From 7c17817d67a3f13628431e335bbac80eef2a88cf Mon Sep 17 00:00:00 2001 From: Alessandro Bellucci Date: Thu, 31 Aug 2023 11:41:24 +0200 Subject: [PATCH] support for nuvlabox and comment out legacy events on nuvlabox resource --- .../sixsq/nuvla/server/resources/nuvlabox.clj | 138 ++++++++++- .../resources/nuvlabox_0_lifecycle_test.clj | 219 ++++++++++++++---- .../resources/nuvlabox_1_lifecycle_test.clj | 149 ++++++++++-- .../resources/nuvlabox_2_lifecycle_test.clj | 148 ++++++++++-- 4 files changed, 548 insertions(+), 106 deletions(-) diff --git a/code/src/sixsq/nuvla/server/resources/nuvlabox.clj b/code/src/sixsq/nuvla/server/resources/nuvlabox.clj index 37a906d84..ebb83a1bd 100644 --- a/code/src/sixsq/nuvla/server/resources/nuvlabox.clj +++ b/code/src/sixsq/nuvla/server/resources/nuvlabox.clj @@ -13,10 +13,11 @@ particular NuvlaBox release. [sixsq.nuvla.auth.utils.acl :as acl-utils] [sixsq.nuvla.db.impl :as db] [sixsq.nuvla.server.resources.common.crud :as crud] + [sixsq.nuvla.server.resources.common.event-config :as ec] + [sixsq.nuvla.server.resources.common.event-context :as ectx] [sixsq.nuvla.server.resources.common.std-crud :as std-crud] [sixsq.nuvla.server.resources.common.utils :as u] [sixsq.nuvla.server.resources.credential.vpn-utils :as vpn-utils] - [sixsq.nuvla.server.resources.event.utils :as event-utils] [sixsq.nuvla.server.resources.job :as job] [sixsq.nuvla.server.resources.job.interface :as job-interface] [sixsq.nuvla.server.resources.nuvlabox.utils :as utils] @@ -331,9 +332,12 @@ particular NuvlaBox release. (defmethod crud/delete resource-type [{{uuid :uuid} :params :as request}] - (let [id (str resource-type "/" uuid)] + (let [id (str resource-type "/" uuid) + nuvlabox (db/retrieve id request)] + (ectx/add-to-context :acl (:acl nuvlabox)) + (ectx/add-to-context :resource nuvlabox) (try - (-> (db/retrieve id request) + (-> nuvlabox (a/throw-cannot-delete request) (u/throw-can-not-do-action utils/can-delete? "delete")) (let [resp (delete-impl request)] @@ -500,7 +504,9 @@ particular NuvlaBox release. (when (not= job-status 201) (throw (r/ex-response "unable to create async job to decommission nuvlabox resources" 500 id))) - (event-utils/create-event id job-msg acl) + (ectx/add-linked-identifier job-id) + ;; Legacy event + ;; (event-utils/create-event id job-msg acl) (r/map-response job-msg 202 id job-id)) (catch Exception e (or (ex-data e) (throw e))))) @@ -542,7 +548,9 @@ particular NuvlaBox release. (when (not= job-status 201) (throw (r/ex-response "unable to create async job to check nuvlabox api" 500 id))) - (event-utils/create-event id job-msg acl) + (ectx/add-linked-identifier job-id) + ;; Legacy event + ;; (event-utils/create-event id job-msg acl) (r/map-response job-msg 202 id job-id)) (catch Exception e (or (ex-data e) (throw e))))) @@ -580,7 +588,9 @@ particular NuvlaBox release. (when (not= job-status 201) (throw (r/ex-response "unable to create async job to reboot nuvlabox" 500 id))) - (event-utils/create-event id job-msg acl) + (ectx/add-linked-identifier job-id) + ;; Legacy event + ;; (event-utils/create-event id job-msg acl) (r/map-response job-msg 202 id job-id)) (catch Exception e (or (ex-data e) (throw e))))) @@ -629,7 +639,9 @@ particular NuvlaBox release. ", with async " job-id)] (when (not= job-status 201) (throw (r/ex-response "unable to create async job to cluster NuvlaBox" 500 id))) - (event-utils/create-event id job-msg acl) + (ectx/add-linked-identifier job-id) + ;; Legacy event + ;; (event-utils/create-event id job-msg acl) (r/map-response job-msg 202 id job-id)) (catch Exception e (or (ex-data e) (throw e))))) @@ -676,7 +688,9 @@ particular NuvlaBox release. (when (not= job-status 201) (throw (r/ex-response "unable to create async job to add SSH key to NuvlaBox" 500 id))) - (event-utils/create-event id job-msg acl) + (ectx/add-linked-identifier job-id) + ;; Legacy event + ;; (event-utils/create-event id job-msg acl) (r/map-response (or (:private-key ssh-credential) job-msg) 202 id job-id)) (catch Exception e (or (ex-data e) (throw e))))) @@ -745,7 +759,9 @@ particular NuvlaBox release. (when (not= job-status 201) (throw (r/ex-response "unable to create async job to remove SSH key from NuvlaBox" 500 id))) - (event-utils/create-event id job-msg acl) + (ectx/add-linked-identifier job-id) + ;; Legacy event + ;; (event-utils/create-event id job-msg acl) (r/map-response job-msg 202 id job-id)) (catch Exception e (or (ex-data e) (throw e))))))) @@ -797,7 +813,9 @@ particular NuvlaBox release. ", with async " job-id)] (when (not= job-status 201) (throw (r/ex-response "unable to create async job to update NuvlaBox" 500 id))) - (event-utils/create-event id job-msg acl) + (ectx/add-linked-identifier job-id) + ;; Legacy event + ;; (event-utils/create-event id job-msg acl) (r/map-response job-msg 202 id job-id)) (catch Exception e (or (ex-data e) (throw e))))))) @@ -1074,6 +1092,106 @@ particular NuvlaBox release. (utils/can-unsuspend? resource) (conj unsuspend-op) ))))) + +;; +;; Events +;; + +(defmethod ec/events-enabled? resource-type + [_resource-type] + true) + + +(defmethod ec/log-event? "nuvlabox.check-api" + [_event _response] + false) + + +(defmethod ec/log-event? "nuvlabox.assemble-playbooks" + [_event _response] + false) + + +(defmethod ec/event-description "nuvlabox.activate" + [{:keys [success] {:keys [user-id]} :authn-info :as _event} & _] + (if success + (when-let [user-name (or (some-> user-id crud/retrieve-by-id-as-admin1 :name) user-id)] + (str user-name " activated nuvlabox.")) + "Nuvlabox activation attempt failed.")) + + +(defmethod ec/event-description "nuvlabox.commission" + [{:keys [success] {:keys [user-id]} :authn-info :as _event} & _] + (if success + (when-let [user-name (or (some-> user-id crud/retrieve-by-id-as-admin1 :name) user-id)] + (str user-name " commissioned nuvlabox.")) + "Nuvlabox commissioning attempt failed.")) + + +(defmethod ec/event-description "nuvlabox.decommission" + [{:keys [success] {:keys [user-id]} :authn-info :as _event} & _] + (if success + (when-let [user-name (or (some-> user-id crud/retrieve-by-id-as-admin1 :name) user-id)] + (str user-name " decommissioned nuvlabox.")) + "Nuvlabox decommission attempt failed.")) + + +(defmethod ec/event-description "nuvlabox.reboot" + [{:keys [success] {:keys [user-id]} :authn-info :as _event} & _] + (if success + (when-let [user-name (or (some-> user-id crud/retrieve-by-id-as-admin1 :name) user-id)] + (str user-name " rebooted nuvlabox.")) + "Nuvlabox reboot attempt failed.")) + + +(defmethod ec/event-description "nuvlabox.add-ssh-key" + [{:keys [success] {:keys [user-id]} :authn-info :as _event} & _] + (if success + (when-let [user-name (or (some-> user-id crud/retrieve-by-id-as-admin1 :name) user-id)] + (str user-name " added ssh key to nuvlabox.")) + "Nuvlabox ssh key addition attempt failed.")) + + +(defmethod ec/event-description "nuvlabox.revoke-ssh-key" + [{:keys [success] {:keys [user-id]} :authn-info :as _event} & _] + (if success + (when-let [user-name (or (some-> user-id crud/retrieve-by-id-as-admin1 :name) user-id)] + (str user-name " revoked ssh key from nuvlabox.")) + "Nuvlabox commission attempt failed.")) + + +(defmethod ec/event-description "nuvlabox.update-nuvlabox" + [{:keys [success] {:keys [user-id]} :authn-info :as _event} & _] + (if success + (when-let [user-name (or (some-> user-id crud/retrieve-by-id-as-admin1 :name) user-id)] + (str user-name " updated nuvlabox.")) + "Nuvlabox update attempt failed.")) + + +(defmethod ec/event-description "nuvlabox.enable-host-level-management" + [{:keys [success] {:keys [user-id]} :authn-info :as _event} & _] + (if success + (when-let [user-name (or (some-> user-id crud/retrieve-by-id-as-admin1 :name) user-id)] + (str user-name " enabled host-level management on nuvlabox.")) + "Nuvlabox host-level management enabling attempt failed.")) + + +(defmethod ec/event-description "nuvlabox.disable-host-level-management" + [{:keys [success] {:keys [user-id]} :authn-info :as _event} & _] + (if success + (when-let [user-name (or (some-> user-id crud/retrieve-by-id-as-admin1 :name) user-id)] + (str user-name " disabled host-level management on nuvlabox.")) + "Nuvlabox host-level management disabling attempt failed.")) + + +(defmethod ec/event-description "nuvlabox.unsuspend" + [{:keys [success] {:keys [user-id]} :authn-info :as _event} & _] + (if success + (when-let [user-name (or (some-> user-id crud/retrieve-by-id-as-admin1 :name) user-id)] + (str user-name " unsuspended nuvlabox.")) + "Nuvlabox unsuspend attempt failed.")) + + ;; ;; initialization ;; diff --git a/code/test/sixsq/nuvla/server/resources/nuvlabox_0_lifecycle_test.clj b/code/test/sixsq/nuvla/server/resources/nuvlabox_0_lifecycle_test.clj index a1a086619..cba6289ed 100644 --- a/code/test/sixsq/nuvla/server/resources/nuvlabox_0_lifecycle_test.clj +++ b/code/test/sixsq/nuvla/server/resources/nuvlabox_0_lifecycle_test.clj @@ -81,6 +81,8 @@ :owners ["group/nuvla-admin"] }}) +(def admin-group-name "Nuvla Administrator Group") + (deftest check-metadata (mdtu/check-metadata-exists nb/resource-type @@ -93,7 +95,10 @@ session (content-type "application/json")) - session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon")] + session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") + authn-info {:user-id "user/alpha" + :active-claim "user/alpha" + :claims ["group/nuvla-anon" "user/alpha" "group/nuvla-user"]}] (let [nuvlabox-id (-> session-owner (request base-uri @@ -104,6 +109,14 @@ (ltu/location)) nuvlabox-url (str p/service-context nuvlabox-id) + _ (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.add" + :description (str "user/alpha added nuvlabox " nuvlabox-id ".") + :category "add" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) {:keys [id acl owner]} (-> session-owner (request nuvlabox-url) (ltu/body->edn) @@ -139,10 +152,28 @@ (ltu/is-key-value :edit-acl :acl (conj (:edit-acl acl) new-owner)) (ltu/body))) + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.edit" + :description "user/alpha edited nuvlabox name NB changed." + :category "edit" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha" "user/beta"]}}) + (-> session-owner (request nuvlabox-url :request-method :delete) - (ltu/is-status 200))) + (ltu/is-status 200)) + + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.delete" + :description "user/alpha deleted nuvlabox name NB changed." + :category "delete" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha" "user/beta"]}})) ;; create nuvlabox with inexistent vpn id will fail (-> session-owner @@ -157,15 +188,26 @@ (deftest create-activate-decommission-delete-lifecycle (binding [config-nuvla/*stripe-api-key* nil] - (let [session (-> (ltu/ring-app) - session - (content-type "application/json")) - session-admin (header session authn-info-header "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon") - - session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") - session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon")] - - (doseq [session [session-admin session-owner]] + (let [session (-> (ltu/ring-app) + session + (content-type "application/json")) + session-admin (header session authn-info-header "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon") + + session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") + session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon") + authn-info-admin {:user-id "group/nuvla-admin" + :active-claim "group/nuvla-admin" + :claims ["group/nuvla-admin" "group/nuvla-anon" "group/nuvla-user"]} + authn-info-owner {:user-id "user/alpha" + :active-claim "user/alpha" + :claims ["group/nuvla-anon" "user/alpha" "group/nuvla-user"]} + authn-info-anon {:user-id "user/unknown" + :active-claim "user/unknown" + :claims #{"user/unknown" "group/nuvla-anon"}}] + + (doseq [[session authn-info user-name-or-id] + [[session-admin authn-info-admin admin-group-name] + [session-owner authn-info-owner "user/alpha"]]] (let [nuvlabox-id (-> session (request base-uri :request-method :post @@ -174,6 +216,14 @@ (ltu/is-status 201) (ltu/location)) nuvlabox-url (str p/service-context nuvlabox-id) + _ (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.add" + :description (str user-name-or-id " added nuvlabox " nuvlabox-id ".") + :category "add" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) activate-url (-> session (request nuvlabox-url) @@ -199,6 +249,15 @@ :api-key (ltu/href->url)) + _ (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.activate" + :description "user/unknown activated nuvlabox." + :category "action" + :success true + :linked-identifiers [] + :authn-info authn-info-anon + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) + credential-nuvlabox (-> session-admin (request credential-url) (ltu/body->edn) @@ -258,11 +317,21 @@ (ltu/is-key-value :state "ACTIVATED") (ltu/get-op-url :decommission))] - (-> session - (request decommission-url - :request-method :post) - (ltu/body->edn) - (ltu/is-status 202)) + (let [job-id (-> session + (request decommission-url + :request-method :post) + (ltu/body->edn) + (ltu/is-status 202) + (ltu/location))] + + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.decommission" + :description (str user-name-or-id " decommissioned nuvlabox.") + :category "action" + :success true + :linked-identifiers [job-id] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin"]}})) ;; verify state of the resource and that ACL has been updated (let [{:keys [owner acl]} (-> session @@ -312,6 +381,15 @@ (ltu/body->edn) (ltu/is-status 200)) + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.delete" + :description (str user-name-or-id " deleted nuvlabox " nuvlabox-id ".") + :category "delete" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin"]}}) + ;; verify that the nuvlabox has been removed (-> session (request nuvlabox-url) @@ -321,15 +399,26 @@ (deftest create-activate-commission-decommission-error-delete-lifecycle (binding [config-nuvla/*stripe-api-key* nil] - (let [session (-> (ltu/ring-app) - session - (content-type "application/json")) - session-admin (header session authn-info-header "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon") - - session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") - session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon")] - - (doseq [session [session-admin session-owner]] + (let [session (-> (ltu/ring-app) + session + (content-type "application/json")) + session-admin (header session authn-info-header "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon") + + session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") + session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon") + authn-info-admin {:user-id "group/nuvla-admin" + :active-claim "group/nuvla-admin" + :claims ["group/nuvla-admin" "group/nuvla-anon" "group/nuvla-user"]} + authn-info-owner {:user-id "user/alpha" + :active-claim "user/alpha" + :claims ["group/nuvla-anon" "user/alpha" "group/nuvla-user"]} + authn-info-anon {:user-id "user/unknown" + :active-claim "user/unknown" + :claims #{"user/unknown" "group/nuvla-anon"}}] + + (doseq [[session authn-info user-name-or-id] + [[session-admin authn-info-admin admin-group-name] + [session-owner authn-info-owner "user/alpha"]]] (let [nuvlabox-id (-> session (request base-uri :request-method :post @@ -339,6 +428,15 @@ (ltu/location)) nuvlabox-url (str p/service-context nuvlabox-id) + _ (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.add" + :description (str user-name-or-id " added nuvlabox " nuvlabox-id ".") + :category "add" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) + activate-url (-> session (request nuvlabox-url) (ltu/body->edn) @@ -362,6 +460,15 @@ :api-key (ltu/href->url)) + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.activate" + :description "user/unknown activated nuvlabox." + :category "action" + :success true + :linked-identifiers [] + :authn-info authn-info-anon + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) + (let [{isg-id :id} (-> session-admin (content-type "application/x-www-form-urlencoded") (request isg-collection-uri @@ -401,6 +508,15 @@ (ltu/body->edn) (ltu/is-status 200)) + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.commission" + :description (str user-name-or-id " commissioned nuvlabox.") + :category "action" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) + ;; verify state of the resource (-> session (request nuvlabox-url) @@ -556,7 +672,34 @@ (ltu/body->edn) (ltu/is-status 201) (ltu/body) - :resource-id)] + :resource-id) + + action (fn [action-url action-id method body event-description] + (let [job-id (-> (case method + :get + (request session action-url) + :post + (request session + action-url + :request-method :post + :body (json/write-str body)) + nil) + (ltu/body->edn) + (ltu/is-status 202) + (ltu/location))] + + (ltu/is-last-event nuvlabox-id + {:name (str "nuvlabox." action-id) + :description (str user-name-or-id " " event-description ".") + :category "action" + :success true + :linked-identifiers [job-id] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}))) + action-get (fn [action-url action-id event-description] + (action action-url action-id :get nil event-description)) + action-post (fn [action-url action-id body event-description] + (action action-url action-id :post body event-description))] ;; check-api action (-> session @@ -565,32 +708,16 @@ (ltu/is-status 202)) ;; reboot action - (-> session - (request reboot) - (ltu/body->edn) - (ltu/is-status 202)) + (action-get reboot "reboot" "rebooted nuvlabox") ;; add-ssh-key action - (-> session - (request add-ssh-key) - (ltu/body->edn) - (ltu/is-status 202)) + (action-get add-ssh-key "add-ssh-key" "added ssh key to nuvlabox") ;; revoke-ssh-key action - (-> session - (request revoke-ssh-key - :request-method :post - :body (json/write-str {:credential aux-ssh-cred})) - (ltu/body->edn) - (ltu/is-status 202)) + (action-post revoke-ssh-key "revoke-ssh-key" {:credential aux-ssh-cred} "revoked ssh key from nuvlabox") ;; update-nuvlabox-action - (-> session - (request update-nuvlabox - :request-method :post - :body (json/write-str {:nuvlabox-release nuvlabox-release})) - (ltu/body->edn) - (ltu/is-status 202))) + (action-post update-nuvlabox "update-nuvlabox" {:nuvlabox-release nuvlabox-release} "updated nuvlabox")) ;; second commissioning of the resource (with swarm credentials) (-> session diff --git a/code/test/sixsq/nuvla/server/resources/nuvlabox_1_lifecycle_test.clj b/code/test/sixsq/nuvla/server/resources/nuvlabox_1_lifecycle_test.clj index b8be0e601..cf5766d64 100644 --- a/code/test/sixsq/nuvla/server/resources/nuvlabox_1_lifecycle_test.clj +++ b/code/test/sixsq/nuvla/server/resources/nuvlabox_1_lifecycle_test.clj @@ -68,6 +68,9 @@ (str nb/resource-type "-" nb-1/schema-version))) +(def admin-group-name "Nuvla Administrator Group") + + (deftest create-edit-delete-lifecycle ;; Disable stripe (binding [config-nuvla/*stripe-api-key* nil] @@ -75,7 +78,10 @@ session (content-type "application/json")) - session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon")] + session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") + authn-info {:user-id "user/alpha" + :active-claim "user/alpha" + :claims ["group/nuvla-anon" "user/alpha" "group/nuvla-user"]}] (let [nuvlabox-id (-> session-owner (request base-uri @@ -86,6 +92,14 @@ (ltu/location)) nuvlabox-url (str p/service-context nuvlabox-id) + _ (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.add" + :description (str "user/alpha added nuvlabox " nuvlabox-id ".") + :category "add" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) {:keys [id acl owner]} (-> session-owner (request nuvlabox-url) (ltu/body->edn) @@ -121,15 +135,26 @@ (deftest create-activate-decommission-delete-lifecycle (binding [config-nuvla/*stripe-api-key* nil] - (let [session (-> (ltu/ring-app) - session - (content-type "application/json")) - session-admin (header session authn-info-header "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon") - - session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") - session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon")] - - (doseq [session [session-admin session-owner]] + (let [session (-> (ltu/ring-app) + session + (content-type "application/json")) + session-admin (header session authn-info-header "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon") + + session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") + session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon") + authn-info-admin {:user-id "group/nuvla-admin" + :active-claim "group/nuvla-admin" + :claims ["group/nuvla-admin" "group/nuvla-anon" "group/nuvla-user"]} + authn-info-owner {:user-id "user/alpha" + :active-claim "user/alpha" + :claims ["group/nuvla-anon" "user/alpha" "group/nuvla-user"]} + authn-info-anon {:user-id "user/unknown" + :active-claim "user/unknown" + :claims #{"user/unknown" "group/nuvla-anon"}}] + + (doseq [[session authn-info user-name-or-id] + [[session-admin authn-info-admin admin-group-name] + [session-owner authn-info-owner "user/alpha"]]] (let [nuvlabox-id (-> session (request base-uri :request-method :post @@ -139,6 +164,14 @@ (ltu/is-status 201) (ltu/location)) nuvlabox-url (str p/service-context nuvlabox-id) + _ (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.add" + :description (str user-name-or-id " added nuvlabox " nuvlabox-id ".") + :category "add" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) activate-url (-> session (request nuvlabox-url) @@ -164,6 +197,15 @@ :api-key (ltu/href->url)) + _ (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.activate" + :description "user/unknown activated nuvlabox." + :category "action" + :success true + :linked-identifiers [] + :authn-info authn-info-anon + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) + credential-nuvlabox (-> session-admin (request credential-url) (ltu/body->edn) @@ -223,11 +265,21 @@ (ltu/is-key-value :state "ACTIVATED") (ltu/get-op-url :decommission))] - (-> session - (request decommission-url - :request-method :post) - (ltu/body->edn) - (ltu/is-status 202)) + (let [job-id (-> session + (request decommission-url + :request-method :post) + (ltu/body->edn) + (ltu/is-status 202) + (ltu/location))] + + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.decommission" + :description (str user-name-or-id " decommissioned nuvlabox.") + :category "action" + :success true + :linked-identifiers [job-id] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin"]}})) ;; verify state of the resource and that ACL has been updated (let [{:keys [owner acl]} (-> session @@ -277,6 +329,15 @@ (ltu/body->edn) (ltu/is-status 200)) + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.delete" + :description (str user-name-or-id " deleted nuvlabox " nuvlabox-id ".") + :category "delete" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin"]}}) + ;; verify that the nuvlabox has been removed (-> session (request nuvlabox-url) @@ -286,16 +347,27 @@ (deftest create-activate-commission-decommission-error-delete-lifecycle (binding [config-nuvla/*stripe-api-key* nil] - (let [session (-> (ltu/ring-app) - session - (content-type "application/json")) - session-admin (header session authn-info-header "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon") - - session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") - session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon") - tags #{"tag-1", "tag-2"}] - - (doseq [session [session-admin session-owner]] + (let [session (-> (ltu/ring-app) + session + (content-type "application/json")) + session-admin (header session authn-info-header "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon") + + session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") + session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon") + authn-info-admin {:user-id "group/nuvla-admin" + :active-claim "group/nuvla-admin" + :claims ["group/nuvla-admin" "group/nuvla-anon" "group/nuvla-user"]} + authn-info-owner {:user-id "user/alpha" + :active-claim "user/alpha" + :claims ["group/nuvla-anon" "user/alpha" "group/nuvla-user"]} + authn-info-anon {:user-id "user/unknown" + :active-claim "user/unknown" + :claims #{"user/unknown" "group/nuvla-anon"}} + tags #{"tag-1", "tag-2"}] + + (doseq [[session authn-info user-name-or-id] + [[session-admin authn-info-admin admin-group-name] + [session-owner authn-info-owner "user/alpha"]]] (let [nuvlabox-id (-> session (request base-uri :request-method :post @@ -306,6 +378,15 @@ (ltu/location)) nuvlabox-url (str p/service-context nuvlabox-id) + _ (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.add" + :description (str user-name-or-id " added nuvlabox " nuvlabox-id ".") + :category "add" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) + activate-url (-> session (request nuvlabox-url) (ltu/body->edn) @@ -329,6 +410,15 @@ :api-key (ltu/href->url)) + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.activate" + :description "user/unknown activated nuvlabox." + :category "action" + :success true + :linked-identifiers [] + :authn-info authn-info-anon + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) + (let [{isg-id :id} (-> session-admin (content-type "application/x-www-form-urlencoded") (request isg-collection-uri @@ -371,6 +461,15 @@ (ltu/body->edn) (ltu/is-status 200)) + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.commission" + :description (str user-name-or-id " commissioned nuvlabox.") + :category "action" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) + ;; verify state of the resource (-> session (request nuvlabox-url) diff --git a/code/test/sixsq/nuvla/server/resources/nuvlabox_2_lifecycle_test.clj b/code/test/sixsq/nuvla/server/resources/nuvlabox_2_lifecycle_test.clj index 53c2fc97e..c9d8f59b4 100644 --- a/code/test/sixsq/nuvla/server/resources/nuvlabox_2_lifecycle_test.clj +++ b/code/test/sixsq/nuvla/server/resources/nuvlabox_2_lifecycle_test.clj @@ -68,6 +68,9 @@ :capabilities ["RANDOM" "NUVLA_JOB_PULL"]}) +(def admin-group-name "Nuvla Administrator Group") + + (deftest check-metadata (mdtu/check-metadata-exists nb/resource-type (str nb/resource-type "-" nb-2/schema-version))) @@ -80,7 +83,10 @@ session (content-type "application/json")) - session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon")] + session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") + authn-info {:user-id "user/alpha" + :active-claim "user/alpha" + :claims ["group/nuvla-anon" "user/alpha" "group/nuvla-user"]}] (let [nuvlabox-id (-> session-owner (request base-uri @@ -90,6 +96,14 @@ (ltu/is-status 201) (ltu/location)) nuvlabox-url (str p/service-context nuvlabox-id) + _ (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.add" + :description (str "user/alpha added nuvlabox " nb-name ".") + :category "add" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) {:keys [id acl owner]} (-> session-owner (request nuvlabox-url) @@ -111,7 +125,16 @@ (-> session-owner (request nuvlabox-url :request-method :delete) - (ltu/is-status 200))) + (ltu/is-status 200)) + + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.delete" + :description (str "user/alpha deleted nuvlabox " nb-name ".") + :category "delete" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}})) ;; create nuvlabox with inexistent vpn id will fail (-> session-owner @@ -126,14 +149,25 @@ (deftest create-activate-create-log-decommission-delete-lifecycle (binding [config-nuvla/*stripe-api-key* nil] - (let [session (-> (ltu/ring-app) - session - (content-type "application/json")) - session-admin (header session authn-info-header (str "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon " session-id)) - session-owner (header session authn-info-header (str "user/alpha user/alpha group/nuvla-user group/nuvla-anon " session-id)) - session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon")] - - (doseq [session [session-admin session-owner]] + (let [session (-> (ltu/ring-app) + session + (content-type "application/json")) + session-admin (header session authn-info-header (str "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon " session-id)) + session-owner (header session authn-info-header (str "user/alpha user/alpha group/nuvla-user group/nuvla-anon " session-id)) + session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon") + authn-info-admin {:user-id "group/nuvla-admin" + :active-claim "group/nuvla-admin" + :claims ["group/nuvla-admin" "group/nuvla-anon" "group/nuvla-user" session-id]} + authn-info-owner {:user-id "user/alpha" + :active-claim "user/alpha" + :claims ["group/nuvla-anon" "user/alpha" "group/nuvla-user" session-id]} + authn-info-anon {:user-id "user/unknown" + :active-claim "user/unknown" + :claims #{"user/unknown" "group/nuvla-anon"}}] + + (doseq [[session authn-info user-name-or-id] + [[session-admin authn-info-admin admin-group-name] + [session-owner authn-info-owner "user/alpha"]]] (let [nuvlabox-id (-> session (request base-uri :request-method :post @@ -143,6 +177,14 @@ (ltu/is-status 201) (ltu/location)) nuvlabox-url (str p/service-context nuvlabox-id) + _ (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.add" + :description (str user-name-or-id " added nuvlabox " nb-name ".") + :category "add" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) activate-url (-> session (request nuvlabox-url) @@ -169,6 +211,14 @@ (ltu/body) :api-key (ltu/href->url)) + _ (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.activate" + :description "user/unknown activated nuvlabox." + :category "action" + :success true + :linked-identifiers [] + :authn-info authn-info-anon + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) credential-nuvlabox (-> session-admin (request credential-url) @@ -251,11 +301,21 @@ (ltu/is-key-value :delete :acl ["group/nuvla-admin" session-id]) (ltu/is-key-value :view-acl :acl ["group/nuvla-admin" session-id])))) - (-> session - (request decommission-url - :request-method :post) - (ltu/body->edn) - (ltu/is-status 202)) + (let [job-id (-> session + (request decommission-url + :request-method :post) + (ltu/body->edn) + (ltu/is-status 202) + (ltu/location))] + + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.decommission" + :description (str user-name-or-id " decommissioned nuvlabox.") + :category "action" + :success true + :linked-identifiers [job-id] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin"]}})) ;; verify state of the resource and that ACL has been updated (let [{:keys [owner acl]} (-> session @@ -306,6 +366,15 @@ (ltu/body->edn) (ltu/is-status 200)) + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.delete" + :description (str user-name-or-id " deleted nuvlabox " nb-name ".") + :category "delete" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin"]}}) + ;; verify that the nuvlabox has been removed (-> session (request nuvlabox-url) @@ -363,16 +432,27 @@ (deftest create-activate-commission-decommission-error-delete-lifecycle (binding [config-nuvla/*stripe-api-key* nil] - (let [session (-> (ltu/ring-app) - session - (content-type "application/json")) - session-admin (header session authn-info-header "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon") - - session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") - session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon") - tags #{"tag-1", "tag-2"}] - - (doseq [session [session-admin session-owner]] + (let [session (-> (ltu/ring-app) + session + (content-type "application/json")) + session-admin (header session authn-info-header "group/nuvla-admin group/nuvla-admin group/nuvla-user group/nuvla-anon") + + session-owner (header session authn-info-header "user/alpha user/alpha group/nuvla-user group/nuvla-anon") + session-anon (header session authn-info-header "user/unknown user/unknown group/nuvla-anon") + authn-info-admin {:user-id "group/nuvla-admin" + :active-claim "group/nuvla-admin" + :claims ["group/nuvla-admin" "group/nuvla-anon" "group/nuvla-user"]} + authn-info-owner {:user-id "user/alpha" + :active-claim "user/alpha" + :claims ["group/nuvla-anon" "user/alpha" "group/nuvla-user"]} + authn-info-anon {:user-id "user/unknown" + :active-claim "user/unknown" + :claims #{"user/unknown" "group/nuvla-anon"}} + tags #{"tag-1", "tag-2"}] + + (doseq [[session authn-info user-name-or-id] + [[session-admin authn-info-admin admin-group-name] + [session-owner authn-info-owner "user/alpha"]]] (let [nuvlabox-id (-> session (request base-uri :request-method :post @@ -406,6 +486,15 @@ :api-key (ltu/href->url)) + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.activate" + :description "user/unknown activated nuvlabox." + :category "action" + :success true + :linked-identifiers [] + :authn-info authn-info-anon + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) + (let [{isg-id :id} (-> session-admin (content-type "application/x-www-form-urlencoded") (request isg-collection-uri @@ -448,6 +537,15 @@ (ltu/body->edn) (ltu/is-status 200)) + (ltu/is-last-event nuvlabox-id + {:name "nuvlabox.commission" + :description (str user-name-or-id " commissioned nuvlabox.") + :category "action" + :success true + :linked-identifiers [] + :authn-info authn-info + :acl {:owners ["group/nuvla-admin" "user/alpha"]}}) + ;; verify state of the resource (-> session (request nuvlabox-url)