dohertj2/lmxopcua
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(alarms): route inbound Part 9 alarm methods through AlarmAck gate (T18)

Browse Source 
Wire the materialised AlarmConditionState method handlers so a client calling
Acknowledge/Confirm/Shelve/AddComment is gated on the AlarmAck data-plane role
and, when allowed, routed back to the scripted-alarm engine via a new
`alarm-commands` DistributedPubSub topic.

- Commons: new AlarmCommand DTO (AlarmId/Operation/User/Comment/UnshelveAtUtc).
- ScriptedAlarmHostActor: add AlarmCommandsTopic const.
- OtOpcUaNodeManager: settable AlarmCommandRouter + wire OnAcknowledge/OnConfirm/
  OnAddComment/OnShelve/OnTimedUnshelve. Each resolves the principal off
  ISessionOperationContext.UserIdentity as RoleCarryingUserIdentity, fails closed
  (BadUserAccessDenied) when the AlarmAck role is absent or no identity, else maps
  + routes an AlarmCommand and returns Good. OnShelve discriminates OneShotShelve/
  TimedShelve/Unshelve from the SDK flags; TimedShelve expiry = UtcNow + ms.
  No Akka/IActorRef handle — only the Action<AlarmCommand> delegate. T20 de-dup
  note left; WriteAlarmCondition untouched.
- OpcUaServer.Security: OpcUaDataPlaneRoles.AlarmAck shared const (the role was a
  bare string everywhere; introduced one symbol for the gate + tests).
- OtOpcUaSdkServer: SetAlarmCommandRouter pass-through.
- Host: boot wiring publishes each command via mediator.Tell(Publish(...)) using a
  lazy ActorSystem accessor (mirrors DpsScriptLogPublisher).
- Tests: 11 new gate + mapping tests (OpcUaServer.Tests 88->99, all green).
This commit is contained in:
Joseph Doherty
2026-06-11 06:05:39 -04:00
parent ac5db0a9f8
commit 63289d377c
8 changed files with 584 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer/Security/OpcUaDataPlaneRoles.cs
+25
View File
@@ -0,0 +1,25 @@
namespace ZB.MOM.WW.OtOpcUa.OpcUaServer.Security;
/// <summary>
/// Canonical string constants for the OPC UA <b>data-plane</b> roles the LDAP group→role map
/// produces and <see cref="RoleCarryingUserIdentity.Roles"/> carries onto the session identity.
/// These are distinct from the control-plane <c>AdminRole</c> enum (Admin UI capabilities) — the
/// two planes share zero runtime code path by design.
/// <para>
/// Across the codebase these data-plane roles (<c>ReadOnly</c>, <c>WriteOperate</c>,
/// <c>WriteTune</c>, <c>WriteConfigure</c>, <c>AlarmAck</c>, …) are used as bare strings
/// (they originate as LDAP group names mapped through <c>RoleMapper</c>). T18 introduced this
/// single shared const for the one role the inbound alarm-method gate reads, so the gate and
/// its tests reference one symbol instead of a re-typed literal. Comparison is case-insensitive
/// (the role set is built with <see cref="System.StringComparer.OrdinalIgnoreCase"/>), so the
/// gate matches with that comparer too.
/// </para>
/// </summary>
public static class OpcUaDataPlaneRoles
{
/// <summary>The role that grants OPC UA Part 9 alarm acknowledge / confirm / shelve / comment
/// authority. A session must carry this role for the inbound alarm-condition method handlers to
/// route the command to the engine; absent it, the call is denied with
/// <c>BadUserAccessDenied</c>.</summary>
public const string AlarmAck = "AlarmAck";
}