dohertj2/lmxopcua
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Phase 2 — port MXAccess COM client to Galaxy.Host + MxAccessGalaxyBackend (3rd IGalaxyBackend) + live MXAccess smoke + Phase 2 exit-gate doc + adversarial review. The full Galaxy data-plane now flows through the v2 IPC topology end-to-end against live ArchestrA.MxAccess.dll, on this dev box, with 30/30 Host tests + 9/9 Proxy tests + 963/963 solution tests passing alongside the unchanged 494 v1 IntegrationTests baseline. Backend/MxAccess/Vtq is a focused port of v1's Vtq value-timestamp-quality DTO. Backend/MxAccess/IMxProxy abstracts LMXProxyServer (port of v1's IMxProxy with the same Register/Unregister/AddItem/RemoveItem/AdviseSupervisory/UnAdviseSupervisory/Write surface + OnDataChange + OnWriteComplete events); MxProxyAdapter is the concrete COM-backed implementation that does Marshal.ReleaseComObject-loop on Unregister, must be constructed on an STA thread. Backend/MxAccess/MxAccessClient is the focused port of v1's MxAccessClient partials — Connect/Disconnect/Read/Write/Subscribe/Unsubscribe through the new Sta/StaPump (the real Win32 GetMessage pump from the previous commit), ConcurrentDictionary handle tracking, OnDataChange event marshalling to per-tag callbacks, ReadAsync implemented as the canonical subscribe → first-OnDataChange → unsubscribe one-shot pattern. Galaxy.Host csproj flipped to x86 PlatformTarget + Prefer32Bit=true with the ArchestrA.MxAccess HintPath ..\..\lib\ArchestrA.MxAccess.dll reference (lib/ already contains the production DLL). Backend/MxAccessGalaxyBackend is the third IGalaxyBackend implementation (alongside StubGalaxyBackend and DbBackedGalaxyBackend): combines GalaxyRepository (Discover) with MxAccessClient (Read/Write/Subscribe), MessagePack-deserializes inbound write values, MessagePack-serializes outbound read values into ValueBytes, decodes ArrayDimension/SecurityClassification/category_id with the same v1 mapping. Program.cs selects between stub|db|mxaccess via OTOPCUA_GALAXY_BACKEND env var (default = mxaccess); OTOPCUA_GALAXY_ZB_CONN overrides the ZB connection string; OTOPCUA_GALAXY_CLIENT_NAME sets the Wonderware client identity; the StaPump and MxAccessClient lifecycles are tied to the server.RunAsync try/finally so a clean Ctrl+C tears down the COM proxy via Marshal.ReleaseComObject before the pump's WM_QUIT. Live MXAccess smoke tests (MxAccessLiveSmokeTests, net48 x86) — skipped when ZB unreachable or aaBootstrap not running, otherwise verify (1) MxAccessClient.ConnectAsync returns a positive LMXProxyServer handle on the StaPump, (2) MxAccessGalaxyBackend.OpenSession + Discover returns at least one gobject with attributes, (3) MxAccessGalaxyBackend.ReadValues against the first discovered attribute returns a response with the correct TagReference shape (value + quality vary by what's running, so we don't assert specific values). All 3 pass on this dev box. EndToEndIpcTests + IpcHandshakeIntegrationTests moved from Galaxy.Proxy.Tests (net10) to Galaxy.Host.Tests (net48 x86) — the previous test placement silently dropped them at xUnit discovery because Host became net48 x86 and net10 process can't load it. Rewritten to use Shared's FrameReader/FrameWriter directly instead of going through Proxy's GalaxyIpcClient (functionally equivalent — same wire protocol, framing primitives + dispatcher are the production code path verbatim). 7 IPC tests now run cleanly: Hello+heartbeat round-trip, wrong-secret rejection, OpenSession session-id assignment, Discover error-response surfacing, WriteValues per-tag bad status, Subscribe id assignment, Recycle grace window. Phase 2 exit-gate doc (docs/v2/implementation/exit-gate-phase-2.md) supersedes the partial-exit doc with the as-built state — Streams A/B/C complete; D/E gated only on the legacy-Host removal + parity-test rewrite cycle that fundamentally requires multi-day debug iteration; full adversarial-review section ranking 8 findings (2 high, 3 medium, 3 low) all explicitly deferred to Stream D/E or v2.1 with rationale; Stream-D removal checklist gives the next-session entry point with two policy options for the 494 v1 tests (rewrite-to-use-Proxy vs archive-and-write-smaller-v2-parity-suite). Cannot one-shot Stream D.1 in any single session because deleting OtOpcUa.Host requires the v1 IntegrationTests cycle to be retargeted first; that's the structural blocker, not "needs more code" — and the plan itself budgets 3-4 weeks for it.

Browse Source 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
2026-04-18 00:23:24 -04:00
parent 549cd36662
commit a7126ba953
14 changed files with 1176 additions and 290 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
tests/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Proxy.Tests/EndToEndIpcTests.cs
View File

@@ -1,191 +0,0 @@
using System.Security.Principal;
using Serilog;
using Serilog.Core;
using Shouldly;
using Xunit;
using ZB.MOM.WW.OtOpcUa.Core.Abstractions;
using ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Host.Backend;
using ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Host.Ipc;
using ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Shared.Contracts;
namespace ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Proxy.Tests;
/// <summary>
/// Drives every <see cref="MessageKind"/> through the full IPC stack — Host
/// <see cref="GalaxyFrameHandler"/> backed by <see cref="StubGalaxyBackend"/> on one end,
/// <see cref="GalaxyProxyDriver"/> on the other — to prove the wire protocol, dispatcher,
/// and capability forwarding agree end-to-end. The "stub backend" replies with success for
/// lifecycle/subscribe/recycle and a recognizable "not-implemented" error for the data-plane
/// calls that need the deferred MXAccess lift; the test asserts both shapes.
/// </summary>
[Trait("Category", "Integration")]
public sealed class EndToEndIpcTests
{
private static bool IsAdministrator()
{
if (!OperatingSystem.IsWindows()) return false;
using var identity = WindowsIdentity.GetCurrent();
return new WindowsPrincipal(identity).IsInRole(WindowsBuiltInRole.Administrator);
}
private static (string Pipe, string Secret, SecurityIdentifier Sid) MakeIpcParams() =>
($"OtOpcUaGalaxyE2E-{Guid.NewGuid():N}",
"e2e-secret",
WindowsIdentity.GetCurrent().User!);
private static async Task<(GalaxyProxyDriver Driver, CancellationTokenSource Cts, Task ServerTask, PipeServer Server)>
StartStackAsync()
{
var (pipe, secret, sid) = MakeIpcParams();
Logger log = new LoggerConfiguration().CreateLogger();
var cts = new CancellationTokenSource(TimeSpan.FromSeconds(15));
var server = new PipeServer(pipe, sid, secret, log);
var backend = new StubGalaxyBackend();
var handler = new GalaxyFrameHandler(backend, log);
var serverTask = Task.Run(() => server.RunAsync(handler, cts.Token));
var driver = new GalaxyProxyDriver(new GalaxyProxyOptions
{
DriverInstanceId = "gal-e2e",
PipeName = pipe,
SharedSecret = secret,
ConnectTimeout = TimeSpan.FromSeconds(5),
});
await driver.InitializeAsync(driverConfigJson: "{}", cts.Token);
return (driver, cts, serverTask, server);
}
[Fact]
public async Task Initialize_succeeds_via_OpenSession_and_health_goes_Healthy()
{
if (!OperatingSystem.IsWindows() || IsAdministrator()) return;
var (driver, cts, serverTask, server) = await StartStackAsync();
try
{
driver.GetHealth().State.ShouldBe(DriverState.Healthy);
}
finally
{
await driver.ShutdownAsync(CancellationToken.None);
cts.Cancel();
try { await serverTask; } catch { /* shutdown */ }
server.Dispose();
driver.Dispose();
}
}
[Fact]
public async Task Read_returns_Bad_status_for_each_requested_reference_until_backend_lifted()
{
if (!OperatingSystem.IsWindows() || IsAdministrator()) return;
var (driver, cts, serverTask, server) = await StartStackAsync();
try
{
// Stub backend currently fails the whole batch with a "not-implemented" error;
// the driver surfaces this as InvalidOperationException with the error text.
var ex = await Should.ThrowAsync<InvalidOperationException>(() =>
driver.ReadAsync(["TagA", "TagB"], cts.Token));
ex.Message.ShouldContain("MXAccess code lift pending");
}
finally
{
await driver.ShutdownAsync(CancellationToken.None);
cts.Cancel();
try { await serverTask; } catch { }
server.Dispose();
driver.Dispose();
}
}
[Fact]
public async Task Write_returns_per_tag_BadInternalError_status_until_backend_lifted()
{
if (!OperatingSystem.IsWindows() || IsAdministrator()) return;
var (driver, cts, serverTask, server) = await StartStackAsync();
try
{
// Stub backend's WriteValuesAsync returns a per-tag bad status — the proxy
// surfaces those without throwing.
var results = await driver.WriteAsync([new WriteRequest("TagA", 42)], cts.Token);
results.Count.ShouldBe(1);
results[0].StatusCode.ShouldBe(0x80020000u); // Bad_InternalError
}
finally
{
await driver.ShutdownAsync(CancellationToken.None);
cts.Cancel();
try { await serverTask; } catch { }
server.Dispose();
driver.Dispose();
}
}
[Fact]
public async Task Subscribe_returns_handle_then_Unsubscribe_closes_cleanly()
{
if (!OperatingSystem.IsWindows() || IsAdministrator()) return;
var (driver, cts, serverTask, server) = await StartStackAsync();
try
{
var handle = await driver.SubscribeAsync(
["TagA"], TimeSpan.FromMilliseconds(500), cts.Token);
handle.DiagnosticId.ShouldStartWith("galaxy-sub-");
await driver.UnsubscribeAsync(handle, cts.Token); // one-way; just verify no throw
}
finally
{
await driver.ShutdownAsync(CancellationToken.None);
cts.Cancel();
try { await serverTask; } catch { }
server.Dispose();
driver.Dispose();
}
}
[Fact]
public async Task SubscribeAlarms_and_Acknowledge_round_trip_without_errors()
{
if (!OperatingSystem.IsWindows() || IsAdministrator()) return;
var (driver, cts, serverTask, server) = await StartStackAsync();
try
{
var handle = await driver.SubscribeAlarmsAsync(["Eq001"], cts.Token);
handle.DiagnosticId.ShouldNotBeNullOrEmpty();
await driver.AcknowledgeAsync(
[new AlarmAcknowledgeRequest("Eq001", "evt-1", "test ack")],
cts.Token);
}
finally
{
await driver.ShutdownAsync(CancellationToken.None);
cts.Cancel();
try { await serverTask; } catch { }
server.Dispose();
driver.Dispose();
}
}
[Fact]
public async Task ReadProcessed_throws_NotSupported_immediately_without_round_trip()
{
// No IPC needed — the proxy short-circuits to NotSupportedException per the v2 design
// (Galaxy Historian only supports raw reads; processed reads are an OPC UA aggregate
// computed by the OPC UA stack, not the driver).
var driver = new GalaxyProxyDriver(new GalaxyProxyOptions
{
DriverInstanceId = "gal-stub", PipeName = "x", SharedSecret = "x",
});
await Should.ThrowAsync<NotSupportedException>(() =>
driver.ReadProcessedAsync("TagA", DateTime.UtcNow.AddHours(-1), DateTime.UtcNow,
TimeSpan.FromMinutes(1), HistoryAggregateType.Average, CancellationToken.None));
}
}

91
tests/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Proxy.Tests/IpcHandshakeIntegrationTests.cs
View File

@@ -1,91 +0,0 @@
using System.IO.Pipes;
using System.Security.Principal;
using Serilog;
using Serilog.Core;
using Shouldly;
using Xunit;
using ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Host.Ipc;
using ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Proxy.Ipc;
using ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Shared.Contracts;
namespace ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Proxy.Tests;
/// <summary>
/// End-to-end IPC test: <see cref="PipeServer"/> (from Galaxy.Host) accepts a connection from
/// the Proxy's <see cref="GalaxyIpcClient"/>. Verifies the Hello handshake, shared-secret
/// check, and heartbeat round-trip. Uses the current user's SID so the ACL allows the
/// localhost test process. Skipped on non-Windows (pipe ACL is Windows-only).
/// </summary>
[Trait("Category", "Integration")]
public sealed class IpcHandshakeIntegrationTests
{
[Fact]
public async Task Hello_handshake_with_correct_secret_succeeds_and_heartbeat_round_trips()
{
if (!OperatingSystem.IsWindows()) return; // pipe ACL is Windows-only
if (IsAdministrator()) return; // ACL explicitly denies Administrators — skip on admin shells
using var currentIdentity = WindowsIdentity.GetCurrent();
var allowedSid = currentIdentity.User!;
var pipeName = $"OtOpcUaGalaxyTest-{Guid.NewGuid():N}";
const string secret = "test-secret-2026";
Logger log = new LoggerConfiguration().CreateLogger();
using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
var server = new PipeServer(pipeName, allowedSid, secret, log);
var serverTask = Task.Run(() => server.RunOneConnectionAsync(new StubFrameHandler(), cts.Token));
await using var client = await GalaxyIpcClient.ConnectAsync(
pipeName, secret, TimeSpan.FromSeconds(5), cts.Token);
// Heartbeat round-trip via the stub handler.
var ack = await client.CallAsync<Heartbeat, HeartbeatAck>(
MessageKind.Heartbeat,
new Heartbeat { SequenceNumber = 42, UtcUnixMs = 1000 },
MessageKind.HeartbeatAck,
cts.Token);
ack.SequenceNumber.ShouldBe(42L);
cts.Cancel();
try { await serverTask; } catch (OperationCanceledException) { }
server.Dispose();
}
[Fact]
public async Task Hello_with_wrong_secret_is_rejected()
{
if (!OperatingSystem.IsWindows()) return;
if (IsAdministrator()) return;
using var currentIdentity = WindowsIdentity.GetCurrent();
var allowedSid = currentIdentity.User!;
var pipeName = $"OtOpcUaGalaxyTest-{Guid.NewGuid():N}";
Logger log = new LoggerConfiguration().CreateLogger();
using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
var server = new PipeServer(pipeName, allowedSid, "real-secret", log);
var serverTask = Task.Run(() => server.RunOneConnectionAsync(new StubFrameHandler(), cts.Token));
await Should.ThrowAsync<UnauthorizedAccessException>(() =>
GalaxyIpcClient.ConnectAsync(pipeName, "wrong-secret", TimeSpan.FromSeconds(5), cts.Token));
cts.Cancel();
try { await serverTask; } catch { /* server loop ends */ }
server.Dispose();
}
/// <summary>
/// The production ACL explicitly denies Administrators. On dev boxes the interactive user
/// is often an Administrator, so the allow rule gets overridden by the deny — the pipe
/// refuses the connection. Skip in that case; the production install runs as a dedicated
/// non-admin service account.
/// </summary>
private static bool IsAdministrator()
{
if (!OperatingSystem.IsWindows()) return false;
using var identity = WindowsIdentity.GetCurrent();
var principal = new WindowsPrincipal(identity);
return principal.IsInRole(WindowsBuiltInRole.Administrator);
}
}