using System.Text.Json; using Tau.Acuvim.Portal.DTOs; namespace Tau.Acuvim.Portal.Tests; // Locks down the invariant that the App-config payload never carries the // fleet-ingest token. Token is reduced to a boolean in the DTO, so even if a // future change accidentally tries to copy the value it would fail to compile. public class ConfigOverviewRedactionTests { [Fact] public void FleetIngestInfoDto_HasNoTokenProperty() { var properties = typeof(FleetIngestInfoDto).GetProperties().Select(p => p.Name).ToArray(); Assert.DoesNotContain(properties, p => p.Equals("Token", StringComparison.OrdinalIgnoreCase)); Assert.Contains("TokenConfigured", properties); } [Fact] public void Serialised_FleetIngestInfoDto_DoesNotMentionTokenValue() { var supposedSecret = "this-should-never-be-in-the-payload"; var dto = new FleetIngestInfoDto( Enabled: true, Url: "https://admin.example.com/api/fleet/ingest", IntervalSeconds: 60, BatchSize: 5000, BatchMaxBytes: 1_048_576, TokenConfigured: !string.IsNullOrWhiteSpace(supposedSecret)); var json = JsonSerializer.Serialize(dto); Assert.DoesNotContain(supposedSecret, json); Assert.Contains("tokenConfigured", json, StringComparison.OrdinalIgnoreCase); } [Fact] public void ConfigOverviewDto_FleetIngestNullable_ForAdminMode() { // Admin mode never has fleet push state — both FleetIngest and FleetPushState // are nullable on the DTO so they serialise as absent rather than empty. var dto = new ConfigOverviewDto( RunMode: "Admin", Application: new("X", "Production", "https://x"), Database: new("PostgreSQL", "h", 5432, "d", true, false, "src"), Grafana: new("u", "u", "/g", "iframe", "", "anonymous-local-only", 0), Monitoring: new("7 days", false), Authentication: new("c", false, "a@b.c"), Build: new("1", "10.0.0", DateTime.UtcNow), FleetIngest: null, FleetPushState: null); Assert.Null(dto.FleetIngest); Assert.Null(dto.FleetPushState); } }