add ane enable audit logging to all api-s and crud operations

LMCROSSITXSADEPLOY-2517

Author: Yavor16

multiapps-controller-core/src/main/java/module-info.java

@@ -2,6 +2,7 @@
 
     exports org.cloudfoundry.multiapps.controller.core;
     exports org.cloudfoundry.multiapps.controller.core.auditlogging;
+    exports org.cloudfoundry.multiapps.controller.core.auditlogging.model;
     exports org.cloudfoundry.multiapps.controller.core.auditlogging.impl;
     exports org.cloudfoundry.multiapps.controller.core.cf;
     exports org.cloudfoundry.multiapps.controller.core.cf.apps;

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/Messages.java

@@ -179,6 +179,60 @@ public final class Messages {
     public static final String PARSED_TOKEN_EXPIRES_IN_0 = "Parsed token expires in: {0}";
     public static final String PARSER_CHAIN_0 = "Parser chain: {0}";
 
+    // Audit log
+
+    public static final String RETRIEVE_CSRF_TOKEN_AUDIT_LOG_MESSAGE = "Retrieve a CSRF token";
+
+    public static final String LIST_FILES_AUDIT_LOG_MESSAGE = "List files in space with id: {0}";
+    public static final String DELETE_SUBSCRIPTION_AUDIT_LOG_MESSAGE = "Delete subscription in space with id: {0}";
+    public static final String DELETE_ENTRY_AUDIT_LOG_MESSAGE = "Delete entry in space with id: {0}";
+    public static final String DELETE_OPERATION_AUDIT_LOG_MESSAGE = "Delete operation in space with id: {0}";
+    public static final String UPLOAD_FILE_AUDIT_LOG_MESSAGE = "Upload file in space with id: {0}";
+    public static final String UPLOAD_FILE_FROM_URL_AUDIT_LOG_MESSAGE = "Upload file from url in space with id: {0}";
+    public static final String GET_INFO_FOR_UPLOAD_URL_JOB_AUDIT_LOG_MESSAGE = "Get info for upload from url job in space with id: {0}";
+
+    public static final String LIST_OPERATIONS_AUDIT_LOG_MESSAGE = "List operations for mta in space with id: {0}";
+    public static final String LIST_OPERATION_ACTIONS_AUDIT_LOG_MESSAGE = "List operation action in space with id: {0}";
+    public static final String EXECUTE_OPERATION_AUDIT_LOG_MESSAGE = "Execute operation in space with id: {0}";
+    public static final String GET_OPERATION_LOGS_AUDIT_LOG_MESSAGE = "Get operation logs in space with id: {0}";
+    public static final String GET_OPERATION_LOG_CONTENT_AUDIT_LOG_MESSAGE =  "Get operation log content in space with id: {0}";
+    public static final String START_OPERATION_AUDIT_LOG_MESSAGE = "Start {0} operation in space with id: {1}";
+    public static final String GET_INFO_FOR_OPERATION = "Get info for operation in space with id: {0}";
+
+    public static final String LIST_MTA_AUDIT_LOG_MESSAGE =  "List MTA in space with id: {0}";
+    public static final String GET_MTA_AUDIT_LOG_MESSAGE = "Get MTA in space with id: {0}";
+
+    public static final String GET_INFO_FOR_API_AUDIT_LOG_CONFIG = "Get information for api";
+    public static final String FETCH_TOKEN_AUDIT_LOG_MESSAGE = "Attempt to fetch access token for client: \"{0}\" in space: \"{1}\" for service \"{2}\"";
+    public static final String FAILED_TO_FETCH_TOKEN_AUDIT_LOG_MESSAGE = "Failed to fetch access token for client: \"{0}\" in space: \"{1}\" for service \"{2}\"";
+
+    public static final String FETCH_TOKEN_AUDIT_LOG_CONFIG = "Access token fetch";
+
+
+    // Audit log configuration
+    public static final String GET_CSRF_TOKEN_AUDIT_LOG_CONFIG = "CSRF token get ";
+
+    public static final String FILE_INFO_AUDIT_LOG_CONFIG = "File info";
+    public static final String SUBSCRIPTION_DELETE_AUDIT_LOG_CONFIG = "Subscription delete";
+    public static final String ENTRY_DELETE_AUDIT_LOG_CONFIG = "Entry delete";
+    public static final String OPERATION_DELETE_AUDIT_LOG_CONFIG = "Operation delete";
+    public static final String FILE_UPLOAD_AUDIT_LOG_CONFIG = "File upload";
+    public static final String FILE_UPLOAD_FROM_URL_AUDIT_LOG_CONFIG = "File upload from url";
+    public static final String UPLOAD_FROM_URL_JOB_INFO_AUDIT_LOG_CONFIG = "Upload from url job info";
+
+    public static final String OPERATION_LIST_AUDIT_LOG_CONFIG = "Operation list";
+    public static final String OPERATION_ACTIONS_LIST_AUDIT_LOG_CONFIG = "Operation actions list";
+    public static final String EXECUTE_OPERATION_AUDIT_LOG_CONFIG = "Operation action execute";
+    public static final String LIST_OPERATION_LOGS_AUDIT_LOG_CONFIG = "Operation logs list";
+    public static final String GET_OPERATION_LOG_CONTENT_AUDIT_LOG_CONFIG = "Operation log content info";
+    public static final String START_OPERATION_AUDIT_LOG_CONFIG = "Operation start";
+    public static final String GET_OPERATION_INFO_AUDIT_LOG_CONFIG = "Operation info";
+
+    public static final String MTA_INFO_AUDIT_LOG_CONFIG= "MTA info";
+    public static final String MTA_LIST_AUDIT_LOG_CONFIG = "MTA list";
+
+    public static final String API_INFO_AUDIT_LOG_CONFIG= "Api info";
+
     private Messages() {
     }
 }

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLogBean.java

@@ -0,0 +1,60 @@
+package org.cloudfoundry.multiapps.controller.core.auditlogging;
+
+import org.cloudfoundry.multiapps.controller.core.auditlogging.impl.AuditLoggingFacadeSLImpl;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import javax.inject.Inject;
+import javax.sql.DataSource;
+
+@Configuration
+public class AuditLogBean {
+
+    @Bean
+    @Inject
+    public AuditLoggingFacade buildAuditLoggingFacade(DataSource dataSource, UserInfoProvider userInfoProvider) {
+        return new AuditLoggingFacadeSLImpl(dataSource, userInfoProvider);
+    }
+
+    @Bean
+    @Inject
+    public CsrfTokenApiServiceAuditLog buildCsrfTokenApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        return new CsrfTokenApiServiceAuditLog(auditLoggingFacade);
+    }
+
+    @Bean
+    @Inject
+    public FilesApiServiceAuditLog buildFilesApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        return new FilesApiServiceAuditLog(auditLoggingFacade);
+    }
+
+    @Bean
+    @Inject
+    public LoginAttemptAuditLog buildLoginAttemptAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        return new LoginAttemptAuditLog(auditLoggingFacade);
+    }
+
+    @Bean
+    @Inject
+    public InfoApiServiceAuditLog buildInfoApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        return new InfoApiServiceAuditLog(auditLoggingFacade);
+    }
+
+    @Bean
+    @Inject
+    public MtasApiServiceAuditLog buildMtasApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        return new MtasApiServiceAuditLog(auditLoggingFacade);
+    }
+
+    @Bean
+    @Inject
+    public OperationsApiServiceAuditLog buildOperationsApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        return new OperationsApiServiceAuditLog(auditLoggingFacade);
+    }
+
+    @Bean
+    @Inject
+    public MtaConfigurationPurgerAuditLog buildMtaConfigurationPurgerAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        return new MtaConfigurationPurgerAuditLog(auditLoggingFacade);
+    }
+}

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLoggingFacade.java

@@ -1,27 +1,11 @@
 package org.cloudfoundry.multiapps.controller.core.auditlogging;
 
-import java.util.Map;
-
-import org.cloudfoundry.multiapps.mta.model.AuditableConfiguration;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration;
 
 public interface AuditLoggingFacade {
 
-    void logSecurityIncident(String message);
-
-    void logAboutToStart(String action);
-
-    void logAboutToStart(String action, Map<String, Object> parameters);
-
-    void logActionStarted(String action, boolean success);
-
-    void logConfig(AuditableConfiguration configuration);
-
-    void logConfigCreate(AuditableConfiguration configuration);
-
-    void logConfigUpdate(AuditableConfiguration configuration);
-
-    void logConfigDelete(AuditableConfiguration configuration);
-
-    void logConfigUpdated(boolean success);
-
+    void logSecurityIncident(AuditLogConfiguration configuration);
+    void logDataAccessAuditLog(AuditLogConfiguration configuration);
+    void logConfigurationChangeAuditLog(AuditLogConfiguration configuration, ConfigurationChangeActions configurationAction);
 }

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLoggingProvider.java

@@ -0,0 +1,32 @@
+package org.cloudfoundry.multiapps.controller.core.auditlogging;
+
+import java.text.MessageFormat;
+
+import org.cloudfoundry.multiapps.controller.core.Messages;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration;
+
+
+public class AuthenticationAuditLog {
+
+    private final AuditLoggingFacade auditLoggingFacade;
+
+    public AuthenticationAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        this.auditLoggingFacade = auditLoggingFacade;
+    }
+
+    public void logFetchTokenAttempt(String clientId, String spaceId, String serviceName) {
+        String actionPerformed = MessageFormat.format(Messages.FETCH_TOKEN_AUDIT_LOG_MESSAGE, clientId, spaceId, serviceName);
+        auditLoggingFacade.logSecurityIncident(new AuditLogConfiguration(clientId,
+                                                                         spaceId,
+                                                                         actionPerformed,
+                                                                         Messages.FETCH_TOKEN_AUDIT_LOG_CONFIG));
+    }
+
+    public void logFailedToFetchTokenAttempt(String clientId, String spaceId, String serviceName) {
+        String actionPerformed = MessageFormat.format(Messages.FAILED_TO_FETCH_TOKEN_AUDIT_LOG_MESSAGE, clientId, spaceId, serviceName);
+        auditLoggingFacade.logSecurityIncident(new AuditLogConfiguration(clientId,
+                                                                         spaceId,
+                                                                         actionPerformed,
+                                                                         Messages.FETCH_TOKEN_AUDIT_LOG_CONFIG));
+    }
+}

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuthenticationAuditLog.java

@@ -0,0 +1,21 @@
+package org.cloudfoundry.multiapps.controller.core.auditlogging;
+
+import org.cloudfoundry.multiapps.controller.core.Messages;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration;
+
+public class CsrfTokenApiServiceAuditLog {
+
+    private final AuditLoggingFacade auditLoggingFacade;
+
+    public CsrfTokenApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        this.auditLoggingFacade = auditLoggingFacade;
+    }
+
+    public void logGetInfo(String username) {
+        String performedAction = Messages.RETRIEVE_CSRF_TOKEN_AUDIT_LOG_MESSAGE;
+        auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username,
+                                                                           "",
+                                                                           performedAction,
+                                                                           Messages.GET_CSRF_TOKEN_AUDIT_LOG_CONFIG));
+    }
+}

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/CsrfTokenApiServiceAuditLog.java

@@ -0,0 +1,104 @@
+package org.cloudfoundry.multiapps.controller.core.auditlogging;
+
+import java.text.MessageFormat;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+
+import org.cloudfoundry.multiapps.controller.api.model.FileMetadata;
+import org.cloudfoundry.multiapps.controller.core.Messages;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions;
+
+public class FilesApiServiceAuditLog {
+
+    private static final String NAMESPACE_PROPERTY_NAME = "namespace";
+    private static final String FILE_URL_PROPERTY_NAME = "fileUrl";
+    private static final String JOB_ID_PROPERTY_NAME = "jobId";
+    private static final String DIGEST_ALGORITHM_PROPERTY_NAME = "digestAlgorithm";
+    private static final String FILE_ID_PROPERTY_NAME = "fileId";
+    private static final String SIZE_PROPERTY_NAME = "size";
+    private static final String DIGEST_PROPERTY_NAME = "digest";
+
+    private final AuditLoggingFacade auditLoggingFacade;
+
+    public FilesApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        this.auditLoggingFacade = auditLoggingFacade;
+    }
+
+    public void logGetFiles(String username, String spaceGuid, String namespace) {
+        String performedAction = MessageFormat.format(Messages.LIST_FILES_AUDIT_LOG_MESSAGE, spaceGuid);
+        auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username,
+                                                                           spaceGuid,
+                                                                           performedAction,
+                                                                           Messages.FILE_INFO_AUDIT_LOG_CONFIG,
+                                                                           createAuditLogGetFilesConfigurationIdentifier(namespace)));
+    }
+
+    public void logUploadFile(String username, String spaceGuid, FileMetadata fileMetadata) {
+        String performedAction = MessageFormat.format(Messages.UPLOAD_FILE_AUDIT_LOG_MESSAGE, spaceGuid);
+        auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username,
+                                                                                    spaceGuid,
+                                                                                    performedAction,
+                                                                                    Messages.FILE_UPLOAD_AUDIT_LOG_CONFIG,
+                                                                                    createFileMetadataConfigurationIdentifier(fileMetadata)),
+                                                          ConfigurationChangeActions.CONFIGURATION_CREATE);
+    }
+
+    public void logStartUploadFromUrl(String username, String spaceGuid, String fileUrl) {
+        String performedAction = MessageFormat.format(Messages.UPLOAD_FILE_FROM_URL_AUDIT_LOG_MESSAGE, spaceGuid);
+        auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username,
+                                                                                    spaceGuid,
+                                                                                    performedAction,
+                                                                                    Messages.FILE_UPLOAD_FROM_URL_AUDIT_LOG_CONFIG,
+                                                                                    createAuditLogStartUploadFromUrlConfigurationIdentifier(fileUrl)),
+                                                          ConfigurationChangeActions.CONFIGURATION_CREATE);
+    }
+
+    public void logGetUploadFromUrlJob(String username, String spaceGuid, String namespace, String jobId) {
+        String performedAction = MessageFormat.format(Messages.GET_INFO_FOR_UPLOAD_URL_JOB_AUDIT_LOG_MESSAGE, spaceGuid);
+        auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username,
+                                                                           spaceGuid,
+                                                                           performedAction,
+                                                                           Messages.UPLOAD_FROM_URL_JOB_INFO_AUDIT_LOG_CONFIG,
+                                                                           createAuditLogGetUploadFromUrlJobConfigurationIdentifier(namespace,
+                                                                                                                                    jobId)));
+    }
+
+    private Map<String, String> createFileMetadataConfigurationIdentifier(FileMetadata fileMetadata) {
+        Map<String, String> identifiers = new HashMap<>();
+
+        identifiers.put(FILE_ID_PROPERTY_NAME, fileMetadata.getId());
+        identifiers.put(DIGEST_PROPERTY_NAME, fileMetadata.getDigest());
+        identifiers.put(DIGEST_ALGORITHM_PROPERTY_NAME, fileMetadata.getDigestAlgorithm());
+        identifiers.put(SIZE_PROPERTY_NAME, Objects.toString(fileMetadata.getSize()));
+        identifiers.put(NAMESPACE_PROPERTY_NAME, fileMetadata.getNamespace());
+
+        return identifiers;
+    }
+
+    private Map<String, String> createAuditLogGetFilesConfigurationIdentifier(String namespace) {
+        Map<String, String> identifiers = new HashMap<>();
+
+        identifiers.put(NAMESPACE_PROPERTY_NAME, namespace);
+
+        return identifiers;
+    }
+
+    private Map<String, String> createAuditLogGetUploadFromUrlJobConfigurationIdentifier(String namespace, String jobId) {
+        Map<String, String> identifiers = new HashMap<>();
+
+        identifiers.put(NAMESPACE_PROPERTY_NAME, namespace);
+        identifiers.put(JOB_ID_PROPERTY_NAME, jobId);
+
+        return identifiers;
+    }
+
+    private Map<String, String> createAuditLogStartUploadFromUrlConfigurationIdentifier(String fileUrl) {
+        Map<String, String> identifiers = new HashMap<>();
+
+        identifiers.put(FILE_URL_PROPERTY_NAME, fileUrl);
+
+        return identifiers;
+    }
+}

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/FilesApiServiceAuditLog.java

@@ -0,0 +1,31 @@
+package org.cloudfoundry.multiapps.controller.core.auditlogging;
+
+import java.util.Map;
+
+import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingFacade;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions;
+
+public class FlowableSlmpResourceAuditLog {
+
+    private final AuditLoggingFacade auditLoggingFacade;
+
+    public FlowableSlmpResourceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        this.auditLoggingFacade = auditLoggingFacade;
+    }
+
+    public void auditLogConfigurationChange(String username, String spaceId, String action, String configuration,
+                                            ConfigurationChangeActions configurationAction) {
+        auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username, spaceId, action, configuration),
+                                                          configurationAction);
+    }
+
+    public void auditLogActionPerformed(String username, String spaceId, String action, String configuration) {
+        auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, spaceId, action, configuration));
+    }
+
+    public void auditLogActionPerformed(String username, String spaceId, String action, String configuration,
+                                        Map<String, String> parameters) {
+        auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, spaceId, action, configuration, parameters));
+    }
+}