def test_no_audits_events_if_analytics_filter_component_is_disabled(self):
self.log.info("Read configuration audit ids")
self.service_audit_id = self.input.param("service_audit_id")
self.node_audit_id = self.input.param("node_audit_id")
self.log.info("Disable audit logging for service & node configuration change")
audit_obj = audit(host=self.master)
audit_obj.setAuditFeatureDisabled(str(self.service_audit_id) + "," + str(self.node_audit_id))
self.log.info("Update service configuration service parameter: logLevel")
service_configuration_map = {"logLevel": "TRACE"}
status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas(service_configuration_map)
self.assertTrue(status, msg="Incorrect status for service configuration PUT request")
self.log.info("Update node configuration service parameters: storageBuffercacheSize")
node_configuration_map = {"storageBuffercacheSize": 1}
status, _, _ = self.cbas_util.update_node_parameter_configuration_on_cbas(node_configuration_map)
self.assertTrue(status, msg="Incorrect status for node configuration PUT request")
self.log.info("Validate audit logs are not generated for service configuration update")
service_audit_obj = audit(eventID=self.service_audit_id, host=self.cbas_node)
self.assertFalse(service_audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated")
self.log.info("Validate audit logs are not generated for node configuration update")
node_audit_obj = audit(eventID=self.node_audit_id, host=self.cbas_node)
self.assertFalse(node_audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated")
def test_audit_logs_with_filtered_user_list(self):
self.log.info("Create a user with role cluster admin")
rbac_util = rbac_utils(self.master)
rbac_util._create_user_and_grant_role("cbas_admin", "cluster_admin")
self.log.info("Read configuration audit ids")
self.audit_id = self.input.param("audit_id")
self.log.info("Disabled audit logs for user")
audit_obj = audit(host=self.master)
audit_obj.setWhiteListUsers("cbas_admin/local")
self.log.info("Update service configuration service parameter: logLevel")
service_configuration_map = {"logLevel": "TRACE"}
status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas(service_configuration_map, username="******")
self.assertTrue(status, msg="Incorrect status for service configuration PUT request")
self.log.info("Verify audit logs are not generated as cbas_admin is whitelisted")
server_audit_obj = audit(eventID=self.audit_id, host=self.cbas_node)
self.assertFalse(server_audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated")
self.log.info("Remove whitelabel user")
audit_obj.setWhiteListUsers()
self.log.info("Update service configuration service parameter: logLevel")
service_configuration_map = {"logLevel": "TRACE"}
status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas(service_configuration_map, username="******")
self.assertTrue(status, msg="Incorrect status for service configuration PUT request")
self.log.info("Verify audit logs are not generated as cbas_admin is whitelisted")
server_audit_obj = audit(eventID=self.audit_id, host=self.cbas_node)
self.assertTrue(server_audit_obj.check_if_audit_event_generated(), msg="Audit event must be generated")
def test_toggling_node_audit_filter_component(self):
self.log.info("Read configuration audit id")
self.audit_id = self.input.param("audit_id")
self.log.info("Disable audit logging for node configuration change")
audit_obj = audit(host=self.master)
audit_obj.setAuditFeatureDisabled(str(self.audit_id))
self.log.info("Update configuration node parameters: storageBuffercacheSize")
node_configuration_map = {"storageBuffercacheSize": 1}
status, _, _ = self.cbas_util.update_node_parameter_configuration_on_cbas(node_configuration_map)
self.assertTrue(status, msg="Incorrect status for node configuration PUT request")
self.log.info("Validate audit logs are not generated for node configuration update")
node_audit_obj = audit(eventID=self.audit_id, host=self.cbas_node)
self.assertFalse(node_audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated")
self.log.info("Enable audit logging for node configuration change")
audit_obj.setAuditFeatureDisabled('')
self.log.info("Update configuration node parameters: storageBuffercacheSize")
status, _, _ = self.cbas_util.update_node_parameter_configuration_on_cbas(node_configuration_map)
self.assertTrue(status, msg="Incorrect status for node configuration PUT request")
self.log.info("Validate audit logs are generated for service configuration update")
self.assertTrue(node_audit_obj.check_if_audit_event_generated(), msg="Audit event must be generated")
def validate_audit_event(self, event_id, host, expected_audit):
auditing = audit(eventID=event_id, host=host)
_, audit_match = auditing.validateEvents(expected_audit)
self.assertTrue(
audit_match,
"Values for one of the fields mismatch, refer test logs for mismatch value"
)
def setUp(self):
super(CBASAuditLogs, self).setUp()
# Since all the test cases are being run on 1 cluster only
self.cluster = self.cb_clusters.values()[0]
self.log.info("Enable audit on cluster")
self.audit_obj = audit(host=self.cluster.master)
current_state = self.audit_obj.getAuditStatus()
if current_state:
self.log.info(
"Audit already enabled, disabling and re-enabling to remove previous settings"
)
self.audit_obj.setAuditEnable('false')
self.audit_obj.setAuditEnable('true')
self.log.info("Build service configuration expected dictionary object")
self.build_expected_service_parameter_dict()
self.log.info("Build node configuration expected dictionary object")
self.build_expected_node_parameter_dict()
self.rbac_util = RbacUtils(self.cluster.master)
self.log_setup_status(self.__class__.__name__,
"Finished",
stage=self.setUp.__name__)
def test_unsuccessful_node_configuration_updates_are_not_audited(self):
self.log.info("Read configuration audit id")
self.audit_id = self.input.param("audit_id")
self.log.info("Update configuration service parameters: storageBuffercacheSize with incorrect value")
node_configuration_map = {"storageBuffercacheSize": "bulk"}
status, _, _ = self.cbas_util.update_node_parameter_configuration_on_cbas(node_configuration_map)
self.assertFalse(status, msg="Incorrect status for node configuration PUT request")
self.log.info("Validate audit logs are not generated for unsuccessful node configuration update")
audit_obj = audit(eventID=self.audit_id, host=self.cbas_node)
self.assertFalse(audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated")
def test_unsuccessful_service_configuration_updates_are_not_audited(self):
self.log.info("Read configuration audit id")
self.audit_id = self.input.param("audit_id")
self.log.info("Update configuration service parameters: logLevel with incorrect value")
service_configuration_map = {"logLevel": "Invalid"}
status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas(service_configuration_map)
self.assertFalse(status, msg="Incorrect status for service configuration PUT request")
self.log.info("Verify audit log event is not generated since service configuration update failed")
audit_obj = audit(eventID=self.audit_id, host=self.cbas_node)
self.assertFalse(audit_obj.check_if_audit_event_generated(), msg="Audit event must not be generated")
def test_audit_of_successful_events_for_dml_statement(self):
expected_audit_log = self.generate_audit_event("dml",
self.cluster.username,
self.cluster.password)
if not expected_audit_log:
self.fail("Audit event was not generated")
self.sleep(5, "Waiting for audit logs to be generated")
audit_obj = audit(eventID=expected_audit_log["id"],
host=self.cluster.cbas_cc_node)
data = audit_obj.returnEvent(expected_audit_log["id"])
if not audit_obj.validateData(data, expected_audit_log):
self.fail(
"Audit event generated does not match the expected audit data")
def test_audit_of_unauthorised_access_denied_events_for_select_statement(
self):
expected_audit_log = self.generate_audit_event("select",
self.cluster.username,
"passwor",
"unauthorised_access")
if not expected_audit_log:
self.fail("Audit event was not generated")
self.sleep(5, "Waiting for audit logs to be generated")
audit_obj = audit(eventID=expected_audit_log["id"],
host=self.cluster.cbas_cc_node)
data = audit_obj.returnEvent(expected_audit_log["id"])
if not audit_obj.validateData(data, expected_audit_log):
self.fail(
"Audit event generated does not match the expected audit data")
def test_audit_of_forbidden_access_denied_events_for_dml_statement(self):
username = "******"
self.rbac_util._create_user_and_grant_role(username, "cluster_admin")
expected_audit_log = self.generate_audit_event("dml", username,
self.cluster.password,
"forbidden_access")
if not expected_audit_log:
self.fail("Audit event was not generated")
self.sleep(5, "Waiting for audit logs to be generated")
audit_obj = audit(eventID=expected_audit_log["id"],
host=self.cluster.cbas_cc_node)
data = audit_obj.returnEvent(expected_audit_log["id"])
if not audit_obj.validateData(data, expected_audit_log):
self.fail(
"Audit event generated does not match the expected audit data")
def setUp(self):
super(CBASAuditLogs, self).setUp()
self.log.info("Enable audit on cluster")
audit_obj = audit(host=self.master)
current_state = audit_obj.getAuditStatus()
if current_state:
self.log.info("Audit already enabled, disabling and re-enabling to remove previous settings")
audit_obj.setAuditEnable('false')
audit_obj.setAuditEnable('true')
self.log.info("Build service configuration expected dictionary object")
self.build_expected_service_parameter_dict()
self.log.info("Build node configuration expected dictionary object")
self.build_expected_node_parameter_dict()
def test_toggling_service_audit_filter_component(self):
self.log.info("Read configuration audit id")
self.audit_id = self.input.param("audit_id")
self.log.info("Disable audit logging for service configuration change")
self.audit_obj.setAuditFeatureDisabled(str(self.audit_id))
self.log.info("Update configuration service parameters: logLevel")
service_configuration_map = {"logLevel": "TRACE"}
status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas(
self.cluster, service_configuration_map)
self.assertTrue(
status,
msg="Incorrect status for service configuration PUT request")
self.sleep(5, "Waiting for audit logs to be generated")
self.log.info(
"Validate audit logs are not generated for service configuration update"
)
service_audit_obj = audit(eventID=self.audit_id,
host=self.cluster.cbas_cc_node)
self.assertFalse(service_audit_obj.check_if_audit_event_generated(),
msg="Audit event must not be generated")
self.log.info("Enable audit logging for service configuration change")
self.audit_obj.setAuditFeatureDisabled('')
self.sleep(5, "Sleeping after enabling audit for configuration")
self.log.info("Update configuration service parameters: logLevel")
status, _, _ = self.cbas_util.update_service_parameter_configuration_on_cbas(
self.cluster, service_configuration_map)
self.assertTrue(
status,
msg="Incorrect status for service configuration PUT request")
self.sleep(5, "Waiting for audit logs to be generated")
self.log.info(
"Validate audit logs are generated for service configuration update"
)
self.assertTrue(service_audit_obj.check_if_audit_event_generated(),
msg="Audit event must be generated")
def enable_audit(self):
audit_obj = audit(host=self.master)
current_state = audit_obj.getAuditStatus()
if current_state:
audit_obj.setAuditEnable('false')
audit_obj.setAuditEnable('true')
