Skip to content

Commit

Permalink
Remarks gathered during code review applied to tests related to audit…
Browse files Browse the repository at this point in the history
… logs.

Signed-off-by: Lukasz Soszynski <[email protected]>
  • Loading branch information
lukasz-soszynski-eliatra committed Oct 13, 2022
1 parent 095812b commit c6d4255
Show file tree
Hide file tree
Showing 6 changed files with 293 additions and 243 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,9 @@
import org.opensearch.repositories.RepositoryMissingException;
import org.opensearch.rest.RestStatus;
import org.opensearch.search.builder.SearchSourceBuilder;
import org.opensearch.test.framework.TestSecurityConfig.AuditCompliance;
import org.opensearch.test.framework.TestSecurityConfig.AuditConfiguration;
import org.opensearch.test.framework.TestSecurityConfig.AuditFilters;
import org.opensearch.test.framework.AuditCompliance;
import org.opensearch.test.framework.AuditConfiguration;
import org.opensearch.test.framework.AuditFilters;
import org.opensearch.test.framework.TestSecurityConfig.Role;
import org.opensearch.test.framework.TestSecurityConfig.User;
import org.opensearch.test.framework.audit.AuditLogsRule;
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
*/
package org.opensearch.test.framework;

import java.io.IOException;
import java.util.Collections;
import java.util.List;

import org.opensearch.common.xcontent.ToXContentObject;
import org.opensearch.common.xcontent.XContentBuilder;

public class AuditCompliance implements ToXContentObject {

private boolean enabled = false;

private Boolean writeLogDiffs;

private List<String> readIgnoreUsers;

private List<String> writeWatchedIndices;

private List<String> writeIgnoreUsers;

private Boolean readMetadataOnly;

private Boolean writeMetadataOnly;

private Boolean externalConfig;

private Boolean internalConfig;

public AuditCompliance enabled(boolean enabled) {
this.enabled = enabled;
this.writeLogDiffs = false;
this.readIgnoreUsers = Collections.emptyList();
this.writeWatchedIndices = Collections.emptyList();
this.writeIgnoreUsers = Collections.emptyList();
this.readMetadataOnly = false;
this.writeMetadataOnly = false;
this.externalConfig = false;
this.internalConfig = false;
return this;
}

public AuditCompliance writeLogDiffs(boolean writeLogDiffs) {
this.writeLogDiffs = writeLogDiffs;
return this;
}

public AuditCompliance readIgnoreUsers(List<String> list) {
this.readIgnoreUsers = list;
return this;
}

public AuditCompliance writeWatchedIndices(List<String> list) {
this.writeWatchedIndices = list;
return this;
}

public AuditCompliance writeIgnoreUsers(List<String> list) {
this.writeIgnoreUsers = list;
return this;
}

public AuditCompliance readMetadataOnly(boolean readMetadataOnly) {
this.readMetadataOnly = readMetadataOnly;
return this;
}

public AuditCompliance writeMetadataOnly(boolean writeMetadataOnly) {
this.writeMetadataOnly = writeMetadataOnly;
return this;
}

public AuditCompliance externalConfig(boolean externalConfig) {
this.externalConfig = externalConfig;
return this;
}

public AuditCompliance internalConfig(boolean internalConfig) {
this.internalConfig = internalConfig;
return this;
}

@Override public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params) throws IOException {
xContentBuilder.startObject();
xContentBuilder.field("enabled", enabled);
xContentBuilder.field("write_log_diffs", writeLogDiffs);
xContentBuilder.field("read_ignore_users", readIgnoreUsers);
xContentBuilder.field("write_watched_indices", writeWatchedIndices);
xContentBuilder.field("write_ignore_users", writeIgnoreUsers);
xContentBuilder.field("read_metadata_only", readMetadataOnly);
xContentBuilder.field("write_metadata_only", writeMetadataOnly);
xContentBuilder.field("external_config", externalConfig);
xContentBuilder.field("internal_config", internalConfig);
xContentBuilder.endObject();
return xContentBuilder;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
*/
package org.opensearch.test.framework;

import java.io.IOException;

import org.opensearch.common.xcontent.ToXContentObject;
import org.opensearch.common.xcontent.XContentBuilder;

public class AuditConfiguration implements ToXContentObject {
private final boolean enabled;

private AuditFilters filters;

private AuditCompliance compliance;

public AuditConfiguration(boolean enabled) {
this.filters = new AuditFilters();
this.compliance = new AuditCompliance();
this.enabled = enabled;
}

public boolean isEnabled() {
return enabled;
}

public AuditConfiguration filters(AuditFilters filters) {
this.filters = filters;
return this;
}

public AuditConfiguration compliance(AuditCompliance auditCompliance) {
this.compliance = auditCompliance;
return this;
}

@Override public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params) throws IOException {
// json built here must be deserialized to org.opensearch.security.auditlog.config.AuditConfig
xContentBuilder.startObject();
xContentBuilder.field("enabled", enabled);

xContentBuilder.field("audit", filters);
xContentBuilder.field("compliance", compliance);

xContentBuilder.endObject();
return xContentBuilder;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
*/
package org.opensearch.test.framework;

import java.io.IOException;
import java.util.Collections;
import java.util.List;

import org.opensearch.common.xcontent.ToXContentObject;
import org.opensearch.common.xcontent.XContentBuilder;

public class AuditFilters implements ToXContentObject {

private Boolean enabledRest;

private Boolean enabledTransport;

private Boolean logRequestBody;

private Boolean resolveIndices;

private Boolean resolveBulkRequests;

private Boolean excludeSensitiveHeaders;

private List<String> ignoreUsers;

private List<String> ignoreRequests;

private List<String> disabledRestCategories;

private List<String> disabledTransportCategories;

public AuditFilters() {
this.enabledRest = false;
this.enabledTransport = false;

this.logRequestBody = true;
this.resolveIndices = true;
this.resolveBulkRequests = false;
this.excludeSensitiveHeaders = true;

this.ignoreUsers = Collections.emptyList();
this.ignoreRequests = Collections.emptyList();
this.disabledRestCategories = Collections.emptyList();
this.disabledTransportCategories = Collections.emptyList();
}

public AuditFilters enabledRest(boolean enabled) {
this.enabledRest = enabled;
return this;
}

public AuditFilters enabledTransport(boolean enabled) {
this.enabledTransport = enabled;
return this;
}

public AuditFilters logRequestBody(boolean logRequestBody) {
this.logRequestBody = logRequestBody;
return this;
}

public AuditFilters resolveIndices(boolean resolveIndices) {
this.resolveIndices = resolveIndices;
return this;
}

public AuditFilters resolveBulkRequests(boolean resolveBulkRequests) {
this.resolveBulkRequests = resolveBulkRequests;
return this;
}

public AuditFilters excludeSensitiveHeaders(boolean excludeSensitiveHeaders) {
this.excludeSensitiveHeaders = excludeSensitiveHeaders;
return this;
}

public AuditFilters ignoreUsers(List<String> ignoreUsers) {
this.ignoreUsers = ignoreUsers;
return this;
}

public AuditFilters ignoreRequests(List<String> ignoreRequests) {
this.ignoreRequests = ignoreRequests;
return this;
}

public AuditFilters disabledRestCategories(List<String> disabledRestCategories) {
this.disabledRestCategories = disabledRestCategories;
return this;
}

public AuditFilters disabledTransportCategories(List<String> disabledTransportCategories) {
this.disabledTransportCategories = disabledTransportCategories;
return this;
}

@Override public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params) throws IOException {
xContentBuilder.startObject();
xContentBuilder.field("enable_rest", enabledRest);
xContentBuilder.field("enable_transport", enabledTransport);
xContentBuilder.field("resolve_indices", resolveIndices);
xContentBuilder.field("log_request_body", logRequestBody);
xContentBuilder.field("resolve_bulk_requests", resolveBulkRequests);
xContentBuilder.field("exclude_sensitive_headers", excludeSensitiveHeaders);
xContentBuilder.field("ignore_users", ignoreUsers);
xContentBuilder.field("ignore_requests", ignoreRequests);
xContentBuilder.field("disabled_rest_categories", disabledRestCategories);
xContentBuilder.field("disabled_transport_categories", disabledTransportCategories);
xContentBuilder.endObject();
return xContentBuilder;
}
}
Loading

0 comments on commit c6d4255

Please sign in to comment.