use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class SetHandlerTest method handleSetRequest_whenNonPasswordSetRequest_passesCorrectParametersWithNullGeneration.
@Test
public void handleSetRequest_whenNonPasswordSetRequest_passesCorrectParametersWithNullGeneration() {
UserSetRequest setRequest = new UserSetRequest();
final UserCredentialValue userCredentialValue = new UserCredentialValue("Picard", "Enterprise", "salt");
final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
setRequest.setType("user");
setRequest.setName("/captain");
setRequest.setAdditionalPermissions(accessControlEntries);
setRequest.setOverwrite(false);
setRequest.setUserValue(userCredentialValue);
subject.handle(setRequest, eventAuditRecordParameters);
verify(credentialService).save(null, userCredentialValue, setRequest, eventAuditRecordParameters);
verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class SetHandlerTest method handleSetRequest_withACertificateSetRequest_andACaName_providesCaCertificate.
@Test
public void handleSetRequest_withACertificateSetRequest_andACaName_providesCaCertificate() {
CertificateCredentialValue cerificateAuthority = new CertificateCredentialValue(null, TestConstants.TEST_CA, null, null);
when(certificateAuthorityService.findActiveVersion("/test-ca-name")).thenReturn(cerificateAuthority);
CertificateSetRequest setRequest = new CertificateSetRequest();
final CertificateCredentialValue credentialValue = new CertificateCredentialValue(null, TestConstants.TEST_CERTIFICATE, "Enterprise", "test-ca-name");
final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
setRequest.setType("certificate");
setRequest.setName("/captain");
setRequest.setAdditionalPermissions(accessControlEntries);
setRequest.setOverwrite(false);
setRequest.setCertificateValue(credentialValue);
CertificateCredentialValue expectedCredentialValue = new CertificateCredentialValue(TestConstants.TEST_CA, TestConstants.TEST_CERTIFICATE, "Enterprise", "/test-ca-name");
ArgumentCaptor<CredentialValue> credentialValueArgumentCaptor = ArgumentCaptor.forClass(CredentialValue.class);
subject.handle(setRequest, eventAuditRecordParameters);
verify(credentialService).save(eq(null), credentialValueArgumentCaptor.capture(), eq(setRequest), eq(eventAuditRecordParameters));
assertThat(credentialValueArgumentCaptor.getValue(), samePropertyValuesAs(expectedCredentialValue));
verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class SetHandlerTest method handleSetRequest_whenPasswordSetRequest_passesCorrectParametersIncludingGeneration.
@Test
public void handleSetRequest_whenPasswordSetRequest_passesCorrectParametersIncludingGeneration() {
StringCredentialValue password = new StringCredentialValue("federation");
PasswordSetRequest setRequest = new PasswordSetRequest();
final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
setRequest.setType("password");
setRequest.setGenerationParameters(generationParameters);
setRequest.setPassword(password);
setRequest.setName("/captain");
setRequest.setAdditionalPermissions(accessControlEntries);
setRequest.setOverwrite(false);
subject.handle(setRequest, eventAuditRecordParameters);
verify(credentialService).save(null, password, setRequest, eventAuditRecordParameters);
verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class AuditingHelper method verifyAuditing.
public void verifyAuditing(String actor, String path, int statusCode, List<EventAuditRecordParameters> eventAuditRecordParametersList) {
RequestAuditRecord requestAuditRecord = requestAuditRecordRepository.findAll(new Sort(DESC, "now")).get(0);
assertThat(requestAuditRecord.getPath(), equalTo(path));
assertThat(requestAuditRecord.getStatusCode(), equalTo(statusCode));
List<EventAuditRecord> eventAuditRecords = eventAuditRecordRepository.findAll(new Sort(DESC, "now"));
assertThat(eventAuditRecords, hasSize(greaterThanOrEqualTo(eventAuditRecordParametersList.size())));
boolean expectedSuccess = HttpStatus.valueOf(statusCode).is2xxSuccessful();
assertThat(eventAuditRecords.subList(0, eventAuditRecordParametersList.size()), containsInAnyOrder(eventAuditRecordParametersList.stream().map(parameters -> matchesExpectedEvent(parameters, actor, expectedSuccess, requestAuditRecord.getUuid())).collect(Collectors.toList())));
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class PermissionAndCredentialTest method auditsTheRequestWithExtraActor.
private void auditsTheRequestWithExtraActor(String actor) {
List<EventAuditRecordParameters> auditRecordParameters = newArrayList(new EventAuditRecordParameters(CREDENTIAL_UPDATE, "/test-password"), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", READ, MTLS_APP_GUID), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", READ, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", WRITE, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", DELETE, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", READ_ACL, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", WRITE_ACL, actor));
auditingHelper.verifyAuditing(actor, "/api/v1/data", 200, auditRecordParameters);
}
Aggregations