Error and Audit logger webhooks (#1855)

Similar to MinIO now it's possible to configure webhooks to log all triggered errors and incomming requests via env variables: ``` CONSOLE_LOGGER_WEBHOOK_ENABLE_<ID> CONSOLE_LOGGER_WEBHOOK_ENDPOINT_<ID> CONSOLE_LOGGER_WEBHOOK_AUTH_TOKEN_<ID> CONSOLE_LOGGER_WEBHOOK_CLIENT_CERT_<ID> CONSOLE_LOGGER_WEBHOOK_CLIENT_KEY_<ID> CONSOLE_LOGGER_WEBHOOK_QUEUE_SIZE_<ID> CONSOLE_AUDIT_WEBHOOK_ENABLE_<ID> CONSOLE_AUDIT_WEBHOOK_ENDPOINT_<ID> CONSOLE_AUDIT_WEBHOOK_AUTH_TOKEN_<ID> CONSOLE_AUDIT_WEBHOOK_CLIENT_CERT_<ID> CONSOLE_AUDIT_WEBHOOK_QUEUE_SIZE_<ID> ``` Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
2022-04-28 12:55:06 -07:00
parent 8c18829089
commit 566fb27fc1
100 changed files with 4959 additions and 1738 deletions
--- a/restapi/user_session_test.go
+++ b/restapi/user_session_test.go
@@ -0,0 +1,159 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package restapi
+
+import (
+	"context"
+	"os"
+	"reflect"
+	"testing"
+
+	"github.com/minio/console/models"
+	"github.com/minio/console/pkg/auth/idp/oauth2"
+	"github.com/minio/console/pkg/auth/ldap"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_getSessionResponse(t *testing.T) {
+	type args struct {
+		ctx     context.Context
+		session *models.Principal
+	}
+	ctx := context.Background()
+	tests := []struct {
+		name     string
+		args     args
+		want     *models.SessionResponse
+		wantErr  bool
+		preFunc  func()
+		postFunc func()
+	}{
+		{
+			name: "empty session",
+			args: args{
+				ctx:     ctx,
+				session: nil,
+			},
+			want:    nil,
+			wantErr: true,
+		},
+		{
+			name: "malformed minio endpoint URL",
+			args: args{
+				ctx: ctx,
+				session: &models.Principal{
+					STSAccessKeyID:     "",
+					STSSecretAccessKey: "",
+					STSSessionToken:    "",
+					AccountAccessKey:   "",
+					Hm:                 false,
+				},
+			},
+			want:    nil,
+			wantErr: true,
+			preFunc: func() {
+				os.Setenv(ConsoleMinIOServer, "malformed")
+			},
+			postFunc: func() {
+				os.Unsetenv(ConsoleMinIOServer)
+			},
+		},
+		{
+			name: "malformed session",
+			args: args{
+				ctx: ctx,
+				session: &models.Principal{
+					STSAccessKeyID:     "W257A03HTI7L30F7YCRD",
+					STSSecretAccessKey: "g+QVorWQR8aSy+k3OHOoYn0qKpENld72faCMfYps",
+					STSSessionToken:    "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJXMjU3QTAzSFRJN0wzMEY3WUNSRCIsImV4cCI6MTY1MTAxNjU1OCwicGFyZW50IjoibWluaW8ifQ.uFFIIEQ6qM_QvMM297ODi_uK2IA1pwvsDbyBGErkQKqtbY_Ynte8GUkNsSHBEMCT9Fr7uUwaxK41kUqjtbqAwA",
+					AccountAccessKey:   "minio",
+					Hm:                 false,
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.preFunc != nil {
+				tt.preFunc()
+			}
+			session, err := getSessionResponse(tt.args.ctx, tt.args.session)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("getSessionResponse() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(session, tt.want) {
+				t.Errorf("getSessionResponse() got = %v, want %v", session, tt.want)
+			}
+			if tt.postFunc != nil {
+				tt.postFunc()
+			}
+		})
+	}
+}
+
+func Test_getListOfEnabledFeatures(t *testing.T) {
+	type args struct {
+		session *models.Principal
+	}
+	tests := []struct {
+		name     string
+		args     args
+		want     []string
+		preFunc  func()
+		postFunc func()
+	}{
+		{
+			name: "all features are enabled",
+			args: args{
+				session: &models.Principal{
+					STSAccessKeyID:     "",
+					STSSecretAccessKey: "",
+					STSSessionToken:    "",
+					AccountAccessKey:   "",
+					Hm:                 true,
+				},
+			},
+			want: []string{"log-search", "oidc-idp", "external-idp", "ldap-idp", "external-idp", "hide-menu"},
+			preFunc: func() {
+				os.Setenv(ConsoleLogQueryURL, "http://logsearchapi:8080")
+				os.Setenv(oauth2.ConsoleIDPURL, "http://external-idp.com")
+				os.Setenv(oauth2.ConsoleIDPClientID, "eaeaeaeaeaea")
+				os.Setenv(ldap.ConsoleLDAPEnabled, "on")
+			},
+			postFunc: func() {
+				os.Unsetenv(ConsoleLogQueryURL)
+				os.Unsetenv(oauth2.ConsoleIDPURL)
+				os.Unsetenv(oauth2.ConsoleIDPClientID)
+				os.Unsetenv(ldap.ConsoleLDAPEnabled)
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.preFunc != nil {
+				tt.preFunc()
+			}
+			assert.Equalf(t, tt.want, getListOfEnabledFeatures(tt.args.session), "getListOfEnabledFeatures(%v)", tt.args.session)
+			if tt.postFunc != nil {
+				tt.postFunc()
+			}
+		})
+	}
+}