azaion/missions
1
0
Fork 0
mirror of https://github.com/azaion/missions.git synced 2026-06-22 11:31:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-576] Add e2e test infrastructure (xUnit + jwks-mock + reporting)
ci/woodpecker/push/build-arm Pipeline failed
Details

Browse Source 
Scaffold the blackbox test project the rest of epic AZ-575 (AZ-577..AZ-586)
will build on. Two new csprojs under tests/, plus the TLS materials and
TRX->CSV reporting hand-off the existing docker-compose.test.yml already
calls for.

JWKS mock (tests/Azaion.Missions.JwksMock/):
- ASP.NET Core minimal API on .NET 10, no NuGet deps; JWS is hand-rolled
  to keep the surface tight and avoid version drift with the SUT
- KeyStore with one in-memory ECDSA P-256 keypair + retired-key grace
  window for NFT-RES-07 / NFT-SEC-11 rotation observability
- Endpoints: GET /.well-known/jwks.json, POST /sign, POST /rotate-key
- Mock-only alg_override / kid_override switches drive NFT-SEC-09/10/11
- TLS keypair committed under tls/; tests/jwks-mock-ca.crt is a copy
  mounted into both missions and e2e-consumer per docker-compose.test.yml

E2E consumer (tests/Azaion.Missions.E2E.Tests/):
- xUnit 2.9.2 + Bogus 35.6.1 + Npgsql 10.0.2 + Xunit.SkippableFact 1.4.13
- TestBase / TokenMinter scaffolding for downstream tasks
- Fixtures/ for DbReset, DbSeed, ComposeRestart, JwksRotate, JwksMockReverse
- Helpers/ for DbAssertions (side-channel), HttpAssertions, FixtureSql
- 8 Tests/<category>/Sanity.cs discovery smoke tests (AC-3)
- Tests/InfrastructureSanity.cs SkippableFacts for AC-1/2/5/6
- Tests/AaaPatternEnforcement.cs greps source files for AC-7
- Tests/Reporting/TrxToCsvPostProcessorTests.cs covers AC-4
- Reporting/TrxToCsvPostProcessor.cs handles VSTest TRX -> environment.md
  CSV; xUnit traits are not propagated by the TRX logger so the converter
  reflects them out of the test DLL via GetCustomAttributesData
- Reporting.Cli/ is a separate console csproj that links the converter
  source files (test project excludes Reporting.Cli/** from compile)
- Dockerfile + entrypoint.sh wire dotnet test -> trx -> csv inside the
  e2e-consumer container the compose file already references

Local verification: 13 pass, 3 skip (with explicit reasons), 0 fail.
End-to-end TRX->CSV manually verified against environment.md header spec.
Docker stack build is handed off to autodev Step 7 (test-run skill).

Reports under _docs/03_implementation/.
AZ-576 task spec moved to _docs/tasks/done/.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-15 06:57:40 +03:00
parent b0c7132889
commit ccd85a09df
48 changed files with 2030 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/Azaion.Missions.E2E.Tests/Helpers/DbAssertions.cs
+54
View File
@@ -0,0 +1,54 @@
using Npgsql;
using Xunit;
namespace Azaion.Missions.E2E.Helpers;
/// <summary>
/// Side-channel database assertions. Used to verify state the API does not
/// expose directly (default-vehicle invariants, mission row counts after
/// cascade-delete, audit-table side effects).
/// </summary>
/// <remarks>
/// Marked with <c>[Trait("db_access","seed-or-assert-only")]</c> at the
/// consumer-test level — this helper itself is a pure utility.
/// </remarks>
public static class DbAssertions
{
public static long ScalarCount(string sql, params (string Name, object Value)[] parameters)
{
using var conn = new NpgsqlConnection(TestEnvironment.DbSideChannel);
conn.Open();
using var cmd = conn.CreateCommand();
cmd.CommandText = sql;
foreach (var (name, value) in parameters)
cmd.Parameters.AddWithValue(name, value);
var result = cmd.ExecuteScalar();
if (result is null || result is DBNull)
throw new InvalidOperationException($"Scalar query '{sql}' returned NULL");
return Convert.ToInt64(result, System.Globalization.CultureInfo.InvariantCulture);
}
public static void AssertExactlyOneDefaultVehicle()
{
var count = ScalarCount("SELECT COUNT(*) FROM vehicles WHERE is_default = TRUE");
Assert.True(count <= 1, $"default-vehicle invariant violated: {count} vehicles flagged is_default=TRUE");
}
public static long TableRowCount(string table)
{
if (!IsValidIdentifier(table))
throw new ArgumentException($"Invalid table identifier '{table}'", nameof(table));
return ScalarCount($"SELECT COUNT(*) FROM {table}");
}
private static bool IsValidIdentifier(string s)
{
if (string.IsNullOrEmpty(s) || s.Length > 63) return false;
foreach (var c in s)
{
if (!(char.IsLetterOrDigit(c) || c == '_'))
return false;
}
return true;
}
}
tests/Azaion.Missions.E2E.Tests/Helpers/FixtureSql.cs
+40
View File
@@ -0,0 +1,40 @@
using Npgsql;
namespace Azaion.Missions.E2E.Helpers;
/// <summary>
/// Loads named fixture SQL files (e.g. <c>fixture_cascade_F3.sql</c> from
/// <c>_docs/00_problem/input_data/expected_results/</c>) and applies them to
/// the test database via Npgsql side-channel.
/// </summary>
public static class FixtureSql
{
/// <summary>
/// Resolves a fixture by its base name (without <c>.sql</c>). The lookup
/// path is rooted at <c>FIXTURE_SQL_DIR</c> when set, otherwise at the
/// well-known repo path. Throws when the fixture is missing — silent
/// fallbacks would mask test setup bugs.
/// </summary>
public static void Apply(string fixtureName)
{
var sql = Load(fixtureName);
using var conn = new NpgsqlConnection(TestEnvironment.DbSideChannel);
conn.Open();
using var cmd = conn.CreateCommand();
cmd.CommandText = sql;
cmd.ExecuteNonQuery();
}
public static string Load(string fixtureName)
{
var dir = Environment.GetEnvironmentVariable("FIXTURE_SQL_DIR")
?? "/app/fixtures";
var path = Path.Combine(dir, fixtureName + ".sql");
if (!File.Exists(path))
throw new FileNotFoundException(
$"fixture SQL not found: {path}. " +
"Set FIXTURE_SQL_DIR or mount fixtures into /app/fixtures.",
path);
return File.ReadAllText(path);
}
}
tests/Azaion.Missions.E2E.Tests/Helpers/HttpAssertions.cs
+67
View File
@@ -0,0 +1,67 @@
using System.Net;
using System.Net.Http.Json;
using System.Text.Json;
using Xunit;
namespace Azaion.Missions.E2E.Helpers;
/// <summary>
/// Reusable HTTP-shape assertions: PascalCase JSON keys, the
/// <c>{ error, traceId }</c> error envelope, paginated-response shape, and
/// expected-status helpers.
/// </summary>
public static class HttpAssertions
{
public static async Task AssertStatusAsync(HttpResponseMessage response, HttpStatusCode expected)
{
if (response.StatusCode != expected)
{
var body = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
Assert.Fail($"Expected HTTP {(int)expected}; got {(int)response.StatusCode}. Body:\n{body}");
}
}
public static async Task AssertErrorEnvelopeAsync(HttpResponseMessage response)
{
var body = await response.Content.ReadFromJsonAsync<JsonElement>().ConfigureAwait(false);
Assert.True(body.TryGetProperty("error", out _), "error-envelope missing 'error' property");
Assert.True(body.TryGetProperty("traceId", out _), "error-envelope missing 'traceId' property");
AssertNoStackLeak(body);
}
public static void AssertNoStackLeak(JsonElement body)
{
// Walk the JSON DOM and fail if any key looks like it leaks server internals.
var leakKeys = new[] { "stack", "stackTrace", "exception", "inner", "trace", "innerException", "type", "details" };
WalkAndAssert(body, leakKeys);
}
private static void WalkAndAssert(JsonElement element, string[] leakKeys)
{
switch (element.ValueKind)
{
case JsonValueKind.Object:
foreach (var prop in element.EnumerateObject())
{
foreach (var leak in leakKeys)
{
if (string.Equals(prop.Name, leak, StringComparison.OrdinalIgnoreCase))
Assert.Fail($"error envelope leaks server internals via key '{prop.Name}'");
}
WalkAndAssert(prop.Value, leakKeys);
}
break;
case JsonValueKind.Array:
foreach (var item in element.EnumerateArray())
WalkAndAssert(item, leakKeys);
break;
}
}
public static AuthenticationHeaderValueLike Bearer(string jwt) => new(jwt);
public sealed record AuthenticationHeaderValueLike(string Jwt)
{
public override string ToString() => $"Bearer {Jwt}";
}
}