From 897b06016ceb29408f1a06ed4783dfadecc1cc1a Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Wed, 3 Jun 2026 16:02:14 -0400 Subject: [PATCH] =?UTF-8?q?docs(audit):=20OpcUaClient-Test-Fixture.md=20?= =?UTF-8?q?=E2=80=94=20accuracy=20pass?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit STALE-STATUS (OpcPlcFixture.cs:39): - "What the fixture is": opc.tcp://localhost:50000 → opc.tcp://10.100.0.35:50000 (shared Docker host migrated 2026-04-28; fixture already defaults to 10.100.0.35) CODE-REALITY (OpcUaClientSmokeTests.cs — 3 integration tests open real Secure Channels): - "What it does NOT cover" §1 ("No UA Secure Channel is ever opened") was wrong for the integration suite which does open real channels. Rewritten to scope the no-Secure-Channel claim to the unit suite and list what the integration suite still doesn't exercise (non-anonymous security policies, signing/encryption, chunk assembly, keep-alive). - "When to trust" table: added Integration (opc-plc) column; noted that real OPC UA read + subscribe ARE covered by integration tests; write not yet exercised on wire. NOTE on IRediscoverable: OpcUaClientDriver does NOT implement IRediscoverable (verified: no reference in src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient/). Doc makes no such claim — no change needed for that aspect. INLINE COMPLETENESS: - "Key fixture / config files": added OpcPlcFixture.cs, OpcUaClientSmokeTests.cs, and Docker/docker-compose.yml entries with correct endpoints and flags. - Added explicit note in OpcUaClientDriver.cs entry: implements IAlarmSource + IHistoryProvider (unique among drivers); does NOT implement IRediscoverable. STRUCTURAL: no rows in links-report.md for this doc. VERIFY: check_links.py — 0 rows for OpcUaClient-Test-Fixture.md. --- docs/drivers/OpcUaClient-Test-Fixture.md | 45 ++++++++++++++++-------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/docs/drivers/OpcUaClient-Test-Fixture.md b/docs/drivers/OpcUaClient-Test-Fixture.md index a05b276d..c9aac37f 100644 --- a/docs/drivers/OpcUaClient-Test-Fixture.md +++ b/docs/drivers/OpcUaClient-Test-Fixture.md @@ -20,7 +20,8 @@ image (follow-up). **Integration layer** (task #215): `tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.IntegrationTests/` stands up `mcr.microsoft.com/iotedge/opc-plc:2.14.10` via `Docker/docker-compose.yml` -on `opc.tcp://localhost:50000`. `OpcPlcFixture` probes the port at +on `opc.tcp://10.100.0.35:50000` (the shared Docker host; override via +`OPCUA_SIM_ENDPOINT`). `OpcPlcFixture` probes the port at collection init + skips tests with a clear message when the container's not running (matches the Modbus/pymodbus + S7/python-snap7 skip pattern). Docker is the launcher — no PowerShell wrapper needed because opc-plc @@ -81,12 +82,15 @@ Capability surfaces whose contract is verified: `IDriver`, `ITagDiscovery`, ## What it does NOT cover -### 1. Real stack exchange +### 1. Full real-stack exchange (unit tests only) -No UA Secure Channel is ever opened. Every test mocks `Session.ReadAsync`, -`Session.CreateSubscription`, `Session.AddItem`, etc. — the SDK itself is -trusted. Certificate validation, signing, nonce handling, chunk assembly, -keep-alive cadence — all SDK-internal and untested here. +The **unit** suite mocks `Session.ReadAsync`, `Session.CreateSubscription`, +`Session.AddItem`, etc. — no UA Secure Channel is opened. The **integration** +suite (`OpcUaClientSmokeTests`, task #215) does open a real Secure Channel +against opc-plc and exercises Read + Subscribe end-to-end. What remains +untested even in the integration suite: certificate validation under +non-anonymous security policies, signing/encryption, nonce handling, chunk +assembly, keep-alive cadence — all SDK-internal. ### 2. Subscription transfer across reconnect @@ -124,14 +128,16 @@ ConditionType events (non-base `BaseEventType`) is not verified. ## When to trust OpcUaClient tests, when to reach for a server -| Question | Unit tests | Real upstream server | -| --- | --- | --- | -| "Does severity 750 bucket as High?" | yes | yes | -| "Does the driver call `TransferSubscriptions` after reconnect?" | yes | yes | -| "Does a real OPC UA read/write round-trip work?" | no | yes (required) | -| "Does event-filter-based alarm subscription return ConditionType events?" | no | yes (required) | -| "Does history read from AVEVA Historian return correct aggregates?" | no | yes (required) | -| "Does the SDK's publish queue lose notifications under load?" | no | yes (stress) | +| Question | Unit tests | Integration (opc-plc) | Real upstream server | +| --- | --- | --- | --- | +| "Does severity 750 bucket as High?" | yes | - | yes | +| "Does the driver call `TransferSubscriptions` after reconnect?" | yes | - | yes | +| "Does a real OPC UA read round-trip work?" | no | yes | yes | +| "Does a real OPC UA subscribe deliver changes?" | no | yes | yes | +| "Does write round-trip work against a live server?" | no | no (not yet exercised) | yes (required) | +| "Does event-filter-based alarm subscription return ConditionType events?" | no | no | yes (required) | +| "Does history read from AVEVA Historian return correct aggregates?" | no | no | yes (required) | +| "Does the SDK's publish queue lose notifications under load?" | no | no | yes (stress) | ## Follow-up candidates @@ -164,8 +170,17 @@ Beyond that: - `tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.Tests/` — unit tests with mocked `Session` +- `tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.IntegrationTests/OpcPlcFixture.cs` + — collection fixture; parses `OPCUA_SIM_ENDPOINT` (default + `opc.tcp://10.100.0.35:50000`), TCP-probes at collection init, records + `SkipReason` when unreachable +- `tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.IntegrationTests/OpcUaClientSmokeTests.cs` + — wire-level test suite (3 `[Fact]` methods: read, batch read, subscribe) +- `tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient.IntegrationTests/Docker/docker-compose.yml` + — `mcr.microsoft.com/iotedge/opc-plc:2.14.10` with `--ut --aa --alm --pn=50000` - `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.OpcUaClient/OpcUaClientDriver.cs` — ctor + - session-factory seam tests mock through + session-factory seam tests mock through; implements `IAlarmSource` + + `IHistoryProvider` (unique among drivers); does NOT implement `IRediscoverable` - `tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests/DualEndpointTests.cs` — the v2 dual-endpoint integration harness a future loopback client test could piggyback on (v1 `OpcUaServerIntegrationTests.cs` retired with the v1 server project)