feat(adminui): IAuditWriter adapter + cert-action audit-event factory

tests/Server/ZB.MOM.WW.OtOpcUa.AdminUI.Tests/Audit/CertAuditEventsTests.cs

@@ -0,0 +1,108 @@
+using Shouldly;
+using Xunit;
+using ZB.MOM.WW.Audit;
+using ZB.MOM.WW.OtOpcUa.AdminUI.Audit;
+
+namespace ZB.MOM.WW.OtOpcUa.AdminUI.Tests.Audit;
+
+/// <summary>
+///     Unit tests for <see cref="CertAuditEvents" />, the pure factory that maps a certificate
+///     trust/untrust/delete action into a canonical <see cref="AuditEvent" />.
+/// </summary>
+public sealed class CertAuditEventsTests
+{
+    private const string Thumb = "AABBCCDDEEFF00112233445566778899AABBCCDD";
+
+    /// <summary>A successful Trust maps Category/Action/SourceNode/Actor and Success, with the
+    /// thumbprint carried in the details payload.</summary>
+    [Fact]
+    public void Build_trust_success_maps_core_fields()
+    {
+        var evt = CertAuditEvents.Build("Trust", "rejected→trusted", Thumb, "alice", success: true, error: null);
+
+        evt.Category.ShouldBe("Certificate");
+        evt.Action.ShouldBe("Trust");
+        evt.SourceNode.ShouldBe(Thumb);
+        evt.Actor.ShouldBe("alice");
+        evt.Outcome.ShouldBe(AuditOutcome.Success);
+        evt.EventId.ShouldNotBe(Guid.Empty);
+        evt.DetailsJson.ShouldNotBeNull();
+        evt.DetailsJson!.ShouldContain(Thumb);
+    }
+
+    /// <summary>A successful Untrust carries the Untrust action and Success outcome.</summary>
+    [Fact]
+    public void Build_untrust_success_maps_action_and_outcome()
+    {
+        var evt = CertAuditEvents.Build("Untrust", "trusted", Thumb, "bob", success: true, error: null);
+
+        evt.Action.ShouldBe("Untrust");
+        evt.Outcome.ShouldBe(AuditOutcome.Success);
+        evt.DetailsJson!.ShouldContain(Thumb);
+    }
+
+    /// <summary>A successful Delete carries the Delete action and Success outcome.</summary>
+    [Fact]
+    public void Build_delete_success_maps_action_and_outcome()
+    {
+        var evt = CertAuditEvents.Build("Delete", "rejected", Thumb, "carol", success: true, error: null);
+
+        evt.Action.ShouldBe("Delete");
+        evt.Outcome.ShouldBe(AuditOutcome.Success);
+    }
+
+    /// <summary>A failed Trust maps the Failure outcome and surfaces the error text in the details
+    /// payload.</summary>
+    [Fact]
+    public void Build_trust_failure_maps_failure_and_carries_error()
+    {
+        var evt = CertAuditEvents.Build(
+            "Trust", "rejected", Thumb, "alice", success: false, error: "certificate not found in rejected");
+
+        evt.Action.ShouldBe("Trust");
+        evt.Outcome.ShouldBe(AuditOutcome.Failure);
+        evt.DetailsJson!.ShouldContain("certificate not found in rejected");
+    }
+
+    /// <summary>A failed Delete maps the Failure outcome.</summary>
+    [Fact]
+    public void Build_delete_failure_maps_failure()
+    {
+        var evt = CertAuditEvents.Build(
+            "Delete", "rejected", Thumb, "dave", success: false, error: "delete failed: access denied");
+
+        evt.Action.ShouldBe("Delete");
+        evt.Outcome.ShouldBe(AuditOutcome.Failure);
+        evt.DetailsJson!.ShouldContain("delete failed: access denied");
+    }
+
+    /// <summary>A failed Untrust maps the Failure outcome.</summary>
+    [Fact]
+    public void Build_untrust_failure_maps_failure()
+    {
+        var evt = CertAuditEvents.Build(
+            "Untrust", "trusted", Thumb, "erin", success: false, error: "store write failed");
+
+        evt.Action.ShouldBe("Untrust");
+        evt.Outcome.ShouldBe(AuditOutcome.Failure);
+        evt.DetailsJson!.ShouldContain("store write failed");
+    }
+
+    /// <summary>On success the error text is omitted from the details payload (it serializes null).</summary>
+    [Fact]
+    public void Build_success_omits_error_text()
+    {
+        var evt = CertAuditEvents.Build("Trust", "rejected", Thumb, "alice", success: true, error: "ignored");
+
+        evt.DetailsJson!.ShouldNotContain("ignored");
+    }
+
+    /// <summary>The public Category constant matches the value stamped onto built events.</summary>
+    [Fact]
+    public void Category_constant_matches_built_event()
+    {
+        CertAuditEvents.Category.ShouldBe("Certificate");
+        CertAuditEvents.Build("Trust", "s", Thumb, "a", success: true, error: null).Category
+            .ShouldBe(CertAuditEvents.Category);
+    }
+}