Joseph Doherty
397d3c5c4f
Rename across every client surface using each language's idiomatic convention:
* .NET clients/dotnet/MxGateway.Client[.Cli|.Tests]/
-> clients/dotnet/ZB.MOM.WW.MxGateway.Client[.Cli|.Tests]/
namespaces -> ZB.MOM.WW.MxGateway.Client[.Cli|.Tests]
contracts ProjectReference repointed to ZB.MOM.WW.MxGateway.Contracts
sln migrated to slnx (dotnet sln migrate)
* Python src/mxgateway -> src/zb_mom_ww_mxgateway
src/mxgateway_cli -> src/zb_mom_ww_mxgateway_cli
distribution: mxaccess-gateway-client -> zb-mom-ww-mxaccess-gateway-client
* Rust crate: mxgateway-client -> zb-mom-ww-mxgateway-client
build.rs proto path repointed
* Java subprojects: mxgateway-{client,cli} -> zb-mom-ww-mxgateway-{client,cli}
packages com.dohertylan.mxgateway -> com.zb.mom.ww.mxgateway
group com.dohertylan.mxgateway -> com.zb.mom.ww.mxgateway
rootProject mxaccessgw-java -> zb-mom-ww-mxaccessgw-java
* Go generate-proto.ps1 proto path repointed; module path and
package mxgateway kept (Go convention).
* proto-inputs.json: generatedOutputs.python updated to new package path.
* scripts/run-client-e2e-tests.ps1: Java CLI install path + gradle task
updated to zb-mom-ww-mxgateway-cli.
CLI binary names (mxgw, mxgw-py, mxgw-go, mxgateway-cli) and wire-level
identifiers (MXGATEWAY_* env vars, the mxgw_<id>_<secret> API key
prefix, protobuf package names like mxaccess_gateway.v1, all MXAccess
references) intentionally NOT renamed.
Fix pre-existing alarms-over-gateway breaks unblocked by the rename:
* mxaccess_gateway.proto: add missing public message QueryActiveAlarmsRequest
{session_id, client_correlation_id, alarm_filter_prefix} and missing
rpc QueryActiveAlarms(QueryActiveAlarmsRequest) returns
(stream ActiveAlarmSnapshot). All four typed clients referenced
these but they were absent from the proto.
* MxAccessGatewayService.QueryActiveAlarms: implement the new RPC on
the server, streaming from IGatewayAlarmService.CurrentAlarms with
optional alarm_filter_prefix filter.
* clients/dotnet/.../DiscoverHierarchyOptions.cs: add the hand-written
.NET POCO that wraps DiscoverHierarchyRequest (referenced by
GalaxyRepositoryClient.DiscoverHierarchyAsync but never authored).
* Drop retired session_id field references from
AcknowledgeAlarmRequest/AcknowledgeAlarmReply test fixtures across
.NET, Rust, Go, and Python clients.
* Rust integration test: add the missing stream_alarms impl on the
fake MxAccessGateway server (the trait gained the method, fake
didn't).
* Rust CLI test: bump expected gatewayProtocolVersion 2 -> 3.
Regenerated artifacts updated in this commit:
* src/ZB.MOM.WW.MxGateway.Contracts/Generated/{MxaccessGateway,MxaccessGatewayGrpc}.cs
* clients/python/src/zb_mom_ww_mxgateway/generated/*_pb2{,_grpc}.py
* clients/go/internal/generated/*.pb.go
(C# regenerated by Grpc.Tools on contracts build; Python and Go via
their generate-proto.ps1 scripts; Rust regenerates from .proto via
tonic-build at compile time so no checked-in artefact.)
Verification: 472 server tests, 275 worker tests (9 dev-rig skipped),
18 integration tests (live MxAccess + LDAP + Galaxy), 57 .NET client
tests, 32 Rust workspace tests, 39 Python tests, all Go packages, and
gradle build for Java all pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
116 lines
3.3 KiB
Python
116 lines
3.3 KiB
Python
"""Tests for auth metadata and connection options."""
|
|
|
|
import pytest
|
|
|
|
from zb_mom_ww_mxgateway.auth import REDACTED, ApiKey, auth_metadata, redact_secret
|
|
from zb_mom_ww_mxgateway import options as options_module
|
|
from zb_mom_ww_mxgateway.options import ClientOptions, create_channel
|
|
|
|
|
|
def test_auth_metadata_adds_bearer_api_key() -> None:
|
|
assert auth_metadata("mxgw_test_secret") == (
|
|
("authorization", "Bearer mxgw_test_secret"),
|
|
)
|
|
|
|
|
|
def test_api_key_repr_is_redacted() -> None:
|
|
api_key = ApiKey("mxgw_test_secret")
|
|
|
|
assert "mxgw_test_secret" not in repr(api_key)
|
|
assert REDACTED in repr(api_key)
|
|
|
|
|
|
def test_redact_secret_replaces_known_values() -> None:
|
|
redacted = redact_secret(
|
|
"authorization failed for mxgw_test_secret",
|
|
["mxgw_test_secret"],
|
|
)
|
|
|
|
assert redacted == f"authorization failed for {REDACTED}"
|
|
|
|
|
|
def test_client_options_reject_plaintext_with_ca_file() -> None:
|
|
with pytest.raises(ValueError, match="ca_file"):
|
|
ClientOptions(
|
|
endpoint="localhost:5000",
|
|
plaintext=True,
|
|
ca_file="ca.pem",
|
|
)
|
|
|
|
|
|
def test_client_options_repr_redacts_api_key() -> None:
|
|
options = ClientOptions(endpoint="localhost:5000", api_key="mxgw_test_secret")
|
|
|
|
assert "mxgw_test_secret" not in repr(options)
|
|
assert REDACTED in repr(options)
|
|
|
|
|
|
def test_create_channel_uses_plaintext_channel(monkeypatch: pytest.MonkeyPatch) -> None:
|
|
calls: list[tuple[str, object]] = []
|
|
|
|
def fake_insecure_channel(endpoint: str, *, options: object) -> str:
|
|
calls.append((endpoint, options))
|
|
return "plain-channel"
|
|
|
|
monkeypatch.setattr(
|
|
options_module.grpc.aio,
|
|
"insecure_channel",
|
|
fake_insecure_channel,
|
|
)
|
|
|
|
channel = create_channel(ClientOptions(endpoint="localhost:5000", plaintext=True))
|
|
|
|
assert channel == "plain-channel"
|
|
assert calls == [
|
|
(
|
|
"localhost:5000",
|
|
[
|
|
("grpc.max_receive_message_length", 16 * 1024 * 1024),
|
|
("grpc.max_send_message_length", 16 * 1024 * 1024),
|
|
],
|
|
),
|
|
]
|
|
|
|
|
|
def test_create_channel_uses_tls_channel(monkeypatch: pytest.MonkeyPatch) -> None:
|
|
calls: list[tuple[str, object, object]] = []
|
|
|
|
def fake_credentials(*, root_certificates: object) -> str:
|
|
assert root_certificates is None
|
|
return "creds"
|
|
|
|
def fake_secure_channel(endpoint: str, credentials: object, *, options: object) -> str:
|
|
calls.append((endpoint, credentials, options))
|
|
return "tls-channel"
|
|
|
|
monkeypatch.setattr(
|
|
options_module.grpc,
|
|
"ssl_channel_credentials",
|
|
fake_credentials,
|
|
)
|
|
monkeypatch.setattr(
|
|
options_module.grpc.aio,
|
|
"secure_channel",
|
|
fake_secure_channel,
|
|
)
|
|
|
|
channel = create_channel(
|
|
ClientOptions(
|
|
endpoint="gateway.example:5001",
|
|
server_name_override="gateway.test",
|
|
),
|
|
)
|
|
|
|
assert channel == "tls-channel"
|
|
assert calls == [
|
|
(
|
|
"gateway.example:5001",
|
|
"creds",
|
|
[
|
|
("grpc.max_receive_message_length", 16 * 1024 * 1024),
|
|
("grpc.max_send_message_length", 16 * 1024 * 1024),
|
|
("grpc.ssl_target_name_override", "gateway.test"),
|
|
],
|
|
),
|
|
]
|