Joseph Doherty
ab57e53b92
- Driver.AbCip.Contracts-001: parse 'writable' from TagConfig JSON (default true) instead of hardcoding - Driver.AbCip.Contracts-002/-003: Dt type comment; drop dead [Display]/[Range] annotations - Driver.AbCip.Contracts-004: dedicated AbCipEquipmentTagParser test class (+15) - Driver.AbCip-017: document Tick severity Low-fallback on Bad severity read - Driver.AbLegacy.Contracts-002/-003/-004: isArray-scalar remarks (+tests), MaxTagBytes/ForFamily docs - Driver.Galaxy.Browser-003 + Driver.Galaxy.Contracts-003: extract ResolveApiKey -> GalaxySecretRef (dedup) - Driver.Galaxy-019: cache buffered-interval only on Ok + ILogger warnings + ClassifyIntervalReply (+tests) - Driver.FOCAS.Contracts-002: thread WriteIdempotent through DiscoverAsync (+test)
165 lines
6.3 KiB
C#
165 lines
6.3 KiB
C#
using Microsoft.Extensions.Logging;
|
|
using Shouldly;
|
|
using Xunit;
|
|
using ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Config;
|
|
|
|
namespace ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Tests;
|
|
|
|
/// <summary>
|
|
/// Follow-up #2 — pins the three resolution forms supported by
|
|
/// <see cref="GalaxySecretRef.ResolveApiKey"/>: <c>env:NAME</c>, <c>file:PATH</c>,
|
|
/// and the literal-string fallback. A future DPAPI arm slots in here without
|
|
/// touching the call site. (The resolver was extracted from <c>GalaxyDriver</c> to
|
|
/// the shared <c>GalaxySecretRef</c> in Driver.Galaxy.Contracts so the runtime
|
|
/// driver and the AdminUI browser share one copy.)
|
|
/// </summary>
|
|
public sealed class GalaxyDriverApiKeyResolverTests
|
|
{
|
|
/// <summary>Verifies that a literal string is returned unchanged.</summary>
|
|
[Fact]
|
|
public void Literal_string_is_returned_unchanged()
|
|
{
|
|
GalaxySecretRef.ResolveApiKey("plain-text-key").ShouldBe("plain-text-key");
|
|
}
|
|
|
|
/// <summary>Verifies that env: prefix resolves to an environment variable.</summary>
|
|
[Fact]
|
|
public void Env_prefix_resolves_to_environment_variable()
|
|
{
|
|
const string name = "OTOPCUA_TEST_GALAXY_API_KEY";
|
|
Environment.SetEnvironmentVariable(name, "key-from-env");
|
|
try
|
|
{
|
|
GalaxySecretRef.ResolveApiKey($"env:{name}").ShouldBe("key-from-env");
|
|
}
|
|
finally
|
|
{
|
|
Environment.SetEnvironmentVariable(name, null);
|
|
}
|
|
}
|
|
|
|
/// <summary>Verifies that unset environment variables throw with a descriptive message.</summary>
|
|
[Fact]
|
|
public void Env_prefix_unset_variable_throws_with_descriptive_message()
|
|
{
|
|
const string name = "OTOPCUA_TEST_GALAXY_API_KEY_UNSET";
|
|
Environment.SetEnvironmentVariable(name, null);
|
|
|
|
var ex = Should.Throw<InvalidOperationException>(() =>
|
|
GalaxySecretRef.ResolveApiKey($"env:{name}"));
|
|
ex.Message.ShouldContain(name);
|
|
ex.Message.ShouldContain("unset");
|
|
}
|
|
|
|
/// <summary>Verifies that file: prefix resolves to trimmed file contents.</summary>
|
|
[Fact]
|
|
public void File_prefix_resolves_to_trimmed_file_contents()
|
|
{
|
|
var path = Path.Combine(Path.GetTempPath(), $"galaxy-key-{Guid.NewGuid():N}.txt");
|
|
File.WriteAllText(path, " key-from-file \n");
|
|
try
|
|
{
|
|
GalaxySecretRef.ResolveApiKey($"file:{path}").ShouldBe("key-from-file");
|
|
}
|
|
finally
|
|
{
|
|
File.Delete(path);
|
|
}
|
|
}
|
|
|
|
/// <summary>Verifies that file: prefix with missing path throws.</summary>
|
|
[Fact]
|
|
public void File_prefix_missing_path_throws()
|
|
{
|
|
var path = Path.Combine(Path.GetTempPath(), $"does-not-exist-{Guid.NewGuid():N}.txt");
|
|
var ex = Should.Throw<InvalidOperationException>(() =>
|
|
GalaxySecretRef.ResolveApiKey($"file:{path}"));
|
|
ex.Message.ShouldContain(path);
|
|
ex.Message.ShouldContain("doesn't exist");
|
|
}
|
|
|
|
// ===== Driver.Galaxy-010 regression: literal arm warns + dev: prefix path =====
|
|
|
|
/// <summary>Verifies that literal strings emit a warning when a logger is supplied.</summary>
|
|
[Fact]
|
|
public void Literal_string_emits_warning_when_logger_supplied()
|
|
{
|
|
// A literal API key on a production deployment means the cleartext key sits
|
|
// in the DriverConfig JSON. The resolver must surface a warning so an
|
|
// operator who committed one by accident sees it at startup.
|
|
var logger = new CaptureLogger();
|
|
var key = GalaxySecretRef.ResolveApiKey("plain-text-key", logger);
|
|
|
|
key.ShouldBe("plain-text-key");
|
|
logger.Entries.ShouldContain(e =>
|
|
e.Level == LogLevel.Warning && e.Message.Contains("literal", StringComparison.OrdinalIgnoreCase));
|
|
}
|
|
|
|
/// <summary>Verifies that dev: prefix returns literal text without emitting warnings.</summary>
|
|
[Fact]
|
|
public void Dev_prefix_returns_literal_without_warning()
|
|
{
|
|
// An explicit dev: prefix signals the operator knowingly opted into a literal
|
|
// key (dev / parity rig). The resolver must accept it AND suppress the
|
|
// warning so production logs aren't polluted on a deliberate dev choice.
|
|
var logger = new CaptureLogger();
|
|
var key = GalaxySecretRef.ResolveApiKey("dev:plain-text-key", logger);
|
|
|
|
key.ShouldBe("plain-text-key");
|
|
logger.Entries.ShouldNotContain(e => e.Level == LogLevel.Warning);
|
|
}
|
|
|
|
/// <summary>Verifies that env: prefix does not emit literal string warnings.</summary>
|
|
[Fact]
|
|
public void Env_prefix_does_not_emit_literal_warning()
|
|
{
|
|
const string name = "OTOPCUA_TEST_GALAXY_API_KEY_NOWARN";
|
|
Environment.SetEnvironmentVariable(name, "v");
|
|
try
|
|
{
|
|
var logger = new CaptureLogger();
|
|
GalaxySecretRef.ResolveApiKey($"env:{name}", logger);
|
|
logger.Entries.ShouldNotContain(e => e.Level == LogLevel.Warning);
|
|
}
|
|
finally
|
|
{
|
|
Environment.SetEnvironmentVariable(name, null);
|
|
}
|
|
}
|
|
|
|
/// <summary>A test logger that captures log entries for verification.</summary>
|
|
private sealed class CaptureLogger : ILogger
|
|
{
|
|
/// <summary>Gets the list of captured log entries with their levels and messages.</summary>
|
|
public List<(LogLevel Level, string Message)> Entries { get; } = new();
|
|
|
|
/// <inheritdoc />
|
|
public IDisposable? BeginScope<TState>(TState state) where TState : notnull => null;
|
|
|
|
/// <inheritdoc />
|
|
public bool IsEnabled(LogLevel logLevel) => true;
|
|
|
|
/// <inheritdoc />
|
|
public void Log<TState>(LogLevel logLevel, EventId eventId, TState state, Exception? exception, Func<TState, Exception?, string> formatter)
|
|
=> Entries.Add((logLevel, formatter(state, exception)));
|
|
}
|
|
|
|
/// <summary>Verifies that file: prefix with empty file throws.</summary>
|
|
[Fact]
|
|
public void File_prefix_empty_file_throws()
|
|
{
|
|
var path = Path.Combine(Path.GetTempPath(), $"galaxy-key-empty-{Guid.NewGuid():N}.txt");
|
|
File.WriteAllText(path, " \n ");
|
|
try
|
|
{
|
|
var ex = Should.Throw<InvalidOperationException>(() =>
|
|
GalaxySecretRef.ResolveApiKey($"file:{path}"));
|
|
ex.Message.ShouldContain("empty");
|
|
}
|
|
finally
|
|
{
|
|
File.Delete(path);
|
|
}
|
|
}
|
|
}
|