dohertj2/lmxopcua
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
chore/fixdocs-xml-doc-comments
lmxopcua/tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests/OtOpcUaGroupRoleMapperTests.cs
T
Joseph Doherty bd6c0b4d3d docs: complete XML doc comments via fixdocs (2757 to 131 findings) 
Add missing <returns>/<param>/<summary>/<typeparam> tags and clean up
misused inheritdoc across 481 files so the documented API surface is
complete. Documentation-only (zero code lines changed). The 131 remaining
findings are inheritdoc-style warnings deliberately left to preserve
hand-written implementation rationale (plan-decision notes, race-condition
explanations).
2026-06-03 12:34:34 -04:00

142 lines
6.4 KiB
C#
Raw Permalink Blame History

using Microsoft.Extensions.Options;
using Shouldly;
using Xunit;
using ZB.MOM.WW.Auth.Abstractions.Roles;
using ZB.MOM.WW.OtOpcUa.Configuration.Entities;
using ZB.MOM.WW.OtOpcUa.Configuration.Enums;
using ZB.MOM.WW.OtOpcUa.Configuration.Services;
using ZB.MOM.WW.OtOpcUa.Security.Ldap;
namespace ZB.MOM.WW.OtOpcUa.Security.Tests;
/// <summary>
/// Proves <see cref="OtOpcUaGroupRoleMapper"/> is a behaviour-preserving wrapper over the
/// existing <see cref="RoleMapper.Map"/> + <see cref="RoleMapper.Merge"/> logic: config
/// baseline + system-wide DB grants, cluster-scoped DB rows ignored, unmapped groups dropped,
/// and <c>Scope</c> always null.
/// </summary>
public sealed class OtOpcUaGroupRoleMapperTests
{
private static OtOpcUaGroupRoleMapper Build(
IDictionary<string, string> groupToRole,
params LdapGroupRoleMapping[] dbRows)
{
var options = Microsoft.Extensions.Options.Options.Create(new LdapOptions
{
GroupToRole = new Dictionary<string, string>(groupToRole, StringComparer.OrdinalIgnoreCase),
});
return new OtOpcUaGroupRoleMapper(options, new FakeMappingService(dbRows));
}
/// <summary>Verifies that the mapper maps a configured group and drops unmapped groups.</summary>
/// <returns>A task that represents the asynchronous test operation.</returns>
[Fact]
public async Task Maps_config_group_and_drops_unmapped_group()
{
var mapper = Build(new Dictionary<string, string> { ["AdminGroup"] = "Administrator" });
var result = await mapper.MapAsync(["AdminGroup", "UnmappedGroup"], CancellationToken.None);
result.Roles.ShouldBe(["Administrator"]);
result.Scope.ShouldBeNull();
}
/// <summary>Verifies that a system-wide DB row adds a role on top of the config baseline.</summary>
/// <returns>A task that represents the asynchronous test operation.</returns>
[Fact]
public async Task System_wide_db_row_adds_role_on_top_of_config_baseline()
{
var mapper = Build(
new Dictionary<string, string> { ["viewers"] = "Viewer" },
new LdapGroupRoleMapping { LdapGroup = "admins", Role = AdminRole.Administrator, IsSystemWide = true });
var result = await mapper.MapAsync(["viewers", "admins"], CancellationToken.None);
result.Roles.ShouldContain("Viewer");
result.Roles.ShouldContain("Administrator");
result.Scope.ShouldBeNull();
}
/// <summary>Verifies that a cluster-scoped DB row is ignored by the mapper.</summary>
/// <returns>A task that represents the asynchronous test operation.</returns>
[Fact]
public async Task Cluster_scoped_db_row_is_ignored()
{
var mapper = Build(
new Dictionary<string, string>(),
new LdapGroupRoleMapping
{
LdapGroup = "site-a-editors",
Role = AdminRole.Designer,
IsSystemWide = false,
ClusterId = "SITE-A",
});
var result = await mapper.MapAsync(["site-a-editors"], CancellationToken.None);
result.Roles.ShouldNotContain("Designer");
result.Roles.ShouldBeEmpty();
}
/// <summary>Verifies that the mapper output matches the expected RoleMapper.Map + Merge result for representative inputs.</summary>
/// <returns>A task that represents the asynchronous test operation.</returns>
[Fact]
public async Task Reproduces_RoleMapper_Map_plus_Merge_for_representative_inputs()
{
var groupToRole = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
{
["viewers"] = "Viewer",
["editors"] = "Designer",
};
var dbRows = new[]
{
new LdapGroupRoleMapping { LdapGroup = "admins", Role = AdminRole.Administrator, IsSystemWide = true },
new LdapGroupRoleMapping { LdapGroup = "site-a", Role = AdminRole.Designer, IsSystemWide = false, ClusterId = "SITE-A" },
};
var groups = new[] { "viewers", "editors", "admins", "site-a", "noise" };
var mapper = Build(groupToRole, dbRows);
// Oracle: exactly what the legacy login path computes today.
var baseline = RoleMapper.Map(groups, groupToRole);
var expected = RoleMapper.Merge(baseline, dbRows);
var result = await mapper.MapAsync(groups, CancellationToken.None);
result.Roles.OrderBy(r => r).ShouldBe(expected.OrderBy(r => r));
result.Scope.ShouldBeNull();
}
/// <summary>In-memory stand-in for the EF-backed DB service; returns the configured rows verbatim.</summary>
private sealed class FakeMappingService(IReadOnlyList<LdapGroupRoleMapping> rows) : ILdapGroupRoleMappingService
{
/// <summary>Returns all seeded rows that belong to any of the specified LDAP groups.</summary>
/// <param name="ldapGroups">The LDAP groups to look up.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>A task that resolves to the matching role mappings.</returns>
public Task<IReadOnlyList<LdapGroupRoleMapping>> GetByGroupsAsync(
IEnumerable<string> ldapGroups, CancellationToken cancellationToken)
=> Task.FromResult(rows);
/// <summary>Returns all seeded role mapping rows.</summary>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>A task that resolves to all role mappings.</returns>
public Task<IReadOnlyList<LdapGroupRoleMapping>> ListAllAsync(CancellationToken cancellationToken)
=> Task.FromResult(rows);
/// <summary>Not supported in this stub.</summary>
/// <param name="row">The row to create.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>Never returns; always throws.</returns>
public Task<LdapGroupRoleMapping> CreateAsync(LdapGroupRoleMapping row, CancellationToken cancellationToken)
=> throw new NotSupportedException();
/// <summary>Not supported in this stub.</summary>
/// <param name="id">The identifier of the row to delete.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>Never returns; always throws.</returns>
public Task DeleteAsync(Guid id, CancellationToken cancellationToken)
=> throw new NotSupportedException();
}
}
Reference in New Issue View Git Blame Copy Permalink