From: Marcin Siodelski Date: Mon, 21 Jan 2019 11:40:20 +0000 (+0100) Subject: [#396,!205] Implemented audit for the shared networks. X-Git-Tag: 429-Updated-StampedValue-to-support-reals_base~58 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5446173b3f4db42198a696cf7b44a01a94ad6fc0;p=thirdparty%2Fkea.git [#396,!205] Implemented audit for the shared networks. --- diff --git a/src/hooks/dhcp/mysql_cb/mysql_cb_dhcp4.cc b/src/hooks/dhcp/mysql_cb/mysql_cb_dhcp4.cc index ae3180d38a..1157f8120a 100644 --- a/src/hooks/dhcp/mysql_cb/mysql_cb_dhcp4.cc +++ b/src/hooks/dhcp/mysql_cb/mysql_cb_dhcp4.cc @@ -1109,6 +1109,11 @@ public: MySqlTransaction transaction(conn_); try { + + // Set log message to be used to create the audit revision. + conn_.insertQuery(MySqlConfigBackendDHCPv4Impl::SET_AUDIT_LOG_MESSAGE, + { MySqlBinding::createString("this is a log message") }); + // Try to insert shared network. The shared network name must be unique, // so if inserting fails with DuplicateEntry exception we'll need to // update existing shared network entry. diff --git a/src/hooks/dhcp/mysql_cb/tests/mysql_cb_dhcp4_unittest.cc b/src/hooks/dhcp/mysql_cb/tests/mysql_cb_dhcp4_unittest.cc index 915d1014d8..dfddea9c34 100644 --- a/src/hooks/dhcp/mysql_cb/tests/mysql_cb_dhcp4_unittest.cc +++ b/src/hooks/dhcp/mysql_cb/tests/mysql_cb_dhcp4_unittest.cc @@ -305,19 +305,28 @@ public: /// @param exp_object_type Expected object type. /// @param exp_modification_time Expected modification time. /// @param exp_log_message Expected log message. + /// @param new_entries_num Number of the new entries expected to be inserted. void testNewAuditEntry(const std::string& exp_object_type, const AuditEntry::ModificationType& exp_modification_type, - const std::string& exp_log_message) { + const std::string& exp_log_message, + const size_t new_entries_num = 1) { auto audit_entries_size_save = audit_entries_.size(); audit_entries_ = cbptr_->getRecentAuditEntries4(ServerSelector::ALL(), timestamps_["two days ago"]); - ASSERT_EQ(audit_entries_size_save + 1, audit_entries_.size()); + ASSERT_EQ(audit_entries_size_save + new_entries_num, audit_entries_.size()); auto& mod_time_idx = audit_entries_.get(); - auto audit_entry = *mod_time_idx.rbegin(); - EXPECT_EQ(exp_object_type, audit_entry->getObjectType()); - EXPECT_EQ(exp_modification_type, audit_entry->getModificationType()); - EXPECT_EQ(exp_log_message, audit_entry->getLogMessage()); + + // Iterate over specified number of entries starting from the most recent + // one and check they have correct values. + for (auto audit_entry_it = mod_time_idx.rbegin(); + std::distance(mod_time_idx.rbegin(), audit_entry_it) < new_entries_num; + ++audit_entry_it) { + auto audit_entry = *audit_entry_it; + EXPECT_EQ(exp_object_type, audit_entry->getObjectType()); + EXPECT_EQ(exp_modification_type, audit_entry->getModificationType()); + EXPECT_EQ(exp_log_message, audit_entry->getLogMessage()); + } } /// @brief Holds pointers to subnets used in tests. @@ -776,6 +785,13 @@ TEST_F(MySqlConfigBackendDHCPv4Test, getSharedNetwork4) { EXPECT_EQ(shared_network->toElement()->str(), returned_network->toElement()->str()); + { + SCOPED_TRACE("CREATE audit entry for a shared network"); + testNewAuditEntry("dhcp4_shared_network", + AuditEntry::ModificationType::CREATE, + "this is a log message"); + } + // Update shared network in the database. SharedNetwork4Ptr shared_network2 = test_networks_[1]; cbptr_->createUpdateSharedNetwork4(ServerSelector::ALL(), shared_network2); @@ -786,6 +802,13 @@ TEST_F(MySqlConfigBackendDHCPv4Test, getSharedNetwork4) { EXPECT_EQ(shared_network2->toElement()->str(), returned_network->toElement()->str()); + { + SCOPED_TRACE("UPDATE audit entry for a shared network"); + testNewAuditEntry("dhcp4_shared_network", + AuditEntry::ModificationType::UPDATE, + "this is a log message"); + } + // Fetching the shared network for an explicitly specified server tag should // succeed too. returned_network = cbptr_->getSharedNetwork4(ServerSelector::ONE("server1"), @@ -800,6 +823,24 @@ TEST_F(MySqlConfigBackendDHCPv4Test, getAllSharedNetworks4) { // network will overwrite the first shared network as they use the same name. for (auto network : test_networks_) { cbptr_->createUpdateSharedNetwork4(ServerSelector::ALL(), network); + + // That shared network overrides the first one so the audit entry should + // indicate an update. + if ((network->getName() == "level1") && (!audit_entries_.empty())) { + SCOPED_TRACE("UPDATE audit entry for the shared network " + + network->getName()); + testNewAuditEntry("dhcp4_shared_network", + AuditEntry::ModificationType::UPDATE, + "this is a log message"); + + } else { + SCOPED_TRACE("CREATE audit entry for the shared network " + + network->getName()); + testNewAuditEntry("dhcp4_shared_network", + AuditEntry::ModificationType::CREATE, + "this is a log message"); + } + } // Fetch all shared networks. @@ -838,10 +879,25 @@ TEST_F(MySqlConfigBackendDHCPv4Test, getAllSharedNetworks4) { networks = cbptr_->getAllSharedNetworks4(ServerSelector::ALL()); ASSERT_EQ(test_networks_.size() - 2, networks.size()); + { + SCOPED_TRACE("DELETE audit entry for the first shared network"); + testNewAuditEntry("dhcp4_shared_network", + AuditEntry::ModificationType::DELETE, + "this is a log message"); + } + // Delete all. EXPECT_EQ(2, cbptr_->deleteAllSharedNetworks4(ServerSelector::ALL())); networks = cbptr_->getAllSharedNetworks4(ServerSelector::ALL()); ASSERT_TRUE(networks.empty()); + + { + SCOPED_TRACE("DELETE audit entry for the remaining two shared networks"); + // The last parameter indicates that we expect two new audit entries. + testNewAuditEntry("dhcp4_shared_network", + AuditEntry::ModificationType::DELETE, + "this is a log message", 2); + } } // Test that shared networks modified after given time can be fetched. diff --git a/src/share/database/scripts/mysql/dhcpdb_create.mysql b/src/share/database/scripts/mysql/dhcpdb_create.mysql index 2c39e2e135..6ed4909c0b 100644 --- a/src/share/database/scripts/mysql/dhcpdb_create.mysql +++ b/src/share/database/scripts/mysql/dhcpdb_create.mysql @@ -1469,6 +1469,36 @@ CREATE TRIGGER dhcp4_subnet_ADEL AFTER DELETE ON dhcp4_subnet END $$ DELIMITER ; +# Create dhcp4_shared_network insert trigger +DELIMITER $$ +CREATE TRIGGER dhcp4_shared_network_AINS AFTER INSERT ON dhcp4_shared_network + FOR EACH ROW + BEGIN + CALL createAuditRevisionDHCP4(); + CALL createAuditEntryDHCP4('dhcp4_shared_network', NEW.id, 0); + END $$ +DELIMITER ; + +# Create dhcp4_shared_network update trigger +DELIMITER $$ +CREATE TRIGGER dhcp4_shared_network_AUPD AFTER UPDATE ON dhcp4_shared_network + FOR EACH ROW + BEGIN + CALL createAuditRevisionDHCP4(); + CALL createAuditEntryDHCP4('dhcp4_shared_network', NEW.id, 1); + END $$ +DELIMITER ; + +# Create dhcp4_shared_network delete trigger +DELIMITER $$ +CREATE TRIGGER dhcp4_shared_network_ADEL AFTER DELETE ON dhcp4_shared_network + FOR EACH ROW + BEGIN + CALL createAuditRevisionDHCP4(); + CALL createAuditEntryDHCP4('dhcp4_shared_network', OLD.id, 2); + END $$ +DELIMITER ; + # Update the schema version number UPDATE schema_version diff --git a/src/share/database/scripts/mysql/dhcpdb_drop.mysql b/src/share/database/scripts/mysql/dhcpdb_drop.mysql index db87584f12..f106051bd0 100644 --- a/src/share/database/scripts/mysql/dhcpdb_drop.mysql +++ b/src/share/database/scripts/mysql/dhcpdb_drop.mysql @@ -67,3 +67,6 @@ DROP TRIGGER IF EXISTS dhcp4_global_parameter_ADEL; DROP TRIGGER IF EXISTS dhcp4_subnet_AINS; DROP TRIGGER IF EXISTS dhcp4_subnet_AUPD; DROP TRIGGER IF EXISTS dhcp4_subnet_ADEL; +DROP TRIGGER IF EXISTS dhcp4_shared_network_AINS; +DROP TRIGGER IF EXISTS dhcp4_shared_network_AUPD; +DROP TRIGGER IF EXISTS dhcp4_shared_network_ADEL;