mirror of
https://github.com/azaion/missions.git
synced 2026-06-21 17:31:08 +00:00
Oleksandr Bezdieniezhnykh
24c4561bef
Batch 3 of test implementation cycle 1 (existing-code Step 6). - AZ-581 AuthClaimsTests: NFT-SEC-01..06+04b (foreign-keypair, byte-flip, 30s skew, iss/aud/perms, multi-value permissions array). - AZ-582 CrossCutting/ErrorRedaction/JwksRotation/StartupConfig/CorsConfig: NFT-SEC-07..13 (alg pin, kid rotation grace window, env fail-fast, CORS Production gate). - AZ-583 CascadeF3/CascadeF4/MigratorRestart: NFT-RES-01..04. CascadeF4 pins current walk-order divergence with carry_forward AC-4.6. - AZ-584 ConfigDbStartup/JwksRotationNoRestart/DefaultVehicleRace: NFT-RES-05..08. NFT-RES-08 pins current behaviour (unique-index closes the race) with carry_forward AC-1.4. Mock contract: SignBody accepts permissions OR permissions_array (mutually exclusive). TokenSigner validates kid_override against published keys so NFT-SEC-11 can assert "mock refuses old kid post-grace". Helpers added: ForeignKeypair (test-only ECDSA P-256), MissionsContainerHelper (docker-run wrapper for startup-time scenarios), DockerLogs. 7 of 22 new tests are Skippable, gated on COMPOSE_RESTART_ENABLED + docker CLI in the e2e-consumer image (explicit skip reason; no silent pass). Build green: test csproj + jwks-mock csproj. Co-authored-by: Cursor <cursoragent@cursor.com>
113 lines
4.6 KiB
C#
113 lines
4.6 KiB
C#
using System.Net;
|
|
using System.Net.Http.Headers;
|
|
using Azaion.Missions.E2E.Fixtures;
|
|
using Azaion.Missions.E2E.Helpers;
|
|
using Npgsql;
|
|
using Xunit;
|
|
|
|
namespace Azaion.Missions.E2E.Tests.Resilience;
|
|
|
|
/// <summary>
|
|
/// NFT-RES-01 — mission cascade is NOT transaction-wrapped. Dropping the
|
|
/// borrowed-schema <c>media</c> table mid-walk leaves <c>map_objects</c>
|
|
/// committed-deleted while <c>missions</c> stays uncommitted. The test pins
|
|
/// the current behaviour (ADR-006 carry-forward) so a future transaction
|
|
/// wrap flips the assertion loudly.
|
|
/// Traces: AC-3.3, AC-10.2.
|
|
/// </summary>
|
|
[Collection("ResCascadeF3")]
|
|
[Trait("Category", "Res")]
|
|
[Trait("db_access", "seed-or-assert-only")]
|
|
public sealed class CascadeF3Tests : TestBase, IClassFixture<ComposeRestartFixture>
|
|
{
|
|
private readonly ComposeRestartFixture _restart;
|
|
|
|
public CascadeF3Tests(ComposeRestartFixture restart) => _restart = restart;
|
|
|
|
[SkippableFact]
|
|
[Trait("Traces", "AC-3.3,AC-10.2")]
|
|
[Trait("max_ms", "10000")]
|
|
[Trait("carry_forward", "ADR-006")]
|
|
public async Task NFT_RES_01_mission_cascade_partial_state_survives_mid_walk_failure()
|
|
{
|
|
Skip.IfNot(_restart.Enabled,
|
|
"ComposeRestartFixture disabled (COMPOSE_RESTART_ENABLED!=1). " +
|
|
"NFT-RES-01 drops the media table and needs the full stack restart " +
|
|
"in teardown.");
|
|
|
|
// CARRY-FORWARD: cascade is not transaction-wrapped today. When the
|
|
// ADR-006 follow-up wraps the cascade in a transaction, both row
|
|
// counts will flip (map_objects rolls back to its pre-state); the
|
|
// test fails loudly at that point — which is the intended signal.
|
|
|
|
// Arrange — F3 fixture loaded by the IClassFixture<CascadeF3Fixture>
|
|
// pattern; we apply directly here so the fixture is owned by this
|
|
// class (its restart teardown is destructive).
|
|
DbResetFixture.ResetDatabase(TestEnvironment.DbSideChannel);
|
|
StubSchema.EnsureCreated();
|
|
Seeds.Apply(FixtureSql.Load("fixture_cascade_F3"));
|
|
var mid = CascadeF3Fixture.MissionId;
|
|
|
|
var preMapObjects = DbAssertions.ScalarCount(
|
|
"SELECT COUNT(*) FROM map_objects WHERE mission_id = @mid", ("mid", mid));
|
|
Assert.Equal(3, preMapObjects);
|
|
var preMission = DbAssertions.ScalarCount(
|
|
"SELECT COUNT(*) FROM missions WHERE id = @mid", ("mid", mid));
|
|
Assert.Equal(1, preMission);
|
|
|
|
DropMediaTable();
|
|
var requestStart = DateTime.UtcNow;
|
|
var token = await Tokens.MintDefaultAsync();
|
|
|
|
try
|
|
{
|
|
// Act
|
|
using var req = new HttpRequestMessage(HttpMethod.Delete, $"/missions/{mid}");
|
|
req.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.Jwt);
|
|
using var response = await Missions.SendAsync(req);
|
|
|
|
// Assert
|
|
await HttpAssertions.AssertProblemEnvelopeAsync(response, HttpStatusCode.InternalServerError);
|
|
|
|
var postMapObjects = DbAssertions.ScalarCount(
|
|
"SELECT COUNT(*) FROM map_objects WHERE mission_id = @mid", ("mid", mid));
|
|
Assert.Equal(0, postMapObjects); // committed before media-DROP exploded
|
|
|
|
var postMission = DbAssertions.ScalarCount(
|
|
"SELECT COUNT(*) FROM missions WHERE id = @mid", ("mid", mid));
|
|
Assert.Equal(1, postMission); // uncommitted — never deleted
|
|
|
|
// The unhandled exception must mention the missing media table.
|
|
var deadline = DateTime.UtcNow.AddSeconds(2);
|
|
var sawLog = false;
|
|
while (DateTime.UtcNow < deadline)
|
|
{
|
|
var logs = DockerLogs.Read("missions-sut", requestStart);
|
|
if (logs.Contains("Unhandled exception", StringComparison.Ordinal)
|
|
&& (logs.Contains("relation", StringComparison.OrdinalIgnoreCase)
|
|
&& logs.Contains("media", StringComparison.OrdinalIgnoreCase)))
|
|
{
|
|
sawLog = true;
|
|
break;
|
|
}
|
|
await Task.Delay(100);
|
|
}
|
|
Assert.True(sawLog,
|
|
"expected 'Unhandled exception' mentioning 'relation' + 'media' in logs within 2s");
|
|
}
|
|
finally
|
|
{
|
|
_restart.RestartStack();
|
|
}
|
|
}
|
|
|
|
private static void DropMediaTable()
|
|
{
|
|
using var conn = new NpgsqlConnection(TestEnvironment.DbSideChannel);
|
|
conn.Open();
|
|
using var cmd = conn.CreateCommand();
|
|
cmd.CommandText = "DROP TABLE IF EXISTS media CASCADE;";
|
|
cmd.ExecuteNonQuery();
|
|
}
|
|
}
|