github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/apiserver/observer/auditfilter_test.go (about) 1 // Copyright 2017 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package observer_test 5 6 import ( 7 "strings" 8 9 "github.com/juju/collections/set" 10 "github.com/juju/testing" 11 jc "github.com/juju/testing/checkers" 12 gc "gopkg.in/check.v1" 13 14 "github.com/juju/juju/apiserver/observer" 15 apitesting "github.com/juju/juju/apiserver/testing" 16 "github.com/juju/juju/core/auditlog" 17 ) 18 19 type auditFilterSuite struct { 20 testing.IsolationSuite 21 } 22 23 var _ = gc.Suite(&auditFilterSuite{}) 24 25 func (s *auditFilterSuite) TestFiltersUninterestingConversations(c *gc.C) { 26 target := &apitesting.FakeAuditLog{} 27 filter := func(r auditlog.Request) bool { 28 return !strings.HasPrefix(r.Method, "List") 29 } 30 log := observer.NewAuditLogFilter(target, filter) 31 32 err := log.AddConversation(auditlog.Conversation{}) 33 c.Assert(err, jc.ErrorIsNil) 34 // Nothing written out yet. 35 target.CheckCallNames(c) 36 37 err = log.AddRequest(auditlog.Request{Method: "ListBuckets"}) 38 c.Assert(err, jc.ErrorIsNil) 39 target.CheckCallNames(c) 40 41 err = log.AddResponse(auditlog.ResponseErrors{}) 42 c.Assert(err, jc.ErrorIsNil) 43 target.CheckCallNames(c) 44 45 err = log.AddRequest(auditlog.Request{Method: "ListSpades"}) 46 c.Assert(err, jc.ErrorIsNil) 47 target.CheckCallNames(c) 48 49 err = log.AddRequest(auditlog.Request{Method: "BuildCastle"}) 50 c.Assert(err, jc.ErrorIsNil) 51 // Everything gets written now. 52 target.CheckCallNames(c, 53 "AddConversation", "AddRequest", "AddResponse", "AddRequest", 54 "AddRequest") 55 calls := target.Calls() 56 getMethod := func(i int) string { 57 return calls[i].Args[0].(auditlog.Request).Method 58 } 59 requests := []string{getMethod(1), getMethod(3), getMethod(4)} 60 c.Assert(requests, gc.DeepEquals, []string{"ListBuckets", "ListSpades", "BuildCastle"}) 61 62 // Subsequent messages are passed through directly even if they're 63 // not inherently interesting. 64 target.ResetCalls() 65 66 err = log.AddRequest(auditlog.Request{Method: "ListTrowels"}) 67 c.Assert(err, jc.ErrorIsNil) 68 target.CheckCallNames(c, "AddRequest") 69 70 calls = target.Calls() 71 c.Assert(getMethod(0), gc.Equals, "ListTrowels") 72 73 err = log.AddResponse(auditlog.ResponseErrors{}) 74 c.Assert(err, jc.ErrorIsNil) 75 target.CheckCallNames(c, "AddRequest", "AddResponse") 76 } 77 78 func (s *auditFilterSuite) TestMakeFilter(c *gc.C) { 79 f1 := observer.MakeInterestingRequestFilter(set.NewStrings("Battery.Kinzie", "Helplessness.Blues")) 80 c.Assert(f1(auditlog.Request{Facade: "Battery", Method: "Kinzie"}), jc.IsFalse) 81 c.Assert(f1(auditlog.Request{Facade: "Helplessness", Method: "Blues"}), jc.IsFalse) 82 c.Assert(f1(auditlog.Request{Facade: "The", Method: "Shrine"}), jc.IsTrue) 83 } 84 85 func (s *auditFilterSuite) TestExpandsReadonlyMethods(c *gc.C) { 86 f1 := observer.MakeInterestingRequestFilter(set.NewStrings("ReadOnlyMethods", "Helplessness.Blues")) 87 c.Assert(f1(auditlog.Request{Facade: "Helplessness", Method: "Blues"}), jc.IsFalse) 88 c.Assert(f1(auditlog.Request{Facade: "Client", Method: "FullStatus"}), jc.IsFalse) 89 c.Assert(f1(auditlog.Request{Facade: "Falcon", Method: "Heavy"}), jc.IsTrue) 90 } 91 92 func (s *auditFilterSuite) TestOnlyExcludeReadonlyMethodsIfWeShould(c *gc.C) { 93 f1 := observer.MakeInterestingRequestFilter(set.NewStrings("Helplessness.Blues")) 94 c.Assert(f1(auditlog.Request{Facade: "Helplessness", Method: "Blues"}), jc.IsFalse) 95 // Doesn't allow the readonly methods unless they've included the special key. 96 c.Assert(f1(auditlog.Request{Facade: "Client", Method: "FullStatus"}), jc.IsTrue) 97 }