use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class InterpolationControllerTest method POST_logsTheCredentialAccess.
@Test
public void POST_logsTheCredentialAccess() throws Exception {
JsonCredentialVersion jsonCredential = mock(JsonCredentialVersion.class);
doReturn(Maps.newHashMap("secret1", "secret1-value")).when(jsonCredential).getValue();
when(jsonCredential.getName()).thenReturn("/cred1");
JsonCredentialVersion jsonCredential1 = mock(JsonCredentialVersion.class);
doReturn(Maps.newHashMap("secret2", "secret2-value")).when(jsonCredential1).getValue();
when(jsonCredential1.getName()).thenReturn("/cred2");
doReturn(Arrays.asList(jsonCredential)).when(mockCredentialVersionDataService).findNByName("/cred1", 1);
doReturn(Arrays.asList(jsonCredential1)).when(mockCredentialVersionDataService).findNByName("/cred2", 1);
mockMvc.perform(makeValidPostRequest()).andExpect(status().isOk());
auditingHelper.verifyAuditing(UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, "/api/v1/interpolate", 200, Lists.newArrayList(new EventAuditRecordParameters(CREDENTIAL_ACCESS, "/cred1"), new EventAuditRecordParameters(CREDENTIAL_ACCESS, "/cred2")));
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class BulkRegenerateTest method regenerating_PersistsAnAuditEntry.
@Test
public void regenerating_PersistsAnAuditEntry() throws Exception {
MockHttpServletRequestBuilder request = post(API_V1_BULK_REGENERATE_ENDPOINT).header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{\n" + " \"signed_by\" : \"/ca-to-rotate\"\n" + "}");
mockMvc.perform(request).andExpect(status().isOk()).andExpect(content().contentTypeCompatibleWith(APPLICATION_JSON));
auditingHelper.verifyAuditing(UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, "/api/v1/bulk-regenerate", 200, newArrayList(new EventAuditRecordParameters(CREDENTIAL_UPDATE, "/cert-to-regenerate-as-well"), new EventAuditRecordParameters(CREDENTIAL_UPDATE, "/cert-to-regenerate")));
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class BulkRegenerateTest method regeneratingByCA_PersistsAnAuditEntry_whenRegenerationFails.
@Test
public void regeneratingByCA_PersistsAnAuditEntry_whenRegenerationFails() throws Exception {
// revoke write access to second certificate
MockHttpServletRequestBuilder revokeWriteAccessRequest = delete(API_V1_PERMISSION_ENDPOINT + "?credential_name=/cert-to-regenerate&actor=" + UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID).header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON);
mockMvc.perform(revokeWriteAccessRequest).andExpect(status().isNoContent());
MockHttpServletRequestBuilder regenerateCertificatesRequest = post(API_V1_BULK_REGENERATE_ENDPOINT).header("Authorization", "Bearer " + UAA_OAUTH2_CLIENT_CREDENTIALS_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{\n" + " \"signed_by\" : \"/ca-to-rotate\"\n" + "}");
mockMvc.perform(regenerateCertificatesRequest).andExpect(status().isForbidden()).andExpect(jsonPath("$.error", IsEqual.equalTo("The request could not be completed because the credential does not exist or you do not have sufficient authorization.")));
auditingHelper.verifyAuditing(UAA_OAUTH2_CLIENT_CREDENTIALS_ACTOR_ID, "/api/v1/bulk-regenerate", 403, newArrayList(new EventAuditRecordParameters(CREDENTIAL_UPDATE, "/cert-to-regenerate")));
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class GenerateHandlerTest method handleGenerateRequest_whenPasswordGenerateRequest_passesCorrectParametersIncludingGeneration.
@Test
public void handleGenerateRequest_whenPasswordGenerateRequest_passesCorrectParametersIncludingGeneration() {
StringCredentialValue password = new StringCredentialValue("federation");
PasswordGenerateRequest generateRequest = new PasswordGenerateRequest();
final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
generateRequest.setType("password");
generateRequest.setGenerationParameters(generationParameters);
generateRequest.setName("/captain");
generateRequest.setAdditionalPermissions(accessControlEntries);
generateRequest.setOverwrite(false);
subject.handle(generateRequest, eventAuditRecordParameters);
verify(credentialService).save(null, null, generateRequest, eventAuditRecordParameters);
verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
use of org.cloudfoundry.credhub.audit.EventAuditRecordParameters in project credhub by cloudfoundry-incubator.
the class SetHandlerTest method handleSetRequest_whenOverwriteIsTrue_shouldSaveAccessControlEntries.
@Test
public void handleSetRequest_whenOverwriteIsTrue_shouldSaveAccessControlEntries() {
StringCredentialValue password = new StringCredentialValue("federation");
PasswordSetRequest setRequest = new PasswordSetRequest();
CredentialVersion existingCredMock = mock(CredentialVersion.class);
when(credentialService.findMostRecent("/captain")).thenReturn(existingCredMock);
final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
setRequest.setType("password");
setRequest.setGenerationParameters(generationParameters);
setRequest.setPassword(password);
setRequest.setName("/captain");
setRequest.setAdditionalPermissions(accessControlEntries);
setRequest.setOverwrite(true);
subject.handle(setRequest, eventAuditRecordParameters);
verify(credentialService).save(existingCredMock, password, setRequest, eventAuditRecordParameters);
verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, false, "/captain");
}
Aggregations