Joseph Doherty
84 lines
3.7 KiB
C#
84 lines
3.7 KiB
C#
using Opc.Ua;
|
|
using Shouldly;
|
|
using Xunit;
|
|
using ZB.MOM.WW.OtOpcUa.OpcUaServer.Security;
|
|
|
|
namespace ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests;
|
|
|
|
/// <summary>
|
|
/// Task 11 — the inbound operator-write authz gate + fire-and-forget dispatch. The OnWriteValue handler
|
|
/// on a writable equipment-tag node extracts the caller's <see cref="RoleCarryingUserIdentity"/>, gates
|
|
/// on the <see cref="OpcUaDataPlaneRoles.WriteOperate"/> role (deny otherwise), and on pass kicks off the
|
|
/// fire-and-forget route through the <see cref="OtOpcUaNodeManager.NodeWriteRouter"/> and returns
|
|
/// <c>Good</c> (optimistic write). The pure decision is extracted into
|
|
/// <see cref="OtOpcUaNodeManager.EvaluateEquipmentWrite"/> so the gate + dispatch are unit-testable
|
|
/// without booting an SDK server: the handler just supplies the extracted identity and a thunk that
|
|
/// starts the router (or null when no router is wired).
|
|
/// </summary>
|
|
public sealed class EquipmentWriteGateTests
|
|
{
|
|
/// <summary>(a) A null identity (anonymous / no role-carrying identity on the context) is denied with
|
|
/// <c>BadUserAccessDenied</c> and the route thunk is NEVER invoked — the gate fails closed.</summary>
|
|
[Fact]
|
|
public void Null_identity_is_denied_and_does_not_route()
|
|
{
|
|
var routed = false;
|
|
var result = OtOpcUaNodeManager.EvaluateEquipmentWrite(
|
|
identity: null,
|
|
route: () => routed = true);
|
|
|
|
result.StatusCode.Code.ShouldBe(StatusCodes.BadUserAccessDenied);
|
|
routed.ShouldBeFalse();
|
|
}
|
|
|
|
/// <summary>(b) An identity WITHOUT the <c>WriteOperate</c> role is denied with
|
|
/// <c>BadUserAccessDenied</c> and the route thunk is NEVER invoked.</summary>
|
|
[Fact]
|
|
public void Identity_without_WriteOperate_is_denied_and_does_not_route()
|
|
{
|
|
var routed = false;
|
|
var identity = IdentityWith("ReadOnly", OpcUaDataPlaneRoles.AlarmAck); // no WriteOperate
|
|
var result = OtOpcUaNodeManager.EvaluateEquipmentWrite(
|
|
identity,
|
|
route: () => routed = true);
|
|
|
|
result.StatusCode.Code.ShouldBe(StatusCodes.BadUserAccessDenied);
|
|
routed.ShouldBeFalse();
|
|
}
|
|
|
|
/// <summary>(c) An identity WITH the <c>WriteOperate</c> role and a non-null route invokes the route
|
|
/// thunk (fire-and-forget) and returns <c>ServiceResult.Good</c> so the SDK applies the value
|
|
/// optimistically. The role match is case-insensitive (the role set + gate both use
|
|
/// <c>OrdinalIgnoreCase</c>).</summary>
|
|
[Fact]
|
|
public void Identity_with_WriteOperate_routes_and_returns_good()
|
|
{
|
|
var routed = false;
|
|
var identity = IdentityWith("readonly", "writeoperate"); // lower-cased: case-insensitive match
|
|
var result = OtOpcUaNodeManager.EvaluateEquipmentWrite(
|
|
identity,
|
|
route: () => routed = true);
|
|
|
|
routed.ShouldBeTrue();
|
|
result.ShouldBe(ServiceResult.Good);
|
|
}
|
|
|
|
/// <summary>(d) An identity WITH the <c>WriteOperate</c> role but a null route (no router wired — e.g.
|
|
/// admin-only nodes) maps to <c>BadNotWritable</c> ("writes unavailable") — the gate passes but there is
|
|
/// nowhere to route the write.</summary>
|
|
[Fact]
|
|
public void Identity_with_WriteOperate_and_null_route_maps_to_bad_not_writable()
|
|
{
|
|
var identity = IdentityWith(OpcUaDataPlaneRoles.WriteOperate);
|
|
var result = OtOpcUaNodeManager.EvaluateEquipmentWrite(
|
|
identity,
|
|
route: null);
|
|
|
|
result.StatusCode.Code.ShouldBe(StatusCodes.BadNotWritable);
|
|
result.LocalizedText.Text.ShouldContain("writes unavailable");
|
|
}
|
|
|
|
private static RoleCarryingUserIdentity IdentityWith(params string[] roles) =>
|
|
new(new UserNameIdentityToken { UserName = "op" }, roles);
|
|
}
|