Search in sources :

Example 1 with EventAuditRecordParameters

use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.

the class SetHandlerTest method handleSetRequest_whenNonPasswordSetRequest_passesCorrectParametersWithNullGeneration.

@Test
public void handleSetRequest_whenNonPasswordSetRequest_passesCorrectParametersWithNullGeneration() {
    UserSetRequest setRequest = new UserSetRequest();
    final UserCredentialValue userCredentialValue = new UserCredentialValue("Picard", "Enterprise", "salt");
    final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
    setRequest.setType("user");
    setRequest.setName("/captain");
    setRequest.setAdditionalPermissions(accessControlEntries);
    setRequest.setOverwrite(false);
    setRequest.setUserValue(userCredentialValue);
    subject.handle(setRequest, eventAuditRecordParameters);
    verify(credentialService).save(null, userCredentialValue, setRequest, eventAuditRecordParameters);
    verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
Also used : UserSetRequest(org.cloudfoundry.credhub.request.UserSetRequest) ArrayList(java.util.ArrayList) UserCredentialValue(org.cloudfoundry.credhub.credential.UserCredentialValue) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) Test(org.junit.Test)

Example 2 with EventAuditRecordParameters

use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.

the class SetHandlerTest method handleSetRequest_withACertificateSetRequest_andACaName_providesCaCertificate.

@Test
public void handleSetRequest_withACertificateSetRequest_andACaName_providesCaCertificate() {
    CertificateCredentialValue cerificateAuthority = new CertificateCredentialValue(null, TestConstants.TEST_CA, null, null);
    when(certificateAuthorityService.findActiveVersion("/test-ca-name")).thenReturn(cerificateAuthority);
    CertificateSetRequest setRequest = new CertificateSetRequest();
    final CertificateCredentialValue credentialValue = new CertificateCredentialValue(null, TestConstants.TEST_CERTIFICATE, "Enterprise", "test-ca-name");
    final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
    setRequest.setType("certificate");
    setRequest.setName("/captain");
    setRequest.setAdditionalPermissions(accessControlEntries);
    setRequest.setOverwrite(false);
    setRequest.setCertificateValue(credentialValue);
    CertificateCredentialValue expectedCredentialValue = new CertificateCredentialValue(TestConstants.TEST_CA, TestConstants.TEST_CERTIFICATE, "Enterprise", "/test-ca-name");
    ArgumentCaptor<CredentialValue> credentialValueArgumentCaptor = ArgumentCaptor.forClass(CredentialValue.class);
    subject.handle(setRequest, eventAuditRecordParameters);
    verify(credentialService).save(eq(null), credentialValueArgumentCaptor.capture(), eq(setRequest), eq(eventAuditRecordParameters));
    assertThat(credentialValueArgumentCaptor.getValue(), samePropertyValuesAs(expectedCredentialValue));
    verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
Also used : UserCredentialValue(org.cloudfoundry.credhub.credential.UserCredentialValue) CredentialValue(org.cloudfoundry.credhub.credential.CredentialValue) StringCredentialValue(org.cloudfoundry.credhub.credential.StringCredentialValue) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) ArrayList(java.util.ArrayList) CertificateSetRequest(org.cloudfoundry.credhub.request.CertificateSetRequest) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) Test(org.junit.Test)

Example 3 with EventAuditRecordParameters

use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.

the class SetHandlerTest method handleSetRequest_whenPasswordSetRequest_passesCorrectParametersIncludingGeneration.

@Test
public void handleSetRequest_whenPasswordSetRequest_passesCorrectParametersIncludingGeneration() {
    StringCredentialValue password = new StringCredentialValue("federation");
    PasswordSetRequest setRequest = new PasswordSetRequest();
    final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
    setRequest.setType("password");
    setRequest.setGenerationParameters(generationParameters);
    setRequest.setPassword(password);
    setRequest.setName("/captain");
    setRequest.setAdditionalPermissions(accessControlEntries);
    setRequest.setOverwrite(false);
    subject.handle(setRequest, eventAuditRecordParameters);
    verify(credentialService).save(null, password, setRequest, eventAuditRecordParameters);
    verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
Also used : StringCredentialValue(org.cloudfoundry.credhub.credential.StringCredentialValue) ArrayList(java.util.ArrayList) PasswordSetRequest(org.cloudfoundry.credhub.request.PasswordSetRequest) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) Test(org.junit.Test)

Example 4 with EventAuditRecordParameters

use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.

the class AuditingHelper method verifyAuditing.

public void verifyAuditing(String actor, String path, int statusCode, List<EventAuditRecordParameters> eventAuditRecordParametersList) {
    RequestAuditRecord requestAuditRecord = requestAuditRecordRepository.findAll(new Sort(DESC, "now")).get(0);
    assertThat(requestAuditRecord.getPath(), equalTo(path));
    assertThat(requestAuditRecord.getStatusCode(), equalTo(statusCode));
    List<EventAuditRecord> eventAuditRecords = eventAuditRecordRepository.findAll(new Sort(DESC, "now"));
    assertThat(eventAuditRecords, hasSize(greaterThanOrEqualTo(eventAuditRecordParametersList.size())));
    boolean expectedSuccess = HttpStatus.valueOf(statusCode).is2xxSuccessful();
    assertThat(eventAuditRecords.subList(0, eventAuditRecordParametersList.size()), containsInAnyOrder(eventAuditRecordParametersList.stream().map(parameters -> matchesExpectedEvent(parameters, actor, expectedSuccess, requestAuditRecord.getUuid())).collect(Collectors.toList())));
}
Also used : Description(org.hamcrest.Description) Matchers.greaterThanOrEqualTo(org.hamcrest.Matchers.greaterThanOrEqualTo) IsEqual.equalTo(org.hamcrest.core.IsEqual.equalTo) EventAuditRecord(org.cloudfoundry.credhub.entity.EventAuditRecord) UUID(java.util.UUID) StringUtils(org.apache.commons.lang3.StringUtils) Collectors(java.util.stream.Collectors) BaseMatcher(org.hamcrest.BaseMatcher) HttpStatus(org.springframework.http.HttpStatus) List(java.util.List) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) AuditingOperationCode(org.cloudfoundry.credhub.audit.AuditingOperationCode) Matcher(org.hamcrest.Matcher) RequestAuditRecordRepository(org.cloudfoundry.credhub.repository.RequestAuditRecordRepository) Matchers.hasSize(org.hamcrest.Matchers.hasSize) Sort(org.springframework.data.domain.Sort) EventAuditRecordRepository(org.cloudfoundry.credhub.repository.EventAuditRecordRepository) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) DESC(org.springframework.data.domain.Sort.Direction.DESC) EventAuditRecord(org.cloudfoundry.credhub.entity.EventAuditRecord) RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord) Sort(org.springframework.data.domain.Sort)

Example 5 with EventAuditRecordParameters

use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.

the class PermissionAndCredentialTest method auditsTheRequestWithExtraActor.

private void auditsTheRequestWithExtraActor(String actor) {
    List<EventAuditRecordParameters> auditRecordParameters = newArrayList(new EventAuditRecordParameters(CREDENTIAL_UPDATE, "/test-password"), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", READ, MTLS_APP_GUID), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", READ, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", WRITE, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", DELETE, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", READ_ACL, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", WRITE_ACL, actor));
    auditingHelper.verifyAuditing(actor, "/api/v1/data", 200, auditRecordParameters);
}
Also used : EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters)

Aggregations

EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)41 Test (org.junit.Test)21 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)12 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)11 EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)11 Credential (org.cloudfoundry.credhub.entity.Credential)9 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)7 PermissionsView (org.cloudfoundry.credhub.view.PermissionsView)7 ArrayList (java.util.ArrayList)6 ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)6 AuditingOperationCode (org.cloudfoundry.credhub.audit.AuditingOperationCode)5 CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)5 PermissionEntry (org.cloudfoundry.credhub.request.PermissionEntry)5 List (java.util.List)4 UUID (java.util.UUID)4 Collectors (java.util.stream.Collectors)4 StringCredentialValue (org.cloudfoundry.credhub.credential.StringCredentialValue)4 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)4 BaseCredentialGenerateRequest (org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest)3 Service (org.springframework.stereotype.Service)3