Reject event type data-access

as it is currently not supported by downstream services.
2026-02-07 16:47:24 +00:00 · 2024-10-07 07:19:15 +02:00 · 2024-10-07 07:19:15 +02:00 · 8263ad9d5f
commit 8263ad9d5f
parent a05c8b54b2
9 changed files with 144 additions and 0 deletions
--- a/audit/api/api_common.go
+++ b/audit/api/api_common.go
@ -59,6 +59,9 @@ var ErrMessagingApiNil = errors.New("messaging api nil")
 // ErrCloudEventNil states that the given cloud event is nil
 var ErrCloudEventNil = errors.New("cloud event nil")

+// ErrUnsupportedEventTypeDataAccess states that the event type "data-access" is currently not supported
+var ErrUnsupportedEventTypeDataAccess = errors.New("unsupported event type data access")
+
 func validateAndSerializePartially(
 	validator *ProtobufValidator,
 	event *auditV1.AuditLogEntry,
--- a/audit/api/api_legacy.go
+++ b/audit/api/api_legacy.go
@ -5,6 +5,7 @@ import (
 	"dev.azure.com/schwarzit/schwarzit.stackit-core-platform/audit-go.git/audit/messaging"
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-core-platform/audit-go.git/gen/go/audit/v1"
 	"errors"
+	"strings"

 	"google.golang.org/protobuf/proto"
 )
@ -119,6 +120,12 @@ func (a *LegacyAuditApi) ValidateAndSerializeWithTrace(
 		return nil, err
 	}

+	// Reject event type data-access as the downstream services
+	// cannot handle it at the moment
+	if strings.HasSuffix(event.LogName, string(EventTypeDataAccess)) {
+		return nil, ErrUnsupportedEventTypeDataAccess
+	}
+
 	// Do nothing with the serialized data in the legacy solution
 	_, err = proto.Marshal(routableEvent)
 	if err != nil {
--- a/audit/api/api_legacy_dynamic.go
+++ b/audit/api/api_legacy_dynamic.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strings"

 	"dev.azure.com/schwarzit/schwarzit.stackit-core-platform/audit-go.git/audit/messaging"
 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-core-platform/audit-go.git/gen/go/audit/v1"
@ -102,6 +103,12 @@ func (a *DynamicLegacyAuditApi) ValidateAndSerializeWithTrace(
 		return nil, err
 	}

+	// Reject event type data-access as the downstream services
+	// cannot handle it at the moment
+	if strings.HasSuffix(event.LogName, string(EventTypeDataAccess)) {
+		return nil, ErrUnsupportedEventTypeDataAccess
+	}
+
 	// Do nothing with the serialized data in the legacy solution
 	_, err = proto.Marshal(routableEvent)
 	if err != nil {
--- a/audit/api/api_legacy_dynamic_test.go
+++ b/audit/api/api_legacy_dynamic_test.go
@ -7,6 +7,7 @@ import (
 	"log/slog"
 	"net/url"
 	"os"
+	"strings"
 	"testing"
 	"time"

@ -42,6 +43,43 @@ func TestDynamicLegacyAuditApi(t *testing.T) {
 	traceParent := "00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01"
 	traceState := "rojo=00f067aa0ba902b7,congo=t61rcWkgMzE"

+	// Check that event-type data-access is rejected as it is currently
+	// not supported by downstream services
+	t.Run("reject data access event", func(t *testing.T) {
+		defer solaceContainer.StopOnError()
+
+		// Create the queue and topic subscription in solace
+		queueName := "reject-data-access-legacy"
+		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
+		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
+
+		topicName := "topic://audit-log/eu01/v1/resource-manager/organization-rejected"
+		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
+
+		// Instantiate audit api
+		auditApi, err := NewDynamicLegacyAuditApi(
+			messagingApi,
+			validator,
+		)
+		assert.NoError(t, err)
+
+		// Instantiate test data
+		event, objectIdentifier := NewOrganizationAuditEvent(nil)
+		event.LogName = strings.Replace(event.LogName, string(EventTypeAdminActivity), string(EventTypeDataAccess), 1)
+
+		// Log the event to solace
+		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
+		ctx := context.WithValue(ctx, ContextKeyTopic, topicName)
+		assert.ErrorIs(t, (*auditApi).LogWithTrace(
+			ctx,
+			event,
+			visibility,
+			NewRoutableIdentifier(objectIdentifier),
+			&traceParent,
+			&traceState,
+		), ErrUnsupportedEventTypeDataAccess)
+	})
+
 	// Check logging of organization events
 	t.Run("Log public organization event", func(t *testing.T) {
 		defer solaceContainer.StopOnError()
--- a/audit/api/api_legacy_test.go
+++ b/audit/api/api_legacy_test.go
@ -8,6 +8,7 @@ import (
 	"log/slog"
 	"net/url"
 	"os"
+	"strings"
 	"testing"
 	"time"

@ -44,6 +45,42 @@ func TestLegacyAuditApi(t *testing.T) {
 	traceParent := "00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01"
 	traceState := "rojo=00f067aa0ba902b7,congo=t61rcWkgMzE"

+	// Check that event-type data-access is rejected as it is currently
+	// not supported by downstream services
+	t.Run("reject data access event", func(t *testing.T) {
+		defer solaceContainer.StopOnError()
+
+		// Create the queue and topic subscription in solace
+		queueName := "org-reject-data-access-legacy"
+		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
+		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, topicSubscriptionTopicPattern))
+
+		topicName := "topic://audit-log/eu01/v1/resource-manager/organization-rejected"
+		assert.NoError(t, solaceContainer.ValidateTopicName(topicSubscriptionTopicPattern, topicName))
+
+		// Instantiate audit api
+		auditApi, err := NewLegacyAuditApi(
+			messagingApi,
+			LegacyTopicNameConfig{TopicName: topicName},
+			validator,
+		)
+		assert.NoError(t, err)
+
+		// Instantiate test data
+		event, objectIdentifier := NewOrganizationAuditEvent(nil)
+		event.LogName = strings.Replace(event.LogName, string(EventTypeAdminActivity), string(EventTypeDataAccess), 1)
+
+		// Log the event to solace
+		assert.ErrorIs(t, (*auditApi).LogWithTrace(
+			ctx,
+			event,
+			auditV1.Visibility_VISIBILITY_PUBLIC,
+			NewRoutableIdentifier(objectIdentifier),
+			&traceParent,
+			&traceState,
+		), ErrUnsupportedEventTypeDataAccess)
+	})
+
 	// Check logging of organization events
 	t.Run("Log public organization event", func(t *testing.T) {
 		defer solaceContainer.StopOnError()
--- a/audit/api/api_mock.go
+++ b/audit/api/api_mock.go
@ -3,6 +3,7 @@ package api
 import (
 	"context"
 	"fmt"
+	"strings"

 	"google.golang.org/protobuf/proto"

@ -77,6 +78,12 @@ func (a *MockAuditApi) ValidateAndSerializeWithTrace(
 		return nil, err
 	}

+	// Reject event type data-access as the downstream services
+	// cannot handle it at the moment
+	if strings.HasSuffix(event.LogName, string(EventTypeDataAccess)) {
+		return nil, ErrUnsupportedEventTypeDataAccess
+	}
+
 	routableEventBytes, err := proto.Marshal(routableEvent)
 	if err != nil {
 		return nil, err
--- a/audit/api/api_mock_test.go
+++ b/audit/api/api_mock_test.go
@ -2,6 +2,7 @@ package api

 import (
 	"context"
+	"strings"
 	"testing"

 	auditV1 "dev.azure.com/schwarzit/schwarzit.stackit-core-platform/audit-go.git/gen/go/audit/v1"
@ -24,6 +25,16 @@ func TestMockAuditApi_Log(t *testing.T) {
 			context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, routableObjectIdentifier))
 	})

+	t.Run("reject data access event", func(t *testing.T) {
+		event, objectIdentifier := NewOrganizationAuditEvent(nil)
+		event.LogName = strings.Replace(event.LogName, string(EventTypeAdminActivity), string(EventTypeDataAccess), 1)
+		routableObjectIdentifier := NewRoutableIdentifier(objectIdentifier)
+
+		assert.ErrorIs(t, (*auditApi).Log(
+			context.Background(), event, auditV1.Visibility_VISIBILITY_PUBLIC, routableObjectIdentifier),
+			ErrUnsupportedEventTypeDataAccess)
+	})
+
 	t.Run("ValidateAndSerialize", func(t *testing.T) {
 		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
 		cloudEvent, err := (*auditApi).ValidateAndSerializeWithTrace(
--- a/audit/api/api_routable.go
+++ b/audit/api/api_routable.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strings"

 	"google.golang.org/protobuf/proto"

@ -159,6 +160,12 @@ func (a *routableAuditApi) ValidateAndSerializeWithTrace(
 		return nil, err
 	}

+	// Reject event type data-access as the downstream services
+	// cannot handle it at the moment
+	if strings.HasSuffix(event.LogName, string(EventTypeDataAccess)) {
+		return nil, ErrUnsupportedEventTypeDataAccess
+	}
+
 	routableEventBytes, err := proto.Marshal(routableEvent)
 	if err != nil {
 		return nil, err
--- a/audit/api/api_routable_test.go
+++ b/audit/api/api_routable_test.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strings"
 	"testing"
 	"time"

@ -58,6 +59,32 @@ func TestRoutableAuditApi(t *testing.T) {
 	)
 	assert.NoError(t, err)

+	// Check that event-type data-access is rejected as it is currently
+	// not supported by downstream services
+	t.Run("reject data access event", func(t *testing.T) {
+		defer solaceContainer.StopOnError()
+
+		// Create the queue and topic subscription in solace
+		queueName := "org-reject-data-access"
+		assert.NoError(t, solaceContainer.QueueCreate(ctx, queueName))
+		assert.NoError(t, solaceContainer.TopicSubscriptionCreate(ctx, queueName, "org/*"))
+
+		// Instantiate test data
+		event, objectIdentifier := NewOrganizationAuditEvent(nil)
+		event.LogName = strings.Replace(event.LogName, string(EventTypeAdminActivity), string(EventTypeDataAccess), 1)
+
+		// Log the event to solace
+		visibility := auditV1.Visibility_VISIBILITY_PUBLIC
+		assert.ErrorIs(t, (*auditApi).LogWithTrace(
+			ctx,
+			event,
+			visibility,
+			NewRoutableIdentifier(objectIdentifier),
+			&traceParent,
+			&traceState,
+		), ErrUnsupportedEventTypeDataAccess)
+	})
+
 	// Check logging of organization events
 	t.Run("Log public organization event", func(t *testing.T) {
 		defer solaceContainer.StopOnError()