Skip to content

FINERACT-2028: Audit log entries for jobs#5497

Open
airajena wants to merge 1 commit intoapache:developfrom
airajena:FINERACT-2028/audit-log-entries-for-jobs
Open

FINERACT-2028: Audit log entries for jobs#5497
airajena wants to merge 1 commit intoapache:developfrom
airajena:FINERACT-2028/audit-log-entries-for-jobs

Conversation

@airajena
Copy link
Contributor

Summary

This PR fixes FINERACT-2028 by ensuring manual scheduler job execution is audited.

Problem

Manual job trigger (POST /v1/jobs/{jobId}?command=executeJob) executed jobs directly via JobRegisterService and bypassed command processing, so no m_portfolio_command_source audit entry was created.

Root Cause

SchedulerJobApiResource.executeJob(...) called:

  • jobRegisterService.executeJobWithParameters(jobId, jsonRequestBody) directly,
    instead of routing through PortfolioCommandSourceWritePlatformService.logCommandSource(...).

Changes

  1. Added scheduler execute command wrapper
  • fineract-core/src/main/java/org/apache/fineract/commands/service/CommandWrapperBuilder.java
  • New builder method: executeSchedulerJob(Long jobId) with:
    • actionName = "EXECUTE"
    • entityName = "SCHEDULER"
    • href = "/jobs/{jobId}?command=executeJob"
  1. Routed job execution through command source logging
  • fineract-provider/src/main/java/org/apache/fineract/infrastructure/jobs/api/SchedulerJobApiResource.java
  • Replaced direct service invocation with:
    • build command wrapper (executeSchedulerJob(jobId))
    • commandsSourceWritePlatformService.logCommandSource(commandRequest)
  1. Added command handler for scheduler execute
  • fineract-provider/src/main/java/org/apache/fineract/infrastructure/jobs/handler/ExecuteJobCommandHandler.java
  • New handler annotated with:
    • @CommandType(entity = "SCHEDULER", action = "EXECUTE")
  • Executes the scheduler job and returns CommandProcessingResult.
  1. Added unit test for new handler
  • fineract-provider/src/test/java/org/apache/fineract/infrastructure/jobs/handler/ExecuteJobCommandHandlerTest.java
  • Verifies:
    • JobRegisterService.executeJobWithParameters(...) is called
    • command/resource IDs are returned in result
  1. Added integration test for audit behavior
  • integration-tests/src/test/java/org/apache/fineract/integrationtests/AuditIntegrationTest.java
  • New test: executeSchedulerJobShouldCreateAuditEntry()
  • Verifies triggering a scheduler job creates a new audit entry with:
    • actionName = EXECUTE
    • entityName = SCHEDULER

Tests Executed

  • :fineract-provider:test --tests "org.apache.fineract.infrastructure.jobs.handler.ExecuteJobCommandHandlerTest"
  • :integration-tests:test --tests "org.apache.fineract.integrationtests.AuditIntegrationTest.executeSchedulerJobShouldCreateAuditEntry" -PcargoDisabled

Copy link
Contributor

@IOhacker IOhacker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM


@Service
@RequiredArgsConstructor
@CommandType(entity = "SCHEDULER", action = "EXECUTE")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action should be EXECUTEJOB, thats the existing permission for this action!

Copy link
Contributor

@adamsaghy adamsaghy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Kindly see my concerns!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants