feat(audit): OtOpcUa IAuditActorAccessor seam + HTTP impl (audit Actor from Auth principal) (Phase 3)
v2-ci / build (push) Failing after 40s
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests) (push) Has been skipped
v2-ci / build (push) Failing after 40s
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests) (push) Has been skipped
Introduces the IAuditActorAccessor seam and HttpAuditActorAccessor impl so the ZB.MOM.WW.Audit.AuditEvent Actor field can be sourced from the authenticated Blazor cookie principal (ZbClaimTypes.Username) when structured emitters are added. Adds the AuditActor.Resolve static helper (accessor value → SystemFallback/"system") as the canonical pattern for future emit sites. Wires DI in AddOtOpcUaAuth (TryAddScoped) with AddHttpContextAccessor(). The structured AuditEvent path remains DORMANT — no live emit sites exist; seam is forward-looking. SP-based audit path left untouched. 9 new unit tests all green; Security (54) and ControlPlane (45) test suites fully pass.
This commit is contained in:
Joseph Doherty
@@ -0,0 +1,30 @@
|
||||
namespace ZB.MOM.WW.OtOpcUa.Security.Audit;
|
||||
|
||||
/// <summary>
|
||||
/// Resolves the current HTTP principal's actor string for inclusion in a canonical
|
||||
/// <c>ZB.MOM.WW.Audit.AuditEvent</c> as the <c>Actor</c> field.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// The seam abstracts the identity source so that:
|
||||
/// <list type="bullet">
|
||||
/// <item>production code uses <see cref="HttpAuditActorAccessor"/> (reads the
|
||||
/// authenticated Blazor cookie principal from <c>IHttpContextAccessor</c>); and</item>
|
||||
/// <item>unit tests or non-HTTP contexts can substitute a stub or return
|
||||
/// <see langword="null"/> (which triggers the <c>"system"</c> fallback in
|
||||
/// <see cref="AuditActor.Resolve"/>).</item>
|
||||
/// </list>
|
||||
/// <para>
|
||||
/// <b>Note:</b> OtOpcUa has no live structured <c>AuditEvent</c> emit sites as of Phase 3
|
||||
/// (all production audit flows through the bespoke stored-procedure path). This seam is
|
||||
/// forward-looking — wired and tested so that future emit sites can call
|
||||
/// <see cref="AuditActor.Resolve"/> and get the Auth principal automatically.
|
||||
/// </para>
|
||||
/// </remarks>
|
||||
public interface IAuditActorAccessor
|
||||
{
|
||||
/// <summary>
|
||||
/// Returns the authenticated principal's actor string, or <see langword="null"/> when
|
||||
/// there is no current HTTP context or the user is not authenticated.
|
||||
/// </summary>
|
||||
string? CurrentActor { get; }
|
||||
}
|
||||
Reference in New Issue
Block a user