mirror of
https://github.com/azaion/missions.git
synced 2026-06-21 14:31:07 +00:00
Oleksandr Bezdieniezhnykh
24c4561bef
Batch 3 of test implementation cycle 1 (existing-code Step 6). - AZ-581 AuthClaimsTests: NFT-SEC-01..06+04b (foreign-keypair, byte-flip, 30s skew, iss/aud/perms, multi-value permissions array). - AZ-582 CrossCutting/ErrorRedaction/JwksRotation/StartupConfig/CorsConfig: NFT-SEC-07..13 (alg pin, kid rotation grace window, env fail-fast, CORS Production gate). - AZ-583 CascadeF3/CascadeF4/MigratorRestart: NFT-RES-01..04. CascadeF4 pins current walk-order divergence with carry_forward AC-4.6. - AZ-584 ConfigDbStartup/JwksRotationNoRestart/DefaultVehicleRace: NFT-RES-05..08. NFT-RES-08 pins current behaviour (unique-index closes the race) with carry_forward AC-1.4. Mock contract: SignBody accepts permissions OR permissions_array (mutually exclusive). TokenSigner validates kid_override against published keys so NFT-SEC-11 can assert "mock refuses old kid post-grace". Helpers added: ForeignKeypair (test-only ECDSA P-256), MissionsContainerHelper (docker-run wrapper for startup-time scenarios), DockerLogs. 7 of 22 new tests are Skippable, gated on COMPOSE_RESTART_ENABLED + docker CLI in the e2e-consumer image (explicit skip reason; no silent pass). Build green: test csproj + jwks-mock csproj. Co-authored-by: Cursor <cursoragent@cursor.com>
53 lines
2.1 KiB
C#
53 lines
2.1 KiB
C#
using System.Diagnostics;
|
|
using System.Globalization;
|
|
|
|
namespace Azaion.Missions.E2E.Helpers;
|
|
|
|
/// <summary>
|
|
/// Scrapes <c>docker logs</c> from inside the e2e-consumer container, used
|
|
/// to assert "unhandled exception" and structured log lines emitted by the
|
|
/// SUT (NFT-SEC-08 stack-not-leaked, NFT-RES-01..04 cascade/migrator log
|
|
/// invariants, NFT-RES-06 Npgsql 3D000).
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Like the docker-compose fixtures, this helper requires docker CLI access
|
|
/// (and typically a docker socket bind). Tests that depend on it must
|
|
/// <see cref="Xunit.Skip.IfNot(bool, string)"/> when the CLI is not
|
|
/// available — silent passing is rejected.
|
|
/// </remarks>
|
|
public static class DockerLogs
|
|
{
|
|
public static bool Contains(string container, string needle, DateTime sinceUtc)
|
|
=> Read(container, sinceUtc).Contains(needle, StringComparison.Ordinal);
|
|
|
|
/// <summary>Returns the combined stdout+stderr log slice since <paramref name="sinceUtc"/>.</summary>
|
|
public static string Read(string container, DateTime? sinceUtc = null)
|
|
{
|
|
var args = sinceUtc is { } cutoff
|
|
? $"logs --since {cutoff.ToString("yyyy-MM-ddTHH:mm:ssZ", CultureInfo.InvariantCulture)} {container}"
|
|
: $"logs {container}";
|
|
var psi = new ProcessStartInfo("docker", args)
|
|
{
|
|
RedirectStandardOutput = true,
|
|
RedirectStandardError = true,
|
|
UseShellExecute = false
|
|
};
|
|
try
|
|
{
|
|
using var p = Process.Start(psi)
|
|
?? throw new InvalidOperationException("docker command not available");
|
|
var stdout = p.StandardOutput.ReadToEnd();
|
|
var stderr = p.StandardError.ReadToEnd();
|
|
p.WaitForExit();
|
|
return stdout + stderr;
|
|
}
|
|
catch (System.ComponentModel.Win32Exception)
|
|
{
|
|
// No docker CLI in PATH — surface, do not silently pass.
|
|
throw new InvalidOperationException(
|
|
$"docker CLI not available; cannot scrape logs for '{container}'. " +
|
|
"Mount /var/run/docker.sock and install docker-cli in the e2e-consumer image.");
|
|
}
|
|
}
|
|
}
|