mirror of
https://github.com/coder/coder.git
synced 2025-07-09 11:45:56 +00:00
feat: add audit exporting and filtering (#1314)
This commit is contained in:
131
coderd/audit/exporter_test.go
Normal file
131
coderd/audit/exporter_test.go
Normal file
@ -0,0 +1,131 @@
|
||||
package audit_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net"
|
||||
"net/http"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/tabbed/pqtype"
|
||||
|
||||
"github.com/coder/coder/coderd/audit"
|
||||
"github.com/coder/coder/coderd/database"
|
||||
)
|
||||
|
||||
func TestExporter(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var tests = []struct {
|
||||
name string
|
||||
filterDecision audit.FilterDecision
|
||||
backendDecision audit.FilterDecision
|
||||
shouldExport bool
|
||||
}{
|
||||
{
|
||||
name: "ShouldDrop",
|
||||
filterDecision: audit.FilterDecisionDrop,
|
||||
backendDecision: audit.FilterDecisionStore,
|
||||
shouldExport: false,
|
||||
},
|
||||
{
|
||||
name: "ShouldStore",
|
||||
filterDecision: audit.FilterDecisionStore,
|
||||
backendDecision: audit.FilterDecisionStore,
|
||||
shouldExport: true,
|
||||
},
|
||||
{
|
||||
name: "ShouldNotStore",
|
||||
filterDecision: audit.FilterDecisionExport,
|
||||
backendDecision: audit.FilterDecisionStore,
|
||||
shouldExport: false,
|
||||
},
|
||||
{
|
||||
name: "ShouldExport",
|
||||
filterDecision: audit.FilterDecisionExport,
|
||||
backendDecision: audit.FilterDecisionExport,
|
||||
shouldExport: true,
|
||||
},
|
||||
{
|
||||
name: "ShouldNotExport",
|
||||
filterDecision: audit.FilterDecisionStore,
|
||||
backendDecision: audit.FilterDecisionExport,
|
||||
shouldExport: false,
|
||||
},
|
||||
{
|
||||
name: "ShouldStoreOrExport",
|
||||
filterDecision: audit.FilterDecisionStore | audit.FilterDecisionExport,
|
||||
backendDecision: audit.FilterDecisionExport,
|
||||
shouldExport: true,
|
||||
},
|
||||
// When more filters are written they should have their own tests.
|
||||
{
|
||||
name: "DefaultFilter",
|
||||
filterDecision: func() audit.FilterDecision {
|
||||
decision, _ := audit.DefaultFilter.Check(context.Background(), randomAuditLog())
|
||||
return decision
|
||||
}(),
|
||||
backendDecision: audit.FilterDecisionExport,
|
||||
shouldExport: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
test := test
|
||||
t.Run(test.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var (
|
||||
backend = &testBackend{decision: test.backendDecision}
|
||||
exporter = audit.NewExporter(
|
||||
audit.FilterFunc(func(_ context.Context, _ database.AuditLog) (audit.FilterDecision, error) {
|
||||
return test.filterDecision, nil
|
||||
}),
|
||||
backend,
|
||||
)
|
||||
)
|
||||
|
||||
err := exporter.Export(context.Background(), randomAuditLog())
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, len(backend.alogs) > 0, test.shouldExport)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func randomAuditLog() database.AuditLog {
|
||||
_, inet, _ := net.ParseCIDR("127.0.0.1/32")
|
||||
return database.AuditLog{
|
||||
ID: uuid.New(),
|
||||
Time: time.Now(),
|
||||
UserID: uuid.New(),
|
||||
OrganizationID: uuid.New(),
|
||||
Ip: pqtype.Inet{
|
||||
IPNet: *inet,
|
||||
Valid: true,
|
||||
},
|
||||
UserAgent: "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36",
|
||||
ResourceType: database.ResourceTypeOrganization,
|
||||
ResourceID: uuid.New(),
|
||||
ResourceTarget: "colin's organization",
|
||||
Action: database.AuditActionDelete,
|
||||
Diff: []byte{},
|
||||
StatusCode: http.StatusNoContent,
|
||||
}
|
||||
}
|
||||
|
||||
type testBackend struct {
|
||||
decision audit.FilterDecision
|
||||
|
||||
alogs []database.AuditLog
|
||||
}
|
||||
|
||||
func (t *testBackend) Decision() audit.FilterDecision {
|
||||
return t.decision
|
||||
}
|
||||
|
||||
func (t *testBackend) Export(_ context.Context, alog database.AuditLog) error {
|
||||
t.alogs = append(t.alogs, alog)
|
||||
return nil
|
||||
}
|
Reference in New Issue
Block a user