221 lines
8.5 KiB
C#
221 lines
8.5 KiB
C#
using System.Text;
|
|
using Microsoft.Extensions.Configuration;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.Extensions.Logging.Abstractions;
|
|
using Microsoft.Extensions.Options;
|
|
using ScadaLink.AuditLog.Configuration;
|
|
using ScadaLink.AuditLog.Payload;
|
|
using ScadaLink.Commons.Entities.Audit;
|
|
using ScadaLink.Commons.Types.Enums;
|
|
|
|
namespace ScadaLink.AuditLog.Tests.Configuration;
|
|
|
|
/// <summary>
|
|
/// Bundle D (M5-T8) tests for hot-reloadable <see cref="AuditLogOptions"/>
|
|
/// binding. The first test pins the JSON-realistic binding shape end-to-end
|
|
/// (scalars, lists, per-target overrides) so accidental drift in the section
|
|
/// layout breaks the build. The second test exercises the live hot-reload
|
|
/// path: a <see cref="DefaultAuditPayloadFilter"/> backed by a mutable
|
|
/// <see cref="IOptionsMonitor{TOptions}"/> must respond to config changes on
|
|
/// the very next event, with both cap-bytes and the regex-cache invalidation
|
|
/// flowing through without a restart.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Distinct from <see cref="AuditLogOptionsTests"/> (M1-T9) which covered
|
|
/// section binding + validator failures via single-key in-memory config — those
|
|
/// tests exist; these add (a) end-to-end binding from a realistic JSON literal
|
|
/// and (b) the hot-reload behavioural contract the M5-T8 spec calls out.
|
|
/// </remarks>
|
|
public class AuditLogOptionsBindingTests
|
|
{
|
|
[Fact]
|
|
public void AuditLog_Section_Binds_AllFields()
|
|
{
|
|
const string json = """
|
|
{
|
|
"AuditLog": {
|
|
"DefaultCapBytes": 4096,
|
|
"ErrorCapBytes": 32768,
|
|
"HeaderRedactList": ["Authorization", "Custom-Token"],
|
|
"GlobalBodyRedactors": ["\"password\":\\s*\"[^\"]*\""],
|
|
"PerTargetOverrides": {
|
|
"myconnection": {
|
|
"CapBytes": 16384,
|
|
"AdditionalBodyRedactors": [],
|
|
"RedactSqlParamsMatching": "@token|@secret"
|
|
}
|
|
},
|
|
"RetentionDays": 180
|
|
}
|
|
}
|
|
""";
|
|
|
|
using var stream = new MemoryStream(Encoding.UTF8.GetBytes(json));
|
|
var configuration = new ConfigurationBuilder()
|
|
.AddJsonStream(stream)
|
|
.Build();
|
|
var services = new ServiceCollection();
|
|
services.AddAuditLog(configuration);
|
|
using var provider = services.BuildServiceProvider();
|
|
|
|
var opts = provider.GetRequiredService<IOptions<AuditLogOptions>>().Value;
|
|
|
|
// Scalars.
|
|
Assert.Equal(4096, opts.DefaultCapBytes);
|
|
Assert.Equal(32768, opts.ErrorCapBytes);
|
|
Assert.Equal(180, opts.RetentionDays);
|
|
|
|
// HeaderRedactList: the Microsoft.Extensions.Configuration list binder
|
|
// APPENDS to the default list, so we assert containment rather than
|
|
// exact equality (see M1-T9 AuditLogOptionsTests for the rationale).
|
|
Assert.Contains("Authorization", opts.HeaderRedactList);
|
|
Assert.Contains("Custom-Token", opts.HeaderRedactList);
|
|
|
|
// GlobalBodyRedactors: pattern arrived intact, regex-escape sequences
|
|
// and all.
|
|
Assert.Contains("\"password\":\\s*\"[^\"]*\"", opts.GlobalBodyRedactors);
|
|
|
|
// PerTargetOverrides: keyed by connection name, each field bound.
|
|
Assert.True(opts.PerTargetOverrides.ContainsKey("myconnection"));
|
|
var ov = opts.PerTargetOverrides["myconnection"];
|
|
Assert.Equal(16384, ov.CapBytes);
|
|
// Microsoft.Extensions.Configuration JSON binder leaves an empty array
|
|
// null on a nullable List<T>; either null or empty is acceptable as
|
|
// "no additional redactors" — both result in zero patterns at use.
|
|
Assert.True(ov.AdditionalBodyRedactors is null || ov.AdditionalBodyRedactors.Count == 0);
|
|
Assert.Equal("@token|@secret", ov.RedactSqlParamsMatching);
|
|
}
|
|
|
|
[Fact]
|
|
public void Filter_Behavior_Updates_OnConfigReload()
|
|
{
|
|
// Start at the default cap (4096). A 5 KB body should be truncated;
|
|
// PayloadTruncated flips to true.
|
|
var initial = new AuditLogOptions { DefaultCapBytes = 4096 };
|
|
var monitor = new TestOptionsMonitor<AuditLogOptions>(initial);
|
|
var filter = new DefaultAuditPayloadFilter(
|
|
monitor,
|
|
NullLogger<DefaultAuditPayloadFilter>.Instance);
|
|
|
|
var body = new string('x', 5 * 1024);
|
|
var evt = new AuditEvent
|
|
{
|
|
EventId = Guid.NewGuid(),
|
|
OccurredAtUtc = DateTime.UtcNow,
|
|
Channel = AuditChannel.ApiOutbound,
|
|
Kind = AuditKind.ApiCall,
|
|
Status = AuditStatus.Delivered,
|
|
RequestSummary = body,
|
|
};
|
|
|
|
var resultBefore = filter.Apply(evt);
|
|
Assert.True(resultBefore.PayloadTruncated, "5KB body at 4096 cap must be truncated");
|
|
Assert.NotNull(resultBefore.RequestSummary);
|
|
Assert.True(Encoding.UTF8.GetByteCount(resultBefore.RequestSummary!) <= 4096);
|
|
|
|
// Reload: cap raised to 16384 — next event must NOT truncate. This is
|
|
// the M5-T8 contract: the filter sees the new value on the very next
|
|
// Apply, without process restart.
|
|
monitor.Set(new AuditLogOptions { DefaultCapBytes = 16384 });
|
|
|
|
var resultAfter = filter.Apply(evt);
|
|
Assert.False(resultAfter.PayloadTruncated, "5KB body at 16384 cap must NOT be truncated");
|
|
Assert.Equal(body, resultAfter.RequestSummary);
|
|
}
|
|
|
|
[Fact]
|
|
public void Filter_PicksUp_NewBodyRedactor_OnConfigReload()
|
|
{
|
|
// The regex cache is keyed by pattern string — a redactor added via
|
|
// config reload must compile + apply on the very next event without a
|
|
// process restart. Pre-reload: no redactor, hunter2 survives. After
|
|
// reload: hunter2 redacted.
|
|
var monitor = new TestOptionsMonitor<AuditLogOptions>(new AuditLogOptions());
|
|
var filter = new DefaultAuditPayloadFilter(
|
|
monitor,
|
|
NullLogger<DefaultAuditPayloadFilter>.Instance);
|
|
|
|
const string body = "{\"user\":\"alice\",\"password\":\"hunter2\"}";
|
|
var evt = new AuditEvent
|
|
{
|
|
EventId = Guid.NewGuid(),
|
|
OccurredAtUtc = DateTime.UtcNow,
|
|
Channel = AuditChannel.ApiOutbound,
|
|
Kind = AuditKind.ApiCall,
|
|
Status = AuditStatus.Delivered,
|
|
RequestSummary = body,
|
|
};
|
|
|
|
var before = filter.Apply(evt);
|
|
Assert.Contains("hunter2", before.RequestSummary!);
|
|
|
|
monitor.Set(new AuditLogOptions
|
|
{
|
|
GlobalBodyRedactors = new List<string> { "\"password\":\\s*\"[^\"]*\"" },
|
|
});
|
|
|
|
var after = filter.Apply(evt);
|
|
Assert.DoesNotContain("hunter2", after.RequestSummary!);
|
|
Assert.Contains("<redacted>", after.RequestSummary!);
|
|
}
|
|
|
|
/// <summary>
|
|
/// IOptionsMonitor test double — exposes a <see cref="Set"/> method that
|
|
/// updates the current value and fires registered OnChange callbacks.
|
|
/// Avoids depending on Microsoft.Extensions.Configuration's reload-token
|
|
/// plumbing, which is awkward to drive deterministically from xUnit.
|
|
/// </summary>
|
|
private sealed class TestOptionsMonitor<T> : IOptionsMonitor<T>
|
|
{
|
|
private T _current;
|
|
private readonly List<Action<T, string?>> _listeners = new();
|
|
|
|
public TestOptionsMonitor(T initial) => _current = initial;
|
|
|
|
public T CurrentValue => _current;
|
|
|
|
public T Get(string? name) => _current;
|
|
|
|
public IDisposable? OnChange(Action<T, string?> listener)
|
|
{
|
|
lock (_listeners)
|
|
{
|
|
_listeners.Add(listener);
|
|
}
|
|
return new Unsubscribe(_listeners, listener);
|
|
}
|
|
|
|
public void Set(T value)
|
|
{
|
|
_current = value;
|
|
Action<T, string?>[] snapshot;
|
|
lock (_listeners)
|
|
{
|
|
snapshot = _listeners.ToArray();
|
|
}
|
|
foreach (var l in snapshot)
|
|
{
|
|
l(_current, Options.DefaultName);
|
|
}
|
|
}
|
|
|
|
private sealed class Unsubscribe : IDisposable
|
|
{
|
|
private readonly List<Action<T, string?>> _listeners;
|
|
private readonly Action<T, string?> _listener;
|
|
public Unsubscribe(List<Action<T, string?>> listeners, Action<T, string?> listener)
|
|
{
|
|
_listeners = listeners;
|
|
_listener = listener;
|
|
}
|
|
public void Dispose()
|
|
{
|
|
lock (_listeners)
|
|
{
|
|
_listeners.Remove(_listener);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|