Phase 8: Production readiness — failover tests, security hardening, sandboxing, deployment docs

- WP-1-3: Central/site failover + dual-node recovery tests (17 tests) - WP-4: Performance testing framework for target scale (7 tests) - WP-5: Security hardening (LDAPS, JWT key length, no secrets in logs) (11 tests) - WP-6: Script sandboxing adversarial tests (28 tests, all forbidden APIs) - WP-7: Recovery drill test scaffolds (5 tests) - WP-8: Observability validation (structured logs, correlation IDs, metrics) (6 tests) - WP-9: Message contract compatibility (forward/backward compat) (18 tests) - WP-10: Deployment packaging (installation guide, production checklist, topology) - WP-11: Operational runbooks (failover, troubleshooting, maintenance) 92 new tests, all passing. Zero warnings.
2026-03-16 22:12:31 -04:00
parent 3b2320bd35
commit b659978764
68 changed files with 6253 additions and 44 deletions
--- a/tests/ScadaLink.InboundAPI.Tests/ApiKeyValidatorTests.cs
+++ b/tests/ScadaLink.InboundAPI.Tests/ApiKeyValidatorTests.cs
@@ -0,0 +1,101 @@
+using NSubstitute;
+using ScadaLink.Commons.Entities.InboundApi;
+using ScadaLink.Commons.Interfaces.Repositories;
+
+namespace ScadaLink.InboundAPI.Tests;
+
+/// <summary>
+/// WP-1: Tests for API key validation — X-API-Key header, enabled/disabled keys,
+/// method approval.
+/// </summary>
+public class ApiKeyValidatorTests
+{
+    private readonly IInboundApiRepository _repository = Substitute.For<IInboundApiRepository>();
+    private readonly ApiKeyValidator _validator;
+
+    public ApiKeyValidatorTests()
+    {
+        _validator = new ApiKeyValidator(_repository);
+    }
+
+    [Fact]
+    public async Task MissingApiKey_Returns401()
+    {
+        var result = await _validator.ValidateAsync(null, "testMethod");
+        Assert.False(result.IsValid);
+        Assert.Equal(401, result.StatusCode);
+    }
+
+    [Fact]
+    public async Task EmptyApiKey_Returns401()
+    {
+        var result = await _validator.ValidateAsync("", "testMethod");
+        Assert.False(result.IsValid);
+        Assert.Equal(401, result.StatusCode);
+    }
+
+    [Fact]
+    public async Task InvalidApiKey_Returns401()
+    {
+        _repository.GetApiKeyByValueAsync("bad-key").Returns((ApiKey?)null);
+
+        var result = await _validator.ValidateAsync("bad-key", "testMethod");
+        Assert.False(result.IsValid);
+        Assert.Equal(401, result.StatusCode);
+    }
+
+    [Fact]
+    public async Task DisabledApiKey_Returns401()
+    {
+        var key = new ApiKey("test", "valid-key") { Id = 1, IsEnabled = false };
+        _repository.GetApiKeyByValueAsync("valid-key").Returns(key);
+
+        var result = await _validator.ValidateAsync("valid-key", "testMethod");
+        Assert.False(result.IsValid);
+        Assert.Equal(401, result.StatusCode);
+    }
+
+    [Fact]
+    public async Task ValidKey_MethodNotFound_Returns400()
+    {
+        var key = new ApiKey("test", "valid-key") { Id = 1, IsEnabled = true };
+        _repository.GetApiKeyByValueAsync("valid-key").Returns(key);
+        _repository.GetMethodByNameAsync("nonExistent").Returns((ApiMethod?)null);
+
+        var result = await _validator.ValidateAsync("valid-key", "nonExistent");
+        Assert.False(result.IsValid);
+        Assert.Equal(400, result.StatusCode);
+    }
+
+    [Fact]
+    public async Task ValidKey_NotApprovedForMethod_Returns403()
+    {
+        var key = new ApiKey("test", "valid-key") { Id = 1, IsEnabled = true };
+        var method = new ApiMethod("testMethod", "return 1;") { Id = 10 };
+
+        _repository.GetApiKeyByValueAsync("valid-key").Returns(key);
+        _repository.GetMethodByNameAsync("testMethod").Returns(method);
+        _repository.GetApprovedKeysForMethodAsync(10).Returns(new List<ApiKey>());
+
+        var result = await _validator.ValidateAsync("valid-key", "testMethod");
+        Assert.False(result.IsValid);
+        Assert.Equal(403, result.StatusCode);
+    }
+
+    [Fact]
+    public async Task ValidKey_ApprovedForMethod_ReturnsValid()
+    {
+        var key = new ApiKey("test", "valid-key") { Id = 1, IsEnabled = true };
+        var method = new ApiMethod("testMethod", "return 1;") { Id = 10 };
+
+        _repository.GetApiKeyByValueAsync("valid-key").Returns(key);
+        _repository.GetMethodByNameAsync("testMethod").Returns(method);
+        _repository.GetApprovedKeysForMethodAsync(10).Returns(new List<ApiKey> { key });
+
+        var result = await _validator.ValidateAsync("valid-key", "testMethod");
+        Assert.True(result.IsValid);
+        Assert.Equal(200, result.StatusCode);
+        Assert.Equal(key, result.ApiKey);
+        Assert.Equal(method, result.Method);
+    }
+}