Search in sources :

Example 36 with EventAuditRecordParameters

use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.

the class InterpolationControllerTest method POST_logsTheCredentialAccess.

@Test
public void POST_logsTheCredentialAccess() throws Exception {
    JsonCredentialVersion jsonCredential = mock(JsonCredentialVersion.class);
    doReturn(Maps.newHashMap("secret1", "secret1-value")).when(jsonCredential).getValue();
    when(jsonCredential.getName()).thenReturn("/cred1");
    JsonCredentialVersion jsonCredential1 = mock(JsonCredentialVersion.class);
    doReturn(Maps.newHashMap("secret2", "secret2-value")).when(jsonCredential1).getValue();
    when(jsonCredential1.getName()).thenReturn("/cred2");
    doReturn(Arrays.asList(jsonCredential)).when(mockCredentialVersionDataService).findNByName("/cred1", 1);
    doReturn(Arrays.asList(jsonCredential1)).when(mockCredentialVersionDataService).findNByName("/cred2", 1);
    mockMvc.perform(makeValidPostRequest()).andExpect(status().isOk());
    auditingHelper.verifyAuditing(UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, "/api/v1/interpolate", 200, Lists.newArrayList(new EventAuditRecordParameters(CREDENTIAL_ACCESS, "/cred1"), new EventAuditRecordParameters(CREDENTIAL_ACCESS, "/cred2")));
}
Also used : JsonCredentialVersion(org.cloudfoundry.credhub.domain.JsonCredentialVersion) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 37 with EventAuditRecordParameters

use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.

the class BulkRegenerateTest method regenerating_PersistsAnAuditEntry.

@Test
public void regenerating_PersistsAnAuditEntry() throws Exception {
    MockHttpServletRequestBuilder request = post(API_V1_BULK_REGENERATE_ENDPOINT).header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{\n" + "  \"signed_by\" : \"/ca-to-rotate\"\n" + "}");
    mockMvc.perform(request).andExpect(status().isOk()).andExpect(content().contentTypeCompatibleWith(APPLICATION_JSON));
    auditingHelper.verifyAuditing(UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, "/api/v1/bulk-regenerate", 200, newArrayList(new EventAuditRecordParameters(CREDENTIAL_UPDATE, "/cert-to-regenerate-as-well"), new EventAuditRecordParameters(CREDENTIAL_UPDATE, "/cert-to-regenerate")));
}
Also used : MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Example 38 with EventAuditRecordParameters

use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.

the class BulkRegenerateTest method regeneratingByCA_PersistsAnAuditEntry_whenRegenerationFails.

@Test
public void regeneratingByCA_PersistsAnAuditEntry_whenRegenerationFails() throws Exception {
    // revoke write access to second certificate
    MockHttpServletRequestBuilder revokeWriteAccessRequest = delete(API_V1_PERMISSION_ENDPOINT + "?credential_name=/cert-to-regenerate&actor=" + UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID).header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON);
    mockMvc.perform(revokeWriteAccessRequest).andExpect(status().isNoContent());
    MockHttpServletRequestBuilder regenerateCertificatesRequest = post(API_V1_BULK_REGENERATE_ENDPOINT).header("Authorization", "Bearer " + UAA_OAUTH2_CLIENT_CREDENTIALS_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{\n" + "  \"signed_by\" : \"/ca-to-rotate\"\n" + "}");
    mockMvc.perform(regenerateCertificatesRequest).andExpect(status().isForbidden()).andExpect(jsonPath("$.error", IsEqual.equalTo("The request could not be completed because the credential does not exist or you do not have sufficient authorization.")));
    auditingHelper.verifyAuditing(UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID, "/api/v1/bulk-regenerate", 403, newArrayList(new EventAuditRecordParameters(CREDENTIAL_UPDATE, "/cert-to-regenerate")));
}
Also used : MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Example 39 with EventAuditRecordParameters

use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.

the class GenerateHandlerTest method handleGenerateRequest_whenPasswordGenerateRequest_passesCorrectParametersIncludingGeneration.

@Test
public void handleGenerateRequest_whenPasswordGenerateRequest_passesCorrectParametersIncludingGeneration() {
    StringCredentialValue password = new StringCredentialValue("federation");
    PasswordGenerateRequest generateRequest = new PasswordGenerateRequest();
    final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
    generateRequest.setType("password");
    generateRequest.setGenerationParameters(generationParameters);
    generateRequest.setName("/captain");
    generateRequest.setAdditionalPermissions(accessControlEntries);
    generateRequest.setOverwrite(false);
    subject.handle(generateRequest, eventAuditRecordParameters);
    verify(credentialService).save(null, null, generateRequest, eventAuditRecordParameters);
    verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
Also used : StringCredentialValue(org.cloudfoundry.credhub.credential.StringCredentialValue) ArrayList(java.util.ArrayList) PasswordGenerateRequest(org.cloudfoundry.credhub.request.PasswordGenerateRequest) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) Test(org.junit.Test)

Example 40 with EventAuditRecordParameters

use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.

the class SetHandlerTest method handleSetRequest_whenOverwriteIsTrue_shouldSaveAccessControlEntries.

@Test
public void handleSetRequest_whenOverwriteIsTrue_shouldSaveAccessControlEntries() {
    StringCredentialValue password = new StringCredentialValue("federation");
    PasswordSetRequest setRequest = new PasswordSetRequest();
    CredentialVersion existingCredMock = mock(CredentialVersion.class);
    when(credentialService.findMostRecent("/captain")).thenReturn(existingCredMock);
    final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
    setRequest.setType("password");
    setRequest.setGenerationParameters(generationParameters);
    setRequest.setPassword(password);
    setRequest.setName("/captain");
    setRequest.setAdditionalPermissions(accessControlEntries);
    setRequest.setOverwrite(true);
    subject.handle(setRequest, eventAuditRecordParameters);
    verify(credentialService).save(existingCredMock, password, setRequest, eventAuditRecordParameters);
    verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, false, "/captain");
}
Also used : StringCredentialValue(org.cloudfoundry.credhub.credential.StringCredentialValue) ArrayList(java.util.ArrayList) PasswordSetRequest(org.cloudfoundry.credhub.request.PasswordSetRequest) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) Test(org.junit.Test)

Aggregations

EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)41 Test (org.junit.Test)21 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)12 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)11 EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)11 Credential (org.cloudfoundry.credhub.entity.Credential)9 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)7 PermissionsView (org.cloudfoundry.credhub.view.PermissionsView)7 ArrayList (java.util.ArrayList)6 ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)6 AuditingOperationCode (org.cloudfoundry.credhub.audit.AuditingOperationCode)5 CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)5 PermissionEntry (org.cloudfoundry.credhub.request.PermissionEntry)5 List (java.util.List)4 UUID (java.util.UUID)4 Collectors (java.util.stream.Collectors)4 StringCredentialValue (org.cloudfoundry.credhub.credential.StringCredentialValue)4 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)4 BaseCredentialGenerateRequest (org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest)3 Service (org.springframework.stereotype.Service)3