dohertj2/lmxopcua
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(audit): OtOpcUa ConfigAuditLog.Outcome column + migration + ClusterAudit visibility fix (Task 2.2)

Browse Source 
Persist the canonical AuditOutcome and make structured audit rows visible.

- ConfigAuditLog gains a nullable Outcome column, stored as the AuditOutcome
  enum member name (nvarchar(16), mirroring how AdminRole is persisted). The
  AuditWriterActor flush now writes Outcome = evt.Outcome.ToString(). Nullable so
  legacy rows and the bespoke stored-procedure path (no derived outcome) write
  NULL.
- Migration 20260602135350_AddConfigAuditLogOutcome: additive nullable column,
  no backfill. Up adds the column, Down drops it. Chains after
  20260602112419_CanonicalizeAdminRoles; `dotnet ef migrations
  has-pending-model-changes` is clean.
- ClusterAudit visibility fix: the page filtered solely on ClusterId, but the
  structured AuditWriterActor path stamps NodeId (ClusterId null), so those rows
  were invisible. Extracted ClusterAuditQuery.ForClusterAsync (shared by the page
  and tests) which ORs in rows whose NodeId belongs to a node in the cluster —
  membership resolved from ClusterNode (NodeId -> ClusterId). SP-path
  ClusterId-stamped rows still match.

Tests: ControlPlane 45/45 (adds Outcome persistence + Denied-outcome asserts);
new Configuration ClusterAuditQueryTests 3/3 (both-paths visible, other-cluster
excluded, page-size cap); AdminUI 121/121. Configuration Unit suite is green on a
clean run (a pre-existing timing flake in ResilientConfigReaderTests, untouched
here, occasionally fails under parallel load and passes in isolation).
This commit is contained in:
Joseph Doherty
2026-06-02 09:59:22 -04:00
parent 933dd1a874
commit b7f5e887ee
10 changed files with 1986 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests/AuditWriterActorTests.cs
+21
View File
@@ -172,6 +172,27 @@ public sealed class AuditWriterActorTests : ControlPlaneActorTestBase
row.EventId.ShouldBe(eventId);
row.EventType.ShouldBe("Config:Published");
row.NodeId.ShouldBe("node-a");
// The derived canonical Outcome is persisted as its enum member name (Task 2.2 column).
row.Outcome.ShouldBe(nameof(AuditOutcome.Success));
}
/// <summary>Verifies that a Denied-outcome event persists "Denied" to the Outcome column.</summary>
[Fact]
public void Denied_outcome_is_persisted_as_its_enum_member_name()
{
var dbFactory = NewInMemoryDbFactory();
var actor = Sys.ActorOf(AuditWriterActor.Props(dbFactory));
actor.Tell(NewEvent(Guid.NewGuid(), action: "OpcUaAccessDenied"));
Watch(actor);
actor.Tell(PoisonPill.Instance);
ExpectTerminated(actor);
using var db = dbFactory.CreateDbContext();
var row = db.ConfigAuditLogs.Single();
row.Outcome.ShouldBe(nameof(AuditOutcome.Denied));
row.EventType.ShouldBe("Config:OpcUaAccessDenied");
}
/// <summary>Verifies the Outcome derivation table: config verbs → Success, the two