Example 51 with AuditEventRecord
use of com.evolveum.midpoint.audit.api.AuditEventRecord in project midpoint by Evolveum.
the class SecurityHelper method auditLogout.
public void auditLogout(ConnectionEnvironment connEnv, Task task) {
AuditEventRecord record = new AuditEventRecord(AuditEventType.TERMINATE_SESSION, AuditEventStage.REQUEST);
record.setInitiatorAndLoginParameter(task.getOwner());
record.setTimestamp(System.currentTimeMillis());
record.setOutcome(OperationResultStatus.SUCCESS);
storeConnectionEnvironment(record, connEnv);
auditService.audit(record, task);
}
Also used :
AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord)
Example 52 with AuditEventRecord
use of com.evolveum.midpoint.audit.api.AuditEventRecord in project midpoint by Evolveum.
the class TestAudit method test310ConcurrentAuditsRaw.
/**
* Pure audit attempts (TODO move to some other test class in lower levels)
*/
@Test
public void test310ConcurrentAuditsRaw() throws Exception {
final String TEST_NAME = "test310ConcurrentAuditsRaw";
final int NUM_THREADS = 2;
final int ITERATIONS = 300;
final long TIMEOUT = 600000;
if (isH2()) {
display("Skipping " + TEST_NAME + " because of H2 database");
return;
}
// signal to kill other threads after a failure
final AtomicBoolean failed = new AtomicBoolean(false);
// creating threads + starting them
List<Thread> threads = new ArrayList<>(NUM_THREADS);
List<Throwable> results = new ArrayList<>(NUM_THREADS);
for (int i = 0; i < NUM_THREADS; i++) {
final int index = i;
Thread thread = new Thread(() -> {
try {
login(userAdministrator);
Task threadTask = taskManager.createTaskInstance(TestAudit.class.getName() + "." + TEST_NAME);
OperationResult threadResult = threadTask.getResult();
for (int iteration = 0; iteration < ITERATIONS; iteration++) {
display("Executing iteration " + iteration + " in worker " + index);
AuditEventRecord record = new AuditEventRecord(AuditEventType.MODIFY_OBJECT, AuditEventStage.EXECUTION);
record.setEventIdentifier(String.valueOf(iteration + ":" + System.currentTimeMillis()) + "-" + (int) (Math.random() * 1000000));
ObjectDelta<?> delta = DeltaBuilder.deltaFor(UserType.class, prismContext).item(UserType.F_FULL_NAME).replace(PolyString.fromOrig("Hi" + iteration)).item(UserType.F_METADATA, MetadataType.F_MODIFY_TIMESTAMP).replace(XmlTypeConverter.createXMLGregorianCalendar(new Date())).asObjectDelta("oid" + index);
record.getDeltas().add(new ObjectDeltaOperation(delta));
modelAuditService.audit(record, threadTask, threadResult);
if (failed.get()) {
results.set(index, new IllegalStateException("Some other thread failed"));
return;
}
}
results.set(index, null);
} catch (Throwable t) {
System.err.println("Thread " + index + " got an exception " + t);
LoggingUtils.logUnexpectedException(LOGGER, "Thread {} got an exception", t, index);
results.set(index, t);
failed.set(true);
}
});
thread.setName("Worker " + i);
threads.add(thread);
// cleared on successful finish
results.add(new IllegalStateException("Thread not finished"));
}
threads.forEach(Thread::start);
// waiting for threads
long deadline = System.currentTimeMillis() + TIMEOUT;
for (int i = 0; i < NUM_THREADS; i++) {
long waitTime = deadline - System.currentTimeMillis();
if (waitTime > 0) {
threads.get(i).join(waitTime);
}
}
// checking results
int fails = 0;
for (int i = 0; i < NUM_THREADS; i++) {
if (results.get(i) != null) {
fails++;
display("Thread " + i + " produced an exception: " + results.get(i));
}
}
if (fails > 0) {
fail(fails + " thread(s) failed: " + results.stream().filter(Objects::nonNull).collect(Collectors.toList()));
}
// TODO check audit correctness
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
ObjectDeltaOperation(com.evolveum.midpoint.schema.ObjectDeltaOperation)
AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord)
Test(org.testng.annotations.Test)
Example 53 with AuditEventRecord
use of com.evolveum.midpoint.audit.api.AuditEventRecord in project midpoint by Evolveum.
the class TestRecomputeTask method test100RecomputeAll.
@Test
public void test100RecomputeAll() throws Exception {
final String TEST_NAME = "test100RecomputeAll";
TestUtil.displayTestTile(this, TEST_NAME);
// GIVEN
Task task = createTask(TEST_NAME);
OperationResult result = task.getResult();
// Preconditions
assertUsers(5);
assertNoDummyAccount(RESOURCE_DUMMY_RED_NAME, ACCOUNT_GUYBRUSH_DUMMY_USERNAME);
assertNoDummyAccount(RESOURCE_DUMMY_RED_NAME, ACCOUNT_JACK_DUMMY_USERNAME);
// Do some ordinary operations
assignRole(USER_GUYBRUSH_OID, ROLE_PIRATE_OID, task, result);
assignRole(USER_JACK_OID, ROLE_JUDGE_OID, task, result);
addObject(USER_HERMAN_FILE);
assignRole(USER_HERMAN_OID, ROLE_JUDGE_OID, task, result);
result.computeStatus();
TestUtil.assertSuccess(result);
// Now do something evil
// change definition of role "pirate". midPoint will not recompute automatically
// the recompute task should do it
// One simple change
modifyRoleAddConstruction(ROLE_JUDGE_OID, 1111L, RESOURCE_DUMMY_RED_OID);
// More complicated change
PrismObject<RoleType> rolePirate = modelService.getObject(RoleType.class, ROLE_PIRATE_OID, null, task, result);
ItemPath attrItemPath = new ItemPath(new NameItemPathSegment(RoleType.F_INDUCEMENT), new IdItemPathSegment(1111L), new NameItemPathSegment(AssignmentType.F_CONSTRUCTION), new IdItemPathSegment(60004L), new NameItemPathSegment(ConstructionType.F_ATTRIBUTE));
PrismProperty<ResourceAttributeDefinitionType> attributeProperty = rolePirate.findProperty(attrItemPath);
assertNotNull("No attribute property in " + rolePirate);
PrismPropertyValue<ResourceAttributeDefinitionType> oldAttrPVal = null;
for (PrismPropertyValue<ResourceAttributeDefinitionType> pval : attributeProperty.getValues()) {
ResourceAttributeDefinitionType attrType = pval.getValue();
if (ItemPathUtil.getOnlySegmentQName(attrType.getRef()).getLocalPart().equals(DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_WEAPON_NAME)) {
oldAttrPVal = pval;
}
}
assertNotNull("Definition for weapon attribute not found in " + rolePirate);
PrismPropertyValue<ResourceAttributeDefinitionType> newAttrPVal = oldAttrPVal.clone();
JAXBElement<?> cutlassExpressionEvalJaxbElement = newAttrPVal.getValue().getOutbound().getExpression().getExpressionEvaluator().get(0);
RawType cutlassValueEvaluator = (RawType) cutlassExpressionEvalJaxbElement.getValue();
RawType daggerValueEvaluator = new RawType(new PrimitiveXNode<String>("dagger"), prismContext);
JAXBElement<?> daggerExpressionEvalJaxbElement = new JAXBElement<Object>(SchemaConstants.C_VALUE, Object.class, daggerValueEvaluator);
newAttrPVal.getValue().getOutbound().getExpression().getExpressionEvaluator().add(daggerExpressionEvalJaxbElement);
newAttrPVal.getValue().getOutbound().setStrength(MappingStrengthType.STRONG);
ObjectDelta<RoleType> rolePirateDelta = ObjectDelta.createModificationDeleteProperty(RoleType.class, ROLE_PIRATE_OID, attrItemPath, prismContext, oldAttrPVal.getValue());
IntegrationTestTools.displayJaxb("AAAAAAAAAAA", newAttrPVal.getValue(), ConstructionType.F_ATTRIBUTE);
display("BBBBBB", newAttrPVal.getValue().toString());
rolePirateDelta.addModificationAddProperty(attrItemPath, newAttrPVal.getValue());
display("Role pirate delta", rolePirateDelta);
modelService.executeChanges(MiscSchemaUtil.createCollection(rolePirateDelta), null, task, result);
displayRoles(task, result);
assertDummyAccount(null, ACCOUNT_GUYBRUSH_DUMMY_USERNAME, "Guybrush Threepwood", true);
assertNoDummyAccount(RESOURCE_DUMMY_RED_NAME, ACCOUNT_GUYBRUSH_DUMMY_USERNAME);
PrismObject<UserType> userJack = getUser(USER_JACK_OID);
display("User jack (before)", userJack);
assertDummyAccount(null, ACCOUNT_JACK_DUMMY_USERNAME, "Jack Sparrow", true);
assertNoDummyAccount(RESOURCE_DUMMY_RED_NAME, ACCOUNT_JACK_DUMMY_USERNAME);
result.computeStatus();
TestUtil.assertSuccess(result);
// WHEN
TestUtil.displayWhen(TEST_NAME);
addObject(TASK_USER_RECOMPUTE_FILE);
dummyAuditService.clear();
waitForTaskStart(TASK_USER_RECOMPUTE_OID, false);
// WHEN
TestUtil.displayWhen(TEST_NAME);
waitForTaskFinish(TASK_USER_RECOMPUTE_OID, true, 40000);
// THEN
TestUtil.displayThen(TEST_NAME);
List<PrismObject<UserType>> users = modelService.searchObjects(UserType.class, null, null, task, result);
display("Users after recompute", users);
assertDummyAccount(null, ACCOUNT_GUYBRUSH_DUMMY_USERNAME, "Guybrush Threepwood", true);
assertDummyAccountAttribute(null, ACCOUNT_GUYBRUSH_DUMMY_USERNAME, DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_WEAPON_NAME, "cutlass", "dagger");
assertNoDummyAccount(RESOURCE_DUMMY_RED_NAME, ACCOUNT_GUYBRUSH_DUMMY_USERNAME);
userJack = getUser(USER_JACK_OID);
display("User jack (after)", userJack);
assertNoDummyAccount(null, ACCOUNT_JACK_DUMMY_USERNAME);
assertDummyAccount(RESOURCE_DUMMY_RED_NAME, ACCOUNT_JACK_DUMMY_USERNAME, "Jack Sparrow", true);
assertUsers(6);
// Check audit
display("Audit", dummyAuditService);
List<AuditEventRecord> auditRecords = dummyAuditService.getRecords();
int i = 0;
int modifications = 0;
for (; i < (auditRecords.size() - 1); i += 2) {
AuditEventRecord requestRecord = auditRecords.get(i);
assertNotNull("No request audit record (" + i + ")", requestRecord);
assertEquals("Got this instead of request audit record (" + i + "): " + requestRecord, AuditEventStage.REQUEST, requestRecord.getEventStage());
assertTrue("Unexpected delta in request audit record " + requestRecord, requestRecord.getDeltas() == null || requestRecord.getDeltas().isEmpty());
AuditEventRecord executionRecord = auditRecords.get(i + 1);
assertNotNull("No execution audit record (" + i + ")", executionRecord);
assertEquals("Got this instead of execution audit record (" + i + "): " + executionRecord, AuditEventStage.EXECUTION, executionRecord.getEventStage());
assertTrue("Empty deltas in execution audit record " + executionRecord, executionRecord.getDeltas() != null && !executionRecord.getDeltas().isEmpty());
modifications++;
// check next records
while (i < (auditRecords.size() - 2)) {
AuditEventRecord nextRecord = auditRecords.get(i + 2);
if (nextRecord.getEventStage() == AuditEventStage.EXECUTION) {
// more than one execution record is OK
i++;
} else {
break;
}
}
}
assertEquals("Unexpected number of audit modifications", 6, modifications);
deleteObject(TaskType.class, TASK_USER_RECOMPUTE_OID, task, result);
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
RoleType(com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType)
ResourceAttributeDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceAttributeDefinitionType)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
NameItemPathSegment(com.evolveum.midpoint.prism.path.NameItemPathSegment)
JAXBElement(javax.xml.bind.JAXBElement)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
IdItemPathSegment(com.evolveum.midpoint.prism.path.IdItemPathSegment)
RawType(com.evolveum.prism.xml.ns._public.types_3.RawType)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Test(org.testng.annotations.Test)
AbstractInitializedModelIntegrationTest(com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)
Example 54 with AuditEventRecord
use of com.evolveum.midpoint.audit.api.AuditEventRecord in project midpoint by Evolveum.
the class TestUuid method assertReconAuditModifications.
private void assertReconAuditModifications(int expectedModifications, String taskOid) {
// Check audit
display("Audit", dummyAuditService);
List<AuditEventRecord> auditRecords = dummyAuditService.getRecords();
Iterator<AuditEventRecord> iterator = auditRecords.iterator();
while (iterator.hasNext()) {
AuditEventRecord record = iterator.next();
if (record.getTaskOID() != null && !record.getTaskOID().equals(taskOid)) {
// Record from some other task, skip it
iterator.remove();
}
}
int i = 0;
while (i < (auditRecords.size() - 1)) {
AuditEventRecord reconStartRecord = auditRecords.get(i);
if (reconStartRecord.getEventType() == AuditEventType.EXECUTE_CHANGES_RAW) {
i++;
continue;
}
assertNotNull("No reconStartRecord audit record", reconStartRecord);
assertEquals("Wrong stage in reconStartRecord audit record: " + reconStartRecord, AuditEventStage.REQUEST, reconStartRecord.getEventStage());
assertEquals("Wrong type in reconStartRecord audit record: " + reconStartRecord, AuditEventType.RECONCILIATION, reconStartRecord.getEventType());
assertTrue("Unexpected delta in reconStartRecord audit record " + reconStartRecord, reconStartRecord.getDeltas() == null || reconStartRecord.getDeltas().isEmpty());
i++;
break;
}
int modifications = 0;
for (; i < (auditRecords.size() - 1); i += 2) {
AuditEventRecord requestRecord = auditRecords.get(i);
assertNotNull("No request audit record (" + i + ")", requestRecord);
if (requestRecord.getEventStage() == AuditEventStage.EXECUTION && requestRecord.getEventType() == AuditEventType.RECONCILIATION) {
// end of audit records;
break;
}
assertEquals("Got this instead of request audit record (" + i + "): " + requestRecord, AuditEventStage.REQUEST, requestRecord.getEventStage());
// Request audit may or may not have a delta. Usual records will not have a delta. But e.g. disableAccount reactions will have.
AuditEventRecord executionRecord = auditRecords.get(i + 1);
assertNotNull("No execution audit record (" + i + ")", executionRecord);
assertEquals("Got this instead of execution audit record (" + i + "): " + executionRecord, AuditEventStage.EXECUTION, executionRecord.getEventStage());
assertTrue("Empty deltas in execution audit record " + executionRecord, executionRecord.getDeltas() != null && !executionRecord.getDeltas().isEmpty());
modifications++;
while (i + 2 < auditRecords.size()) {
AuditEventRecord nextRecord = auditRecords.get(i + 2);
if (nextRecord.getEventStage() == AuditEventStage.EXECUTION && nextRecord.getEventType() == requestRecord.getEventType()) {
// this is an additional EXECUTION record due to changes in clockwork
i++;
} else {
break;
}
}
}
assertEquals("Unexpected number of audit modifications", expectedModifications, modifications);
AuditEventRecord reconStopRecord = auditRecords.get(i);
assertNotNull("No reconStopRecord audit record", reconStopRecord);
assertEquals("Wrong stage in reconStopRecord audit record: " + reconStopRecord, AuditEventStage.EXECUTION, reconStopRecord.getEventStage());
assertEquals("Wrong type in reconStopRecord audit record: " + reconStopRecord, AuditEventType.RECONCILIATION, reconStopRecord.getEventType());
assertTrue("Unexpected delta in reconStopRecord audit record " + reconStopRecord, reconStopRecord.getDeltas() == null || reconStopRecord.getDeltas().isEmpty());
}
Also used :
AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord)
Example 55 with AuditEventRecord
use of com.evolveum.midpoint.audit.api.AuditEventRecord in project midpoint by Evolveum.
the class BaseAuditHelper method prepareWorkItemDeletedAuditRecord.
// workItem contains taskRef, assignee, candidates resolved (if possible)
public AuditEventRecord prepareWorkItemDeletedAuditRecord(WorkItemType workItem, WorkItemEventCauseInformationType cause, WfTask wfTask, OperationResult result) throws WorkflowException {
AuditEventRecord record = prepareWorkItemAuditReportCommon(workItem, wfTask, AuditEventStage.EXECUTION, result);
setCurrentUserAsInitiator(record);
if (cause != null) {
if (cause.getType() != null) {
record.addPropertyValue(WorkflowConstants.AUDIT_CAUSE_TYPE, cause.getType().value());
}
if (cause.getName() != null) {
record.addPropertyValue(WorkflowConstants.AUDIT_CAUSE_NAME, cause.getName());
}
if (cause.getDisplayName() != null) {
record.addPropertyValue(WorkflowConstants.AUDIT_CAUSE_DISPLAY_NAME, cause.getDisplayName());
}
}
// message + result
StringBuilder message = new StringBuilder();
String stageInfo = wfTask.getCompleteStageInfo();
if (stageInfo != null) {
message.append(stageInfo).append(" : ");
}
AbstractWorkItemOutputType output = workItem.getOutput();
if (output != null) {
String answer = ApprovalUtils.makeNiceFromUri(output.getOutcome());
record.setResult(answer);
message.append(answer);
if (output.getComment() != null) {
message.append(" : ").append(output.getComment());
record.addPropertyValue(WorkflowConstants.AUDIT_COMMENT, output.getComment());
}
} else {
// TODO
message.append("(no decision)");
}
record.setMessage(message.toString());
return record;
}
Also used :
AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord)
Aggregations
AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)56
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)12
Task (com.evolveum.midpoint.task.api.Task)11
Test (org.testng.annotations.Test)11
ObjectDeltaOperation (com.evolveum.midpoint.schema.ObjectDeltaOperation)10
ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)6
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)6
ObjectType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)6
PrismObject (com.evolveum.midpoint.prism.PrismObject)5
PolyString (com.evolveum.midpoint.prism.polystring.PolyString)5
RAuditEventRecord (com.evolveum.midpoint.repo.sql.data.audit.RAuditEventRecord)4
ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)4
ArrayList (java.util.ArrayList)4
Message (com.evolveum.midpoint.notifications.api.transports.Message)3
DtoTranslationException (com.evolveum.midpoint.repo.sql.util.DtoTranslationException)3
SimpleTaskAdapter (com.evolveum.midpoint.repo.sql.util.SimpleTaskAdapter)3
AuditResultHandler (com.evolveum.midpoint.audit.api.AuditResultHandler)2
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)2
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)2
ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)2
