using ZB.MOM.WW.Audit; namespace ZB.MOM.WW.OtOpcUa.ControlPlane.Audit; ///

/// Maps OtOpcUa's audit Action vocabulary onto the canonical /// . The vocabulary is the set of values documented on /// ConfigAuditLog.EventType: config verbs are , /// the two authorization-rejection events are . OtOpcUa /// emits no events today. ///

/// /// Pure function — no live emit sites construct an in production /// (the structured audit path is dormant; all live audit flows through the bespoke stored /// procedure path). This helper exists so that when the structured path is wired up, the /// required Outcome field is derived consistently from the action verb. Tested, not /// yet exercised in production. /// public static class AuditOutcomeMapper { ///

/// Derives the canonical for an OtOpcUa audit action verb. /// Unknown verbs default to (config writes are the /// overwhelming majority and the only non-success cases are the two explicit /// authorization rejections enumerated below). ///

/// The audit action verb (e.g. DraftCreated, OpcUaAccessDenied). /// The mapped outcome. public static AuditOutcome FromAction(string action) => action switch { "OpcUaAccessDenied" or "CrossClusterNamespaceAttempt" => AuditOutcome.Denied, // All other known config-write verbs (DraftCreated, DraftEdited, Published, RolledBack, // NodeApplied, ClusterCreated, NodeAdded, CredentialAdded, CredentialDisabled, // ExternalIdReleased) and any future verbs default to Success — config writes are the // overwhelming majority and the only non-success cases are the two Denied entries above. _ => AuditOutcome.Success, }; }