From: Marcin Siodelski Date: Mon, 21 Jan 2019 11:58:34 +0000 (+0100) Subject: [#396,!205] Implemented audit for the option definitions. X-Git-Tag: 429-Updated-StampedValue-to-support-reals_base~57 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e03cc3f300b7a203d3c78a7a665fe30a52860bf2;p=thirdparty%2Fkea.git [#396,!205] Implemented audit for the option definitions. --- diff --git a/src/hooks/dhcp/mysql_cb/mysql_cb_dhcp4.cc b/src/hooks/dhcp/mysql_cb/mysql_cb_dhcp4.cc index 1157f8120a..69f65af635 100644 --- a/src/hooks/dhcp/mysql_cb/mysql_cb_dhcp4.cc +++ b/src/hooks/dhcp/mysql_cb/mysql_cb_dhcp4.cc @@ -1711,6 +1711,12 @@ public: OptionDefinitionPtr existing_definition = getOptionDef4(server_selector, option_def->getCode(), option_def->getOptionSpaceName()); + + // Set log message to be used to create the audit revision. + conn_.insertQuery(MySqlConfigBackendDHCPv4Impl::SET_AUDIT_LOG_MESSAGE, + { MySqlBinding::createString("this is a log message") }); + + if (existing_definition) { // Need to add three more bindings for WHERE clause. in_bindings.push_back(MySqlBinding::createString(tag)); diff --git a/src/hooks/dhcp/mysql_cb/tests/mysql_cb_dhcp4_unittest.cc b/src/hooks/dhcp/mysql_cb/tests/mysql_cb_dhcp4_unittest.cc index dfddea9c34..52ac6b848e 100644 --- a/src/hooks/dhcp/mysql_cb/tests/mysql_cb_dhcp4_unittest.cc +++ b/src/hooks/dhcp/mysql_cb/tests/mysql_cb_dhcp4_unittest.cc @@ -953,6 +953,13 @@ TEST_F(MySqlConfigBackendDHCPv4Test, getOptionDef4) { EXPECT_TRUE(returned_option_def->equals(*option_def)); + { + SCOPED_TRACE("CREATE audit entry for an option definition"); + testNewAuditEntry("dhcp4_option_def", + AuditEntry::ModificationType::CREATE, + "this is a log message"); + } + // Update the option definition in the database. OptionDefinitionPtr option_def2 = test_option_defs_[1]; cbptr_->createUpdateOptionDef4(ServerSelector::ALL(), option_def2); @@ -969,6 +976,13 @@ TEST_F(MySqlConfigBackendDHCPv4Test, getOptionDef4) { test_option_defs_[1]->getCode(), test_option_defs_[1]->getOptionSpaceName()); EXPECT_TRUE(returned_option_def->equals(*option_def2)); + + { + SCOPED_TRACE("UPDATE audit entry for an option definition"); + testNewAuditEntry("dhcp4_option_def", + AuditEntry::ModificationType::UPDATE, + "this is a log message"); + } } // Test that all option definitions can be fetched. @@ -978,6 +992,23 @@ TEST_F(MySqlConfigBackendDHCPv4Test, getAllOptionDefs4) { // the same code and space. for (auto option_def : test_option_defs_) { cbptr_->createUpdateOptionDef4(ServerSelector::ALL(), option_def); + + // That option definition overrides the first one so the audit entry should + // indicate an update. + if (option_def->getName() == "bar") { + SCOPED_TRACE("UPDATE audit entry for the option definition " + + option_def->getName()); + testNewAuditEntry("dhcp4_option_def", + AuditEntry::ModificationType::UPDATE, + "this is a log message"); + + } else { + SCOPED_TRACE("CREATE audit entry for the option defnition " + + option_def->getName()); + testNewAuditEntry("dhcp4_option_def", + AuditEntry::ModificationType::CREATE, + "this is a log message"); + } } // Fetch all option_definitions. @@ -1024,10 +1055,25 @@ TEST_F(MySqlConfigBackendDHCPv4Test, getAllOptionDefs4) { test_option_defs_[2]->getCode(), test_option_defs_[2]->getOptionSpaceName())); + { + SCOPED_TRACE("DELETE audit entry for the first option definition"); + testNewAuditEntry("dhcp4_option_def", + AuditEntry::ModificationType::DELETE, + "this is a log message"); + } + // Delete all remaining option definitions. EXPECT_EQ(2, cbptr_->deleteAllOptionDefs4(ServerSelector::ALL())); option_defs = cbptr_->getAllOptionDefs4(ServerSelector::ALL()); ASSERT_TRUE(option_defs.empty()); + + { + SCOPED_TRACE("DELETE audit entries for the remaining option definitions"); + // The last parameter indicates that we expect two new audit entries. + testNewAuditEntry("dhcp4_option_def", + AuditEntry::ModificationType::DELETE, + "this is a log message", 2); + } } // Test that option definitions modified after given time can be fetched. diff --git a/src/share/database/scripts/mysql/dhcpdb_create.mysql b/src/share/database/scripts/mysql/dhcpdb_create.mysql index 6ed4909c0b..a54f3ec153 100644 --- a/src/share/database/scripts/mysql/dhcpdb_create.mysql +++ b/src/share/database/scripts/mysql/dhcpdb_create.mysql @@ -1499,6 +1499,36 @@ CREATE TRIGGER dhcp4_shared_network_ADEL AFTER DELETE ON dhcp4_shared_network END $$ DELIMITER ; +# Create dhcp4_option_def insert trigger +DELIMITER $$ +CREATE TRIGGER dhcp4_option_def_AINS AFTER INSERT ON dhcp4_option_def + FOR EACH ROW + BEGIN + CALL createAuditRevisionDHCP4(); + CALL createAuditEntryDHCP4('dhcp4_option_def', NEW.id, 0); + END $$ +DELIMITER ; + +# Create dhcp4_option_def update trigger +DELIMITER $$ +CREATE TRIGGER dhcp4_option_def_AUPD AFTER UPDATE ON dhcp4_option_def + FOR EACH ROW + BEGIN + CALL createAuditRevisionDHCP4(); + CALL createAuditEntryDHCP4('dhcp4_option_def', NEW.id, 1); + END $$ +DELIMITER ; + +# Create dhcp4_option_def delete trigger +DELIMITER $$ +CREATE TRIGGER dhcp4_option_def_ADEL AFTER DELETE ON dhcp4_option_def + FOR EACH ROW + BEGIN + CALL createAuditRevisionDHCP4(); + CALL createAuditEntryDHCP4('dhcp4_option_def', OLD.id, 2); + END $$ +DELIMITER ; + # Update the schema version number UPDATE schema_version diff --git a/src/share/database/scripts/mysql/dhcpdb_drop.mysql b/src/share/database/scripts/mysql/dhcpdb_drop.mysql index f106051bd0..0a183d6573 100644 --- a/src/share/database/scripts/mysql/dhcpdb_drop.mysql +++ b/src/share/database/scripts/mysql/dhcpdb_drop.mysql @@ -70,3 +70,6 @@ DROP TRIGGER IF EXISTS dhcp4_subnet_ADEL; DROP TRIGGER IF EXISTS dhcp4_shared_network_AINS; DROP TRIGGER IF EXISTS dhcp4_shared_network_AUPD; DROP TRIGGER IF EXISTS dhcp4_shared_network_ADEL; +DROP TRIGGER IF EXISTS dhcp4_option_def_AINS; +DROP TRIGGER IF EXISTS dhcp4_option_def_AUPD; +DROP TRIGGER IF EXISTS dhcp4_option_def_ADEL;