gitlab-org--gitlab-foss/spec/services/audit_event_service_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe AuditEventService do
  let(:project) { create(:project) }
  let(:user) { create(:user, :with_sign_ins) }
  let(:project_member) { create(:project_member, user: user) }
  let(:service) { described_class.new(user, project, { action: :destroy }) }
  let(:logger) { instance_double(Gitlab::AuditJsonLogger) }

  describe '#security_event' do
    before do
      stub_licensed_features(admin_audit_log: false)
    end

    it 'creates an event and logs to a file' do
      expect(service).to receive(:file_logger).and_return(logger)
      expect(logger).to receive(:info).with(author_id: user.id,
                                            author_name: user.name,
                                            entity_id: project.id,
                                            entity_type: "Project",
                                            action: :destroy)

      expect { service.security_event }.to change(AuditEvent, :count).by(1)
    end

    it 'formats from and to fields' do
      service = described_class.new(
        user, project,
        {
          from: true,
          to: false,
          action: :create,
          target_id: 1
        })
      expect(service).to receive(:file_logger).and_return(logger)
      expect(logger).to receive(:info).with(author_id: user.id,
                                            author_name: user.name,
                                            entity_type: 'Project',
                                            entity_id: project.id,
                                            from: 'true',
                                            to: 'false',
                                            action: :create,
                                            target_id: 1)

      expect { service.security_event }.to change(AuditEvent, :count).by(1)

      details = AuditEvent.last.details
      expect(details[:from]).to be true
      expect(details[:to]).to be false
      expect(details[:action]).to eq(:create)
      expect(details[:target_id]).to eq(1)
    end

    context 'authentication event' do
      let(:audit_service) { described_class.new(user, user, with: 'standard') }

      it 'creates an authentication event' do
        expect(AuthenticationEvent).to receive(:new).with(
          user: user,
          user_name: user.name,
          ip_address: user.current_sign_in_ip,
          result: AuthenticationEvent.results[:success],
          provider: 'standard'
        )

        audit_service.for_authentication.security_event
      end

      it 'tracks exceptions when the event cannot be created' do
        allow(user).to receive_messages(current_sign_in_ip: 'invalid IP')

        expect(Gitlab::ErrorTracking).to(
          receive(:track_exception)
            .with(ActiveRecord::RecordInvalid, audit_event_type: 'AuthenticationEvent').and_call_original
        )

        audit_service.for_authentication.security_event
      end
    end
  end

  describe '#log_security_event_to_file' do
    it 'logs security event to file' do
      expect(service).to receive(:file_logger).and_return(logger)
      expect(logger).to receive(:info).with(author_id: user.id,
                                            author_name: user.name,
                                            entity_type: 'Project',
                                            entity_id: project.id,
                                            action: :destroy)

      service.log_security_event_to_file
    end
  end
end
Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`# frozen_string_literal: true`

			`require 'spec_helper'`

Add latest changes from gitlab-org/gitlab@master 2020-06-24 02:09:01 -04:00			`RSpec.describe AuditEventService do`
Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`let(:project) { create(:project) }`
Add latest changes from gitlab-org/gitlab@master 2020-06-16 14:09:01 -04:00			`let(:user) { create(:user, :with_sign_ins) }`
Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`let(:project_member) { create(:project_member, user: user) }`
			`let(:service) { described_class.new(user, project, { action: :destroy }) }`
			`let(:logger) { instance_double(Gitlab::AuditJsonLogger) }`

			`describe '#security_event' do`
Add latest changes from gitlab-org/gitlab@master 2020-06-16 14:09:01 -04:00			`before do`
			`stub_licensed_features(admin_audit_log: false)`
			`end`

Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`it 'creates an event and logs to a file' do`
Format `from` and `to` fields in JSON audit log To make it possible to index the `from` and `to` fields with Elasticsearch and other tools, we need the types to be the same. Currently they are a mix of boolean and string values. Part of https://gitlab.com/gitlab-org/gitlab-ee/issues/12599 2019-07-03 18:58:05 -04:00			`expect(service).to receive(:file_logger).and_return(logger)`
Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`expect(logger).to receive(:info).with(author_id: user.id,`
Add latest changes from gitlab-org/gitlab@master 2020-07-07 08:09:16 -04:00			`author_name: user.name,`
Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`entity_id: project.id,`
			`entity_type: "Project",`
			`action: :destroy)`

Add latest changes from gitlab-org/gitlab@master 2020-08-21 05:10:08 -04:00			`expect { service.security_event }.to change(AuditEvent, :count).by(1)`
Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`end`
Format `from` and `to` fields in JSON audit log To make it possible to index the `from` and `to` fields with Elasticsearch and other tools, we need the types to be the same. Currently they are a mix of boolean and string values. Part of https://gitlab.com/gitlab-org/gitlab-ee/issues/12599 2019-07-03 18:58:05 -04:00
			`it 'formats from and to fields' do`
			`service = described_class.new(`
			`user, project,`
			`{`
			`from: true,`
			`to: false,`
			`action: :create,`
			`target_id: 1`
			`})`
			`expect(service).to receive(:file_logger).and_return(logger)`
			`expect(logger).to receive(:info).with(author_id: user.id,`
Add latest changes from gitlab-org/gitlab@master 2020-07-07 08:09:16 -04:00			`author_name: user.name,`
Format `from` and `to` fields in JSON audit log To make it possible to index the `from` and `to` fields with Elasticsearch and other tools, we need the types to be the same. Currently they are a mix of boolean and string values. Part of https://gitlab.com/gitlab-org/gitlab-ee/issues/12599 2019-07-03 18:58:05 -04:00			`entity_type: 'Project',`
			`entity_id: project.id,`
			`from: 'true',`
			`to: 'false',`
			`action: :create,`
			`target_id: 1)`

Add latest changes from gitlab-org/gitlab@master 2020-08-21 05:10:08 -04:00			`expect { service.security_event }.to change(AuditEvent, :count).by(1)`
Format `from` and `to` fields in JSON audit log To make it possible to index the `from` and `to` fields with Elasticsearch and other tools, we need the types to be the same. Currently they are a mix of boolean and string values. Part of https://gitlab.com/gitlab-org/gitlab-ee/issues/12599 2019-07-03 18:58:05 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-08-21 05:10:08 -04:00			`details = AuditEvent.last.details`
Format `from` and `to` fields in JSON audit log To make it possible to index the `from` and `to` fields with Elasticsearch and other tools, we need the types to be the same. Currently they are a mix of boolean and string values. Part of https://gitlab.com/gitlab-org/gitlab-ee/issues/12599 2019-07-03 18:58:05 -04:00			`expect(details[:from]).to be true`
			`expect(details[:to]).to be false`
			`expect(details[:action]).to eq(:create)`
			`expect(details[:target_id]).to eq(1)`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00
			`context 'authentication event' do`
			`let(:audit_service) { described_class.new(user, user, with: 'standard') }`

			`it 'creates an authentication event' do`
Add latest changes from gitlab-org/gitlab@master 2020-09-24 11:09:51 -04:00			`expect(AuthenticationEvent).to receive(:new).with(`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00			`user: user,`
			`user_name: user.name,`
			`ip_address: user.current_sign_in_ip,`
			`result: AuthenticationEvent.results[:success],`
			`provider: 'standard'`
			`)`

			`audit_service.for_authentication.security_event`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-09-24 11:09:51 -04:00
			`it 'tracks exceptions when the event cannot be created' do`
			`allow(user).to receive_messages(current_sign_in_ip: 'invalid IP')`

			`expect(Gitlab::ErrorTracking).to(`
			`receive(:track_exception)`
			`.with(ActiveRecord::RecordInvalid, audit_event_type: 'AuthenticationEvent').and_call_original`
			`)`

			`audit_service.for_authentication.security_event`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00			`end`
Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`end`
Backport "Track repository pushes as audit events" 2019-08-27 17:50:17 -04:00
			`describe '#log_security_event_to_file' do`
			`it 'logs security event to file' do`
			`expect(service).to receive(:file_logger).and_return(logger)`
			`expect(logger).to receive(:info).with(author_id: user.id,`
Add latest changes from gitlab-org/gitlab@master 2020-07-07 08:09:16 -04:00			`author_name: user.name,`
Backport "Track repository pushes as audit events" 2019-08-27 17:50:17 -04:00			`entity_type: 'Project',`
			`entity_id: project.id,`
			`action: :destroy)`

			`service.log_security_event_to_file`
			`end`
			`end`
Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`end`