From 11b7c721e69dd37ccd5f1e4d572e6c0d6ec1a89b Mon Sep 17 00:00:00 2001 From: Chandrasekhar Raman <33996892+chandrasekhar1996@users.noreply.github.com> Date: Mon, 27 Nov 2023 10:55:35 -0800 Subject: [PATCH] [2427] fix invalid audit log json on adding/deleting a template (#2428) Signed-off-by: craman Co-authored-by: craman --- .../java/com/yahoo/athenz/zms/DBService.java | 6 +- .../com/yahoo/athenz/zms/DBServiceTest.java | 77 ++++++++++++++++++- 2 files changed, 81 insertions(+), 2 deletions(-) diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java index 9059de4ccde..54fc55a3d82 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java @@ -4626,7 +4626,7 @@ boolean addSolutionTemplate(ResourceContext ctx, ObjectStoreConnection con, Stri auditDetails.append("{\"name\": \"").append(templateName).append('\"'); - // we have already verified that our template is valid but + // we have already verified that our template is valid, but // we'll just double check to make sure it's not null Template template = zmsConfig.getServerSolutionTemplates().get(templateName); @@ -4635,6 +4635,8 @@ boolean addSolutionTemplate(ResourceContext ctx, ObjectStoreConnection con, Stri return true; } + auditDetails.append(","); + boolean firstEntry = true; // iterate through roles in the list. @@ -4776,6 +4778,8 @@ void deleteSolutionTemplate(ResourceContext ctx, ObjectStoreConnection con, Stri return; } + auditDetails.append(","); + boolean firstEntry = true; // iterate through roles in the list and delete the role diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java index 35e0f30c1d5..aaf611eee71 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java @@ -18,6 +18,7 @@ import ch.qos.logback.classic.Logger; import ch.qos.logback.classic.spi.LoggingEvent; import ch.qos.logback.core.AppenderBase; +import com.fasterxml.jackson.databind.ObjectMapper; import com.google.common.io.Resources; import com.yahoo.athenz.auth.Authority; import com.yahoo.athenz.auth.Principal; @@ -320,6 +321,17 @@ private TopLevelDomain createTopLevelDomainObject(String name, return createTopLevelDomainObject(name, description, org, admin, true, false); } + private boolean isValidJSON(String jsonText) { + try { + ObjectMapper objectMapper = new ObjectMapper(); + objectMapper.readTree(jsonText); + } catch (Exception ex) { + return false; + } + + return true; + } + @Test public void testCheckDomainAuditEnabledFlagTrueRefValid() { @@ -9268,6 +9280,31 @@ public void testApplySolutionTemplateWithRoleMetaData() { zms.deleteTopLevelDomain(mockDomRsrcCtx, domainName, auditRef); } + @Test + public void testAuditLogAddSolutionTemplate() { + + String domainName = "auditlog-solutiontemplate-rolemeta"; + String caller = "testAuditLogAddSolutionTemplate"; + TopLevelDomain dom1 = createTopLevelDomainObject(domainName, + "Test Domain1", "testOrg", adminUser); + zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1); + + // apply the template + + List templates = new ArrayList<>(); + templates.add("templateWithRoleMeta"); + DomainTemplate domainTemplate = new DomainTemplate().setTemplateNames(templates); + ObjectStoreConnection conn = zms.dbService.store.getConnection(true, false); + + StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT); + auditDetails.append("{\"add-templates\": "); + zms.dbService.addSolutionTemplate(mockDomRsrcCtx, conn, domainName, "templateWithRoleMeta", adminUser, domainTemplate.getParams(), auditRef, auditDetails); + auditDetails.append("}"); + + assertTrue(isValidJSON(auditDetails.toString())); + zms.deleteTopLevelDomain(mockDomRsrcCtx, domainName, auditRef); + } + @Test public void testApplySolutionTemplateOnExistingRoleWithRoleMetaData() { String domainName = "solutiontemplate-existing-rolemeta"; @@ -12791,4 +12828,42 @@ public void testFilterObjectsForReview() { assertEquals(filterObjects.getList().get(0), object1); assertEquals(filterObjects.getList().get(1), object3); } -} \ No newline at end of file + + @Test + public void testAuditLogDeleteSolutionTemplate() { + + String domainName = "auditlog-solutiontemplate"; + String caller = "testAuditLogDeleteSolutionTemplate"; + TopLevelDomain dom1 = createTopLevelDomainObject(domainName, + "Test Domain1", "testOrg", adminUser); + zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1); + + // apply the template + + List templates = new ArrayList<>(); + templates.add("templateWithRoleMeta"); + DomainTemplate domainTemplate = new DomainTemplate().setTemplateNames(templates); + zms.dbService.executePutDomainTemplate(mockDomRsrcCtx, domainName, domainTemplate, auditRef, caller); + + DomainTemplateList domainTemplateList = zms.dbService.listDomainTemplates(domainName); + assertEquals(1, domainTemplateList.getTemplateNames().size()); + + StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT); + auditDetails.append("{\"templates\": "); + + Template template = zms.dbService.zmsConfig.getServerSolutionTemplates().get("templateWithRoleMeta"); + ObjectStoreConnection conn = zms.dbService.store.getConnection(true, false); + + // remove the templateWithRoleMeta template + zms.dbService.deleteSolutionTemplate(mockDomRsrcCtx, conn, domainName, "templateWithRoleMeta", template, + auditDetails); + + auditDetails.append("}"); + + assertTrue(isValidJSON(auditDetails.toString())); + domainTemplateList = zms.dbService.listDomainTemplates(domainName); + assertTrue(domainTemplateList.getTemplateNames().isEmpty()); + + zms.deleteTopLevelDomain(mockDomRsrcCtx, domainName, auditRef); + } +}