fix(server): resolve Low code-review findings (Server-004,006,008,012,014,015)

- Server-004: pass the role-derived display name to UserIdentity's base ctor (the SDK's DisplayName has no public setter) and drop the dead Display property; make RoleBasedIdentity internal sealed. - Server-006: derive a bounded CancellationToken from the SDK's OperationContext.OperationDeadline in OnReadValue / OnWriteValue so a stalled driver call can no longer pin the request thread. - Server-008: mark handled slots via CallMethodRequest.Processed = true in RouteScriptedAlarmMethodCalls (the SDK skips on Processed, not on a Good error slot). - Server-012: PeerHttpProbeLoop.ProbeAsync stops mutating client.Timeout per call; uses a per-request CancellationTokenSource linked to the shutdown token instead. - Server-014: wire SealedBootstrap into Program.cs via AddSealedBootstrap + OpcUaServerService so the generation-sealed cache + stale-config flag + resilient reader actually run; /healthz now reflects cache-fallback state. - Server-015: replace the stale 'PR 16 / PR 17 minimum-viable scope' class summaries on OtOpcUaServer and OpcUaServerOptions with the shipped LDAP + anonymous-role + configurable security-profile prose. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 07:24:20 -04:00
parent 2b33b64a58
commit 6134050ceb
14 changed files with 698 additions and 40 deletions
--- a/tests/Server/ZB.MOM.WW.OtOpcUa.Server.Tests/PeerHttpProbeLoopTests.cs
+++ b/tests/Server/ZB.MOM.WW.OtOpcUa.Server.Tests/PeerHttpProbeLoopTests.cs
@@ -115,6 +115,34 @@ public sealed class PeerHttpProbeLoopTests : IDisposable
        tracker.Get("B").HttpHealthy.ShouldBeFalse();
    }

+    [Fact]
+    public async Task Tick_does_not_mutate_factory_vended_client_Timeout()
+    {
+        // Server-012: timeouts belong on the named-client registration or a per-request CTS,
+        // NOT on a factory-vended HttpClient (which IHttpClientFactory may pool/recycle).
+        // Mutating client.Timeout per tick is at minimum a bad smell and races with
+        // IHttpClientFactory's lifecycle expectations.
+        var coordinator = await SeedAndInitializeAsync("A",
+            ("A", RedundancyRole.Primary, "urn:A"),
+            ("B", RedundancyRole.Secondary, "urn:B"));
+        var tracker = new PeerReachabilityTracker();
+        var factoryInitialTimeout = TimeSpan.FromMinutes(2);
+        var factory = new RecordingHttpClientFactory(
+            _ => new HttpResponseMessage(HttpStatusCode.OK),
+            factoryInitialTimeout);
+
+        var loop = new PeerHttpProbeLoop(coordinator, tracker, factory, NullLogger<PeerHttpProbeLoop>.Instance,
+            options: new PeerProbeOptions { HttpProbeTimeout = TimeSpan.FromSeconds(3) });
+
+        await loop.TickAsync(CancellationToken.None);
+
+        factory.LastCreatedClient.ShouldNotBeNull();
+        factory.LastCreatedClient.Timeout.ShouldBe(factoryInitialTimeout,
+            "the probe loop must not mutate the factory-vended HttpClient's Timeout — "
+            + "per-call timeout should be enforced via a CancellationToken or via "
+            + "AddHttpClient.ConfigureHttpClient on the named registration.");
+    }
+
    // ---- fixture helpers ---------------------------------------------------

    private async Task<RedundancyCoordinator> SeedAndInitializeAsync(string selfNodeId, params (string id, RedundancyRole role, string appUri)[] nodes)
@@ -158,4 +186,30 @@ public sealed class PeerHttpProbeLoopTests : IDisposable
                => Task.FromResult(respond(request));
        }
    }
+
+    /// <summary>
+    ///     Server-012 — captures the most-recently-vended <see cref="HttpClient"/> so the
+    ///     test can assert the probe loop didn't mutate its <see cref="HttpClient.Timeout"/>.
+    /// </summary>
+    private sealed class RecordingHttpClientFactory(
+        Func<HttpRequestMessage, HttpResponseMessage> respond,
+        TimeSpan initialTimeout) : IHttpClientFactory
+    {
+        public HttpClient? LastCreatedClient { get; private set; }
+        public HttpClient CreateClient(string name)
+        {
+            var client = new HttpClient(new RecordingHandler(respond), disposeHandler: true)
+            {
+                Timeout = initialTimeout,
+            };
+            LastCreatedClient = client;
+            return client;
+        }
+
+        private sealed class RecordingHandler(Func<HttpRequestMessage, HttpResponseMessage> respond) : HttpMessageHandler
+        {
+            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
+                => Task.FromResult(respond(request));
+        }
+    }
 }