feat(health): surface AuditRedactionFailure in central snapshot (#23 M6)
This commit is contained in:
Joseph Doherty
@@ -0,0 +1,57 @@
|
|||||||
|
using ScadaLink.AuditLog.Payload;
|
||||||
|
|
||||||
|
namespace ScadaLink.AuditLog.Central;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Audit Log (#23) M6 Bundle E (T9) — bridges
|
||||||
|
/// <see cref="IAuditRedactionFailureCounter"/> (incremented by
|
||||||
|
/// <see cref="DefaultAuditPayloadFilter"/> every time a header / body / SQL
|
||||||
|
/// parameter redactor stage throws and the filter has to over-redact the
|
||||||
|
/// offending field) into <see cref="AuditCentralHealthSnapshot"/> so the
|
||||||
|
/// failure surfaces on the central health surface as
|
||||||
|
/// <c>AuditCentralHealthSnapshot.AuditRedactionFailure</c>.
|
||||||
|
/// </summary>
|
||||||
|
/// <remarks>
|
||||||
|
/// <para>
|
||||||
|
/// <b>Site vs central.</b> M5 Bundle C wired the SITE-side bridge
|
||||||
|
/// (<see cref="ScadaLink.AuditLog.Site.HealthMetricsAuditRedactionFailureCounter"/>),
|
||||||
|
/// which routes increments into the site health report payload's
|
||||||
|
/// <c>AuditRedactionFailure</c> field. That handles redactor failures on the
|
||||||
|
/// site SQLite hot-path (FallbackAuditWriter). M6 Bundle E (T9) adds the
|
||||||
|
/// MIRROR bridge here so the same payload filter — when it runs on the
|
||||||
|
/// central <see cref="CentralAuditWriter"/> /
|
||||||
|
/// <see cref="AuditLogIngestActor"/> paths — surfaces its failures on the
|
||||||
|
/// central dashboard rather than disappearing into a NoOp.
|
||||||
|
/// </para>
|
||||||
|
/// <para>
|
||||||
|
/// <b>Registration shape.</b> Site composition roots call
|
||||||
|
/// <see cref="ServiceCollectionExtensions.AddAuditLogHealthMetricsBridge"/>,
|
||||||
|
/// which overrides the binding with the site bridge. Central composition
|
||||||
|
/// roots call <see cref="ServiceCollectionExtensions.AddAuditLogCentralMaintenance"/>,
|
||||||
|
/// which overrides with this central bridge. A node never wears both hats —
|
||||||
|
/// site and central are distinct host roles — so the two bridges never
|
||||||
|
/// fight over the same binding at runtime.
|
||||||
|
/// </para>
|
||||||
|
/// <para>
|
||||||
|
/// <b>Why not a thin wrapper around the snapshot directly?</b> The snapshot
|
||||||
|
/// itself <i>could</i> be the bound implementation (it already implements
|
||||||
|
/// <see cref="IAuditRedactionFailureCounter"/>), but a dedicated class makes
|
||||||
|
/// the central-vs-site asymmetry explicit at the DI boundary — readers of
|
||||||
|
/// <see cref="ServiceCollectionExtensions.AddAuditLogCentralMaintenance"/>
|
||||||
|
/// see "site → site bridge, central → central bridge", matching the
|
||||||
|
/// <see cref="ScadaLink.AuditLog.Site.HealthMetricsAuditRedactionFailureCounter"/>
|
||||||
|
/// shape one-for-one.
|
||||||
|
/// </para>
|
||||||
|
/// </remarks>
|
||||||
|
public sealed class CentralAuditRedactionFailureCounter : IAuditRedactionFailureCounter
|
||||||
|
{
|
||||||
|
private readonly AuditCentralHealthSnapshot _snapshot;
|
||||||
|
|
||||||
|
public CentralAuditRedactionFailureCounter(AuditCentralHealthSnapshot snapshot)
|
||||||
|
{
|
||||||
|
_snapshot = snapshot ?? throw new ArgumentNullException(nameof(snapshot));
|
||||||
|
}
|
||||||
|
|
||||||
|
/// <inheritdoc/>
|
||||||
|
public void Increment() => ((IAuditRedactionFailureCounter)_snapshot).Increment();
|
||||||
|
}
|
||||||
@@ -295,14 +295,18 @@ public static class ServiceCollectionExtensions
|
|||||||
services.Replace(ServiceDescriptor.Singleton<ICentralAuditWriteFailureCounter>(
|
services.Replace(ServiceDescriptor.Singleton<ICentralAuditWriteFailureCounter>(
|
||||||
sp => sp.GetRequiredService<AuditCentralHealthSnapshot>()));
|
sp => sp.GetRequiredService<AuditCentralHealthSnapshot>()));
|
||||||
// M6 Bundle E (T9): override the NoOp IAuditRedactionFailureCounter
|
// M6 Bundle E (T9): override the NoOp IAuditRedactionFailureCounter
|
||||||
// (registered by AddAuditLog) with the central snapshot binding so
|
// (registered by AddAuditLog) with the CentralAuditRedactionFailureCounter
|
||||||
// payload-filter throws on CentralAuditWriter / AuditLogIngestActor
|
// bridge so payload-filter throws on CentralAuditWriter /
|
||||||
// paths surface on the central dashboard. The site composition root
|
// AuditLogIngestActor paths surface on the central dashboard. The
|
||||||
|
// bridge is a thin wrapper around the AuditCentralHealthSnapshot
|
||||||
|
// singleton so all central redactor failures route into the same
|
||||||
|
// counter as CentralAuditWriteFailures. The site composition root
|
||||||
// overrides this binding AGAIN via AddAuditLogHealthMetricsBridge —
|
// overrides this binding AGAIN via AddAuditLogHealthMetricsBridge —
|
||||||
// central nodes do not call that bridge, so this is the final
|
// central nodes do not call that bridge, so this is the final
|
||||||
// binding on a central host.
|
// binding on a central host. Mirrors the M5 Bundle C
|
||||||
services.Replace(ServiceDescriptor.Singleton<IAuditRedactionFailureCounter>(
|
// HealthMetricsAuditRedactionFailureCounter shape one-for-one.
|
||||||
sp => sp.GetRequiredService<AuditCentralHealthSnapshot>()));
|
services.Replace(ServiceDescriptor.Singleton<IAuditRedactionFailureCounter,
|
||||||
|
CentralAuditRedactionFailureCounter>());
|
||||||
|
|
||||||
return services;
|
return services;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,99 @@
|
|||||||
|
using Akka.Actor;
|
||||||
|
using Akka.TestKit.Xunit2;
|
||||||
|
using Microsoft.Extensions.Configuration;
|
||||||
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using Microsoft.Extensions.Logging;
|
||||||
|
using Microsoft.Extensions.Logging.Abstractions;
|
||||||
|
using ScadaLink.AuditLog;
|
||||||
|
using ScadaLink.AuditLog.Central;
|
||||||
|
using ScadaLink.AuditLog.Payload;
|
||||||
|
|
||||||
|
namespace ScadaLink.AuditLog.Tests.Central;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Bundle E (M6-T9) coverage for the central-side payload-filter redactor
|
||||||
|
/// failure bridge. M5 wired the SITE bridge
|
||||||
|
/// (<c>HealthMetricsAuditRedactionFailureCounter</c>) that pushes increments
|
||||||
|
/// into the site health report; M6 mirrors that with
|
||||||
|
/// <see cref="CentralAuditRedactionFailureCounter"/> so the same payload
|
||||||
|
/// filter — when it runs on the central writer paths — surfaces failures on
|
||||||
|
/// the central <see cref="AuditCentralHealthSnapshot"/>.
|
||||||
|
/// </summary>
|
||||||
|
public class CentralAuditRedactionFailureCounterTests : TestKit
|
||||||
|
{
|
||||||
|
[Fact]
|
||||||
|
public void Increment_Routes_To_Snapshot()
|
||||||
|
{
|
||||||
|
using var tracker = new SiteAuditTelemetryStalledTracker(Sys);
|
||||||
|
var snapshot = new AuditCentralHealthSnapshot(tracker);
|
||||||
|
var counter = new CentralAuditRedactionFailureCounter(snapshot);
|
||||||
|
|
||||||
|
counter.Increment();
|
||||||
|
counter.Increment();
|
||||||
|
counter.Increment();
|
||||||
|
|
||||||
|
Assert.Equal(3, snapshot.AuditRedactionFailure);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void Construction_With_Null_Snapshot_Throws()
|
||||||
|
{
|
||||||
|
Assert.Throws<ArgumentNullException>(
|
||||||
|
() => new CentralAuditRedactionFailureCounter(null!));
|
||||||
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void AddAuditLogCentralMaintenance_Replaces_IAuditRedactionFailureCounter_With_CentralImpl()
|
||||||
|
{
|
||||||
|
// AddAuditLog registers NoOp; AddAuditLogCentralMaintenance is the
|
||||||
|
// override path. The replaced binding MUST resolve to the central
|
||||||
|
// bridge — a site host that wires AddAuditLogHealthMetricsBridge
|
||||||
|
// instead would resolve to the site bridge (covered in
|
||||||
|
// AddAuditLogTests).
|
||||||
|
var config = new ConfigurationBuilder()
|
||||||
|
.AddInMemoryCollection(new Dictionary<string, string?>
|
||||||
|
{
|
||||||
|
["AuditLog:SiteWriter:DatabasePath"] = ":memory:",
|
||||||
|
})
|
||||||
|
.Build();
|
||||||
|
|
||||||
|
var services = new ServiceCollection();
|
||||||
|
services.AddSingleton<ILoggerFactory, NullLoggerFactory>();
|
||||||
|
services.AddSingleton(typeof(ILogger<>), typeof(NullLogger<>));
|
||||||
|
// The AuditCentralHealthSnapshot ctor takes the stalled tracker
|
||||||
|
// which itself needs an ActorSystem — register a real system
|
||||||
|
// (test-kit's Sys) so the DI graph composes.
|
||||||
|
services.AddSingleton<ActorSystem>(Sys);
|
||||||
|
services.AddAuditLog(config);
|
||||||
|
services.AddAuditLogCentralMaintenance(config);
|
||||||
|
using var provider = services.BuildServiceProvider();
|
||||||
|
|
||||||
|
var counter = provider.GetRequiredService<IAuditRedactionFailureCounter>();
|
||||||
|
|
||||||
|
Assert.IsType<CentralAuditRedactionFailureCounter>(counter);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void AddAuditLog_Default_IAuditRedactionFailureCounter_Is_NoOp()
|
||||||
|
{
|
||||||
|
// Sanity check: without AddAuditLogCentralMaintenance the default
|
||||||
|
// remains the NoOp from M5 — the central bridge only takes effect
|
||||||
|
// when the central-only registration runs.
|
||||||
|
var config = new ConfigurationBuilder()
|
||||||
|
.AddInMemoryCollection(new Dictionary<string, string?>
|
||||||
|
{
|
||||||
|
["AuditLog:SiteWriter:DatabasePath"] = ":memory:",
|
||||||
|
})
|
||||||
|
.Build();
|
||||||
|
|
||||||
|
var services = new ServiceCollection();
|
||||||
|
services.AddSingleton<ILoggerFactory, NullLoggerFactory>();
|
||||||
|
services.AddSingleton(typeof(ILogger<>), typeof(NullLogger<>));
|
||||||
|
services.AddAuditLog(config);
|
||||||
|
using var provider = services.BuildServiceProvider();
|
||||||
|
|
||||||
|
var counter = provider.GetRequiredService<IAuditRedactionFailureCounter>();
|
||||||
|
|
||||||
|
Assert.IsType<NoOpAuditRedactionFailureCounter>(counter);
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user