def test_no_audits_events_if_analytics_filter_component_is_disabled(self): self.log.info("Read configuration audit ids") self.service_audit_id = self.input.param("service_audit_id") self.node_audit_id = self.input.param("node_audit_id") self.log.info("Disable audit logging for service & node configuration change") audit_obj = audit(host=self.master) audit_obj.setAuditFeatureDisabled(str(self.service_audit_id) + "," + str(self.node_audit_id)) self.log.info("Update service configuration service parameter: logLevel") service_configuration_map = {"logLevel": "TRACE"} status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas(service_configuration_map) self.assertTrue(status, msg="Incorrect status for service configuration PUT request") self.log.info("Update node configuration service parameters: storageBuffercacheSize") node_configuration_map = {"storageBuffercacheSize": 1} status, _, _ = self.cbas_util.update_node_parameter_configuration_on_cbas(node_configuration_map) self.assertTrue(status, msg="Incorrect status for node configuration PUT request") self.log.info("Validate audit logs are not generated for service configuration update") service_audit_obj = audit(eventID=self.service_audit_id, host=self.cbas_node) self.assertFalse(service_audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated") self.log.info("Validate audit logs are not generated for node configuration update") node_audit_obj = audit(eventID=self.node_audit_id, host=self.cbas_node) self.assertFalse(node_audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated")
def test_audit_logs_with_filtered_user_list(self): self.log.info("Create a user with role cluster admin") rbac_util = rbac_utils(self.master) rbac_util._create_user_and_grant_role("cbas_admin", "cluster_admin") self.log.info("Read configuration audit ids") self.audit_id = self.input.param("audit_id") self.log.info("Disabled audit logs for user") audit_obj = audit(host=self.master) audit_obj.setWhiteListUsers("cbas_admin/local") self.log.info("Update service configuration service parameter: logLevel") service_configuration_map = {"logLevel": "TRACE"} status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas(service_configuration_map, username="******") self.assertTrue(status, msg="Incorrect status for service configuration PUT request") self.log.info("Verify audit logs are not generated as cbas_admin is whitelisted") server_audit_obj = audit(eventID=self.audit_id, host=self.cbas_node) self.assertFalse(server_audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated") self.log.info("Remove whitelabel user") audit_obj.setWhiteListUsers() self.log.info("Update service configuration service parameter: logLevel") service_configuration_map = {"logLevel": "TRACE"} status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas(service_configuration_map, username="******") self.assertTrue(status, msg="Incorrect status for service configuration PUT request") self.log.info("Verify audit logs are not generated as cbas_admin is whitelisted") server_audit_obj = audit(eventID=self.audit_id, host=self.cbas_node) self.assertTrue(server_audit_obj.check_if_audit_event_generated(), msg="Audit event must be generated")
def test_toggling_node_audit_filter_component(self): self.log.info("Read configuration audit id") self.audit_id = self.input.param("audit_id") self.log.info("Disable audit logging for node configuration change") audit_obj = audit(host=self.master) audit_obj.setAuditFeatureDisabled(str(self.audit_id)) self.log.info("Update configuration node parameters: storageBuffercacheSize") node_configuration_map = {"storageBuffercacheSize": 1} status, _, _ = self.cbas_util.update_node_parameter_configuration_on_cbas(node_configuration_map) self.assertTrue(status, msg="Incorrect status for node configuration PUT request") self.log.info("Validate audit logs are not generated for node configuration update") node_audit_obj = audit(eventID=self.audit_id, host=self.cbas_node) self.assertFalse(node_audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated") self.log.info("Enable audit logging for node configuration change") audit_obj.setAuditFeatureDisabled('') self.log.info("Update configuration node parameters: storageBuffercacheSize") status, _, _ = self.cbas_util.update_node_parameter_configuration_on_cbas(node_configuration_map) self.assertTrue(status, msg="Incorrect status for node configuration PUT request") self.log.info("Validate audit logs are generated for service configuration update") self.assertTrue(node_audit_obj.check_if_audit_event_generated(), msg="Audit event must be generated")
def validate_audit_event(self, event_id, host, expected_audit): auditing = audit(eventID=event_id, host=host) _, audit_match = auditing.validateEvents(expected_audit) self.assertTrue( audit_match, "Values for one of the fields mismatch, refer test logs for mismatch value" )
def setUp(self): super(CBASAuditLogs, self).setUp() # Since all the test cases are being run on 1 cluster only self.cluster = self.cb_clusters.values()[0] self.log.info("Enable audit on cluster") self.audit_obj = audit(host=self.cluster.master) current_state = self.audit_obj.getAuditStatus() if current_state: self.log.info( "Audit already enabled, disabling and re-enabling to remove previous settings" ) self.audit_obj.setAuditEnable('false') self.audit_obj.setAuditEnable('true') self.log.info("Build service configuration expected dictionary object") self.build_expected_service_parameter_dict() self.log.info("Build node configuration expected dictionary object") self.build_expected_node_parameter_dict() self.rbac_util = RbacUtils(self.cluster.master) self.log_setup_status(self.__class__.__name__, "Finished", stage=self.setUp.__name__)
def test_unsuccessful_node_configuration_updates_are_not_audited(self): self.log.info("Read configuration audit id") self.audit_id = self.input.param("audit_id") self.log.info("Update configuration service parameters: storageBuffercacheSize with incorrect value") node_configuration_map = {"storageBuffercacheSize": "bulk"} status, _, _ = self.cbas_util.update_node_parameter_configuration_on_cbas(node_configuration_map) self.assertFalse(status, msg="Incorrect status for node configuration PUT request") self.log.info("Validate audit logs are not generated for unsuccessful node configuration update") audit_obj = audit(eventID=self.audit_id, host=self.cbas_node) self.assertFalse(audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated")
def test_unsuccessful_service_configuration_updates_are_not_audited(self): self.log.info("Read configuration audit id") self.audit_id = self.input.param("audit_id") self.log.info("Update configuration service parameters: logLevel with incorrect value") service_configuration_map = {"logLevel": "Invalid"} status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas(service_configuration_map) self.assertFalse(status, msg="Incorrect status for service configuration PUT request") self.log.info("Verify audit log event is not generated since service configuration update failed") audit_obj = audit(eventID=self.audit_id, host=self.cbas_node) self.assertFalse(audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated")
def test_audit_of_successful_events_for_dml_statement(self): expected_audit_log = self.generate_audit_event("dml", self.cluster.username, self.cluster.password) if not expected_audit_log: self.fail("Audit event was not generated") self.sleep(5, "Waiting for audit logs to be generated") audit_obj = audit(eventID=expected_audit_log["id"], host=self.cluster.cbas_cc_node) data = audit_obj.returnEvent(expected_audit_log["id"]) if not audit_obj.validateData(data, expected_audit_log): self.fail( "Audit event generated does not match the expected audit data")
def test_audit_of_unauthorised_access_denied_events_for_select_statement( self): expected_audit_log = self.generate_audit_event("select", self.cluster.username, "passwor", "unauthorised_access") if not expected_audit_log: self.fail("Audit event was not generated") self.sleep(5, "Waiting for audit logs to be generated") audit_obj = audit(eventID=expected_audit_log["id"], host=self.cluster.cbas_cc_node) data = audit_obj.returnEvent(expected_audit_log["id"]) if not audit_obj.validateData(data, expected_audit_log): self.fail( "Audit event generated does not match the expected audit data")
def test_audit_of_forbidden_access_denied_events_for_dml_statement(self): username = "******" self.rbac_util._create_user_and_grant_role(username, "cluster_admin") expected_audit_log = self.generate_audit_event("dml", username, self.cluster.password, "forbidden_access") if not expected_audit_log: self.fail("Audit event was not generated") self.sleep(5, "Waiting for audit logs to be generated") audit_obj = audit(eventID=expected_audit_log["id"], host=self.cluster.cbas_cc_node) data = audit_obj.returnEvent(expected_audit_log["id"]) if not audit_obj.validateData(data, expected_audit_log): self.fail( "Audit event generated does not match the expected audit data")
def setUp(self): super(CBASAuditLogs, self).setUp() self.log.info("Enable audit on cluster") audit_obj = audit(host=self.master) current_state = audit_obj.getAuditStatus() if current_state: self.log.info("Audit already enabled, disabling and re-enabling to remove previous settings") audit_obj.setAuditEnable('false') audit_obj.setAuditEnable('true') self.log.info("Build service configuration expected dictionary object") self.build_expected_service_parameter_dict() self.log.info("Build node configuration expected dictionary object") self.build_expected_node_parameter_dict()
def test_toggling_service_audit_filter_component(self): self.log.info("Read configuration audit id") self.audit_id = self.input.param("audit_id") self.log.info("Disable audit logging for service configuration change") self.audit_obj.setAuditFeatureDisabled(str(self.audit_id)) self.log.info("Update configuration service parameters: logLevel") service_configuration_map = {"logLevel": "TRACE"} status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas( self.cluster, service_configuration_map) self.assertTrue( status, msg="Incorrect status for service configuration PUT request") self.sleep(5, "Waiting for audit logs to be generated") self.log.info( "Validate audit logs are not generated for service configuration update" ) service_audit_obj = audit(eventID=self.audit_id, host=self.cluster.cbas_cc_node) self.assertFalse(service_audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated") self.log.info("Enable audit logging for service configuration change") self.audit_obj.setAuditFeatureDisabled('') self.sleep(5, "Sleeping after enabling audit for configuration") self.log.info("Update configuration service parameters: logLevel") status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas( self.cluster, service_configuration_map) self.assertTrue( status, msg="Incorrect status for service configuration PUT request") self.sleep(5, "Waiting for audit logs to be generated") self.log.info( "Validate audit logs are generated for service configuration update" ) self.assertTrue(service_audit_obj.check_if_audit_event_generated(), msg="Audit event must be generated")
def enable_audit(self): audit_obj = audit(host=self.master) current_state = audit_obj.getAuditStatus() if current_state: audit_obj.setAuditEnable('false') audit_obj.setAuditEnable('true')