feat(historian-gateway): reshape ServerHistorianOptions to gateway form (Endpoint/ApiKey/Tls)

Claude-Session: https://claude.ai/code/session_012SDSQ3AcaXqPcBtDESBRii

tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests/Historian/AddServerHistorianTests.cs

@@ -104,9 +104,8 @@ public sealed class AddServerHistorianTests
         var config = ConfigFrom(new Dictionary<string, string?>
         {
             ["ServerHistorian:Enabled"] = "true",
-            ["ServerHistorian:Host"] = "historian.example.com",
-            ["ServerHistorian:Port"] = "32569",
-            ["ServerHistorian:SharedSecret"] = "s",
+            ["ServerHistorian:Endpoint"] = "https://historian.example.com:5222",
+            ["ServerHistorian:ApiKey"] = "histgw_x_y",
         });
 
         services.AddServerHistorian(config, (_, _) => new FakeHistorianDataSource());
@@ -126,11 +125,10 @@ public sealed class AddServerHistorianTests
         var config = ConfigFrom(new Dictionary<string, string?>
         {
             ["ServerHistorian:Enabled"] = "true",
-            ["ServerHistorian:Host"] = "historian.example.com",
-            ["ServerHistorian:Port"] = "12345",
+            ["ServerHistorian:Endpoint"] = "https://historian.example.com:5222",
+            ["ServerHistorian:ApiKey"] = "histgw_x_y",
             ["ServerHistorian:UseTls"] = "true",
-            ["ServerHistorian:ServerCertThumbprint"] = "AABBCCDDEEFF",
-            ["ServerHistorian:SharedSecret"] = "s",
+            ["ServerHistorian:CaCertificatePath"] = "/etc/ssl/gateway-ca.pem",
         });
 
         services.AddServerHistorian(config, (opts, _) =>
@@ -143,55 +141,29 @@ public sealed class AddServerHistorianTests
         _ = provider.GetRequiredService<IHistorianDataSource>();
 
         seen.ShouldNotBeNull();
-        seen.Host.ShouldBe("historian.example.com");
-        seen.Port.ShouldBe(12345);
+        seen.Endpoint.ShouldBe("https://historian.example.com:5222");
+        seen.ApiKey.ShouldBe("histgw_x_y");
         seen.UseTls.ShouldBeTrue();
-        seen.ServerCertThumbprint.ShouldBe("AABBCCDDEEFF");
+        seen.CaCertificatePath.ShouldBe("/etc/ssl/gateway-ca.pem");
     }
 
     [Fact]
-    public void Validate_warns_on_empty_shared_secret_when_enabled()
-    {
-        var opts = new ServerHistorianOptions { Enabled = true, SharedSecret = "", Port = 32569 };
-        opts.Validate().ShouldContain(w => w.Contains("SharedSecret"));
-    }
-
-    [Fact]
-    public void Validate_warns_on_non_positive_port_when_enabled()
-    {
-        var opts = new ServerHistorianOptions { Enabled = true, SharedSecret = "s", Port = 0 };
-        opts.Validate().ShouldContain(w => w.Contains("Port"));
-    }
-
-    [Fact]
-    public void Validate_is_silent_when_correctly_configured()
-    {
-        new ServerHistorianOptions { Enabled = true, SharedSecret = "s", Port = 32569 }.Validate().ShouldBeEmpty();
-    }
-
-    [Fact]
-    public void Validate_is_silent_when_disabled()
-    {
-        new ServerHistorianOptions { Enabled = false, SharedSecret = "", Port = 0 }.Validate().ShouldBeEmpty();
-    }
-
-    [Fact]
-    public void Section_binds_host_port_tls_fields()
+    public void Section_binds_endpoint_apikey_tls_fields()
     {
         var config = ConfigFrom(new Dictionary<string, string?>
         {
-            ["ServerHistorian:Host"] = "historian.example.com",
-            ["ServerHistorian:Port"] = "12345",
+            ["ServerHistorian:Endpoint"] = "https://historian.example.com:5222",
+            ["ServerHistorian:ApiKey"] = "histgw_x_y",
             ["ServerHistorian:UseTls"] = "true",
-            ["ServerHistorian:ServerCertThumbprint"] = "AABBCCDDEEFF",
+            ["ServerHistorian:CaCertificatePath"] = "/etc/ssl/gateway-ca.pem",
         });
 
         var opts = config.GetSection(ServerHistorianOptions.SectionName).Get<ServerHistorianOptions>();
 
         opts.ShouldNotBeNull();
-        opts.Host.ShouldBe("historian.example.com");
-        opts.Port.ShouldBe(12345);
+        opts.Endpoint.ShouldBe("https://historian.example.com:5222");
+        opts.ApiKey.ShouldBe("histgw_x_y");
         opts.UseTls.ShouldBeTrue();
-        opts.ServerCertThumbprint.ShouldBe("AABBCCDDEEFF");
+        opts.CaCertificatePath.ShouldBe("/etc/ssl/gateway-ca.pem");
     }
 }

tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests/Historian/ServerHistorianOptionsTests.cs

@@ -0,0 +1,34 @@
+using Xunit;
+using ZB.MOM.WW.OtOpcUa.Runtime.Historian;
+
+namespace ZB.MOM.WW.OtOpcUa.Runtime.Tests.Historian;
+
+/// <summary>
+///     Covers the gateway-shaped <see cref="ServerHistorianOptions.Validate"/> warnings: a disabled or
+///     correctly-configured historian is silent; an enabled one with a blank <c>Endpoint</c> or blank
+///     <c>ApiKey</c> surfaces an operator-facing warning (carrying no secret value text).
+/// </summary>
+public sealed class ServerHistorianOptionsTests
+{
+    [Fact]
+    public void Disabled_yields_no_warnings()
+        => Assert.Empty(new ServerHistorianOptions { Enabled = false }.Validate());
+
+    [Fact]
+    public void Enabled_without_endpoint_warns()
+    {
+        var w = new ServerHistorianOptions { Enabled = true, Endpoint = "", ApiKey = "histgw_x_y" }.Validate();
+        Assert.Contains(w, m => m.Contains("Endpoint"));
+    }
+
+    [Fact]
+    public void Enabled_without_apikey_warns()
+    {
+        var w = new ServerHistorianOptions { Enabled = true, Endpoint = "https://h:5222", ApiKey = "" }.Validate();
+        Assert.Contains(w, m => m.Contains("ApiKey"));
+    }
+
+    [Fact]
+    public void Valid_config_is_clean()
+        => Assert.Empty(new ServerHistorianOptions { Enabled = true, Endpoint = "https://h:5222", ApiKey = "histgw_x_y" }.Validate());
+}