Example 21 with EventAuditRecordParameters
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class PermissionedCredentialService method findByUuid.
public Credential findByUuid(UUID credentialUUID, List<EventAuditRecordParameters> auditRecordParameters) {
EventAuditRecordParameters eventAuditRecordParameters = new EventAuditRecordParameters(AuditingOperationCode.CREDENTIAL_ACCESS);
auditRecordParameters.add(eventAuditRecordParameters);
Credential credential = credentialDataService.findByUUID(credentialUUID);
if (credential == null) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
eventAuditRecordParameters.setCredentialName(credential.getName());
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), credential.getName(), READ)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
return credential;
}
Also used :
Credential(org.cloudfoundry.credhub.entity.Credential)
EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException)
EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters)
Example 22 with EventAuditRecordParameters
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class UserCredentialRegeneratable method createGenerateRequest.
@Override
public BaseCredentialGenerateRequest createGenerateRequest(CredentialVersion credentialVersion, List<EventAuditRecordParameters> auditRecordParameters) {
UserCredentialVersion userCredential = (UserCredentialVersion) credentialVersion;
UserGenerateRequest generateRequest = new UserGenerateRequest();
generateRequest.setName(userCredential.getName());
generateRequest.setType(userCredential.getCredentialType());
generateRequest.setOverwrite(true);
StringGenerationParameters generationParameters;
generationParameters = userCredential.getGenerationParameters();
if (generationParameters == null) {
auditRecordParameters.add(new EventAuditRecordParameters(CREDENTIAL_UPDATE, credentialVersion.getName()));
throw new ParameterizedValidationException("error.cannot_regenerate_non_generated_user");
}
generationParameters.setUsername(userCredential.getUsername());
generateRequest.setGenerationParameters(generationParameters);
return generateRequest;
}
Also used :
UserGenerateRequest(org.cloudfoundry.credhub.request.UserGenerateRequest)
EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters)
UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters)
Example 23 with EventAuditRecordParameters
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class CertificateService method findByCredentialUuid.
public CertificateCredentialVersion findByCredentialUuid(String uuid, List<EventAuditRecordParameters> auditRecordParameters) {
EventAuditRecordParameters eventAuditRecordParameters = new EventAuditRecordParameters(AuditingOperationCode.CREDENTIAL_ACCESS);
auditRecordParameters.add(eventAuditRecordParameters);
CredentialVersion credentialVersion = this.certificateVersionDataService.findByCredentialUUID(uuid);
if (credentialVersion == null || !(credentialVersion instanceof CertificateCredentialVersion)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
eventAuditRecordParameters.setCredentialName(credentialVersion.getName());
CertificateCredentialVersion certificate = (CertificateCredentialVersion) credentialVersion;
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), certificate.getName(), PermissionOperation.READ)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
return certificate;
}
Also used :
EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException)
EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters)
CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)
CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion)
CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)
Example 24 with EventAuditRecordParameters
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class PermissionAndCredentialTest method auditsTheRequest.
private void auditsTheRequest(String actor) {
List<EventAuditRecordParameters> auditRecordParameters = newArrayList(new EventAuditRecordParameters(CREDENTIAL_UPDATE, "/test-password"), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", READ, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", WRITE, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", DELETE, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", READ_ACL, actor), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", WRITE_ACL, actor));
auditingHelper.verifyAuditing(actor, "/api/v1/data", 200, auditRecordParameters);
}
Also used :
EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters)
Example 25 with EventAuditRecordParameters
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class PermissionAndCredentialTest method auditsTheRequestWithNewPermissions.
private void auditsTheRequestWithNewPermissions() {
List<EventAuditRecordParameters> auditRecordParameters = newArrayList(new EventAuditRecordParameters(CREDENTIAL_UPDATE, "/test-password"), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", WRITE, MTLS_APP_GUID), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", READ, UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", WRITE, UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID), new EventAuditRecordParameters(ACL_UPDATE, "/test-password", DELETE, UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID));
auditingHelper.verifyAuditing(UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID, "/api/v1/data", 200, auditRecordParameters);
}
Also used :
EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters)
Aggregations
EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)41
Test (org.junit.Test)21
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)12
CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)11
EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)11
Credential (org.cloudfoundry.credhub.entity.Credential)9
CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)7
PermissionsView (org.cloudfoundry.credhub.view.PermissionsView)7
ArrayList (java.util.ArrayList)6
ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)6
AuditingOperationCode (org.cloudfoundry.credhub.audit.AuditingOperationCode)5
CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)5
PermissionEntry (org.cloudfoundry.credhub.request.PermissionEntry)5
List (java.util.List)4
UUID (java.util.UUID)4
Collectors (java.util.stream.Collectors)4
StringCredentialValue (org.cloudfoundry.credhub.credential.StringCredentialValue)4
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)4
BaseCredentialGenerateRequest (org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest)3
Service (org.springframework.stereotype.Service)3
