using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Serilog; using Serilog.Core; using Serilog.Events; using Serilog.Sinks.InMemory; using ZB.MOM.WW.Telemetry; using ZB.MOM.WW.Telemetry.Serilog; namespace ZB.MOM.WW.Telemetry.Serilog.Tests; public sealed class RedactionTests { private const string Masked = "***"; private sealed class FakeRedactor : ILogRedactor { public void Redact(IDictionary properties) { if (properties.ContainsKey("apiKey")) { properties["apiKey"] = Masked; } } } private sealed class RemovingRedactor : ILogRedactor { private readonly string _key; public RemovingRedactor(string key) => _key = key; public void Redact(IDictionary properties) => properties.Remove(_key); } /// Masks a field nested inside a destructured {@command} object. private sealed class NestedFieldRedactor : ILogRedactor { public void Redact(IDictionary properties) { if (properties.TryGetValue("command", out var value) && value is IDictionary command && command.ContainsKey("ApiKey")) { command["ApiKey"] = Masked; } } } /// Removes a field nested inside a destructured {@command} object. private sealed class NestedRemovingRedactor : ILogRedactor { public void Redact(IDictionary properties) { if (properties.TryGetValue("command", out var value) && value is IDictionary command) { command.Remove("ApiKey"); } } } /// Masks an element inside a destructured {@items} sequence. private sealed class SequenceElementRedactor : ILogRedactor { public void Redact(IDictionary properties) { if (properties.TryGetValue("items", out var value) && value is IList items) { for (var i = 0; i < items.Count; i++) { if (items[i] is string s && s.StartsWith("secret", StringComparison.Ordinal)) { items[i] = Masked; } } } } } /// Masks a value inside a destructured {@map} dictionary. private sealed class DictionaryValueRedactor : ILogRedactor { public void Redact(IDictionary properties) { if (properties.TryGetValue("map", out var value) && value is IDictionary map && map.ContainsKey("token")) { map["token"] = Masked; } } } /// Masks a field two levels deep inside a destructured object graph. private sealed class DeepFieldRedactor : ILogRedactor { public void Redact(IDictionary properties) { if (properties.TryGetValue("payload", out var value) && value is IDictionary payload && payload.TryGetValue("Inner", out var innerValue) && innerValue is IDictionary inner && inner.ContainsKey("ApiKey")) { inner["ApiKey"] = Masked; } } } // Named types so a destructured StructureValue's TypeTag is deterministic in assertions. private sealed record Command(string Name, string ApiKey); private sealed record Envelope(Inner Inner); private sealed record Inner(string ApiKey, string Note); private static string? ScalarOrNull(LogEvent logEvent, string propertyName) => logEvent.Properties.TryGetValue(propertyName, out var value) && value is ScalarValue scalar ? scalar.Value?.ToString() : null; /// /// Builds a logger wired with , logs one event, and returns it — /// the shared harness for the redaction tests. /// private static LogEvent LogWith(ILogRedactor redactor, string template, params object?[] args) { var serviceProvider = new ServiceCollection() .AddSingleton(redactor) .BuildServiceProvider(); var sink = new InMemorySink(); var options = new ZbTelemetryOptions { ServiceName = "mxgateway" }; var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options, serviceProvider); using Logger logger = loggerConfig.WriteTo.Sink(sink).CreateLogger(); logger.Information(template, args); return Assert.Single(sink.LogEvents); } [Fact] public void Registered_redactor_masks_sensitive_property() { var serviceProvider = new ServiceCollection() .AddSingleton(new FakeRedactor()) .BuildServiceProvider(); var sink = new InMemorySink(); var options = new ZbTelemetryOptions { ServiceName = "mxgateway" }; var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options, serviceProvider); using Logger logger = loggerConfig.WriteTo.Sink(sink).CreateLogger(); logger.Information("authenticating {apiKey}", "mxgw_secret"); var logEvent = Assert.Single(sink.LogEvents); Assert.Equal(Masked, ScalarOrNull(logEvent, "apiKey")); } [Fact] public void No_redactor_registered_is_a_no_op() { var serviceProvider = new ServiceCollection().BuildServiceProvider(); var sink = new InMemorySink(); var options = new ZbTelemetryOptions { ServiceName = "mxgateway" }; var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options, serviceProvider); using Logger logger = loggerConfig.WriteTo.Sink(sink).CreateLogger(); logger.Information("authenticating {apiKey}", "mxgw_secret"); var logEvent = Assert.Single(sink.LogEvents); Assert.Equal("mxgw_secret", ScalarOrNull(logEvent, "apiKey")); } /// /// Telemetry-001: a redactor that REMOVES a key (the most natural way to implement "must not /// leave the process") must result in the property being absent from the emitted event, not /// silently retained. /// [Fact] public void Removing_redactor_scrubs_the_property_from_the_event() { var serviceProvider = new ServiceCollection() .AddSingleton(new RemovingRedactor("apiKey")) .BuildServiceProvider(); var sink = new InMemorySink(); var options = new ZbTelemetryOptions { ServiceName = "mxgateway" }; var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options, serviceProvider); using Logger logger = loggerConfig.WriteTo.Sink(sink).CreateLogger(); logger.Information("authenticating {apiKey} for {user}", "mxgw_secret", "alice"); var logEvent = Assert.Single(sink.LogEvents); Assert.False( logEvent.Properties.ContainsKey("apiKey"), "apiKey must be removed from the event when the redactor removes the key"); // A non-sensitive property the redactor left alone must survive. Assert.Equal("alice", ScalarOrNull(logEvent, "user")); } /// /// Telemetry-002: a redactor can reach a field nested inside a destructured ({@Object}) /// property and mask it, leaving sibling fields and the structure's type tag intact. /// [Fact] public void Redactor_masks_a_field_inside_a_destructured_object() { var logEvent = LogWith( new NestedFieldRedactor(), "dispatching {@command}", new Command("Write", "mxgw_secret")); var structure = Assert.IsType(logEvent.Properties["command"]); var fields = structure.Properties.ToDictionary(p => p.Name, p => p.Value); Assert.Equal(Masked, (fields["ApiKey"] as ScalarValue)?.Value?.ToString()); Assert.Equal("Write", (fields["Name"] as ScalarValue)?.Value?.ToString()); Assert.Equal(nameof(Command), structure.TypeTag); } /// /// Telemetry-002: a redactor can remove a field nested inside a destructured object; the /// field is dropped from the rebuilt structure while siblings survive. /// [Fact] public void Redactor_removes_a_field_inside_a_destructured_object() { var logEvent = LogWith( new NestedRemovingRedactor(), "dispatching {@command}", new Command("Write", "mxgw_secret")); var structure = Assert.IsType(logEvent.Properties["command"]); var names = structure.Properties.Select(p => p.Name).ToList(); Assert.DoesNotContain("ApiKey", names); Assert.Contains("Name", names); } /// Telemetry-002: a redactor can mask an element nested inside a destructured sequence. [Fact] public void Redactor_masks_an_element_inside_a_destructured_sequence() { var logEvent = LogWith( new SequenceElementRedactor(), "items {@items}", (object)new[] { "keep", "secret-token" }); var sequence = Assert.IsType(logEvent.Properties["items"]); var elements = sequence.Elements.Select(e => (e as ScalarValue)?.Value?.ToString()).ToList(); Assert.Equal(new[] { "keep", Masked }, elements); } /// Telemetry-002: a redactor can mask a value nested inside a destructured dictionary. [Fact] public void Redactor_masks_a_value_inside_a_destructured_dictionary() { var map = new Dictionary { ["user"] = "alice", ["token"] = "secret" }; var logEvent = LogWith(new DictionaryValueRedactor(), "map {@map}", map); var dictionary = Assert.IsType(logEvent.Properties["map"]); var pairs = dictionary.Elements.ToDictionary( e => (string)e.Key.Value!, e => (e.Value as ScalarValue)?.Value?.ToString()); Assert.Equal("alice", pairs["user"]); Assert.Equal(Masked, pairs["token"]); } /// Telemetry-002: nested reach is recursive — a field two levels deep is reachable. [Fact] public void Redactor_masks_a_field_two_levels_deep() { var logEvent = LogWith( new DeepFieldRedactor(), "payload {@payload}", new Envelope(new Inner("secret", "keep"))); var outer = Assert.IsType(logEvent.Properties["payload"]); var innerValue = outer.Properties.Single(p => p.Name == "Inner").Value; var inner = Assert.IsType(innerValue); var fields = inner.Properties.ToDictionary(p => p.Name, p => p.Value); Assert.Equal(Masked, (fields["ApiKey"] as ScalarValue)?.Value?.ToString()); Assert.Equal("keep", (fields["Note"] as ScalarValue)?.Value?.ToString()); } /// /// A structured property the redactor does not touch must survive redaction unchanged /// (siblings, values, and type tag intact) even while a scalar property is masked. /// [Fact] public void Untouched_structured_property_survives_redaction_intact() { var logEvent = LogWith( new FakeRedactor(), "dispatching {apiKey} {@command}", "mxgw_secret", new Command("Write", "open")); Assert.Equal(Masked, ScalarOrNull(logEvent, "apiKey")); var structure = Assert.IsType(logEvent.Properties["command"]); var fields = structure.Properties.ToDictionary(p => p.Name, p => p.Value); Assert.Equal("Write", (fields["Name"] as ScalarValue)?.Value?.ToString()); Assert.Equal("open", (fields["ApiKey"] as ScalarValue)?.Value?.ToString()); Assert.Equal(nameof(Command), structure.TypeTag); } [Fact] public void AddZbSerilog_with_otlp_options_builds_without_error() { var builder = Host.CreateApplicationBuilder(); builder.AddZbSerilog(o => { o.ServiceName = "mxgateway"; o.SiteId = "s1"; o.NodeRole = "central"; o.Exporter = ZbExporter.Otlp; o.OtlpEndpoint = "http://localhost:4317"; }); using var host = builder.Build(); // Serilog.ILogger is registered by AddSerilog — not Microsoft.Extensions.Logging.ILogger. var logger = host.Services.GetRequiredService(); logger.Information("otlp wiring smoke test"); } [Fact] public void BuildResourceAttributes_contains_required_keys_and_optional_keys_when_set() { var options = new ZbTelemetryOptions { ServiceName = "mxgateway", ServiceNamespace = "ZB.MOM.WW", SiteId = "site-a", NodeRole = "central", }; var attributes = ZbSerilogConfig.BuildResourceAttributes(options); // Required keys always present. Assert.True(attributes.ContainsKey("service.name"), "service.name must be present"); Assert.True(attributes.ContainsKey("service.namespace"), "service.namespace must be present"); Assert.True(attributes.ContainsKey("host.name"), "host.name must be present"); // service.instance.id must be present and match ZbResource.InstanceId (parity with OTel SDK path). Assert.True(attributes.ContainsKey("service.instance.id"), "service.instance.id must be present"); Assert.Equal(ZbResource.InstanceId, attributes["service.instance.id"]); // Optional keys present when options supply them. Assert.True(attributes.ContainsKey("site.id"), "site.id must be present when SiteId is set"); Assert.True(attributes.ContainsKey("node.role"), "node.role must be present when NodeRole is set"); Assert.Equal("mxgateway", attributes["service.name"]); Assert.Equal("ZB.MOM.WW", attributes["service.namespace"]); Assert.Equal(Environment.MachineName, attributes["host.name"]); Assert.Equal("site-a", attributes["site.id"]); Assert.Equal("central", attributes["node.role"]); } /// /// Telemetry-005: the Serilog OTLP log-sink attribute map and the OTel SDK metrics/traces /// attribute map must be key-for-key and value-for-value identical, because both now derive from /// the single source of truth. This pins that they /// cannot silently drift apart. /// [Fact] public void Serilog_and_OTel_resource_attribute_sets_are_identical() { var options = new ZbTelemetryOptions { ServiceName = "mxgateway", ServiceNamespace = "ZB.MOM.WW", ServiceVersion = "9.9.9", SiteId = "site-z", NodeRole = "hub", }; var serilogAttributes = ZbSerilogConfig.BuildResourceAttributes(options); var canonical = ZbResource.BuildAttributes(options); Assert.Equal( canonical.OrderBy(kvp => kvp.Key, StringComparer.Ordinal), serilogAttributes.OrderBy(kvp => kvp.Key, StringComparer.Ordinal)); } [Fact] public void BuildResourceAttributes_omits_optional_keys_when_not_set() { var options = new ZbTelemetryOptions { ServiceName = "mxgateway", SiteId = null, NodeRole = null, }; var attributes = ZbSerilogConfig.BuildResourceAttributes(options); Assert.False(attributes.ContainsKey("site.id"), "site.id must be absent when SiteId is null"); Assert.False(attributes.ContainsKey("node.role"), "node.role must be absent when NodeRole is null"); // service.instance.id is always present regardless of optional fields. Assert.True(attributes.ContainsKey("service.instance.id"), "service.instance.id must always be present"); Assert.Equal(ZbResource.InstanceId, attributes["service.instance.id"]); } /// /// Fix 1 — Symmetric OTLP trigger: the Serilog path must only activate the OTel log sink /// when Exporter == ZbExporter.Otlp, NOT merely when OtlpEndpoint is set. /// This matches the core OTel metrics/traces path that ignores a bare endpoint without /// Exporter=Otlp. /// [Fact] public void ApplyOpenTelemetryExport_does_not_activate_when_only_endpoint_is_set() { // Arrange: set OtlpEndpoint but leave Exporter at the default (not Otlp). var options = new ZbTelemetryOptions { ServiceName = "mxgateway", OtlpEndpoint = "http://localhost:4317", // Exporter is intentionally left at default (ZbExporter.None / Prometheus only) }; // Act: Apply the shared Serilog config — if the bug is present this will attempt to // connect to localhost:4317 and the OpenTelemetry sink will be registered. // We verify by inspecting the LoggerConfiguration directly: after Apply, if WriteTo // contained an OTel sink the LoggerConfiguration's internal list would be non-empty. // The simplest observable proxy: building the logger must not throw, and we assert // the exporter is not Otlp. Assert.NotEqual(ZbExporter.Otlp, options.Exporter); // Building the logger with only OtlpEndpoint set (no Exporter=Otlp) must not throw // and must not attempt any OTLP connection — the sink should simply be absent. var exception = Record.Exception(() => { var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options); using var logger = loggerConfig.CreateLogger(); logger.Information("no otlp sink expected"); }); Assert.Null(exception); } [Fact] public void ApplyOpenTelemetryExport_activates_when_Exporter_is_Otlp() { // Arrange: Exporter explicitly set to Otlp (no endpoint — exporter registered but won't connect). var options = new ZbTelemetryOptions { ServiceName = "mxgateway", Exporter = ZbExporter.Otlp, // OtlpEndpoint intentionally left null — we test the trigger, not the connection. }; // Act + Assert: must not throw (the sink is registered but won't connect in tests). var exception = Record.Exception(() => { var loggerConfig = new LoggerConfiguration(); ZbSerilogConfig.Apply(loggerConfig, options); using var logger = loggerConfig.CreateLogger(); logger.Information("otlp sink registered"); }); Assert.Null(exception); } }