diff --git a/multiapps-controller-core/src/main/java/module-info.java b/multiapps-controller-core/src/main/java/module-info.java index 35bf5e8800..ff348c755f 100644 --- a/multiapps-controller-core/src/main/java/module-info.java +++ b/multiapps-controller-core/src/main/java/module-info.java @@ -2,6 +2,7 @@ exports org.cloudfoundry.multiapps.controller.core; exports org.cloudfoundry.multiapps.controller.core.auditlogging; + exports org.cloudfoundry.multiapps.controller.core.auditlogging.model; exports org.cloudfoundry.multiapps.controller.core.auditlogging.impl; exports org.cloudfoundry.multiapps.controller.core.cf; exports org.cloudfoundry.multiapps.controller.core.cf.apps; diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/Messages.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/Messages.java index 616c74f5c0..64d6df34fd 100644 --- a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/Messages.java +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/Messages.java @@ -179,6 +179,60 @@ public final class Messages { public static final String PARSED_TOKEN_EXPIRES_IN_0 = "Parsed token expires in: {0}"; public static final String PARSER_CHAIN_0 = "Parser chain: {0}"; + // Audit log + + public static final String RETRIEVE_CSRF_TOKEN_AUDIT_LOG_MESSAGE = "Retrieve a CSRF token"; + + public static final String LIST_FILES_AUDIT_LOG_MESSAGE = "List files in space with id: {0}"; + public static final String DELETE_SUBSCRIPTION_AUDIT_LOG_MESSAGE = "Delete subscription in space with id: {0}"; + public static final String DELETE_ENTRY_AUDIT_LOG_MESSAGE = "Delete entry in space with id: {0}"; + public static final String DELETE_OPERATION_AUDIT_LOG_MESSAGE = "Delete operation in space with id: {0}"; + public static final String UPLOAD_FILE_AUDIT_LOG_MESSAGE = "Upload file in space with id: {0}"; + public static final String UPLOAD_FILE_FROM_URL_AUDIT_LOG_MESSAGE = "Upload file from url in space with id: {0}"; + public static final String GET_INFO_FOR_UPLOAD_URL_JOB_AUDIT_LOG_MESSAGE = "Get info for upload from url job in space with id: {0}"; + + public static final String LIST_OPERATIONS_AUDIT_LOG_MESSAGE = "List operations for mta in space with id: {0}"; + public static final String LIST_OPERATION_ACTIONS_AUDIT_LOG_MESSAGE = "List operation action in space with id: {0}"; + public static final String EXECUTE_OPERATION_AUDIT_LOG_MESSAGE = "Execute operation in space with id: {0}"; + public static final String GET_OPERATION_LOGS_AUDIT_LOG_MESSAGE = "Get operation logs in space with id: {0}"; + public static final String GET_OPERATION_LOG_CONTENT_AUDIT_LOG_MESSAGE = "Get operation log content in space with id: {0}"; + public static final String START_OPERATION_AUDIT_LOG_MESSAGE = "Start {0} operation in space with id: {1}"; + public static final String GET_INFO_FOR_OPERATION = "Get info for operation in space with id: {0}"; + + public static final String LIST_MTA_AUDIT_LOG_MESSAGE = "List MTA in space with id: {0}"; + public static final String GET_MTA_AUDIT_LOG_MESSAGE = "Get MTA in space with id: {0}"; + + public static final String GET_INFO_FOR_API_AUDIT_LOG_CONFIG = "Get information for api"; + public static final String FETCH_TOKEN_AUDIT_LOG_MESSAGE = "Attempt to fetch access token for client: \"{0}\" in space: \"{1}\" for service \"{2}\""; + public static final String FAILED_TO_FETCH_TOKEN_AUDIT_LOG_MESSAGE = "Failed to fetch access token for client: \"{0}\" in space: \"{1}\" for service \"{2}\""; + + public static final String FETCH_TOKEN_AUDIT_LOG_CONFIG = "Access token fetch"; + + + // Audit log configuration + public static final String GET_CSRF_TOKEN_AUDIT_LOG_CONFIG = "CSRF token get "; + + public static final String FILE_INFO_AUDIT_LOG_CONFIG = "File list"; + public static final String SUBSCRIPTION_DELETE_AUDIT_LOG_CONFIG = "Subscription delete"; + public static final String ENTRY_DELETE_AUDIT_LOG_CONFIG = "Entry delete"; + public static final String OPERATION_DELETE_AUDIT_LOG_CONFIG = "Operation delete"; + public static final String FILE_UPLOAD_AUDIT_LOG_CONFIG = "File upload"; + public static final String FILE_UPLOAD_FROM_URL_AUDIT_LOG_CONFIG = "File upload from url"; + public static final String UPLOAD_FROM_URL_JOB_INFO_AUDIT_LOG_CONFIG = "Upload from url job info"; + + public static final String OPERATION_LIST_AUDIT_LOG_CONFIG = "Operation list"; + public static final String OPERATION_ACTIONS_LIST_AUDIT_LOG_CONFIG = "Operation actions list"; + public static final String EXECUTE_OPERATION_AUDIT_LOG_CONFIG = "Operation action execute"; + public static final String LIST_OPERATION_LOGS_AUDIT_LOG_CONFIG = "Operation logs list"; + public static final String GET_OPERATION_LOG_CONTENT_AUDIT_LOG_CONFIG = "Operation log content info"; + public static final String START_OPERATION_AUDIT_LOG_CONFIG = "Operation start"; + public static final String GET_OPERATION_INFO_AUDIT_LOG_CONFIG = "Operation info"; + + public static final String MTA_INFO_AUDIT_LOG_CONFIG= "MTA info"; + public static final String MTA_LIST_AUDIT_LOG_CONFIG = "MTA list"; + + public static final String API_INFO_AUDIT_LOG_CONFIG= "Api info"; + private Messages() { } } diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLogBean.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLogBean.java new file mode 100644 index 0000000000..b0e9b1c2a1 --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLogBean.java @@ -0,0 +1,60 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging; + +import org.cloudfoundry.multiapps.controller.core.auditlogging.impl.AuditLoggingFacadeSLImpl; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import javax.inject.Inject; +import javax.sql.DataSource; + +@Configuration +public class AuditLogBean { + + @Bean + @Inject + public AuditLoggingFacade buildAuditLoggingFacade(DataSource dataSource, UserInfoProvider userInfoProvider) { + return new AuditLoggingFacadeSLImpl(dataSource, userInfoProvider); + } + + @Bean + @Inject + public CsrfTokenApiServiceAuditLog buildCsrfTokenApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) { + return new CsrfTokenApiServiceAuditLog(auditLoggingFacade); + } + + @Bean + @Inject + public FilesApiServiceAuditLog buildFilesApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) { + return new FilesApiServiceAuditLog(auditLoggingFacade); + } + + @Bean + @Inject + public LoginAttemptAuditLog buildLoginAttemptAuditLog(AuditLoggingFacade auditLoggingFacade) { + return new LoginAttemptAuditLog(auditLoggingFacade); + } + + @Bean + @Inject + public InfoApiServiceAuditLog buildInfoApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) { + return new InfoApiServiceAuditLog(auditLoggingFacade); + } + + @Bean + @Inject + public MtasApiServiceAuditLog buildMtasApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) { + return new MtasApiServiceAuditLog(auditLoggingFacade); + } + + @Bean + @Inject + public OperationsApiServiceAuditLog buildOperationsApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) { + return new OperationsApiServiceAuditLog(auditLoggingFacade); + } + + @Bean + @Inject + public MtaConfigurationPurgerAuditLog buildMtaConfigurationPurgerAuditLog(AuditLoggingFacade auditLoggingFacade) { + return new MtaConfigurationPurgerAuditLog(auditLoggingFacade); + } +} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLoggingFacade.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLoggingFacade.java index f3e4a921a0..86c495d799 100644 --- a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLoggingFacade.java +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLoggingFacade.java @@ -1,27 +1,11 @@ package org.cloudfoundry.multiapps.controller.core.auditlogging; -import java.util.Map; - -import org.cloudfoundry.multiapps.mta.model.AuditableConfiguration; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; public interface AuditLoggingFacade { - void logSecurityIncident(String message); - - void logAboutToStart(String action); - - void logAboutToStart(String action, Map parameters); - - void logActionStarted(String action, boolean success); - - void logConfig(AuditableConfiguration configuration); - - void logConfigCreate(AuditableConfiguration configuration); - - void logConfigUpdate(AuditableConfiguration configuration); - - void logConfigDelete(AuditableConfiguration configuration); - - void logConfigUpdated(boolean success); - + void logSecurityIncident(AuditLogConfiguration configuration); + void logDataAccessAuditLog(AuditLogConfiguration configuration); + void logConfigurationChangeAuditLog(AuditLogConfiguration configuration, ConfigurationChangeActions configurationAction); } diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLoggingProvider.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLoggingProvider.java deleted file mode 100644 index a6d600c266..0000000000 --- a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLoggingProvider.java +++ /dev/null @@ -1,18 +0,0 @@ -package org.cloudfoundry.multiapps.controller.core.auditlogging; - -public class AuditLoggingProvider { - - private static AuditLoggingFacade facade; - - private AuditLoggingProvider() { - } - - public static void setFacade(AuditLoggingFacade facade) { - AuditLoggingProvider.facade = facade; - } - - public static AuditLoggingFacade getFacade() { - return facade; - } - -} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuthenticationAuditLog.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuthenticationAuditLog.java new file mode 100644 index 0000000000..6a74b1f86b --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuthenticationAuditLog.java @@ -0,0 +1,32 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging; + +import java.text.MessageFormat; + +import org.cloudfoundry.multiapps.controller.core.Messages; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; + + +public class AuthenticationAuditLog { + + private final AuditLoggingFacade auditLoggingFacade; + + public AuthenticationAuditLog(AuditLoggingFacade auditLoggingFacade) { + this.auditLoggingFacade = auditLoggingFacade; + } + + public void logFetchTokenAttempt(String clientId, String spaceId, String serviceName) { + String actionPerformed = MessageFormat.format(Messages.FETCH_TOKEN_AUDIT_LOG_MESSAGE, clientId, spaceId, serviceName); + auditLoggingFacade.logSecurityIncident(new AuditLogConfiguration(clientId, + spaceId, + actionPerformed, + Messages.FETCH_TOKEN_AUDIT_LOG_CONFIG)); + } + + public void logFailedToFetchTokenAttempt(String clientId, String spaceId, String serviceName) { + String actionPerformed = MessageFormat.format(Messages.FAILED_TO_FETCH_TOKEN_AUDIT_LOG_MESSAGE, clientId, spaceId, serviceName); + auditLoggingFacade.logSecurityIncident(new AuditLogConfiguration(clientId, + spaceId, + actionPerformed, + Messages.FETCH_TOKEN_AUDIT_LOG_CONFIG)); + } +} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/CsrfTokenApiServiceAuditLog.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/CsrfTokenApiServiceAuditLog.java new file mode 100644 index 0000000000..22630151cb --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/CsrfTokenApiServiceAuditLog.java @@ -0,0 +1,21 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging; + +import org.cloudfoundry.multiapps.controller.core.Messages; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; + +public class CsrfTokenApiServiceAuditLog { + + private final AuditLoggingFacade auditLoggingFacade; + + public CsrfTokenApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) { + this.auditLoggingFacade = auditLoggingFacade; + } + + public void logGetInfo(String username) { + String performedAction = Messages.RETRIEVE_CSRF_TOKEN_AUDIT_LOG_MESSAGE; + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + "", + performedAction, + Messages.GET_CSRF_TOKEN_AUDIT_LOG_CONFIG)); + } +} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/FilesApiServiceAuditLog.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/FilesApiServiceAuditLog.java new file mode 100644 index 0000000000..a944909669 --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/FilesApiServiceAuditLog.java @@ -0,0 +1,104 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging; + +import java.text.MessageFormat; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +import org.cloudfoundry.multiapps.controller.api.model.FileMetadata; +import org.cloudfoundry.multiapps.controller.core.Messages; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions; + +public class FilesApiServiceAuditLog { + + private static final String NAMESPACE_PROPERTY_NAME = "namespace"; + private static final String FILE_URL_PROPERTY_NAME = "fileUrl"; + private static final String JOB_ID_PROPERTY_NAME = "jobId"; + private static final String DIGEST_ALGORITHM_PROPERTY_NAME = "digestAlgorithm"; + private static final String FILE_ID_PROPERTY_NAME = "fileId"; + private static final String SIZE_PROPERTY_NAME = "size"; + private static final String DIGEST_PROPERTY_NAME = "digest"; + + private final AuditLoggingFacade auditLoggingFacade; + + public FilesApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) { + this.auditLoggingFacade = auditLoggingFacade; + } + + public void logGetFiles(String username, String spaceGuid, String namespace) { + String performedAction = MessageFormat.format(Messages.LIST_FILES_AUDIT_LOG_MESSAGE, spaceGuid); + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + spaceGuid, + performedAction, + Messages.FILE_INFO_AUDIT_LOG_CONFIG, + createAuditLogGetFilesConfigurationIdentifier(namespace))); + } + + public void logUploadFile(String username, String spaceGuid, FileMetadata fileMetadata) { + String performedAction = MessageFormat.format(Messages.UPLOAD_FILE_AUDIT_LOG_MESSAGE, spaceGuid); + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username, + spaceGuid, + performedAction, + Messages.FILE_UPLOAD_AUDIT_LOG_CONFIG, + createFileMetadataConfigurationIdentifier(fileMetadata)), + ConfigurationChangeActions.CONFIGURATION_CREATE); + } + + public void logStartUploadFromUrl(String username, String spaceGuid, String fileUrl) { + String performedAction = MessageFormat.format(Messages.UPLOAD_FILE_FROM_URL_AUDIT_LOG_MESSAGE, spaceGuid); + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username, + spaceGuid, + performedAction, + Messages.FILE_UPLOAD_FROM_URL_AUDIT_LOG_CONFIG, + createAuditLogStartUploadFromUrlConfigurationIdentifier(fileUrl)), + ConfigurationChangeActions.CONFIGURATION_CREATE); + } + + public void logGetUploadFromUrlJob(String username, String spaceGuid, String namespace, String jobId) { + String performedAction = MessageFormat.format(Messages.GET_INFO_FOR_UPLOAD_URL_JOB_AUDIT_LOG_MESSAGE, spaceGuid); + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + spaceGuid, + performedAction, + Messages.UPLOAD_FROM_URL_JOB_INFO_AUDIT_LOG_CONFIG, + createAuditLogGetUploadFromUrlJobConfigurationIdentifier(namespace, + jobId))); + } + + private Map createFileMetadataConfigurationIdentifier(FileMetadata fileMetadata) { + Map identifiers = new HashMap<>(); + + identifiers.put(FILE_ID_PROPERTY_NAME, fileMetadata.getId()); + identifiers.put(DIGEST_PROPERTY_NAME, fileMetadata.getDigest()); + identifiers.put(DIGEST_ALGORITHM_PROPERTY_NAME, fileMetadata.getDigestAlgorithm()); + identifiers.put(SIZE_PROPERTY_NAME, Objects.toString(fileMetadata.getSize())); + identifiers.put(NAMESPACE_PROPERTY_NAME, fileMetadata.getNamespace()); + + return identifiers; + } + + private Map createAuditLogGetFilesConfigurationIdentifier(String namespace) { + Map identifiers = new HashMap<>(); + + identifiers.put(NAMESPACE_PROPERTY_NAME, namespace); + + return identifiers; + } + + private Map createAuditLogGetUploadFromUrlJobConfigurationIdentifier(String namespace, String jobId) { + Map identifiers = new HashMap<>(); + + identifiers.put(NAMESPACE_PROPERTY_NAME, namespace); + identifiers.put(JOB_ID_PROPERTY_NAME, jobId); + + return identifiers; + } + + private Map createAuditLogStartUploadFromUrlConfigurationIdentifier(String fileUrl) { + Map identifiers = new HashMap<>(); + + identifiers.put(FILE_URL_PROPERTY_NAME, fileUrl); + + return identifiers; + } +} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/FlowableSlmpResourceAuditLog.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/FlowableSlmpResourceAuditLog.java new file mode 100644 index 0000000000..bb839b17a7 --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/FlowableSlmpResourceAuditLog.java @@ -0,0 +1,31 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging; + +import java.util.Map; + +import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingFacade; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions; + +public class FlowableSlmpResourceAuditLog { + + private final AuditLoggingFacade auditLoggingFacade; + + public FlowableSlmpResourceAuditLog(AuditLoggingFacade auditLoggingFacade) { + this.auditLoggingFacade = auditLoggingFacade; + } + + public void auditLogConfigurationChange(String username, String spaceId, String action, String configuration, + ConfigurationChangeActions configurationAction) { + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username, spaceId, action, configuration), + configurationAction); + } + + public void auditLogActionPerformed(String username, String spaceId, String action, String configuration) { + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, spaceId, action, configuration)); + } + + public void auditLogActionPerformed(String username, String spaceId, String action, String configuration, + Map parameters) { + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, spaceId, action, configuration, parameters)); + } +} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/FlowableSlppResourceAuditLog.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/FlowableSlppResourceAuditLog.java new file mode 100644 index 0000000000..cd32b2e9a9 --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/FlowableSlppResourceAuditLog.java @@ -0,0 +1,37 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging; + +import java.util.Map; + +import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingFacade; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions; + +public class FlowableSlppResourceAuditLog { + + private final AuditLoggingFacade auditLoggingFacade; + + public FlowableSlppResourceAuditLog(AuditLoggingFacade auditLoggingFacade) { + this.auditLoggingFacade = auditLoggingFacade; + } + + public void auditLogConfigurationChange(String username, String spaceId, String action, String configuration, + ConfigurationChangeActions configurationAction) { + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username, spaceId, action, configuration), + configurationAction); + } + + public void auditLogConfigurationChange(String username, String spaceId, String action, String configuration, + Map parameters, ConfigurationChangeActions configurationAction) { + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username, spaceId, action, configuration, parameters), + configurationAction); + } + + public void auditLogActionPerformed(String username, String spaceId, String action, String configuration) { + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, spaceId, action, configuration)); + } + + public void auditLogActionPerformed(String username, String spaceId, String action, String configuration, + Map parameters) { + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, spaceId, action, configuration, parameters)); + } +} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/InfoApiServiceAuditLog.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/InfoApiServiceAuditLog.java new file mode 100644 index 0000000000..ec463ca957 --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/InfoApiServiceAuditLog.java @@ -0,0 +1,21 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging; + +import org.apache.logging.log4j.util.Strings; +import org.cloudfoundry.multiapps.controller.core.Messages; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; + +public class InfoApiServiceAuditLog { + + private final AuditLoggingFacade auditLoggingFacade; + + public InfoApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) { + this.auditLoggingFacade = auditLoggingFacade; + } + + public void logGetInfo(String username) { + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + Strings.EMPTY, + Messages.GET_INFO_FOR_API_AUDIT_LOG_CONFIG, + Messages.API_INFO_AUDIT_LOG_CONFIG)); + } +} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/LoginAttemptAuditLog.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/LoginAttemptAuditLog.java new file mode 100644 index 0000000000..73766ba82e --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/LoginAttemptAuditLog.java @@ -0,0 +1,19 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging; + +import java.text.MessageFormat; + +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; + +public class LoginAttemptAuditLog { + + private final AuditLoggingFacade auditLoggingFacade; + + public LoginAttemptAuditLog(AuditLoggingFacade auditLoggingFacade) { + this.auditLoggingFacade = auditLoggingFacade; + } + + public void logLoginAttempt(String username, String spaceGuid, String message, String configuration) { + String performedAction = MessageFormat.format(message, username, spaceGuid); + auditLoggingFacade.logSecurityIncident(new AuditLogConfiguration(username, spaceGuid, performedAction, configuration)); + } +} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/MtaConfigurationPurgerAuditLog.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/MtaConfigurationPurgerAuditLog.java new file mode 100644 index 0000000000..40d461463c --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/MtaConfigurationPurgerAuditLog.java @@ -0,0 +1,127 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging; + +import java.text.MessageFormat; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +import org.apache.logging.log4j.util.Strings; +import org.cloudfoundry.multiapps.controller.api.model.Operation; +import org.cloudfoundry.multiapps.controller.core.Messages; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions; +import org.cloudfoundry.multiapps.controller.persistence.model.ConfigurationEntry; +import org.cloudfoundry.multiapps.controller.persistence.model.ConfigurationSubscription; + +public class MtaConfigurationPurgerAuditLog { + + private static final String APPLICATION_ID_PROPERTY_NAME = "applicationId"; + private static final String MTA_ID_PROPERTY_NAME = "mtaId"; + private static final String SUBSCRIPTION_ID_PROPERTY_NAME = "subscriptionId"; + private static final String PROVIDER_ID_PROPERTY_NAME = "providerId"; + private static final String PROVIDER_NID_PROPERTY_NAME = "providerNid"; + private static final String PROVIDER_VERSION_PROPERTY_NAME = "providerVersion"; + private static final String PROVIDER_NAMESPACE_PROPERTY_NAME = "providerNamespace"; + private static final String PROVIDER_TARGET_PROPERTY_NAME = "providerTarget"; + private static final String PROVIDER_CONTENT_PROPERTY_NAME = "providerContent"; + private static final String PROVIDER_CONTENT_ID_PROPERTY_NAME = "providerContentId"; + private static final String PROCESS_TYPE_PROPERTY_NAME = "processType"; + private static final String ENDED_AT_PROPERTY_NAME = "endedAt"; + private static final String STARTED_AT_PROPERTY_NAME = "startedAt"; + private static final String STATE_PROPERTY_NAME = "state"; + private static final String ERROR_TYPE_PROPERTY_NAME = "errorType"; + + private final AuditLoggingFacade auditLoggingFacade; + + public MtaConfigurationPurgerAuditLog(AuditLoggingFacade auditLoggingFacade) { + this.auditLoggingFacade = auditLoggingFacade; + } + + public void logDeleteSubscription(String spaceGuid, ConfigurationSubscription subscription) { + String performedAction = MessageFormat.format(Messages.DELETE_SUBSCRIPTION_AUDIT_LOG_MESSAGE, spaceGuid); + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(Strings.EMPTY, + spaceGuid, + performedAction, + Messages.SUBSCRIPTION_DELETE_AUDIT_LOG_CONFIG, + createAuditLogDeleteSubscriptionConfigurationIdentifier(subscription)), + ConfigurationChangeActions.CONFIGURATION_DELETE); + } + + public void logDeleteSubscription(String spaceGuid) { + String performedAction = MessageFormat.format(Messages.DELETE_SUBSCRIPTION_AUDIT_LOG_MESSAGE, spaceGuid); + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(Strings.EMPTY, + spaceGuid, + performedAction, + Messages.SUBSCRIPTION_DELETE_AUDIT_LOG_CONFIG), + ConfigurationChangeActions.CONFIGURATION_DELETE); + } + + public void logDeleteEntry(String spaceGuid, ConfigurationEntry entry) { + String performedAction = MessageFormat.format(Messages.DELETE_ENTRY_AUDIT_LOG_MESSAGE, spaceGuid); + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(Strings.EMPTY, + spaceGuid, + performedAction, + Messages.ENTRY_DELETE_AUDIT_LOG_CONFIG, + createAuditLogDeleteEntryConfigurationIdentifier(entry)), + ConfigurationChangeActions.CONFIGURATION_DELETE); + } + + public void logDeleteEntry(String spaceGuid) { + String performedAction = MessageFormat.format(Messages.DELETE_ENTRY_AUDIT_LOG_MESSAGE, spaceGuid); + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(Strings.EMPTY, + spaceGuid, + performedAction, + Messages.ENTRY_DELETE_AUDIT_LOG_CONFIG), + ConfigurationChangeActions.CONFIGURATION_DELETE); + } + + public void logDeleteOperation(String spaceGuid, Operation operation) { + String performedAction = MessageFormat.format(Messages.DELETE_OPERATION_AUDIT_LOG_MESSAGE, spaceGuid); + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(operation.getUser(), + spaceGuid, + performedAction, + Messages.OPERATION_DELETE_AUDIT_LOG_CONFIG, + createAuditLogDeleteOperationConfigurationIdentifier(operation)), + ConfigurationChangeActions.CONFIGURATION_DELETE); + } + + private Map createAuditLogDeleteSubscriptionConfigurationIdentifier(ConfigurationSubscription subscription) { + Map identifiers = new HashMap<>(); + + identifiers.put(APPLICATION_ID_PROPERTY_NAME, subscription.getAppName()); + identifiers.put(MTA_ID_PROPERTY_NAME, subscription.getMtaId()); + identifiers.put(SUBSCRIPTION_ID_PROPERTY_NAME, String.valueOf(subscription.getId())); + + return identifiers; + } + + private Map createAuditLogDeleteEntryConfigurationIdentifier(ConfigurationEntry entry) { + Map identifiers = new HashMap<>(); + String providerTarget = entry.getTargetSpace() + .getOrganizationName() + + "/" + entry.getTargetSpace() + .getSpaceName(); + + identifiers.put(PROVIDER_ID_PROPERTY_NAME, entry.getProviderId()); + identifiers.put(PROVIDER_NID_PROPERTY_NAME, entry.getProviderNid()); + identifiers.put(PROVIDER_VERSION_PROPERTY_NAME, Objects.toString(entry.getProviderVersion())); + identifiers.put(PROVIDER_NAMESPACE_PROPERTY_NAME, entry.getProviderNamespace()); + identifiers.put(PROVIDER_TARGET_PROPERTY_NAME, providerTarget); + identifiers.put(PROVIDER_CONTENT_PROPERTY_NAME, entry.getContent()); + identifiers.put(PROVIDER_CONTENT_ID_PROPERTY_NAME, entry.getContentId()); + + return identifiers; + } + + private Map createAuditLogDeleteOperationConfigurationIdentifier(Operation operation) { + Map identifiers = new HashMap<>(); + + identifiers.put(PROCESS_TYPE_PROPERTY_NAME, Objects.toString(operation.getProcessType())); + identifiers.put(ENDED_AT_PROPERTY_NAME, Objects.toString(operation.getEndedAt())); + identifiers.put(STARTED_AT_PROPERTY_NAME, Objects.toString(operation.getStartedAt())); + identifiers.put(STATE_PROPERTY_NAME, Objects.toString(operation.getState())); + identifiers.put(ERROR_TYPE_PROPERTY_NAME, Objects.toString(operation.getErrorType())); + + return identifiers; + } +} \ No newline at end of file diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/MtasApiServiceAuditLog.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/MtasApiServiceAuditLog.java new file mode 100644 index 0000000000..bde9556ddb --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/MtasApiServiceAuditLog.java @@ -0,0 +1,66 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging; + +import java.text.MessageFormat; +import java.util.HashMap; +import java.util.Map; + +import org.cloudfoundry.multiapps.controller.core.Messages; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; + +public class MtasApiServiceAuditLog { + + public static final String MTA_NAME_PROPERTY_NAME = "mtaName"; + public static final String NAMESPACE_PROPERTY_NAME = "namespace"; + public static final String NAME_PROPERTY_NAME = "name"; + + private final AuditLoggingFacade auditLoggingFacade; + + public MtasApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) { + this.auditLoggingFacade = auditLoggingFacade; + } + + public void logGetMtas(String username, String spaceId) { + String performedAction = MessageFormat.format(Messages.LIST_MTA_AUDIT_LOG_MESSAGE, spaceId); + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + spaceId, + performedAction, + Messages.MTA_LIST_AUDIT_LOG_CONFIG)); + } + + public void logGetMta(String username, String spaceId, String mtaId) { + String performedAction = MessageFormat.format(Messages.GET_MTA_AUDIT_LOG_MESSAGE, spaceId); + Map configIdentifiers = createAuditLogGetMtaConfigurationIdentifier(mtaId); + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + spaceId, + performedAction, + Messages.MTA_INFO_AUDIT_LOG_CONFIG, + configIdentifiers)); + } + + public void logGetMtas(String username, String spaceId, String namespace, String name) { + String performedAction = MessageFormat.format(Messages.LIST_MTA_AUDIT_LOG_MESSAGE, spaceId); + Map configIdentifiers = createAuditLogGetMtasConfigurationIdentifier(namespace, name); + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + spaceId, + performedAction, + Messages.MTA_LIST_AUDIT_LOG_CONFIG, + configIdentifiers)); + } + + private Map createAuditLogGetMtasConfigurationIdentifier(String namespace, String name) { + Map identifiers = new HashMap<>(); + + identifiers.put(NAME_PROPERTY_NAME, name); + identifiers.put(NAMESPACE_PROPERTY_NAME, namespace); + + return identifiers; + } + + private Map createAuditLogGetMtaConfigurationIdentifier(String mtaName) { + Map identifiers = new HashMap<>(); + + identifiers.put(MTA_NAME_PROPERTY_NAME, mtaName); + + return identifiers; + } +} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/OperationsApiServiceAuditLog.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/OperationsApiServiceAuditLog.java new file mode 100644 index 0000000000..8b39603649 --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/OperationsApiServiceAuditLog.java @@ -0,0 +1,155 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging; + +import java.text.MessageFormat; +import java.util.HashMap; +import java.util.Map; + +import org.cloudfoundry.multiapps.controller.api.model.Operation; +import org.cloudfoundry.multiapps.controller.core.Messages; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions; + +public class OperationsApiServiceAuditLog { + + private static final String MTA_ID_PROPERTY_NAME = "mtaId"; + private static final String LOG_ID_PROPERTY_NAME = "logId"; + private static final String ACTION_ID_PROPERTY_NAME = "actionId"; + private static final String OPERATION_ID_PROPERTY_NAME = "operationId"; + private static final String PROCESS_TYPE_PROPERTY_NAME = "processType"; + private static final String PROCESS_ID_PROPERTY_NAME = "processId"; + private static final String EMBED_PROPERTY_NAME = "embed"; + + private final AuditLoggingFacade auditLoggingFacade; + + public OperationsApiServiceAuditLog(AuditLoggingFacade auditLoggingFacade) { + this.auditLoggingFacade = auditLoggingFacade; + } + + public void logGetOperations(String username, String spaceId, String mtaId) { + String performedAction = MessageFormat.format(Messages.LIST_OPERATIONS_AUDIT_LOG_MESSAGE, spaceId); + Map configIdentifiers = createAuditLogGetOperationsConfigurationIdentifier(mtaId); + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + spaceId, + performedAction, + Messages.OPERATION_LIST_AUDIT_LOG_CONFIG, + configIdentifiers)); + } + + public void logGetOperationActions(String username, String spaceId, String operationId) { + String performedAction = MessageFormat.format(Messages.LIST_OPERATION_ACTIONS_AUDIT_LOG_MESSAGE, spaceId); + Map configIdentifiers = createAuditLogGetOperationLogsConfigurationIdentifier(operationId); + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + spaceId, + performedAction, + Messages.OPERATION_ACTIONS_LIST_AUDIT_LOG_CONFIG, + configIdentifiers)); + } + + public void logExecuteOperationAction(String username, String spaceId, String operationId, String actionId) { + String performedAction = MessageFormat.format(Messages.EXECUTE_OPERATION_AUDIT_LOG_MESSAGE, spaceId); + Map configIdentifiers = createAuditLogExecuteOperationActionConfigurationIdentifier(operationId, actionId); + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username, + spaceId, + performedAction, + Messages.EXECUTE_OPERATION_AUDIT_LOG_CONFIG, + configIdentifiers), + ConfigurationChangeActions.CONFIGURATION_CREATE); + } + + public void logGetOperationLogs(String username, String spaceId, String operationId) { + String performedAction = MessageFormat.format(Messages.GET_OPERATION_LOGS_AUDIT_LOG_MESSAGE, spaceId); + Map configIdentifiers = createAuditLogGetOperationLogsConfigurationIdentifier(operationId); + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + spaceId, + performedAction, + Messages.LIST_OPERATION_LOGS_AUDIT_LOG_CONFIG, + configIdentifiers)); + } + + public void logGetOperationLogContent(String username, String spaceId, String operationId, String logId) { + String performedAction = MessageFormat.format(Messages.GET_OPERATION_LOG_CONTENT_AUDIT_LOG_MESSAGE, spaceId); + Map configIdentifiers = createAuditLogGetOperationLogContentConfigurationIdentifier(operationId, logId); + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + spaceId, + performedAction, + Messages.GET_OPERATION_LOG_CONTENT_AUDIT_LOG_CONFIG, + configIdentifiers)); + } + + public void logStartOperation(String username, String spaceId, Operation operation) { + String performedAction = MessageFormat.format(Messages.START_OPERATION_AUDIT_LOG_MESSAGE, operation.getProcessType() + .getName(), + spaceId); + Map configIdentifiers = createAuditLogStartOperationConfigurationIdentifier(operation); + auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username, + spaceId, + performedAction, + Messages.START_OPERATION_AUDIT_LOG_CONFIG, + configIdentifiers), + ConfigurationChangeActions.CONFIGURATION_CREATE); + } + + public void logGetOperation(String username, String spaceId, String operationId, String embed) { + String performedAction = MessageFormat.format(Messages.GET_INFO_FOR_OPERATION, spaceId); + Map configIdentifiers = createAuditLogGetOperationConfigurationIdentifier(operationId, embed); + auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(username, + spaceId, + performedAction, + Messages.GET_OPERATION_INFO_AUDIT_LOG_CONFIG, + configIdentifiers)); + } + + private Map createAuditLogGetOperationsConfigurationIdentifier(String mtaId) { + Map identifiers = new HashMap<>(); + + identifiers.put(MTA_ID_PROPERTY_NAME, mtaId); + + return identifiers; + } + + private Map createAuditLogGetOperationConfigurationIdentifier(String operationId, String embed) { + Map identifiers = new HashMap<>(); + + identifiers.put(OPERATION_ID_PROPERTY_NAME, operationId); + identifiers.put(EMBED_PROPERTY_NAME, embed); + + return identifiers; + } + + private Map createAuditLogExecuteOperationActionConfigurationIdentifier(String operationId, String actionId) { + Map identifiers = new HashMap<>(); + + identifiers.put(ACTION_ID_PROPERTY_NAME, actionId); + identifiers.put(OPERATION_ID_PROPERTY_NAME, operationId); + + return identifiers; + } + + private Map createAuditLogGetOperationLogsConfigurationIdentifier(String operationId) { + Map identifiers = new HashMap<>(); + + identifiers.put(OPERATION_ID_PROPERTY_NAME, operationId); + + return identifiers; + } + + private Map createAuditLogGetOperationLogContentConfigurationIdentifier(String operationId, String logId) { + Map identifiers = new HashMap<>(); + + identifiers.put(OPERATION_ID_PROPERTY_NAME, operationId); + identifiers.put(LOG_ID_PROPERTY_NAME, logId); + + return identifiers; + } + + private Map createAuditLogStartOperationConfigurationIdentifier(Operation operation) { + Map identifiers = new HashMap<>(); + + identifiers.put(PROCESS_TYPE_PROPERTY_NAME, operation.getProcessType() + .getName()); + identifiers.put(PROCESS_ID_PROPERTY_NAME, operation.getProcessId()); + identifiers.put(MTA_ID_PROPERTY_NAME, operation.getMtaId()); + + return identifiers; + } +} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/impl/AuditLoggingFacadeSLImpl.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/impl/AuditLoggingFacadeSLImpl.java index b5caab2c4a..82375a1260 100644 --- a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/impl/AuditLoggingFacadeSLImpl.java +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/impl/AuditLoggingFacadeSLImpl.java @@ -6,10 +6,9 @@ import org.cloudfoundry.multiapps.controller.core.Messages; import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingFacade; import org.cloudfoundry.multiapps.controller.core.auditlogging.UserInfoProvider; -import org.cloudfoundry.multiapps.mta.model.AuditableConfiguration; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration; +import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions; -import java.text.MessageFormat; -import java.util.Map; import javax.sql.DataSource; public class AuditLoggingFacadeSLImpl implements AuditLoggingFacade { @@ -22,58 +21,18 @@ public AuditLoggingFacadeSLImpl(DataSource dataSource, UserInfoProvider userInfo } @Override - public void logSecurityIncident(String message) { - writeMessage(auditLogManager.getSecurityLogger(), message, Level.WARN); + public void logSecurityIncident(AuditLogConfiguration configuration) { + writeMessage(auditLogManager.getSecurityLogger(), configuration.getPerformedAction(), Level.WARN); } @Override - public void logAboutToStart(String action) { - String message = MessageFormat.format(Messages.AUDIT_LOG_ABOUT_TO_PERFORM_ACTION, action); - writeMessage(auditLogManager.getActionLogger(), message, Level.INFO); + public void logDataAccessAuditLog(AuditLogConfiguration configuration) { + writeMessage(auditLogManager.getConfigLogger(), configuration.getPerformedAction(), Level.WARN); } @Override - public void logAboutToStart(String action, Map parameters) { - String message = MessageFormat.format(Messages.AUDIT_LOG_ABOUT_TO_PERFORM_ACTION_WITH_PARAMS, action, parameters); - writeMessage(auditLogManager.getActionLogger(), message, Level.INFO); - } - - @Override - public void logActionStarted(String action, boolean success) { - String message = MessageFormat.format(success ? Messages.AUDIT_LOG_ACTION_SUCCESS : Messages.AUDIT_LOG_ACTION_FAILURE, action); - writeMessage(auditLogManager.getActionLogger(), message, Level.INFO); - } - - @Override - public void logConfig(AuditableConfiguration configuration) { - String message = MessageFormat.format(Messages.AUDIT_LOG_CONFIG, configuration.getConfigurationType(), - configuration.getConfigurationName()); - writeMessage(auditLogManager.getConfigLogger(), message, Level.INFO); - } - - @Override - public void logConfigUpdate(AuditableConfiguration configuration) { - String message = MessageFormat.format(Messages.AUDIT_LOG_UPDATE_CONFIG, configuration.getConfigurationName()); - writeMessage(auditLogManager.getConfigLogger(), message, Level.INFO); - } - - @Override - public void logConfigDelete(AuditableConfiguration configuration) { - String message = MessageFormat.format(Messages.AUDIT_LOG_DELETE_CONFIG, configuration.getConfigurationName()); - writeMessage(auditLogManager.getConfigLogger(), message, Level.INFO); - } - - @Override - public void logConfigCreate(AuditableConfiguration configuration) { - String message = MessageFormat.format(Messages.AUDIT_LOG_CREATE_CONFIG, configuration.getConfigurationType(), - configuration.getConfigurationName()); - writeMessage(auditLogManager.getConfigLogger(), message, Level.INFO); - } - - @Override - public void logConfigUpdated(boolean success) { - String message = success ? Messages.AUDIT_LOG_CONFIG_UPDATED : Messages.AUDIT_LOG_CONFIG_UPDATE_FAILED; - writeMessage(auditLogManager.getConfigLogger(), message, Level.INFO); + public void logConfigurationChangeAuditLog(AuditLogConfiguration configuration, ConfigurationChangeActions configurationAction) { + writeMessage(auditLogManager.getConfigLogger(), configuration.getPerformedAction(), Level.WARN); } private void writeMessage(Logger logger, String message, Level level) { diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/model/AuditLogConfiguration.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/model/AuditLogConfiguration.java new file mode 100644 index 0000000000..10718b41bf --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/model/AuditLogConfiguration.java @@ -0,0 +1,78 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging.model; + +import java.time.LocalDateTime; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.cloudfoundry.multiapps.mta.model.AuditableConfiguration; +import org.cloudfoundry.multiapps.mta.model.ConfigurationIdentifier; + +public class AuditLogConfiguration implements AuditableConfiguration { + + private static final String PERFORMED_ACTION_IDENTIFIER_KEY_NAME = "performed_action"; + private static final String TIME_IDENTIFIER_KEY_NAME = "time"; + private static final String SPACE_ID_IDENTIFIER_KEY_NAME = "spaceId"; + private final String userId; + private final String spaceId; + private final String performedAction; + private final String configuration; + private Map parameters; + + public AuditLogConfiguration(String userId, String spaceId, String performedAction, String configuration) { + this.spaceId = spaceId; + this.userId = userId; + this.performedAction = performedAction; + this.configuration = configuration; + this.parameters = Collections.emptyMap(); + } + + public AuditLogConfiguration(String userId, String spaceId, String performedAction, String configuration, + Map parameters) { + this(userId, spaceId, performedAction, configuration); + this.parameters = parameters; + } + + public String getPerformedAction() { + return performedAction; + } + + @Override + public String getConfigurationType() { + return configuration; + } + + @Override + public String getConfigurationName() { + return configuration; + } + + public String getSpaceId() { + return spaceId; + } + + public String getUserId() { + return userId; + } + + public String getTimeOfPerformedAction() { + return LocalDateTime.now().toString(); + } + + @Override + public List getConfigurationIdentifiers() { + List configurationIdentifiers = new ArrayList<>(); + configurationIdentifiers.add(new ConfigurationIdentifier(PERFORMED_ACTION_IDENTIFIER_KEY_NAME, getPerformedAction())); + configurationIdentifiers.add(new ConfigurationIdentifier(TIME_IDENTIFIER_KEY_NAME, getTimeOfPerformedAction())); + configurationIdentifiers.add(new ConfigurationIdentifier(SPACE_ID_IDENTIFIER_KEY_NAME, getSpaceId())); + for (var parameter : parameters.entrySet()) { + if (parameter.getValue() != null) { + configurationIdentifiers.add(new ConfigurationIdentifier(parameter.getKey(), parameter.getValue())); + } + } + return configurationIdentifiers; + } +} diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/model/ConfigurationChangeActions.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/model/ConfigurationChangeActions.java new file mode 100644 index 0000000000..b4663a90b1 --- /dev/null +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/model/ConfigurationChangeActions.java @@ -0,0 +1,18 @@ +package org.cloudfoundry.multiapps.controller.core.auditlogging.model; + +public enum ConfigurationChangeActions { + + CONFIGURATION_CREATE("configuration-create"), + CONFIGURATION_UPDATE("configuration-update"), + CONFIGURATION_DELETE("configuration-delete"); + + private final String configurationAction; + + ConfigurationChangeActions(String configurationAction) { + this.configurationAction = configurationAction; + } + + public String getConfigurationChangeAction() { + return this.configurationAction; + } +} \ No newline at end of file diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/helpers/MtaConfigurationPurger.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/helpers/MtaConfigurationPurger.java index 3439573140..6621cd3e8c 100644 --- a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/helpers/MtaConfigurationPurger.java +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/helpers/MtaConfigurationPurger.java @@ -10,7 +10,7 @@ import org.cloudfoundry.multiapps.common.SLException; import org.cloudfoundry.multiapps.controller.core.Messages; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; +import org.cloudfoundry.multiapps.controller.core.auditlogging.MtaConfigurationPurgerAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.metadata.MtaMetadata; import org.cloudfoundry.multiapps.controller.core.cf.metadata.processor.MtaMetadataParser; import org.cloudfoundry.multiapps.controller.core.model.DeployedMtaApplication; @@ -32,6 +32,7 @@ public class MtaConfigurationPurger { private static final Logger LOGGER = LoggerFactory.getLogger(MtaConfigurationPurger.class); + private final MtaConfigurationPurgerAuditLog mtaConfigurationPurgerAuditLog; private final CloudControllerClient client; private final CloudSpaceClient spaceClient; private final ConfigurationEntryService configurationEntryService; @@ -40,13 +41,14 @@ public class MtaConfigurationPurger { public MtaConfigurationPurger(CloudControllerClient client, CloudSpaceClient spaceClient, ConfigurationEntryService configurationEntryService, - ConfigurationSubscriptionService configurationSubscriptionService, - MtaMetadataParser mtaMetadataParser) { + ConfigurationSubscriptionService configurationSubscriptionService, MtaMetadataParser mtaMetadataParser, + MtaConfigurationPurgerAuditLog mtaConfigurationPurgerAuditLog) { this.client = client; this.spaceClient = spaceClient; this.configurationEntryService = configurationEntryService; this.configurationSubscriptionService = configurationSubscriptionService; this.mtaMetadataParser = mtaMetadataParser; + this.mtaConfigurationPurgerAuditLog = mtaConfigurationPurgerAuditLog; } public void purge(String org, String space) { @@ -54,7 +56,7 @@ public void purge(String org, String space) { String targetId = new ClientHelper(spaceClient).computeSpaceId(org, space); List existingApps = getExistingApps(); purgeConfigurationSubscriptions(targetId, existingApps); - purgeConfigurationEntries(targetSpace, existingApps); + purgeConfigurationEntries(targetSpace, existingApps, targetId); } private void purgeConfigurationSubscriptions(String spaceId, List existingApps) { @@ -64,7 +66,7 @@ private void purgeConfigurationSubscriptions(String spaceId, List subscriptions = getSubscriptions(spaceId); for (ConfigurationSubscription subscription : subscriptions) { if (!existingAppNames.contains(subscription.getAppName())) { - purgeSubscription(subscription); + purgeSubscription(subscription, spaceId); } } } @@ -75,23 +77,22 @@ private Set getNames(List apps) { .collect(Collectors.toSet()); } - private void purgeSubscription(ConfigurationSubscription subscription) { + private void purgeSubscription(ConfigurationSubscription subscription, String spaceId) { LOGGER.debug(MessageFormat.format(Messages.DELETING_SUBSCRIPTION, subscription.getId())); - AuditLoggingProvider.getFacade() - .logConfigDelete(subscription); + mtaConfigurationPurgerAuditLog.logDeleteSubscription(spaceId, subscription); configurationSubscriptionService.createQuery() .id(subscription.getId()) .delete(); } - private void purgeConfigurationEntries(CloudTarget targetSpace, List apps) { + private void purgeConfigurationEntries(CloudTarget targetSpace, List apps, String spaceId) { LOGGER.info(MessageFormat.format(Messages.PURGING_ENTRIES, targetSpace)); List entries = getConfigurationEntries(targetSpace); List stillRelevantEntries = getStillRelevantConfigurationEntries(apps); for (ConfigurationEntry entry : entries) { if (!isStillRelevant(stillRelevantEntries, entry)) { - purgeConfigurationEntry(entry); + purgeConfigurationEntry(entry, spaceId); } } } @@ -139,10 +140,9 @@ private ConfigurationEntry toConfigurationEntry(MtaMetadata metadata, String pro return new ConfigurationEntry(computeProviderId(metadata, providedDependencyName), metadata.getVersion()); } - private void purgeConfigurationEntry(ConfigurationEntry entry) { + private void purgeConfigurationEntry(ConfigurationEntry entry, String spaceId) { LOGGER.debug(MessageFormat.format(Messages.DELETING_ENTRY, entry.getId())); - AuditLoggingProvider.getFacade() - .logConfigDelete(entry); + mtaConfigurationPurgerAuditLog.logDeleteEntry(spaceId, entry); configurationEntryService.createQuery() .id(entry.getId()) .delete(); diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/security/data/termination/DataTerminationService.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/security/data/termination/DataTerminationService.java index 4553a57546..34ddc5b0c2 100644 --- a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/security/data/termination/DataTerminationService.java +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/security/data/termination/DataTerminationService.java @@ -14,7 +14,7 @@ import org.cloudfoundry.multiapps.common.SLException; import org.cloudfoundry.multiapps.controller.api.model.Operation; import org.cloudfoundry.multiapps.controller.core.Messages; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; +import org.cloudfoundry.multiapps.controller.core.auditlogging.MtaConfigurationPurgerAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.clients.CFOptimizedEventGetter; import org.cloudfoundry.multiapps.controller.core.cf.clients.WebClientFactory; import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration; @@ -56,6 +56,12 @@ public class DataTerminationService { private ApplicationConfiguration configuration; @Inject private WebClientFactory webClientFactory; + @Inject + private MtaConfigurationPurgerAuditLog mtaConfigurationPurgerAuditLog; + + private static void log(Exception e) { + LOGGER.error(format(Messages.ERROR_DURING_DATA_TERMINATION_0, e.getMessage()), e); + } public void deleteOrphanUserData() { assertGlobalAuditorCredentialsExist(); @@ -108,18 +114,12 @@ private void deleteConfigurationSubscriptionOrphanData(String spaceId) { if (configurationSubscriptions.isEmpty()) { return; } - auditLogDeletion(configurationSubscriptions); + configurationSubscriptions.forEach(configurationSubscription -> mtaConfigurationPurgerAuditLog.logDeleteSubscription(spaceId, + configurationSubscription)); configurationSubscriptionService.createQuery() .deleteAll(spaceId); } - private void auditLogDeletion(List configurationEntities) { - for (AuditableConfiguration configurationEntity : configurationEntities) { - AuditLoggingProvider.getFacade() - .logConfigDelete(configurationEntity); - } - } - private void deleteConfigurationEntryOrphanData(String spaceId) { List configurationEntities = configurationEntryService.createQuery() .spaceId(spaceId) @@ -127,7 +127,7 @@ private void deleteConfigurationEntryOrphanData(String spaceId) { if (configurationEntities.isEmpty()) { return; } - auditLogDeletion(configurationEntities); + configurationEntities.forEach(configurationEntity -> mtaConfigurationPurgerAuditLog.logDeleteEntry(spaceId, configurationEntity)); configurationEntryService.createQuery() .deleteAll(spaceId); } @@ -136,7 +136,7 @@ private void deleteUserOperationsOrphanData(String deleteEventSpaceId) { List operationsToBeDeleted = operationService.createQuery() .spaceId(deleteEventSpaceId) .list(); - auditLogDeletion(operationsToBeDeleted); + operationsToBeDeleted.forEach(operation -> mtaConfigurationPurgerAuditLog.logDeleteOperation(deleteEventSpaceId, operation)); operationService.createQuery() .spaceId(deleteEventSpaceId) .delete(); @@ -150,8 +150,4 @@ private void deleteSpaceIdsLeftovers(List spaceIds) { } } - private static void log(Exception e) { - LOGGER.error(format(Messages.ERROR_DURING_DATA_TERMINATION_0, e.getMessage()), e); - } - } \ No newline at end of file diff --git a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/util/ApplicationConfiguration.java b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/util/ApplicationConfiguration.java index 3d3f7d1781..950ded859a 100644 --- a/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/util/ApplicationConfiguration.java +++ b/multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/util/ApplicationConfiguration.java @@ -118,9 +118,9 @@ public class ApplicationConfiguration { public static final Integer DEFAULT_CHANGE_LOG_LOCK_DURATION = 1; // 1 minute(s) public static final Integer DEFAULT_CHANGE_LOG_LOCK_ATTEMPTS = 5; // 5 minute(s) public static final Integer DEFAULT_HEALTH_CHECK_TIME_RANGE = (int) TimeUnit.MINUTES.toSeconds(5); - public static final Integer DEFAULT_AUDIT_LOG_CLIENT_CORE_THREADS = 2; - public static final Integer DEFAULT_AUDIT_LOG_CLIENT_MAX_THREADS = 8; - public static final Integer DEFAULT_AUDIT_LOG_CLIENT_QUEUE_CAPACITY = 8; + public static final Integer DEFAULT_AUDIT_LOG_CLIENT_CORE_THREADS = 32; + public static final Integer DEFAULT_AUDIT_LOG_CLIENT_MAX_THREADS = 64; + public static final Integer DEFAULT_AUDIT_LOG_CLIENT_QUEUE_CAPACITY = 32767; public static final Integer DEFAULT_AUDIT_LOG_CLIENT_KEEP_ALIVE = 60; public static final Integer DEFAULT_FLOWABLE_JOB_EXECUTOR_CORE_THREADS = 8; public static final Integer DEFAULT_FLOWABLE_JOB_EXECUTOR_MAX_THREADS = 32; diff --git a/multiapps-controller-core/src/test/java/org/cloudfoundry/multiapps/controller/core/helpers/MtaConfigurationPurgerTest.java b/multiapps-controller-core/src/test/java/org/cloudfoundry/multiapps/controller/core/helpers/MtaConfigurationPurgerTest.java index 61c7fd4182..e1580b3f25 100644 --- a/multiapps-controller-core/src/test/java/org/cloudfoundry/multiapps/controller/core/helpers/MtaConfigurationPurgerTest.java +++ b/multiapps-controller-core/src/test/java/org/cloudfoundry/multiapps/controller/core/helpers/MtaConfigurationPurgerTest.java @@ -6,9 +6,7 @@ import java.util.ArrayList; import java.util.List; -import com.sap.cloudfoundry.client.facade.rest.CloudSpaceClient; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; -import org.cloudfoundry.multiapps.controller.core.auditlogging.impl.AuditLoggingFacadeSLImpl; +import org.cloudfoundry.multiapps.controller.core.auditlogging.MtaConfigurationPurgerAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.metadata.processor.MtaMetadataParser; import org.cloudfoundry.multiapps.controller.core.cf.metadata.processor.MtaMetadataValidator; import org.cloudfoundry.multiapps.controller.core.util.ConfigurationEntriesUtil; @@ -31,9 +29,10 @@ import com.sap.cloudfoundry.client.facade.CloudControllerClient; import com.sap.cloudfoundry.client.facade.domain.CloudApplication; import com.sap.cloudfoundry.client.facade.domain.CloudMetadata; -import com.sap.cloudfoundry.client.facade.domain.LifecycleType; import com.sap.cloudfoundry.client.facade.domain.ImmutableCloudApplication; import com.sap.cloudfoundry.client.facade.domain.ImmutableLifecycle; +import com.sap.cloudfoundry.client.facade.domain.LifecycleType; +import com.sap.cloudfoundry.client.facade.rest.CloudSpaceClient; class MtaConfigurationPurgerTest { @@ -44,13 +43,13 @@ class MtaConfigurationPurgerTest { private static final int SUBSCRIPTION_ID_TO_KEEP = 3; private static final String APPLICATION_NAME_TO_KEEP = "app-to-keep"; private static final String APPLICATION_NAME_TO_REMOVE = "app-to-remove"; + private final static String TARGET_SPACE = "space"; + private final static String TARGET_ORG = "org"; private final ConfigurationEntry ENTRY_TO_DELETE = createEntry(ENTRY_ID_TO_REMOVE, "remove:true"); private final ConfigurationSubscription SUBSCRIPTION_TO_DELETE = createSubscription(SUBSCRIPTION_ID_TO_REMOVE, APPLICATION_NAME_TO_REMOVE); - - private final static String TARGET_SPACE = "space"; - private final static String TARGET_ORG = "org"; - + private final List> queriesToVerifyDeleteCallOn = new ArrayList<>(); + private final List> queriesToVerifyNoDeleteCallOn = new ArrayList<>(); @Mock CloudControllerClient client; @Mock @@ -64,16 +63,12 @@ class MtaConfigurationPurgerTest { @Mock(answer = Answers.RETURNS_SELF) ConfigurationSubscriptionQuery configurationSubscriptionQuery; @Mock - AuditLoggingFacadeSLImpl auditLoggingFacade; - - private final List> queriesToVerifyDeleteCallOn = new ArrayList<>(); - private final List> queriesToVerifyNoDeleteCallOn = new ArrayList<>(); + MtaConfigurationPurgerAuditLog mtaConfigurationPurgerAuditLog; @BeforeEach void setUp() throws Exception { MockitoAnnotations.openMocks(this) .close(); - AuditLoggingProvider.setFacade(auditLoggingFacade); initApplicationsMock(); initConfigurationEntriesMock(); initConfigurationSubscriptionsMock(); @@ -81,17 +76,15 @@ void setUp() throws Exception { @Test void testPurge() { - MtaConfigurationPurger purger = new MtaConfigurationPurger(client, spaceClient, + MtaConfigurationPurger purger = new MtaConfigurationPurger(client, + spaceClient, configurationEntryService, configurationSubscriptionService, - new MtaMetadataParser(new MtaMetadataValidator())); + new MtaMetadataParser(new MtaMetadataValidator()), + mtaConfigurationPurgerAuditLog); purger.purge("org", "space"); verifyConfigurationEntriesDeleted(); verifyConfigurationEntriesNotDeleted(); - Mockito.verify(auditLoggingFacade) - .logConfigDelete(ENTRY_TO_DELETE); - Mockito.verify(auditLoggingFacade) - .logConfigDelete(SUBSCRIPTION_TO_DELETE); } private void verifyConfigurationEntriesDeleted() { diff --git a/multiapps-controller-core/src/test/java/org/cloudfoundry/multiapps/controller/core/security/data/termination/DataTerminationServiceTest.java b/multiapps-controller-core/src/test/java/org/cloudfoundry/multiapps/controller/core/security/data/termination/DataTerminationServiceTest.java index 36503fc488..2e9c0656e5 100644 --- a/multiapps-controller-core/src/test/java/org/cloudfoundry/multiapps/controller/core/security/data/termination/DataTerminationServiceTest.java +++ b/multiapps-controller-core/src/test/java/org/cloudfoundry/multiapps/controller/core/security/data/termination/DataTerminationServiceTest.java @@ -19,8 +19,7 @@ import java.util.stream.Stream; import org.cloudfoundry.multiapps.controller.core.Messages; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingFacade; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; +import org.cloudfoundry.multiapps.controller.core.auditlogging.MtaConfigurationPurgerAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.clients.CFOptimizedEventGetter; import org.cloudfoundry.multiapps.controller.core.test.MockBuilder; import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration; @@ -71,8 +70,7 @@ class DataTerminationServiceTest { @Mock private CFOptimizedEventGetter cfOptimizedEventsGetter; @Mock - private AuditLoggingFacade auditLoggingFacade; - + private MtaConfigurationPurgerAuditLog mtaConfigurationPurgerAuditLog; @InjectMocks private final DataTerminationService dataTerminationService = createDataTerminationService(); @@ -80,7 +78,6 @@ class DataTerminationServiceTest { void setUp() throws Exception { MockitoAnnotations.openMocks(this) .close(); - AuditLoggingProvider.setFacade(auditLoggingFacade); } private DataTerminationService createDataTerminationService() { diff --git a/multiapps-controller-process/src/main/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationEntriesCleaner.java b/multiapps-controller-process/src/main/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationEntriesCleaner.java index ba4a1688b1..63e426ff21 100644 --- a/multiapps-controller-process/src/main/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationEntriesCleaner.java +++ b/multiapps-controller-process/src/main/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationEntriesCleaner.java @@ -5,6 +5,7 @@ import javax.inject.Inject; +import org.cloudfoundry.multiapps.controller.core.auditlogging.MtaConfigurationPurgerAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.OAuthClientFactory; import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration; import org.cloudfoundry.multiapps.controller.persistence.model.ConfigurationEntry; @@ -23,9 +24,9 @@ public class ConfigurationEntriesCleaner extends OrphanedDataCleaner impl private final ApplicationConfiguration configuration; private final OAuthClientFactory oAuthClientFactory; + private final MtaConfigurationPurgerAuditLog mtaConfigurationPurgerAuditLog; protected CloudSpaceClient spaceClient; private boolean executed; - protected OrphanedDataCleaner(ApplicationConfiguration applicationConfiguration, - OAuthClientFactory oAuthClientFactory) { + protected OrphanedDataCleaner(ApplicationConfiguration applicationConfiguration, OAuthClientFactory oAuthClientFactory, + MtaConfigurationPurgerAuditLog mtaConfigurationPurgerAuditLog) { this.configuration = applicationConfiguration; this.oAuthClientFactory = oAuthClientFactory; + this.mtaConfigurationPurgerAuditLog = mtaConfigurationPurgerAuditLog; this.executed = false; } @@ -54,7 +56,6 @@ private int deleteOrphanedData() { List configurationData = getConfigurationData(); return configurationData.stream() .filter(this::hasNoAssociatedSpace) - .peek(this::auditLogDeletion) .map(this::getSpaceId) .distinct() .mapToInt(this::deleteConfigurationDataBySpaceId) @@ -87,6 +88,10 @@ private boolean spaceExists(String spaceId) { } } + protected MtaConfigurationPurgerAuditLog getMtaConfigurationPurgerAuditLog() { + return mtaConfigurationPurgerAuditLog; + } + protected abstract int deleteConfigurationDataBySpaceId(String spaceId); protected void initSpaceClient() { @@ -105,10 +110,4 @@ protected void initSpaceClient() { oauthClient.init(cloudCredentials); spaceClient = clientFactory.createSpaceClient(configuration.getControllerUrl(), oauthClient, Collections.emptyMap()); } - - private void auditLogDeletion(T configurationData) { - AuditLoggingProvider.getFacade() - .logConfigDelete(configurationData); - } - } diff --git a/multiapps-controller-process/src/test/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationEntriesCleanerTest.java b/multiapps-controller-process/src/test/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationEntriesCleanerTest.java index 7bec8517c7..94717e988d 100644 --- a/multiapps-controller-process/src/test/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationEntriesCleanerTest.java +++ b/multiapps-controller-process/src/test/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationEntriesCleanerTest.java @@ -10,8 +10,7 @@ import java.util.List; import java.util.UUID; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingFacade; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; +import org.cloudfoundry.multiapps.controller.core.auditlogging.MtaConfigurationPurgerAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.OAuthClientFactory; import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration; import org.cloudfoundry.multiapps.controller.persistence.model.ConfigurationEntry; @@ -31,8 +30,6 @@ class ConfigurationEntriesCleanerTest { private static final UUID EXISTING_SPACE_2 = UUID.randomUUID(); private static final UUID NON_EXISTING_SPACE = UUID.randomUUID(); - @Mock - private AuditLoggingFacade auditLoggingFacade; @Mock private ApplicationConfiguration configuration; @Mock @@ -43,20 +40,23 @@ class ConfigurationEntriesCleanerTest { private OAuthClientFactory oAuthClientFactory; @Mock private ConfigurationEntryQuery query; - + @Mock + private MtaConfigurationPurgerAuditLog mtaConfigurationPurgerAuditLog; private ConfigurationEntriesCleaner cleaner; @BeforeEach void setUp() throws Exception { MockitoAnnotations.openMocks(this) .close(); - cleaner = new ConfigurationEntriesCleaner(configuration, configurationEntryService, oAuthClientFactory) { + cleaner = new ConfigurationEntriesCleaner(configuration, + configurationEntryService, + oAuthClientFactory, + mtaConfigurationPurgerAuditLog) { @Override protected void initSpaceClient() { super.spaceClient = clientMock; } }; - AuditLoggingProvider.setFacade(auditLoggingFacade); } @Test diff --git a/multiapps-controller-process/src/test/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationSubscriptionCleanerTest.java b/multiapps-controller-process/src/test/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationSubscriptionCleanerTest.java index 92c0b743a5..cab059aebf 100644 --- a/multiapps-controller-process/src/test/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationSubscriptionCleanerTest.java +++ b/multiapps-controller-process/src/test/java/org/cloudfoundry/multiapps/controller/process/jobs/ConfigurationSubscriptionCleanerTest.java @@ -10,8 +10,7 @@ import java.util.List; import java.util.UUID; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingFacade; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; +import org.cloudfoundry.multiapps.controller.core.auditlogging.MtaConfigurationPurgerAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.OAuthClientFactory; import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration; import org.cloudfoundry.multiapps.controller.persistence.model.ConfigurationSubscription; @@ -32,8 +31,6 @@ class ConfigurationSubscriptionCleanerTest { private static final UUID EXISTING_SPACE_2 = UUID.randomUUID(); private static final UUID NON_EXISTING_SPACE = UUID.randomUUID(); - @Mock - private AuditLoggingFacade auditLoggingFacade; @Mock private ApplicationConfiguration configuration; @Mock @@ -44,6 +41,8 @@ class ConfigurationSubscriptionCleanerTest { private OAuthClientFactory oAuthClientFactory; @Mock private ConfigurationSubscriptionQuery query; + @Mock + private MtaConfigurationPurgerAuditLog mtaConfigurationPurgerAuditLog; private ConfigurationSubscriptionCleaner cleaner; @@ -51,13 +50,15 @@ class ConfigurationSubscriptionCleanerTest { void setUp() throws Exception { MockitoAnnotations.openMocks(this) .close(); - cleaner = new ConfigurationSubscriptionCleaner(configuration, configurationSubscriptionService, oAuthClientFactory) { + cleaner = new ConfigurationSubscriptionCleaner(configuration, + configurationSubscriptionService, + oAuthClientFactory, + mtaConfigurationPurgerAuditLog) { @Override protected void initSpaceClient() { super.spaceClient = clientMock; } }; - AuditLoggingProvider.setFacade(auditLoggingFacade); } @Test diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/Messages.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/Messages.java index 95992f1a8c..d3f5f962b0 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/Messages.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/Messages.java @@ -1,5 +1,7 @@ package org.cloudfoundry.multiapps.controller.web; +import org.cloudfoundry.multiapps.controller.web.util.SecurityContextUtil; + /** * A collection of string constants used for exception and logging messages. */ @@ -25,6 +27,12 @@ public final class Messages { public static final String MISSING_PROPERTIES_FOR_CREATING_THE_SPECIFIC_PROVIDER = "Missing properties for creating the specific provider!"; // Audit log messages + public static final String USER_TRYING_TO_LOGIN_AUDIT_LOG_MESSAGE = "\"{0}\" is trying to login in space \"{1}\""; + public static final String USER_SUCCESSFULLY_LOGGED_IN_AUDIT_LOG_MESSAGE = "\"{0}\" successfully logged in space \"{1}\""; + public static final String USER_FAILED_TO_LOG_IN_AUDIT_LOG_MESSAGE = "\"{0}\" failed to login in space \"{1}\""; + + // Audit log configuration + public static final String LOGIN_ATTEMPT_AUDIT_LOG_CONFIG = "Login attempt"; // ERROR log messages public static final String MTA_NOT_FOUND = "MTA with id \"{0}\" does not exist"; diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/CsrfTokenApiServiceImpl.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/CsrfTokenApiServiceImpl.java index 6d41241589..e30eece5f4 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/CsrfTokenApiServiceImpl.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/CsrfTokenApiServiceImpl.java @@ -1,15 +1,22 @@ package org.cloudfoundry.multiapps.controller.web.api.impl; +import javax.inject.Inject; import javax.inject.Named; import org.cloudfoundry.multiapps.controller.api.CsrfTokenApiService; +import org.cloudfoundry.multiapps.controller.core.auditlogging.CsrfTokenApiServiceAuditLog; +import org.cloudfoundry.multiapps.controller.web.util.SecurityContextUtil; import org.springframework.http.ResponseEntity; @Named public class CsrfTokenApiServiceImpl implements CsrfTokenApiService { + @Inject + private CsrfTokenApiServiceAuditLog csrfTokenApiServiceAuditLog; + @Override public ResponseEntity getCsrfToken() { + csrfTokenApiServiceAuditLog.logGetInfo(SecurityContextUtil.getUsername()); return ResponseEntity.noContent() .build(); } diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/FilesApiServiceImpl.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/FilesApiServiceImpl.java index 710b7f7109..2d604ba3f5 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/FilesApiServiceImpl.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/FilesApiServiceImpl.java @@ -40,7 +40,7 @@ import org.cloudfoundry.multiapps.controller.api.model.ImmutableFileMetadata; import org.cloudfoundry.multiapps.controller.client.util.CheckedSupplier; import org.cloudfoundry.multiapps.controller.client.util.ResilientOperationExecutor; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; +import org.cloudfoundry.multiapps.controller.core.auditlogging.FilesApiServiceAuditLog; import org.cloudfoundry.multiapps.controller.core.helpers.DescriptorParserFacadeFactory; import org.cloudfoundry.multiapps.controller.core.model.CachedMap; import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration; @@ -93,10 +93,13 @@ public class FilesApiServiceImpl implements FilesApiService { @Inject @Named("asyncFileUploadExecutor") private ExecutorService deployFromUrlExecutor; + @Inject + private FilesApiServiceAuditLog filesApiServiceAuditLog; @Override public ResponseEntity> getFiles(String spaceGuid, String namespace) { try { + filesApiServiceAuditLog.logGetFiles(SecurityContextUtil.getUsername(), spaceGuid, namespace); List entries = fileService.listFiles(spaceGuid, namespace); List files = entries.stream() .map(this::parseFileEntry) @@ -122,8 +125,7 @@ public ResponseEntity uploadFile(MultipartHttpServletRequest reque .build(), in); FileMetadata file = parseFileEntry(fileEntry); - AuditLoggingProvider.getFacade() - .logConfigCreate(file); + filesApiServiceAuditLog.logUploadFile(SecurityContextUtil.getUsername(), spaceGuid, file); var endTime = LocalDateTime.now(); LOGGER.trace(Messages.UPLOADED_FILE, file.getId(), file.getName(), file.getSize(), file.getDigest(), file.getDigestAlgorithm(), ChronoUnit.MILLIS.between(startTime, endTime)); @@ -140,6 +142,7 @@ public ResponseEntity startUploadFromUrl(String spaceGuid, String namespac .decode(fileUrl.getFileUrl())); String urlWithoutUserInfo = UriUtil.stripUserInfo(decodedUrl); LOGGER.trace(Messages.RECEIVED_UPLOAD_FROM_URL_REQUEST, urlWithoutUserInfo); + filesApiServiceAuditLog.logStartUploadFromUrl(SecurityContextUtil.getUsername(), spaceGuid, decodedUrl); var existingJob = getExistingJob(spaceGuid, namespace, urlWithoutUserInfo); if (existingJob != null) { if (runningTasks.get(existingJob.getId()) != null) { @@ -162,6 +165,7 @@ private String getLocationHeader(String spaceGuid, String jobId) { @Override public ResponseEntity getUploadFromUrlJob(String spaceGuid, String namespace, String jobId) { + filesApiServiceAuditLog.logGetUploadFromUrlJob(SecurityContextUtil.getUsername(), spaceGuid, namespace, jobId); AsyncUploadJobEntry job = getJob(jobId, spaceGuid, namespace); if (job == null) { return ResponseEntity.notFound() @@ -210,8 +214,6 @@ private ResponseEntity addFileEntryToAsyncUploadResult(String return ResponseEntity.ok(createErrorResult(e.getMessage())); } FileMetadata file = parseFileEntry(fileEntry); - AuditLoggingProvider.getFacade() - .logConfigCreate(file); jobCounters.remove(job.getId()); runningTasks.remove(job.getId()); return ResponseEntity.status(HttpStatus.CREATED) diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/InfoApiServiceImpl.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/InfoApiServiceImpl.java index a2615de863..89c0ce27b8 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/InfoApiServiceImpl.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/InfoApiServiceImpl.java @@ -1,17 +1,24 @@ package org.cloudfoundry.multiapps.controller.web.api.impl; +import javax.inject.Inject; import javax.inject.Named; import org.cloudfoundry.multiapps.controller.api.InfoApiService; import org.cloudfoundry.multiapps.controller.api.model.ImmutableInfo; import org.cloudfoundry.multiapps.controller.api.model.Info; +import org.cloudfoundry.multiapps.controller.core.auditlogging.InfoApiServiceAuditLog; +import org.cloudfoundry.multiapps.controller.web.util.SecurityContextUtil; import org.springframework.http.ResponseEntity; @Named public class InfoApiServiceImpl implements InfoApiService { + @Inject + private InfoApiServiceAuditLog infoApiServiceAuditLog; + @Override public ResponseEntity getInfo() { + infoApiServiceAuditLog.logGetInfo(SecurityContextUtil.getUsername()); Info info = ImmutableInfo.builder() .apiVersion(1) .build(); diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/MtasApiServiceImpl.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/MtasApiServiceImpl.java index 5cfed6f282..f7ae1c64d8 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/MtasApiServiceImpl.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/MtasApiServiceImpl.java @@ -17,6 +17,7 @@ import org.cloudfoundry.multiapps.controller.api.model.Metadata; import org.cloudfoundry.multiapps.controller.api.model.Module; import org.cloudfoundry.multiapps.controller.api.model.Mta; +import org.cloudfoundry.multiapps.controller.core.auditlogging.MtasApiServiceAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.CloudControllerClientProvider; import org.cloudfoundry.multiapps.controller.core.cf.detect.DeployedMtaDetector; import org.cloudfoundry.multiapps.controller.core.cf.metadata.MtaMetadata; @@ -42,9 +43,12 @@ public class MtasApiServiceImpl implements MtasApiService { @Inject @Qualifier("deployedMtaRequiredDataOnlyDetector") private DeployedMtaDetector deployedMtaDetector; + @Inject + private MtasApiServiceAuditLog mtasApiServiceAuditLog; @Override public ResponseEntity> getMtas(String spaceGuid) { + mtasApiServiceAuditLog.logGetMtas(SecurityContextUtil.getUsername(), spaceGuid); CloudControllerClient client = getCloudFoundryClient(spaceGuid); List deployedMtas = deployedMtaDetector.detectDeployedMtasWithoutNamespace(client); List mtas = getMtas(deployedMtas, client); @@ -54,6 +58,7 @@ public ResponseEntity> getMtas(String spaceGuid) { @Override public ResponseEntity getMta(String spaceGuid, String mtaId) { + mtasApiServiceAuditLog.logGetMta(SecurityContextUtil.getUsername(), spaceGuid, mtaId); CloudControllerClient client = getCloudFoundryClient(spaceGuid); List mtas = deployedMtaDetector.detectDeployedMtasByName(mtaId, client); @@ -71,7 +76,7 @@ public ResponseEntity getMta(String spaceGuid, String mtaId) { @Override public ResponseEntity> getMtas(String spaceGuid, String namespace, String name) { - + mtasApiServiceAuditLog.logGetMtas(SecurityContextUtil.getUsername(), spaceGuid, namespace, name); if (name == null && namespace == null) { return getAllMtas(spaceGuid); } @@ -85,8 +90,7 @@ public ResponseEntity> getMtas(String spaceGuid, String namespace, Str } CloudControllerClient client = getCloudFoundryClient(spaceGuid); - Optional optionalDeployedMta = deployedMtaDetector.detectDeployedMtaByNameAndNamespace(name, namespace, - client); + Optional optionalDeployedMta = deployedMtaDetector.detectDeployedMtaByNameAndNamespace(name, namespace, client); DeployedMta deployedMta = optionalDeployedMta.orElseThrow(() -> new NotFoundException(Messages.SPECIFIC_MTA_NOT_FOUND, name, namespace)); diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/OperationsApiServiceImpl.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/OperationsApiServiceImpl.java index e10410f706..0d5e1e474a 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/OperationsApiServiceImpl.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/api/impl/OperationsApiServiceImpl.java @@ -33,7 +33,7 @@ import org.cloudfoundry.multiapps.controller.api.model.Operation; import org.cloudfoundry.multiapps.controller.api.model.ParameterMetadata; import org.cloudfoundry.multiapps.controller.api.model.parameters.ParameterConversion; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; +import org.cloudfoundry.multiapps.controller.core.auditlogging.OperationsApiServiceAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.CloudControllerClientFactory; import org.cloudfoundry.multiapps.controller.core.security.token.TokenService; import org.cloudfoundry.multiapps.controller.core.util.UserInfo; @@ -70,6 +70,7 @@ @Named public class OperationsApiServiceImpl implements OperationsApiService { + private static final Logger LOGGER = LoggerFactory.getLogger(OperationsApiServiceImpl.class); @Inject private CloudControllerClientFactory clientFactory; @Inject @@ -88,11 +89,12 @@ public class OperationsApiServiceImpl implements OperationsApiService { private ProgressMessageService progressMessageService; @Inject private ProcessActionRegistry processActionRegistry; - - private static final Logger LOGGER = LoggerFactory.getLogger(OperationsApiServiceImpl.class); + @Inject + private OperationsApiServiceAuditLog operationsApiServiceAuditLog; @Override public ResponseEntity> getOperations(String spaceGuid, String mtaId, List stateStrings, Integer last) { + operationsApiServiceAuditLog.logGetOperations(SecurityContextUtil.getUsername(), spaceGuid, mtaId); List states = getStates(stateStrings); List operations = filterByQueryParameters(last, states, spaceGuid, mtaId); return ResponseEntity.ok() @@ -101,6 +103,7 @@ public ResponseEntity> getOperations(String spaceGuid, String mt @Override public ResponseEntity executeOperationAction(HttpServletRequest request, String spaceGuid, String operationId, String actionId) { + operationsApiServiceAuditLog.logExecuteOperationAction(SecurityContextUtil.getUsername(), spaceGuid, operationId, actionId); Operation operation = getOperationByOperationGuidAndSpaceGuid(operationId, spaceGuid); List availableOperations = getAvailableActions(operation); if (!availableOperations.contains(actionId)) { @@ -109,8 +112,6 @@ public ResponseEntity executeOperationAction(HttpServletRequest request, S } ProcessAction action = processActionRegistry.getAction(Action.fromString(actionId)); action.execute(getAuthenticatedUser(request), operationId); - AuditLoggingProvider.getFacade() - .logAboutToStart(MessageFormat.format("{0} over operation with id {1}", action, operation.getProcessId())); return ResponseEntity.accepted() .header("Location", getLocationHeader(operationId, spaceGuid)) .build(); @@ -119,6 +120,7 @@ public ResponseEntity executeOperationAction(HttpServletRequest request, S @Override public ResponseEntity> getOperationLogs(String spaceGuid, String operationId) { try { + operationsApiServiceAuditLog.logGetOperationLogs(SecurityContextUtil.getUsername(), spaceGuid, operationId); getOperationByOperationGuidAndSpaceGuid(operationId, spaceGuid); List logIds = logsService.getLogNames(spaceGuid, operationId); List logs = logIds.stream() @@ -136,6 +138,7 @@ public ResponseEntity> getOperationLogs(String spaceGuid, String opera @Override public ResponseEntity getOperationLogContent(String spaceGuid, String operationId, String logId) { try { + operationsApiServiceAuditLog.logGetOperationLogContent(SecurityContextUtil.getUsername(), spaceGuid, operationId, logId); String content = logsService.getLogContent(spaceGuid, operationId, logId); return ResponseEntity.ok() .body(content); @@ -146,6 +149,7 @@ public ResponseEntity getOperationLogContent(String spaceGuid, String op @Override public ResponseEntity startOperation(HttpServletRequest request, String spaceGuid, Operation operation) { + operationsApiServiceAuditLog.logStartOperation(SecurityContextUtil.getUsername(), spaceGuid, operation); String user = getAuthenticatedUser(request); String processDefinitionKey = operationsHelper.getProcessDefinitionKey(operation); Set predefinedParameters = operationMetadataMapper.getOperationMetadata(operation.getProcessType()) @@ -154,8 +158,7 @@ public ResponseEntity startOperation(HttpServletRequest request, Stri operation = addParameterValues(operation, predefinedParameters); ensureRequiredParametersSet(operation, predefinedParameters); ProcessInstance processInstance = flowableFacade.startProcess(processDefinitionKey, operation.getParameters()); - AuditLoggingProvider.getFacade() - .logConfigCreate(operation); + return ResponseEntity.accepted() .header("Location", getLocationHeader(processInstance.getProcessInstanceId(), spaceGuid)) .build(); @@ -163,6 +166,7 @@ public ResponseEntity startOperation(HttpServletRequest request, Stri @Override public ResponseEntity getOperation(String spaceGuid, String operationId, String embed) { + operationsApiServiceAuditLog.logGetOperation(SecurityContextUtil.getUsername(), spaceGuid, operationId, embed); Operation operation = getOperationByOperationGuidAndSpaceGuid(operationId, spaceGuid); if (!operation.getSpaceId() .equals(spaceGuid)) { @@ -208,6 +212,7 @@ private List filterByQueryParameters(Integer lastRequestedOperationsC @Override public ResponseEntity> getOperationActions(String spaceGuid, String operationId) { + operationsApiServiceAuditLog.logGetOperationActions(spaceGuid, SecurityContextUtil.getUsername(), operationId); Operation operation = getOperationByOperationGuidAndSpaceGuid(operationId, spaceGuid); return ResponseEntity.ok() .body(getAvailableActions(operation)); diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/bootstrap/BootstrapServlet.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/bootstrap/BootstrapServlet.java index 879e5660da..3a247767cd 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/bootstrap/BootstrapServlet.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/bootstrap/BootstrapServlet.java @@ -12,9 +12,7 @@ import javax.servlet.http.HttpServlet; import javax.sql.DataSource; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; import org.cloudfoundry.multiapps.controller.core.auditlogging.UserInfoProvider; -import org.cloudfoundry.multiapps.controller.core.auditlogging.impl.AuditLoggingFacadeSLImpl; import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration; import org.cloudfoundry.multiapps.controller.persistence.services.FileService; import org.cloudfoundry.multiapps.controller.persistence.services.LockOwnerService; @@ -25,6 +23,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.context.annotation.Bean; import org.springframework.web.context.support.SpringBeanAutowiringSupport; public class BootstrapServlet extends HttpServlet { @@ -59,7 +58,6 @@ public void init(ServletConfig config) throws ServletException { try { SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, config.getServletContext()); initializeApplicationConfiguration(); - initializeProviders(); initializeFileService(); initExtras(); processEngine.getProcessEngineConfiguration() @@ -120,13 +118,8 @@ protected void destroyExtras() { // Do nothing } - protected static UserInfoProvider getUserInfoProvider() { + @Bean + public UserInfoProvider buildUserInfoProvider() { return SecurityContextUtil::getUserInfo; } - - private void initializeProviders() { - // Initialize audit logging provider - AuditLoggingProvider.setFacade(new AuditLoggingFacadeSLImpl(dataSource, getUserInfoProvider())); - } - } diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/resources/ConfigurationEntriesResource.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/resources/ConfigurationEntriesResource.java index df57437f76..d3101d24d6 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/resources/ConfigurationEntriesResource.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/resources/ConfigurationEntriesResource.java @@ -3,6 +3,7 @@ import javax.inject.Inject; import javax.inject.Named; +import org.cloudfoundry.multiapps.controller.core.auditlogging.MtaConfigurationPurgerAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.CloudControllerClientFactory; import org.cloudfoundry.multiapps.controller.core.cf.CloudControllerClientProvider; import org.cloudfoundry.multiapps.controller.core.cf.metadata.processor.MtaMetadataParser; @@ -42,6 +43,8 @@ public class ConfigurationEntriesResource { private MtaMetadataParser mtaMetadataParser; @Inject private TokenService tokenService; + @Inject + private MtaConfigurationPurgerAuditLog mtaConfigurationPurgerAuditLog; @PostMapping("/purge") public ResponseEntity purgeConfigurationRegistry(@RequestParam(REQUEST_PARAM_ORGANIZATION) String organization, @@ -53,10 +56,12 @@ public ResponseEntity purgeConfigurationRegistry(@RequestParam(REQUEST_PAR CloudControllerClient client = clientProvider.getControllerClientWithNoCorrelation(user.getName(), cloudSpace.getGuid() .toString()); - MtaConfigurationPurger configurationPurger = new MtaConfigurationPurger(client, spaceClient, + MtaConfigurationPurger configurationPurger = new MtaConfigurationPurger(client, + spaceClient, configurationEntryService, configurationSubscriptionService, - mtaMetadataParser); + mtaMetadataParser, + mtaConfigurationPurgerAuditLog); configurationPurger.purge(organization, space); return ResponseEntity.status(HttpStatus.NO_CONTENT) .build(); diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/AdminApiAuthorizationFilter.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/AdminApiAuthorizationFilter.java index 894e7c075c..ce1c86c536 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/AdminApiAuthorizationFilter.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/AdminApiAuthorizationFilter.java @@ -6,6 +6,7 @@ import org.apache.commons.lang3.StringUtils; import org.cloudfoundry.multiapps.common.SLException; +import org.cloudfoundry.multiapps.controller.core.auditlogging.LoginAttemptAuditLog; import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration; @Named @@ -14,8 +15,9 @@ public class AdminApiAuthorizationFilter extends SpaceGuidBasedAuthorizationFilt private final ApplicationConfiguration applicationConfiguration; @Inject - public AdminApiAuthorizationFilter(ApplicationConfiguration applicationConfiguration, AuthorizationChecker authorizationChecker) { - super(authorizationChecker); + public AdminApiAuthorizationFilter(ApplicationConfiguration applicationConfiguration, AuthorizationChecker authorizationChecker, + LoginAttemptAuditLog loginAttemptAuditLog) { + super(authorizationChecker, loginAttemptAuditLog); this.applicationConfiguration = applicationConfiguration; } diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/AuthorizationChecker.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/AuthorizationChecker.java index 9a6bc48237..a4d25a48ee 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/AuthorizationChecker.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/AuthorizationChecker.java @@ -11,7 +11,6 @@ import org.cloudfoundry.multiapps.common.SLException; import org.cloudfoundry.multiapps.controller.core.Messages; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; import org.cloudfoundry.multiapps.controller.core.cf.CloudControllerClientFactory; import org.cloudfoundry.multiapps.controller.core.cf.clients.CfRolesGetter; import org.cloudfoundry.multiapps.controller.core.cf.clients.WebClientFactory; @@ -176,8 +175,6 @@ private void failWithForbiddenStatus(String message) { private static void failWithStatus(HttpStatus status, String message) { LOGGER.warn(message); - AuditLoggingProvider.getFacade() - .logSecurityIncident(message); throw new ResponseStatusException(status, message); } diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/DefaultSpaceGuidBasedAuthorizationFilter.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/DefaultSpaceGuidBasedAuthorizationFilter.java index bba53b0ad7..5b9baf0671 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/DefaultSpaceGuidBasedAuthorizationFilter.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/DefaultSpaceGuidBasedAuthorizationFilter.java @@ -8,6 +8,7 @@ import javax.servlet.http.HttpServletRequest; import org.cloudfoundry.multiapps.common.SLException; +import org.cloudfoundry.multiapps.controller.core.auditlogging.LoginAttemptAuditLog; import org.cloudfoundry.multiapps.controller.web.util.ServletUtil; @Named @@ -17,8 +18,8 @@ public class DefaultSpaceGuidBasedAuthorizationFilter extends SpaceGuidBasedAuth private static final Pattern DEFAULT_URI_PATTERN = Pattern.compile(SPACE_GUID_CAPTURING_REGEX); @Inject - public DefaultSpaceGuidBasedAuthorizationFilter(AuthorizationChecker authorizationChecker) { - super(authorizationChecker); + public DefaultSpaceGuidBasedAuthorizationFilter(AuthorizationChecker authorizationChecker, LoginAttemptAuditLog loginAttemptAuditLog) { + super(authorizationChecker, loginAttemptAuditLog); } @Override diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/PurgeApiAuthorizationFilter.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/PurgeApiAuthorizationFilter.java index 57379327bc..739cdc9cc6 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/PurgeApiAuthorizationFilter.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/PurgeApiAuthorizationFilter.java @@ -6,6 +6,7 @@ import org.apache.commons.lang3.StringUtils; import org.cloudfoundry.multiapps.common.SLException; +import org.cloudfoundry.multiapps.controller.core.auditlogging.LoginAttemptAuditLog; import org.cloudfoundry.multiapps.controller.persistence.model.CloudTarget; import org.cloudfoundry.multiapps.controller.web.Messages; import org.cloudfoundry.multiapps.controller.web.resources.ConfigurationEntriesResource; @@ -14,8 +15,8 @@ public class PurgeApiAuthorizationFilter extends SpaceNameBasedAuthorizationFilter { @Inject - public PurgeApiAuthorizationFilter(AuthorizationChecker authorizationChecker) { - super(authorizationChecker); + public PurgeApiAuthorizationFilter(AuthorizationChecker authorizationChecker, LoginAttemptAuditLog loginAttemptAuditLog) { + super(authorizationChecker, loginAttemptAuditLog); } @Override diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/SpaceGuidBasedAuthorizationFilter.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/SpaceGuidBasedAuthorizationFilter.java index 2506983b7e..e754d6c436 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/SpaceGuidBasedAuthorizationFilter.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/SpaceGuidBasedAuthorizationFilter.java @@ -6,6 +6,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.cloudfoundry.multiapps.controller.core.auditlogging.LoginAttemptAuditLog; import org.cloudfoundry.multiapps.controller.web.Messages; import org.cloudfoundry.multiapps.controller.web.util.SecurityContextUtil; import org.cloudfoundry.multiapps.controller.web.util.ServletUtil; @@ -19,17 +20,27 @@ public abstract class SpaceGuidBasedAuthorizationFilter implements UriAuthorizat private final AuthorizationChecker authorizationChecker; - protected SpaceGuidBasedAuthorizationFilter(AuthorizationChecker authorizationChecker) { + private final LoginAttemptAuditLog loginAttemptAuditLog; + + protected SpaceGuidBasedAuthorizationFilter(AuthorizationChecker authorizationChecker, LoginAttemptAuditLog loginAttemptAuditLog) { this.authorizationChecker = authorizationChecker; + this.loginAttemptAuditLog = loginAttemptAuditLog; } @Override public final boolean ensureUserIsAuthorized(HttpServletRequest request, HttpServletResponse response) throws IOException { String spaceGuid = extractAndLogSpaceGuid(request); + loginAttemptAuditLog.logLoginAttempt(SecurityContextUtil.getUsername(), spaceGuid, Messages.USER_TRYING_TO_LOGIN_AUDIT_LOG_MESSAGE, + Messages.LOGIN_ATTEMPT_AUDIT_LOG_CONFIG); try { authorizationChecker.ensureUserIsAuthorized(request, SecurityContextUtil.getUserInfo(), spaceGuid, null); + loginAttemptAuditLog.logLoginAttempt(SecurityContextUtil.getUsername(), spaceGuid, + Messages.USER_SUCCESSFULLY_LOGGED_IN_AUDIT_LOG_MESSAGE, + Messages.LOGIN_ATTEMPT_AUDIT_LOG_CONFIG); return true; } catch (ResponseStatusException e) { + loginAttemptAuditLog.logLoginAttempt(SecurityContextUtil.getUsername(), spaceGuid, + Messages.USER_FAILED_TO_LOG_IN_AUDIT_LOG_MESSAGE, Messages.LOGIN_ATTEMPT_AUDIT_LOG_CONFIG); logUnauthorizedRequest(request, e); response.sendError(e.getStatus() .value(), @@ -53,5 +64,4 @@ private void logUnauthorizedRequest(HttpServletRequest request, ResponseStatusEx } protected abstract String extractSpaceGuid(HttpServletRequest request); - } diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/SpaceNameBasedAuthorizationFilter.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/SpaceNameBasedAuthorizationFilter.java index c01dd3dce9..a07cfcd211 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/SpaceNameBasedAuthorizationFilter.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/SpaceNameBasedAuthorizationFilter.java @@ -3,9 +3,11 @@ import java.io.IOException; import java.text.MessageFormat; +import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.cloudfoundry.multiapps.controller.core.auditlogging.LoginAttemptAuditLog; import org.cloudfoundry.multiapps.controller.persistence.model.CloudTarget; import org.cloudfoundry.multiapps.controller.web.Messages; import org.cloudfoundry.multiapps.controller.web.util.SecurityContextUtil; @@ -19,18 +21,27 @@ public abstract class SpaceNameBasedAuthorizationFilter implements UriAuthorizat private static final Logger LOGGER = LoggerFactory.getLogger(SpaceNameBasedAuthorizationFilter.class); private final AuthorizationChecker authorizationChecker; + private final LoginAttemptAuditLog loginAttemptAuditLog; - protected SpaceNameBasedAuthorizationFilter(AuthorizationChecker authorizationChecker) { + protected SpaceNameBasedAuthorizationFilter(AuthorizationChecker authorizationChecker, LoginAttemptAuditLog loginAttemptAuditLog) { this.authorizationChecker = authorizationChecker; + this.loginAttemptAuditLog = loginAttemptAuditLog; } @Override public final boolean ensureUserIsAuthorized(HttpServletRequest request, HttpServletResponse response) throws IOException { CloudTarget target = extractAndLogTarget(request); + loginAttemptAuditLog.logLoginAttempt(SecurityContextUtil.getUsername(), target.getSpaceName(), + Messages.USER_TRYING_TO_LOGIN_AUDIT_LOG_MESSAGE, Messages.LOGIN_ATTEMPT_AUDIT_LOG_CONFIG); try { authorizationChecker.ensureUserIsAuthorized(request, SecurityContextUtil.getUserInfo(), target, null); + loginAttemptAuditLog.logLoginAttempt(SecurityContextUtil.getUsername(), target.getSpaceName(), + Messages.USER_SUCCESSFULLY_LOGGED_IN_AUDIT_LOG_MESSAGE, + Messages.LOGIN_ATTEMPT_AUDIT_LOG_CONFIG); return true; } catch (ResponseStatusException e) { + loginAttemptAuditLog.logLoginAttempt(SecurityContextUtil.getUsername(), target.getSpaceName(), + Messages.USER_FAILED_TO_LOG_IN_AUDIT_LOG_MESSAGE, Messages.LOGIN_ATTEMPT_AUDIT_LOG_CONFIG); logUnauthorizedRequest(request, e); response.sendError(e.getStatus() .value(), diff --git a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/UriAuthorizationFilter.java b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/UriAuthorizationFilter.java index ede9e7a20d..f7f3f57c91 100644 --- a/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/UriAuthorizationFilter.java +++ b/multiapps-controller-web/src/main/java/org/cloudfoundry/multiapps/controller/web/security/UriAuthorizationFilter.java @@ -13,5 +13,4 @@ public interface UriAuthorizationFilter { * @return Whether or not the request should be forwarded to the rest of the filter chain and eventually to the appropriate handler. */ boolean ensureUserIsAuthorized(HttpServletRequest request, HttpServletResponse response) throws IOException; - } diff --git a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/FilesApiServiceImplTest.java b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/FilesApiServiceImplTest.java index 0d669adb3c..6cbf1b6140 100644 --- a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/FilesApiServiceImplTest.java +++ b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/FilesApiServiceImplTest.java @@ -30,8 +30,7 @@ import org.cloudfoundry.multiapps.controller.api.model.FileMetadata; import org.cloudfoundry.multiapps.controller.api.model.ImmutableFileUrl; import org.cloudfoundry.multiapps.controller.client.util.ResilientOperationExecutor; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingFacade; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; +import org.cloudfoundry.multiapps.controller.core.auditlogging.FilesApiServiceAuditLog; import org.cloudfoundry.multiapps.controller.core.helpers.DescriptorParserFacadeFactory; import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration; import org.cloudfoundry.multiapps.controller.core.util.UserInfo; @@ -81,6 +80,8 @@ class FilesApiServiceImplTest { private MultipartFile file; @Mock private HttpClient httpClient; + @Mock + private FilesApiServiceAuditLog filesApiServiceAuditLog; @InjectMocks private final FilesApiServiceImpl testedClass = new FilesApiServiceImpl() { @Override @@ -119,8 +120,6 @@ public void initialize() throws Exception { .close(); Mockito.when(request.getRequestURI()) .thenReturn(""); - AuditLoggingProvider.setFacade(Mockito.mock(AuditLoggingFacade.class)); - } @Test diff --git a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/MtasApiServiceImplTest.java b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/MtasApiServiceImplTest.java index 374b5a7a5f..7b10d59167 100644 --- a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/MtasApiServiceImplTest.java +++ b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/MtasApiServiceImplTest.java @@ -17,6 +17,7 @@ import org.cloudfoundry.multiapps.controller.api.model.Metadata; import org.cloudfoundry.multiapps.controller.api.model.Module; import org.cloudfoundry.multiapps.controller.api.model.Mta; +import org.cloudfoundry.multiapps.controller.core.auditlogging.MtasApiServiceAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.CloudControllerClientProvider; import org.cloudfoundry.multiapps.controller.core.cf.detect.DeployedMtaRequiredDataOnlyDetector; import org.cloudfoundry.multiapps.controller.core.cf.metadata.ImmutableMtaMetadata; @@ -57,8 +58,11 @@ class MtasApiServiceImplTest { @Mock private DeployedMtaRequiredDataOnlyDetector deployedMtaDetector; + @Mock + private MtasApiServiceAuditLog mtasApiServiceAuditLog; + @InjectMocks - private MtasApiServiceImpl testedClass; + private MtasApiServiceImpl testedClass = new MtasApiServiceImpl(); private List mtas; diff --git a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/OperationsApiServiceImplTest.java b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/OperationsApiServiceImplTest.java index a870c3b9cf..6085e12324 100644 --- a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/OperationsApiServiceImplTest.java +++ b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/api/impl/OperationsApiServiceImplTest.java @@ -23,7 +23,7 @@ import org.cloudfoundry.multiapps.controller.api.model.Operation; import org.cloudfoundry.multiapps.controller.api.model.ProcessType; import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingFacade; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; +import org.cloudfoundry.multiapps.controller.core.auditlogging.OperationsApiServiceAuditLog; import org.cloudfoundry.multiapps.controller.core.cf.CloudControllerClientFactory; import org.cloudfoundry.multiapps.controller.core.security.token.TokenService; import org.cloudfoundry.multiapps.controller.persistence.query.OperationQuery; @@ -83,9 +83,11 @@ class OperationsApiServiceImplTest { private ProcessActionRegistry processActionRegistry; @Mock private ProcessAction processAction; + @Mock + private OperationsApiServiceAuditLog operationsApiServiceAuditLog; @InjectMocks - private OperationsApiServiceImpl operationsApiService; + private OperationsApiServiceImpl operationsApiService = new OperationsApiServiceImpl(); private static final String SPACE_GUID = "896e6be9-8217-4a1c-b938-09b30966157a"; private static final String ORG_GUID = "0a42c085-b772-4b1e-bf4d-75c463aab5f6"; @@ -115,7 +117,6 @@ public void initialize() throws Exception { operations.add(createOperation(ERROR_PROCESS, Operation.State.ERROR, Collections.emptyMap())); operations.add(createOperation(ABORTED_PROCESS, Operation.State.ABORTED, Collections.emptyMap())); - AuditLoggingProvider.setFacade(Mockito.mock(AuditLoggingFacade.class)); setupOperationServiceMock(); setupOperationsHelperMock(); mockProcessActionRegistry(); diff --git a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/AdminApiAuthorizationFilterTest.java b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/AdminApiAuthorizationFilterTest.java index c367fe203b..8a648d623b 100644 --- a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/AdminApiAuthorizationFilterTest.java +++ b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/AdminApiAuthorizationFilterTest.java @@ -8,6 +8,7 @@ import javax.servlet.http.HttpServletRequest; import org.cloudfoundry.multiapps.common.SLException; +import org.cloudfoundry.multiapps.controller.core.auditlogging.LoginAttemptAuditLog; import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -25,13 +26,15 @@ class AdminApiAuthorizationFilterTest { private HttpServletRequest request; @Mock private ApplicationConfiguration applicationConfiguration; + @Mock + private LoginAttemptAuditLog loginAttemptAuditLog; private AdminApiAuthorizationFilter adminApiAuthorizationFilter; @BeforeEach void setUp() throws Exception { MockitoAnnotations.openMocks(this) .close(); - adminApiAuthorizationFilter = new AdminApiAuthorizationFilter(applicationConfiguration, null); + adminApiAuthorizationFilter = new AdminApiAuthorizationFilter(applicationConfiguration, null, loginAttemptAuditLog); } @ParameterizedTest diff --git a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/AuthorizationCheckerTest.java b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/AuthorizationCheckerTest.java index e3b378e530..fe4f13f128 100644 --- a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/AuthorizationCheckerTest.java +++ b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/AuthorizationCheckerTest.java @@ -14,8 +14,6 @@ import java.util.Set; import java.util.stream.Stream; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingFacade; -import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider; import org.cloudfoundry.multiapps.controller.core.cf.CloudControllerClientFactory; import org.cloudfoundry.multiapps.controller.core.cf.clients.CfRolesGetter; import org.cloudfoundry.multiapps.controller.core.cf.clients.WebClientFactory; @@ -145,8 +143,6 @@ void checkPermissionsWithExceptionTest2() { @Test void testCheckPermissionsWithNonUUIDSpaceIDString() { setUpMocks(EnumSet.of(UserRole.SPACE_DEVELOPER), null); - AuditLoggingFacade mockAuditLoggingFacade = Mockito.mock(AuditLoggingFacade.class); - AuditLoggingProvider.setFacade(mockAuditLoggingFacade); UserInfo userInfo = getUserInfo(); ResponseStatusException resultException = assertThrows(ResponseStatusException.class, () -> authorizationChecker.checkPermissions(userInfo, "non-uuid-spaceId", diff --git a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/DefaultSpaceGuidBasedAuthorizationFilterTest.java b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/DefaultSpaceGuidBasedAuthorizationFilterTest.java index bad3889069..3c933f1309 100644 --- a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/DefaultSpaceGuidBasedAuthorizationFilterTest.java +++ b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/DefaultSpaceGuidBasedAuthorizationFilterTest.java @@ -8,6 +8,7 @@ import javax.servlet.http.HttpServletRequest; import org.cloudfoundry.multiapps.common.SLException; +import org.cloudfoundry.multiapps.controller.core.auditlogging.LoginAttemptAuditLog; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; @@ -22,13 +23,15 @@ class DefaultSpaceGuidBasedAuthorizationFilterTest { @Mock private HttpServletRequest request; + @Mock + private LoginAttemptAuditLog loginAttemptAuditLog; private DefaultSpaceGuidBasedAuthorizationFilter defaultSpaceGuidBasedAuthorizationFilter; @BeforeEach void setUp() throws Exception { MockitoAnnotations.openMocks(this) .close(); - defaultSpaceGuidBasedAuthorizationFilter = new DefaultSpaceGuidBasedAuthorizationFilter(null); + defaultSpaceGuidBasedAuthorizationFilter = new DefaultSpaceGuidBasedAuthorizationFilter(null, loginAttemptAuditLog); } @ParameterizedTest diff --git a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/PurgeApiAuthorizationFilterTest.java b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/PurgeApiAuthorizationFilterTest.java index 4a211a05bc..0f68944262 100644 --- a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/PurgeApiAuthorizationFilterTest.java +++ b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/PurgeApiAuthorizationFilterTest.java @@ -8,6 +8,7 @@ import javax.servlet.http.HttpServletRequest; import org.cloudfoundry.multiapps.common.SLException; +import org.cloudfoundry.multiapps.controller.core.auditlogging.LoginAttemptAuditLog; import org.cloudfoundry.multiapps.controller.persistence.model.CloudTarget; import org.cloudfoundry.multiapps.controller.web.resources.ConfigurationEntriesResource; import org.junit.jupiter.api.BeforeEach; @@ -25,13 +26,15 @@ class PurgeApiAuthorizationFilterTest { @Mock private HttpServletRequest request; + @Mock + private LoginAttemptAuditLog loginAttemptAuditLog; private PurgeApiAuthorizationFilter purgeApiAuthorizationFilter; @BeforeEach void setUp() throws Exception { MockitoAnnotations.openMocks(this) .close(); - purgeApiAuthorizationFilter = new PurgeApiAuthorizationFilter(null); + purgeApiAuthorizationFilter = new PurgeApiAuthorizationFilter(null, loginAttemptAuditLog); } @Test diff --git a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/SpaceGuidBasedAuthorizationFilterTest.java b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/SpaceGuidBasedAuthorizationFilterTest.java index 042c8c349e..9b86519dcb 100644 --- a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/SpaceGuidBasedAuthorizationFilterTest.java +++ b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/SpaceGuidBasedAuthorizationFilterTest.java @@ -5,6 +5,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.cloudfoundry.multiapps.controller.core.auditlogging.LoginAttemptAuditLog; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.Mock; @@ -23,14 +24,16 @@ class SpaceGuidBasedAuthorizationFilterTest { private HttpServletResponse response; @Mock private AuthorizationChecker authorizationChecker; - private DummyUriAuthorizationFilter dummyUriAuthorizationFilter; + @Mock + private LoginAttemptAuditLog loginAttemptAuditLog; + private DummyUriAuthorizationFilter dummyUriAuthorizationFilter; @BeforeEach void setUp() { MockitoAnnotations.openMocks(this); Mockito.when(request.getRequestURI()) .thenReturn(""); - dummyUriAuthorizationFilter = new DummyUriAuthorizationFilter(authorizationChecker); + dummyUriAuthorizationFilter = new DummyUriAuthorizationFilter(authorizationChecker, loginAttemptAuditLog); } @Test @@ -55,8 +58,8 @@ void testWithException() throws IOException { private static class DummyUriAuthorizationFilter extends SpaceGuidBasedAuthorizationFilter { - public DummyUriAuthorizationFilter(AuthorizationChecker authorizationChecker) { - super(authorizationChecker); + public DummyUriAuthorizationFilter(AuthorizationChecker authorizationChecker, LoginAttemptAuditLog loginAttemptAuditLog) { + super(authorizationChecker, loginAttemptAuditLog); } @Override diff --git a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/SpaceNameBasedAuthorizationFilterTest.java b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/SpaceNameBasedAuthorizationFilterTest.java index 257897d00d..74f1000cbd 100644 --- a/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/SpaceNameBasedAuthorizationFilterTest.java +++ b/multiapps-controller-web/src/test/java/org/cloudfoundry/multiapps/controller/web/security/SpaceNameBasedAuthorizationFilterTest.java @@ -5,6 +5,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.cloudfoundry.multiapps.controller.core.auditlogging.LoginAttemptAuditLog; import org.cloudfoundry.multiapps.controller.persistence.model.CloudTarget; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -25,6 +26,8 @@ class SpaceNameBasedAuthorizationFilterTest { private HttpServletResponse response; @Mock private AuthorizationChecker authorizationChecker; + @Mock + private LoginAttemptAuditLog loginAttemptAuditLog; private DummyUriAuthorizationFilter dummyUriAuthorizationFilter; @BeforeEach @@ -33,7 +36,7 @@ void setUp() throws Exception { .close(); Mockito.when(request.getRequestURI()) .thenReturn(""); - dummyUriAuthorizationFilter = new DummyUriAuthorizationFilter(authorizationChecker); + dummyUriAuthorizationFilter = new DummyUriAuthorizationFilter(authorizationChecker, loginAttemptAuditLog); } @Test @@ -60,8 +63,8 @@ void testWithException() throws IOException { private static class DummyUriAuthorizationFilter extends SpaceNameBasedAuthorizationFilter { - public DummyUriAuthorizationFilter(AuthorizationChecker authorizationChecker) { - super(authorizationChecker); + public DummyUriAuthorizationFilter(AuthorizationChecker authorizationChecker, LoginAttemptAuditLog loginAttemptAuditLog) { + super(authorizationChecker, loginAttemptAuditLog); } @Override