sp_RegisterNodeGenerationApplied
@NodeId nvarchar(64),
@GenerationId bigint,
@Status nvarchar(16),
@Error nvarchar(max) = NULL
AS
BEGIN
SET NOCOUNT ON;
DECLARE @Caller nvarchar(128) = SUSER_SNAME();
IF NOT EXISTS (
SELECT 1 FROM dbo.ClusterNodeCredential
WHERE NodeId = @NodeId AND Value = @Caller AND Enabled = 1)
BEGIN
RAISERROR('Unauthorized: caller %s is not bound to NodeId %s', 16, 1, @Caller, @NodeId);
RETURN;
END
MERGE dbo.ClusterNodeGenerationState AS tgt
USING (SELECT @NodeId AS NodeId) AS src ON tgt.NodeId = src.NodeId
WHEN MATCHED THEN UPDATE SET
CurrentGenerationId = @GenerationId,
LastAppliedAt = SYSUTCDATETIME(),
LastAppliedStatus = @Status,
LastAppliedError = @Error,
LastSeenAt = SYSUTCDATETIME()
WHEN NOT MATCHED THEN INSERT
(NodeId, CurrentGenerationId, LastAppliedAt, LastAppliedStatus, LastAppliedError, LastSeenAt)
VALUES (@NodeId, @GenerationId, SYSUTCDATETIME(), @Status, @Error, SYSUTCDATETIME());
INSERT dbo.ConfigAuditLog (Principal, EventType, NodeId, GenerationId, DetailsJson)
VALUES (@Caller, 'NodeApplied', @NodeId, @GenerationId,
CONCAT('{""status"":""', @Status, '""}'));
END
";
public const string ValidateDraft = @"
CREATE OR ALTER PROCEDURE dbo.sp_ValidateDraft
@DraftGenerationId bigint
AS
BEGIN
SET NOCOUNT ON;
DECLARE @ClusterId nvarchar(64);
DECLARE @Status nvarchar(16);
SELECT @ClusterId = ClusterId, @Status = Status
FROM dbo.ConfigGeneration WHERE GenerationId = @DraftGenerationId;
IF @ClusterId IS NULL
BEGIN
RAISERROR('GenerationId %I64d not found', 16, 1, @DraftGenerationId);
RETURN;
END
IF @Status <> 'Draft'
BEGIN
RAISERROR('GenerationId %I64d is not in Draft status (current=%s)', 16, 1, @DraftGenerationId, @Status);
RETURN;
END
IF EXISTS (
SELECT 1 FROM dbo.Tag t
LEFT JOIN dbo.DriverInstance d ON d.GenerationId = t.GenerationId AND d.DriverInstanceId = t.DriverInstanceId
WHERE t.GenerationId = @DraftGenerationId AND d.DriverInstanceId IS NULL)
BEGIN
RAISERROR('Draft has tags with unresolved DriverInstanceId', 16, 1);
RETURN;
END
IF EXISTS (
SELECT 1 FROM dbo.Tag t
LEFT JOIN dbo.Device dv ON dv.GenerationId = t.GenerationId AND dv.DeviceId = t.DeviceId
WHERE t.GenerationId = @DraftGenerationId AND t.DeviceId IS NOT NULL AND dv.DeviceId IS NULL)
BEGIN
RAISERROR('Draft has tags with unresolved DeviceId', 16, 1);
RETURN;
END
IF EXISTS (
SELECT 1 FROM dbo.Tag t
LEFT JOIN dbo.PollGroup pg ON pg.GenerationId = t.GenerationId AND pg.PollGroupId = t.PollGroupId
WHERE t.GenerationId = @DraftGenerationId AND t.PollGroupId IS NOT NULL AND pg.PollGroupId IS NULL)
BEGIN
RAISERROR('Draft has tags with unresolved PollGroupId', 16, 1);
RETURN;
END
IF EXISTS (
SELECT 1
FROM dbo.DriverInstance di
JOIN dbo.Namespace ns ON ns.GenerationId = di.GenerationId AND ns.NamespaceId = di.NamespaceId
WHERE di.GenerationId = @DraftGenerationId
AND ns.ClusterId <> di.ClusterId)
BEGIN
INSERT dbo.ConfigAuditLog (Principal, EventType, ClusterId, GenerationId)
VALUES (SUSER_SNAME(), 'CrossClusterNamespaceAttempt', @ClusterId, @DraftGenerationId);
RAISERROR('BadCrossClusterNamespaceBinding: namespace and driver must belong to the same cluster', 16, 1);
RETURN;
END
IF EXISTS (
SELECT 1
FROM dbo.Equipment draft
JOIN dbo.Equipment prior
ON prior.EquipmentId = draft.EquipmentId
AND prior.EquipmentUuid <> draft.EquipmentUuid
AND prior.GenerationId <> draft.GenerationId
JOIN dbo.ConfigGeneration pg ON pg.GenerationId = prior.GenerationId
WHERE draft.GenerationId = @DraftGenerationId
AND pg.ClusterId = @ClusterId)
BEGIN
RAISERROR('EquipmentUuid immutability violated for an EquipmentId that existed in a prior generation', 16, 1);
RETURN;
END
IF EXISTS (
SELECT 1
FROM dbo.Equipment draft
JOIN dbo.ExternalIdReservation r
ON r.Kind = 'ZTag' AND r.Value = draft.ZTag AND r.ReleasedAt IS NULL
AND r.EquipmentUuid <> draft.EquipmentUuid
WHERE draft.GenerationId = @DraftGenerationId AND draft.ZTag IS NOT NULL)
BEGIN
RAISERROR('BadDuplicateExternalIdentifier: a ZTag in the draft is reserved by a different EquipmentUuid', 16, 1);
RETURN;
END
IF EXISTS (
SELECT 1
FROM dbo.Equipment draft
JOIN dbo.ExternalIdReservation r
ON r.Kind = 'SAPID' AND r.Value = draft.SAPID AND r.ReleasedAt IS NULL
AND r.EquipmentUuid <> draft.EquipmentUuid
WHERE draft.GenerationId = @DraftGenerationId AND draft.SAPID IS NOT NULL)
BEGIN
RAISERROR('BadDuplicateExternalIdentifier: a SAPID in the draft is reserved by a different EquipmentUuid', 16, 1);
RETURN;
END
END
";
public const string PublishGeneration = @"
CREATE OR ALTER PROCEDURE dbo.sp_PublishGeneration
@ClusterId nvarchar(64),
@DraftGenerationId bigint,
@Notes nvarchar(1024) = NULL
AS
BEGIN
SET NOCOUNT ON;
SET XACT_ABORT ON;
BEGIN TRANSACTION;
DECLARE @Lock nvarchar(255) = N'OtOpcUa_Publish_' + @ClusterId;
DECLARE @LockResult int;
EXEC @LockResult = sp_getapplock @Resource = @Lock, @LockMode = 'Exclusive', @LockTimeout = 0;
IF @LockResult < 0
BEGIN
RAISERROR('PublishConflict: another publish is in progress for cluster %s', 16, 1, @ClusterId);
ROLLBACK;
RETURN;
END
EXEC dbo.sp_ValidateDraft @DraftGenerationId = @DraftGenerationId;
MERGE dbo.ExternalIdReservation AS tgt
USING (
SELECT 'ZTag' AS Kind, ZTag AS Value, EquipmentUuid
FROM dbo.Equipment
WHERE GenerationId = @DraftGenerationId AND ZTag IS NOT NULL
UNION ALL
SELECT 'SAPID', SAPID, EquipmentUuid
FROM dbo.Equipment
WHERE GenerationId = @DraftGenerationId AND SAPID IS NOT NULL
) AS src
ON tgt.Kind = src.Kind AND tgt.Value = src.Value AND tgt.EquipmentUuid = src.EquipmentUuid
WHEN MATCHED THEN UPDATE SET LastPublishedAt = SYSUTCDATETIME()
WHEN NOT MATCHED BY TARGET THEN
INSERT (Kind, Value, EquipmentUuid, ClusterId, FirstPublishedBy, LastPublishedAt)
VALUES (src.Kind, src.Value, src.EquipmentUuid, @ClusterId, SUSER_SNAME(), SYSUTCDATETIME());
UPDATE dbo.ConfigGeneration
SET Status = 'Superseded'
WHERE ClusterId = @ClusterId AND Status = 'Published';
UPDATE dbo.ConfigGeneration
SET Status = 'Published',
PublishedAt = SYSUTCDATETIME(),
PublishedBy = SUSER_SNAME(),
Notes = ISNULL(@Notes, Notes)
WHERE GenerationId = @DraftGenerationId AND ClusterId = @ClusterId AND Status = 'Draft';
IF @@ROWCOUNT = 0
BEGIN
RAISERROR('Draft %I64d for cluster %s not found (was it already published?)', 16, 1, @DraftGenerationId, @ClusterId);
ROLLBACK;
RETURN;
END
INSERT dbo.ConfigAuditLog (Principal, EventType, ClusterId, GenerationId)
VALUES (SUSER_SNAME(), 'Published', @ClusterId, @DraftGenerationId);
COMMIT;
END
";
public const string RollbackToGeneration = @"
CREATE OR ALTER PROCEDURE dbo.sp_RollbackToGeneration
@ClusterId nvarchar(64),
@TargetGenerationId bigint,
@Notes nvarchar(1024) = NULL
AS
BEGIN
SET NOCOUNT ON;
SET XACT_ABORT ON;
BEGIN TRANSACTION;
IF NOT EXISTS (
SELECT 1 FROM dbo.ConfigGeneration
WHERE GenerationId = @TargetGenerationId AND ClusterId = @ClusterId
AND Status IN ('Published', 'Superseded'))
BEGIN
RAISERROR('Target generation %I64d not found or not rollback-eligible', 16, 1, @TargetGenerationId);
ROLLBACK; RETURN;
END
DECLARE @NewGenId bigint;
INSERT dbo.ConfigGeneration (ClusterId, Status, CreatedAt, CreatedBy, PublishedAt, PublishedBy, Notes)
VALUES (@ClusterId, 'Draft', SYSUTCDATETIME(), SUSER_SNAME(), NULL, NULL,
ISNULL(@Notes, CONCAT('Rollback clone of generation ', @TargetGenerationId)));
SET @NewGenId = SCOPE_IDENTITY();
INSERT dbo.Namespace (GenerationId, NamespaceId, ClusterId, Kind, NamespaceUri, Enabled, Notes)
SELECT @NewGenId, NamespaceId, ClusterId, Kind, NamespaceUri, Enabled, Notes FROM dbo.Namespace WHERE GenerationId = @TargetGenerationId;
INSERT dbo.UnsArea (GenerationId, UnsAreaId, ClusterId, Name, Notes)
SELECT @NewGenId, UnsAreaId, ClusterId, Name, Notes FROM dbo.UnsArea WHERE GenerationId = @TargetGenerationId;
INSERT dbo.UnsLine (GenerationId, UnsLineId, UnsAreaId, Name, Notes)
SELECT @NewGenId, UnsLineId, UnsAreaId, Name, Notes FROM dbo.UnsLine WHERE GenerationId = @TargetGenerationId;
INSERT dbo.DriverInstance (GenerationId, DriverInstanceId, ClusterId, NamespaceId, Name, DriverType, Enabled, DriverConfig)
SELECT @NewGenId, DriverInstanceId, ClusterId, NamespaceId, Name, DriverType, Enabled, DriverConfig FROM dbo.DriverInstance WHERE GenerationId = @TargetGenerationId;
INSERT dbo.Device (GenerationId, DeviceId, DriverInstanceId, Name, Enabled, DeviceConfig)
SELECT @NewGenId, DeviceId, DriverInstanceId, Name, Enabled, DeviceConfig FROM dbo.Device WHERE GenerationId = @TargetGenerationId;
INSERT dbo.Equipment (GenerationId, EquipmentId, EquipmentUuid, DriverInstanceId, DeviceId, UnsLineId, Name, MachineCode, ZTag, SAPID, Manufacturer, Model, SerialNumber, HardwareRevision, SoftwareRevision, YearOfConstruction, AssetLocation, ManufacturerUri, DeviceManualUri, EquipmentClassRef, Enabled)
SELECT @NewGenId, EquipmentId, EquipmentUuid, DriverInstanceId, DeviceId, UnsLineId, Name, MachineCode, ZTag, SAPID, Manufacturer, Model, SerialNumber, HardwareRevision, SoftwareRevision, YearOfConstruction, AssetLocation, ManufacturerUri, DeviceManualUri, EquipmentClassRef, Enabled FROM dbo.Equipment WHERE GenerationId = @TargetGenerationId;
INSERT dbo.PollGroup (GenerationId, PollGroupId, DriverInstanceId, Name, IntervalMs)
SELECT @NewGenId, PollGroupId, DriverInstanceId, Name, IntervalMs FROM dbo.PollGroup WHERE GenerationId = @TargetGenerationId;
INSERT dbo.Tag (GenerationId, TagId, DriverInstanceId, DeviceId, EquipmentId, Name, FolderPath, DataType, AccessLevel, WriteIdempotent, PollGroupId, TagConfig)
SELECT @NewGenId, TagId, DriverInstanceId, DeviceId, EquipmentId, Name, FolderPath, DataType, AccessLevel, WriteIdempotent, PollGroupId, TagConfig FROM dbo.Tag WHERE GenerationId = @TargetGenerationId;
INSERT dbo.NodeAcl (GenerationId, NodeAclId, ClusterId, LdapGroup, ScopeKind, ScopeId, PermissionFlags, Notes)
SELECT @NewGenId, NodeAclId, ClusterId, LdapGroup, ScopeKind, ScopeId, PermissionFlags, Notes FROM dbo.NodeAcl WHERE GenerationId = @TargetGenerationId;
EXEC dbo.sp_PublishGeneration @ClusterId = @ClusterId, @DraftGenerationId = @NewGenId, @Notes = @Notes;
INSERT dbo.ConfigAuditLog (Principal, EventType, ClusterId, GenerationId, DetailsJson)
VALUES (SUSER_SNAME(), 'RolledBack', @ClusterId, @NewGenId,
CONCAT('{""rolledBackTo"":', @TargetGenerationId, '}'));
COMMIT;
END
";
public const string ComputeGenerationDiff = @"
CREATE OR ALTER PROCEDURE dbo.sp_ComputeGenerationDiff
@FromGenerationId bigint,
@ToGenerationId bigint
AS
BEGIN
SET NOCOUNT ON;
CREATE TABLE #diff (TableName nvarchar(32), LogicalId nvarchar(64), ChangeKind nvarchar(16));
WITH f AS (SELECT NamespaceId AS LogicalId, CHECKSUM(NamespaceUri, Kind, Enabled, Notes) AS Sig FROM dbo.Namespace WHERE GenerationId = @FromGenerationId),
t AS (SELECT NamespaceId AS LogicalId, CHECKSUM(NamespaceUri, Kind, Enabled, Notes) AS Sig FROM dbo.Namespace WHERE GenerationId = @ToGenerationId)
INSERT #diff
SELECT 'Namespace', CONVERT(nvarchar(64), COALESCE(f.LogicalId, t.LogicalId)),
CASE WHEN f.LogicalId IS NULL THEN 'Added'
WHEN t.LogicalId IS NULL THEN 'Removed'
WHEN f.Sig <> t.Sig THEN 'Modified'
ELSE 'Unchanged' END
FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
WITH f AS (SELECT DriverInstanceId AS LogicalId, CHECKSUM(ClusterId, NamespaceId, Name, DriverType, Enabled, CONVERT(varchar(max), DriverConfig)) AS Sig FROM dbo.DriverInstance WHERE GenerationId = @FromGenerationId),
t AS (SELECT DriverInstanceId AS LogicalId, CHECKSUM(ClusterId, NamespaceId, Name, DriverType, Enabled, CONVERT(varchar(max), DriverConfig)) AS Sig FROM dbo.DriverInstance WHERE GenerationId = @ToGenerationId)
INSERT #diff
SELECT 'DriverInstance', CONVERT(nvarchar(64), COALESCE(f.LogicalId, t.LogicalId)),
CASE WHEN f.LogicalId IS NULL THEN 'Added'
WHEN t.LogicalId IS NULL THEN 'Removed'
WHEN f.Sig <> t.Sig THEN 'Modified'
ELSE 'Unchanged' END
FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
WITH f AS (SELECT EquipmentId AS LogicalId, CHECKSUM(EquipmentUuid, DriverInstanceId, UnsLineId, Name, MachineCode, ZTag, SAPID, EquipmentClassRef, Manufacturer, Model, SerialNumber) AS Sig FROM dbo.Equipment WHERE GenerationId = @FromGenerationId),
t AS (SELECT EquipmentId AS LogicalId, CHECKSUM(EquipmentUuid, DriverInstanceId, UnsLineId, Name, MachineCode, ZTag, SAPID, EquipmentClassRef, Manufacturer, Model, SerialNumber) AS Sig FROM dbo.Equipment WHERE GenerationId = @ToGenerationId)
INSERT #diff
SELECT 'Equipment', CONVERT(nvarchar(64), COALESCE(f.LogicalId, t.LogicalId)),
CASE WHEN f.LogicalId IS NULL THEN 'Added'
WHEN t.LogicalId IS NULL THEN 'Removed'
WHEN f.Sig <> t.Sig THEN 'Modified'
ELSE 'Unchanged' END
FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
WITH f AS (SELECT TagId AS LogicalId, CHECKSUM(DriverInstanceId, DeviceId, EquipmentId, PollGroupId, FolderPath, Name, DataType, AccessLevel, WriteIdempotent, CONVERT(varchar(max), TagConfig)) AS Sig FROM dbo.Tag WHERE GenerationId = @FromGenerationId),
t AS (SELECT TagId AS LogicalId, CHECKSUM(DriverInstanceId, DeviceId, EquipmentId, PollGroupId, FolderPath, Name, DataType, AccessLevel, WriteIdempotent, CONVERT(varchar(max), TagConfig)) AS Sig FROM dbo.Tag WHERE GenerationId = @ToGenerationId)
INSERT #diff
SELECT 'Tag', CONVERT(nvarchar(64), COALESCE(f.LogicalId, t.LogicalId)),
CASE WHEN f.LogicalId IS NULL THEN 'Added'
WHEN t.LogicalId IS NULL THEN 'Removed'
WHEN f.Sig <> t.Sig THEN 'Modified'
ELSE 'Unchanged' END
FROM f FULL OUTER JOIN t ON f.LogicalId = t.LogicalId
WHERE f.LogicalId IS NULL OR t.LogicalId IS NULL OR f.Sig <> t.Sig;
SELECT TableName, LogicalId, ChangeKind FROM #diff;
DROP TABLE #diff;
END
";
public const string ReleaseExternalIdReservation = @"
CREATE OR ALTER PROCEDURE dbo.sp_ReleaseExternalIdReservation
@Kind nvarchar(16),
@Value nvarchar(64),
@ReleaseReason nvarchar(512)
AS
BEGIN
SET NOCOUNT ON;
SET XACT_ABORT ON;
IF @ReleaseReason IS NULL OR LEN(@ReleaseReason) = 0
BEGIN
RAISERROR('ReleaseReason is required', 16, 1);
RETURN;
END
UPDATE dbo.ExternalIdReservation
SET ReleasedAt = SYSUTCDATETIME(),
ReleasedBy = SUSER_SNAME(),
ReleaseReason = @ReleaseReason
WHERE Kind = @Kind AND Value = @Value AND ReleasedAt IS NULL;
IF @@ROWCOUNT = 0
BEGIN
RAISERROR('No active reservation found for (%s, %s)', 16, 1, @Kind, @Value);
RETURN;
END
INSERT dbo.ConfigAuditLog (Principal, EventType, DetailsJson)
VALUES (SUSER_SNAME(), 'ExternalIdReleased',
CONCAT('{""kind"":""', @Kind, '"",""value"":""', @Value, '""}'));
END
";
}
}

1208
src/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260417220857_AuthorizationGrants.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

55
src/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/20260417220857_AuthorizationGrants.cs Normal file
View File

@@ -0,0 +1,55 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace ZB.MOM.WW.OtOpcUa.Configuration.Migrations;
/// <summary>
/// Creates the two DB roles per <c>config-db-schema.md §"Authorization Model"</c> and grants
/// EXECUTE on the appropriate stored procedures. Deliberately grants no direct table DML — all
/// writes funnel through the procs, which authenticate via <c>SUSER_SNAME()</c>.
/// Principals (SQL logins, gMSA users, cert-mapped users) are provisioned by the DBA outside
/// this migration and then added to one of the two roles.
/// </summary>
public partial class AuthorizationGrants : Migration
{
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.Sql(@"
IF DATABASE_PRINCIPAL_ID('OtOpcUaNode') IS NULL
CREATE ROLE OtOpcUaNode;
IF DATABASE_PRINCIPAL_ID('OtOpcUaAdmin') IS NULL
CREATE ROLE OtOpcUaAdmin;
");
migrationBuilder.Sql(@"
GRANT EXECUTE ON OBJECT::dbo.sp_GetCurrentGenerationForCluster TO OtOpcUaNode;
GRANT EXECUTE ON OBJECT::dbo.sp_GetGenerationContent TO OtOpcUaNode;
GRANT EXECUTE ON OBJECT::dbo.sp_RegisterNodeGenerationApplied TO OtOpcUaNode;
GRANT EXECUTE ON OBJECT::dbo.sp_GetCurrentGenerationForCluster TO OtOpcUaAdmin;
GRANT EXECUTE ON OBJECT::dbo.sp_GetGenerationContent TO OtOpcUaAdmin;
GRANT EXECUTE ON OBJECT::dbo.sp_ValidateDraft TO OtOpcUaAdmin;
GRANT EXECUTE ON OBJECT::dbo.sp_PublishGeneration TO OtOpcUaAdmin;
GRANT EXECUTE ON OBJECT::dbo.sp_RollbackToGeneration TO OtOpcUaAdmin;
GRANT EXECUTE ON OBJECT::dbo.sp_ComputeGenerationDiff TO OtOpcUaAdmin;
GRANT EXECUTE ON OBJECT::dbo.sp_ReleaseExternalIdReservation TO OtOpcUaAdmin;
DENY UPDATE, DELETE, INSERT ON SCHEMA::dbo TO OtOpcUaNode;
DENY UPDATE, DELETE, INSERT ON SCHEMA::dbo TO OtOpcUaAdmin;
DENY SELECT ON SCHEMA::dbo TO OtOpcUaNode;
-- Admins may SELECT for reporting views in the future — grant views explicitly, not the schema.
DENY SELECT ON SCHEMA::dbo TO OtOpcUaAdmin;
");
}
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.Sql(@"
IF DATABASE_PRINCIPAL_ID('OtOpcUaNode') IS NOT NULL
DROP ROLE OtOpcUaNode;
IF DATABASE_PRINCIPAL_ID('OtOpcUaAdmin') IS NOT NULL
DROP ROLE OtOpcUaAdmin;
");
}
}

1205
src/ZB.MOM.WW.OtOpcUa.Configuration/Migrations/OtOpcUaConfigDbContextModelSnapshot.cs Normal file
View File

File diff suppressed because it is too large Load Diff