Example 26 with AuditEventRecord
use of com.evolveum.midpoint.audit.api.AuditEventRecord in project midpoint by Evolveum.
the class TestActivation method test056RecomputeUserJackEffectiveEnable.
@Test
public void test056RecomputeUserJackEffectiveEnable() throws Exception {
// GIVEN
Task task = getTestTask();
OperationResult result = task.getResult();
XMLGregorianCalendar start = clock.currentTimeXMLGregorianCalendar();
assumeAssignmentPolicy(AssignmentPolicyEnforcementType.FULL);
PrismObject<UserType> userJackBefore = getUser(USER_JACK_OID);
display("User after change execution", userJackBefore);
assertUserJack(userJackBefore, "Jack Sparrow");
assertAdministrativeStatusEnabled(userJackBefore);
assertValidity(userJackBefore, null);
assertEffectiveStatus(userJackBefore, ActivationStatusType.ENABLED);
assertEnableTimestampFocus(userJackBefore, null, start);
// WHEN
modifyUserReplace(USER_JACK_OID, SchemaConstants.PATH_ACTIVATION_EFFECTIVE_STATUS, executeOptions().raw(), task, result, ActivationStatusType.DISABLED);
PrismObject<UserType> userJack = getUser(USER_JACK_OID);
display("User after change execution", userJack);
assertUserJack(userJack, "Jack Sparrow");
assertAdministrativeStatusEnabled(userJack);
assertValidity(userJack, null);
assertEffectiveStatus(userJack, ActivationStatusType.DISABLED);
// check explicitly, that the eventIdentifier is not shared between request and execution phase
AuditEventRecord requestRecord = dummyAuditService.getRequestRecord();
String eventId = requestRecord.getEventIdentifier();
List<AuditEventRecord> records = dummyAuditService.getExecutionRecords();
for (AuditEventRecord execRecord : records) {
if (eventId.equals(execRecord.getEventIdentifier())) {
AssertJUnit.fail("Event identifier must be unique");
}
}
recomputeUser(USER_JACK_OID, task, result);
// THEN
XMLGregorianCalendar end = clock.currentTimeXMLGregorianCalendar();
result.computeStatus();
TestUtil.assertSuccess(result);
PrismObject<UserType> userJackAfter = getUser(USER_JACK_OID);
display("User after change execution", userJackAfter);
assertUserJack(userJackAfter, "Jack Sparrow");
assertAdministrativeStatusEnabled(userJackAfter);
assertValidity(userJackAfter, null);
assertEffectiveStatus(userJackAfter, ActivationStatusType.ENABLED);
TestUtil.assertModifyTimestamp(userJackAfter, start, end);
}
Also used :
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
Task(com.evolveum.midpoint.task.api.Task)
TestValidityRecomputeTask(com.evolveum.midpoint.model.intest.sync.TestValidityRecomputeTask)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord)
Test(org.testng.annotations.Test)
Example 27 with AuditEventRecord
use of com.evolveum.midpoint.audit.api.AuditEventRecord in project midpoint by Evolveum.
the class TestImportRecon method assertImportAuditModifications.
private void assertImportAuditModifications(int expectedModifications) {
displayDumpable("Audit", dummyAuditService);
List<AuditEventRecord> auditRecords = dummyAuditService.getRecords();
int i = 0;
int modifications = 0;
for (; i < (auditRecords.size() - 1); i += 2) {
AuditEventRecord requestRecord = auditRecords.get(i);
assertNotNull("No request audit record (" + i + ")", requestRecord);
assertEquals("Got this instead of request audit record (" + i + "): " + requestRecord, AuditEventStage.REQUEST, requestRecord.getEventStage());
Collection<ObjectDeltaOperation<? extends ObjectType>> requestDeltas = requestRecord.getDeltas();
assertTrue("Unexpected delta in request audit record " + requestRecord, requestDeltas.isEmpty() || requestDeltas.size() == 1 && requestDeltas.iterator().next().getObjectDelta().isAdd());
AuditEventRecord executionRecord = auditRecords.get(i + 1);
assertNotNull("No execution audit record (" + i + ")", executionRecord);
assertEquals("Got this instead of execution audit record (" + i + "): " + executionRecord, AuditEventStage.EXECUTION, executionRecord.getEventStage());
assertThat(executionRecord.getDeltas()).withFailMessage("Empty deltas in execution audit record " + executionRecord).isNotEmpty();
modifications++;
// check next records
while (i < (auditRecords.size() - 2)) {
AuditEventRecord nextRecord = auditRecords.get(i + 2);
if (nextRecord.getEventStage() == AuditEventStage.EXECUTION) {
// more than one execution record is OK
i++;
} else {
break;
}
}
}
assertEquals("Unexpected number of audit modifications", expectedModifications, modifications);
}
Also used :
AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord)
Example 28 with AuditEventRecord
use of com.evolveum.midpoint.audit.api.AuditEventRecord in project midpoint by Evolveum.
the class TestImportRecon method assertReconAuditModifications.
private void assertReconAuditModifications(int expectedModifications, String taskOid) {
// Check audit
displayDumpable("Audit", dummyAuditService);
List<AuditEventRecord> auditRecords = dummyAuditService.getRecords();
// Record from some other task, skip it
auditRecords.removeIf(record -> record.getTaskOid() != null && !record.getTaskOid().equals(taskOid));
int i = 0;
while (i < (auditRecords.size() - 1)) {
AuditEventRecord reconStartRecord = auditRecords.get(i);
if (reconStartRecord.getEventType() == AuditEventType.EXECUTE_CHANGES_RAW) {
i++;
continue;
}
assertNotNull("No reconStartRecord audit record", reconStartRecord);
assertEquals("Wrong stage in reconStartRecord audit record: " + reconStartRecord, AuditEventStage.REQUEST, reconStartRecord.getEventStage());
assertEquals("Wrong type in reconStartRecord audit record: " + reconStartRecord, AuditEventType.RECONCILIATION, reconStartRecord.getEventType());
assertTrue("Unexpected delta in reconStartRecord audit record " + reconStartRecord, reconStartRecord.getDeltas().isEmpty());
i++;
break;
}
int modifications = 0;
while (i < (auditRecords.size() - 1)) {
AuditEventRecord record = auditRecords.get(i);
assertNotNull("No request audit record (" + i + ")", record);
i++;
if (record.getEventStage() == AuditEventStage.EXECUTION && record.getEventType() == AuditEventType.RECONCILIATION) {
// end of audit records;
break;
}
if (record.getEventStage() == AuditEventStage.REQUEST) {
record = auditRecords.get(i);
i++;
}
assertNotNull("No execution audit record (" + i + ")", record);
assertEquals("Got this instead of execution audit record (" + i + "): " + record, AuditEventStage.EXECUTION, record.getEventStage());
assertThat(record.getDeltas()).withFailMessage("Empty deltas in execution audit record " + record).isNotEmpty();
modifications++;
}
assertEquals("Unexpected number of audit modifications", expectedModifications, modifications);
AuditEventRecord reconStopRecord = auditRecords.get(i);
assertNotNull("No reconStopRecord audit record", reconStopRecord);
assertEquals("Wrong stage in reconStopRecord audit record: " + reconStopRecord, AuditEventStage.EXECUTION, reconStopRecord.getEventStage());
assertEquals("Wrong type in reconStopRecord audit record: " + reconStopRecord, AuditEventType.RECONCILIATION, reconStopRecord.getEventType());
assertTrue("Unexpected delta in reconStopRecord audit record " + reconStopRecord, reconStopRecord.getDeltas().isEmpty());
}
Also used :
AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord)
Example 29 with AuditEventRecord
use of com.evolveum.midpoint.audit.api.AuditEventRecord in project midpoint by Evolveum.
the class ClockworkAuditHelper method auditEvent.
// "overallResult" covers the whole clockwork run
// while "result" is - most of the time - related to the current clockwork click
//
// We provide "result" here just for completeness - if any of the called methods would like to record to it.
<F extends ObjectType> void auditEvent(LensContext<F> context, AuditEventStage stage, XMLGregorianCalendar timestamp, boolean alwaysAudit, Task task, OperationResult result, OperationResult overallResult) {
PrismObject<? extends ObjectType> primaryObject;
ObjectDelta<? extends ObjectType> primaryDelta;
if (context.getFocusContext() != null) {
if (context.getFocusContext().getObjectOld() != null) {
primaryObject = context.getFocusContext().getObjectOld();
} else {
primaryObject = context.getFocusContext().getObjectNew();
}
primaryDelta = context.getFocusContext().getSummaryDelta();
} else {
Collection<LensProjectionContext> projectionContexts = context.getProjectionContexts();
if (projectionContexts.isEmpty()) {
throw new IllegalStateException("No focus and no projections in " + context);
}
if (projectionContexts.size() > 1) {
throw new IllegalStateException("No focus and more than one projection in " + context);
}
LensProjectionContext projection = projectionContexts.iterator().next();
if (projection.getObjectOld() != null) {
primaryObject = projection.getObjectOld();
} else {
primaryObject = projection.getObjectNew();
}
// TODO couldn't we determine primary object from object ADD delta? See e.g. TestModelServiceContract.test120.
primaryDelta = projection.getCurrentDelta();
}
AuditEventType eventType = determineEventType(primaryDelta);
AuditEventRecord auditRecord = new AuditEventRecord(eventType, stage);
auditRecord.setRequestIdentifier(context.getRequestIdentifier());
boolean recordResourceOids;
List<SystemConfigurationAuditEventRecordingPropertyType> propertiesToRecord;
ExpressionType eventRecordingExpression = null;
SystemConfigurationType config = context.getSystemConfigurationBean();
if (config != null && config.getAudit() != null && config.getAudit().getEventRecording() != null) {
SystemConfigurationAuditEventRecordingType eventRecording = config.getAudit().getEventRecording();
recordResourceOids = Boolean.TRUE.equals(eventRecording.isRecordResourceOids());
propertiesToRecord = eventRecording.getProperty();
eventRecordingExpression = eventRecording.getExpression();
} else {
recordResourceOids = false;
propertiesToRecord = emptyList();
}
if (primaryObject != null) {
auditRecord.setTarget(primaryObject);
if (recordResourceOids) {
if (primaryObject.getRealValue() instanceof FocusType) {
FocusType focus = (FocusType) primaryObject.getRealValue();
for (ObjectReferenceType shadowRef : focus.getLinkRef()) {
LensProjectionContext projectionContext = context.findProjectionContextByOid(shadowRef.getOid());
if (projectionContext != null && StringUtils.isNotBlank(projectionContext.getResourceOid())) {
auditRecord.addResourceOid(projectionContext.getResourceOid());
}
}
} else if (primaryObject.getRealValue() instanceof ShadowType) {
ObjectReferenceType resource = ((ShadowType) primaryObject.getRealValue()).getResourceRef();
if (resource != null && resource.getOid() != null) {
auditRecord.addResourceOid(resource.getOid());
}
}
}
}
auditRecord.setChannel(context.getChannel());
// This is a brutal hack -- FIXME: create some "compute in-depth preview" method on operation result
OperationResult clone = overallResult.clone(2, false);
for (OperationResult subresult : clone.getSubresults()) {
subresult.computeStatusIfUnknown();
}
clone.computeStatus();
if (stage == AuditEventStage.REQUEST) {
Collection<ObjectDeltaOperation<? extends ObjectType>> clonedDeltas = ObjectDeltaOperation.cloneDeltaCollection(context.getPrimaryChanges());
checkNamesArePresent(clonedDeltas, primaryObject);
auditRecord.addDeltas(clonedDeltas);
if (auditRecord.getTargetRef() == null) {
auditRecord.setTargetRef(ModelImplUtils.determineAuditTargetDeltaOps(clonedDeltas));
}
} else if (stage == AuditEventStage.EXECUTION) {
auditRecord.setOutcome(clone.getStatus());
Collection<ObjectDeltaOperation<? extends ObjectType>> unauditedExecutedDeltas = context.getUnauditedExecutedDeltas();
if (!alwaysAudit && unauditedExecutedDeltas.isEmpty()) {
// No deltas, nothing to audit in this wave
return;
}
Collection<ObjectDeltaOperation<? extends ObjectType>> clonedDeltas = ObjectDeltaOperation.cloneCollection(unauditedExecutedDeltas);
checkNamesArePresent(clonedDeltas, primaryObject);
auditRecord.addDeltas(clonedDeltas);
} else {
throw new IllegalStateException("Unknown audit stage " + stage);
}
if (timestamp != null) {
auditRecord.setTimestamp(XmlTypeConverter.toMillis(timestamp));
}
addRecordMessage(auditRecord, clone.getMessage());
for (SystemConfigurationAuditEventRecordingPropertyType property : propertiesToRecord) {
evaluateAuditRecordProperty(property, auditRecord, primaryObject, context, task, result);
}
if (eventRecordingExpression != null) {
// MID-6839
auditRecord = auditHelper.evaluateRecordingExpression(eventRecordingExpression, auditRecord, primaryObject, context, task, result);
}
if (auditRecord != null) {
auditHelper.audit(auditRecord, context.getNameResolver(), task, result);
}
if (stage == AuditEventStage.EXECUTION) {
// We need to clean up so these deltas will not be audited again in next wave
context.markExecutedDeltasAudited();
context.setExecutionAudited(true);
} else {
assert stage == AuditEventStage.REQUEST;
context.setRequestAudited(true);
}
}
Also used :
AuditEventType(com.evolveum.midpoint.audit.api.AuditEventType)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
ObjectDeltaOperation(com.evolveum.midpoint.schema.ObjectDeltaOperation)
Collection(java.util.Collection)
AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord)
Example 30 with AuditEventRecord
use of com.evolveum.midpoint.audit.api.AuditEventRecord in project midpoint by Evolveum.
the class SecurityHelper method auditLogin.
private void auditLogin(@Nullable String username, @Nullable FocusType focus, @NotNull ConnectionEnvironment connEnv, @NotNull OperationResultStatus status, @Nullable String message) {
String channel = connEnv.getChannel();
if (!SecurityUtil.isAuditedLoginAndLogout(getSystemConfig(), channel)) {
return;
}
Task task = taskManager.createTaskInstance();
task.setChannel(channel);
LOGGER.debug("Login {} username={}, channel={}: {}", status == OperationResultStatus.SUCCESS ? "success" : "failure", username, connEnv.getChannel(), message);
AuditEventRecord record = new AuditEventRecord(AuditEventType.CREATE_SESSION, AuditEventStage.REQUEST);
record.setParameter(username);
if (focus != null) {
record.setInitiator(focus.asPrismObject());
}
record.setTimestamp(System.currentTimeMillis());
record.setOutcome(status);
record.setMessage(message);
storeConnectionEnvironment(record, connEnv);
auditHelper.audit(record, null, task, new OperationResult(SecurityHelper.class.getName() + ".auditLogin"));
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord)
Aggregations
AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)83
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)28
Task (com.evolveum.midpoint.task.api.Task)18
Test (org.testng.annotations.Test)18
ObjectDeltaOperation (com.evolveum.midpoint.schema.ObjectDeltaOperation)11
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)9
ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)8
PrismObject (com.evolveum.midpoint.prism.PrismObject)7
ObjectType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)6
ArrayList (java.util.ArrayList)6
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)5
NullTaskImpl (com.evolveum.midpoint.task.api.test.NullTaskImpl)5
PolyString (com.evolveum.midpoint.prism.polystring.PolyString)4
MAuditEventRecord (com.evolveum.midpoint.repo.sql.audit.beans.MAuditEventRecord)4
AuditResultHandler (com.evolveum.midpoint.audit.api.AuditResultHandler)3
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)3
Message (com.evolveum.midpoint.notifications.api.transports.Message)3
QAuditEventRecord (com.evolveum.midpoint.repo.sql.audit.querymodel.QAuditEventRecord)3
ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)3
AuditEventRecordType (com.evolveum.midpoint.xml.ns._public.common.audit_3.AuditEventRecordType)3
