using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Serilog; using Serilog.Core; using Serilog.Events; using Serilog.Sinks.InMemory; using ZB.MOM.WW.Telemetry; using ZB.MOM.WW.Telemetry.Serilog; namespace ZB.MOM.WW.Telemetry.Serilog.Tests; public sealed class RedactionTests { private const string Masked = "***"; private sealed class FakeRedactor : ILogRedactor { public void Redact(IDictionary properties) { if (properties.ContainsKey("apiKey")) { properties["apiKey"] = Masked; } } } private sealed class RemovingRedactor : ILogRedactor { private readonly string _key; public RemovingRedactor(string key) => _key = key; public void Redact(IDictionary properties) => properties.Remove(_key); } private sealed class StructuredFieldRedactor : ILogRedactor { // Attempts to mask a nested field of a destructured ({@Object}) property by mutating the // value the seam exposes. Documents that the seam reaches scalar top-level properties only. public void Redact(IDictionary properties) { if (properties.TryGetValue("command", out var value) && value is StructureValue) { // The seam exposes the raw StructureValue wrapper, not a mutable dictionary of the // object's fields, so a project redactor cannot reach inside to mask a nested field. properties["command"] = Masked; } } } private static string? ScalarOrNull(LogEvent logEvent, string propertyName) => logEvent.Properties.TryGetValue(propertyName, out var value) && value is ScalarValue scalar ? scalar.Value?.ToString() : null; [Fact] public void Registered_redactor_masks_sensitive_property() { var serviceProvider = new ServiceCollection() .AddSingleton(new FakeRedactor()) .BuildServiceProvider(); var sink = new InMemorySink(); var options = new ZbTelemetryOptions { ServiceName = "mxgateway" }; var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options, serviceProvider); using Logger logger = loggerConfig.WriteTo.Sink(sink).CreateLogger(); logger.Information("authenticating {apiKey}", "mxgw_secret"); var logEvent = Assert.Single(sink.LogEvents); Assert.Equal(Masked, ScalarOrNull(logEvent, "apiKey")); } [Fact] public void No_redactor_registered_is_a_no_op() { var serviceProvider = new ServiceCollection().BuildServiceProvider(); var sink = new InMemorySink(); var options = new ZbTelemetryOptions { ServiceName = "mxgateway" }; var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options, serviceProvider); using Logger logger = loggerConfig.WriteTo.Sink(sink).CreateLogger(); logger.Information("authenticating {apiKey}", "mxgw_secret"); var logEvent = Assert.Single(sink.LogEvents); Assert.Equal("mxgw_secret", ScalarOrNull(logEvent, "apiKey")); } /// /// Telemetry-001: a redactor that REMOVES a key (the most natural way to implement "must not /// leave the process") must result in the property being absent from the emitted event, not /// silently retained. /// [Fact] public void Removing_redactor_scrubs_the_property_from_the_event() { var serviceProvider = new ServiceCollection() .AddSingleton(new RemovingRedactor("apiKey")) .BuildServiceProvider(); var sink = new InMemorySink(); var options = new ZbTelemetryOptions { ServiceName = "mxgateway" }; var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options, serviceProvider); using Logger logger = loggerConfig.WriteTo.Sink(sink).CreateLogger(); logger.Information("authenticating {apiKey} for {user}", "mxgw_secret", "alice"); var logEvent = Assert.Single(sink.LogEvents); Assert.False( logEvent.Properties.ContainsKey("apiKey"), "apiKey must be removed from the event when the redactor removes the key"); // A non-sensitive property the redactor left alone must survive. Assert.Equal("alice", ScalarOrNull(logEvent, "user")); } /// /// Telemetry-002/003: the redaction seam reaches scalar top-level properties only. A /// destructured ({@Object}) property is exposed to the redactor as the raw Serilog /// wrapper, so a project redactor cannot mask a field nested /// inside the object — it can only replace/remove the whole top-level property. This test /// pins that documented limitation (see ILogRedactor XML doc and the shared contract). /// [Fact] public void Redactor_cannot_reach_a_field_inside_a_destructured_object() { var serviceProvider = new ServiceCollection() .AddSingleton(new StructuredFieldRedactor()) .BuildServiceProvider(); var sink = new InMemorySink(); var options = new ZbTelemetryOptions { ServiceName = "mxgateway" }; var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options, serviceProvider); using Logger logger = loggerConfig.WriteTo.Sink(sink).CreateLogger(); var command = new { Name = "Write", ApiKey = "mxgw_secret" }; logger.Information("dispatching {@command}", command); var logEvent = Assert.Single(sink.LogEvents); Assert.True(logEvent.Properties.TryGetValue("command", out var value)); // The property was destructured into a StructureValue and exposed to the redactor as that // wrapper. The redactor recognized it and replaced the whole top-level property with the // mask — confirming the seam can only act at top-level granularity for structured values. Assert.Equal(Masked, (value as ScalarValue)?.Value?.ToString()); } [Fact] public void AddZbSerilog_with_otlp_options_builds_without_error() { var builder = Host.CreateApplicationBuilder(); builder.AddZbSerilog(o => { o.ServiceName = "mxgateway"; o.SiteId = "s1"; o.NodeRole = "central"; o.Exporter = ZbExporter.Otlp; o.OtlpEndpoint = "http://localhost:4317"; }); using var host = builder.Build(); // Serilog.ILogger is registered by AddSerilog — not Microsoft.Extensions.Logging.ILogger. var logger = host.Services.GetRequiredService(); logger.Information("otlp wiring smoke test"); } [Fact] public void BuildResourceAttributes_contains_required_keys_and_optional_keys_when_set() { var options = new ZbTelemetryOptions { ServiceName = "mxgateway", ServiceNamespace = "ZB.MOM.WW", SiteId = "site-a", NodeRole = "central", }; var attributes = ZbSerilogConfig.BuildResourceAttributes(options); // Required keys always present. Assert.True(attributes.ContainsKey("service.name"), "service.name must be present"); Assert.True(attributes.ContainsKey("service.namespace"), "service.namespace must be present"); Assert.True(attributes.ContainsKey("host.name"), "host.name must be present"); // service.instance.id must be present and match ZbResource.InstanceId (parity with OTel SDK path). Assert.True(attributes.ContainsKey("service.instance.id"), "service.instance.id must be present"); Assert.Equal(ZbResource.InstanceId, attributes["service.instance.id"]); // Optional keys present when options supply them. Assert.True(attributes.ContainsKey("site.id"), "site.id must be present when SiteId is set"); Assert.True(attributes.ContainsKey("node.role"), "node.role must be present when NodeRole is set"); Assert.Equal("mxgateway", attributes["service.name"]); Assert.Equal("ZB.MOM.WW", attributes["service.namespace"]); Assert.Equal(Environment.MachineName, attributes["host.name"]); Assert.Equal("site-a", attributes["site.id"]); Assert.Equal("central", attributes["node.role"]); } /// /// Telemetry-005: the Serilog OTLP log-sink attribute map and the OTel SDK metrics/traces /// attribute map must be key-for-key and value-for-value identical, because both now derive from /// the single source of truth. This pins that they /// cannot silently drift apart. /// [Fact] public void Serilog_and_OTel_resource_attribute_sets_are_identical() { var options = new ZbTelemetryOptions { ServiceName = "mxgateway", ServiceNamespace = "ZB.MOM.WW", ServiceVersion = "9.9.9", SiteId = "site-z", NodeRole = "hub", }; var serilogAttributes = ZbSerilogConfig.BuildResourceAttributes(options); var canonical = ZbResource.BuildAttributes(options); Assert.Equal( canonical.OrderBy(kvp => kvp.Key, StringComparer.Ordinal), serilogAttributes.OrderBy(kvp => kvp.Key, StringComparer.Ordinal)); } [Fact] public void BuildResourceAttributes_omits_optional_keys_when_not_set() { var options = new ZbTelemetryOptions { ServiceName = "mxgateway", SiteId = null, NodeRole = null, }; var attributes = ZbSerilogConfig.BuildResourceAttributes(options); Assert.False(attributes.ContainsKey("site.id"), "site.id must be absent when SiteId is null"); Assert.False(attributes.ContainsKey("node.role"), "node.role must be absent when NodeRole is null"); // service.instance.id is always present regardless of optional fields. Assert.True(attributes.ContainsKey("service.instance.id"), "service.instance.id must always be present"); Assert.Equal(ZbResource.InstanceId, attributes["service.instance.id"]); } /// /// Fix 1 — Symmetric OTLP trigger: the Serilog path must only activate the OTel log sink /// when Exporter == ZbExporter.Otlp, NOT merely when OtlpEndpoint is set. /// This matches the core OTel metrics/traces path that ignores a bare endpoint without /// Exporter=Otlp. /// [Fact] public void ApplyOpenTelemetryExport_does_not_activate_when_only_endpoint_is_set() { // Arrange: set OtlpEndpoint but leave Exporter at the default (not Otlp). var options = new ZbTelemetryOptions { ServiceName = "mxgateway", OtlpEndpoint = "http://localhost:4317", // Exporter is intentionally left at default (ZbExporter.None / Prometheus only) }; // Act: Apply the shared Serilog config — if the bug is present this will attempt to // connect to localhost:4317 and the OpenTelemetry sink will be registered. // We verify by inspecting the LoggerConfiguration directly: after Apply, if WriteTo // contained an OTel sink the LoggerConfiguration's internal list would be non-empty. // The simplest observable proxy: building the logger must not throw, and we assert // the exporter is not Otlp. Assert.NotEqual(ZbExporter.Otlp, options.Exporter); // Building the logger with only OtlpEndpoint set (no Exporter=Otlp) must not throw // and must not attempt any OTLP connection — the sink should simply be absent. var exception = Record.Exception(() => { var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options); using var logger = loggerConfig.CreateLogger(); logger.Information("no otlp sink expected"); }); Assert.Null(exception); } [Fact] public void ApplyOpenTelemetryExport_activates_when_Exporter_is_Otlp() { // Arrange: Exporter explicitly set to Otlp (no endpoint — exporter registered but won't connect). var options = new ZbTelemetryOptions { ServiceName = "mxgateway", Exporter = ZbExporter.Otlp, // OtlpEndpoint intentionally left null — we test the trigger, not the connection. }; // Act + Assert: must not throw (the sink is registered but won't connect in tests). var exception = Record.Exception(() => { var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options); using var logger = loggerConfig.CreateLogger(); logger.Information("otlp sink registered"); }); Assert.Null(exception); } }