From 8fbc7308623eeace5d40f88a6ad33a39a7f67f1a Mon Sep 17 00:00:00 2001 From: Geoff Wilson Date: Wed, 18 Sep 2024 15:59:29 -0400 Subject: [PATCH] Compact logging payload, rename AuthorizeRequest -> AuthorizeCertRequest for logging clarity --- app/interactors/audit_logging.rb | 5 +++-- .../{authorize_request.rb => authorize_cert_request.rb} | 2 +- app/interactors/issue_cert.rb | 2 +- app/lib/requests/secret_request.rb | 1 + app/lib/services/vault_service.rb | 1 + test/integration/certificates_test.rb | 2 +- ...horize_request_test.rb => authorize_cert_request_test.rb} | 4 ++-- 7 files changed, 10 insertions(+), 7 deletions(-) rename app/interactors/{authorize_request.rb => authorize_cert_request.rb} (94%) rename test/interactors/{authorize_request_test.rb => authorize_cert_request_test.rb} (92%) diff --git a/app/interactors/audit_logging.rb b/app/interactors/audit_logging.rb index ee5660b..a13c2d4 100644 --- a/app/interactors/audit_logging.rb +++ b/app/interactors/audit_logging.rb @@ -21,8 +21,9 @@ def log result: result, error: context.error&.message, subject: context.identity&.subject, - cert_common_name: context.request&.try(:common_name) - } + cert_common_name: context.request&.try(:common_name), + kv_path: context.request&.try(:kv_path) + }.compact! AuditLogger.new.send(level, payload) end end diff --git a/app/interactors/authorize_request.rb b/app/interactors/authorize_cert_request.rb similarity index 94% rename from app/interactors/authorize_request.rb rename to app/interactors/authorize_cert_request.rb index 85ae6bb..3533c67 100644 --- a/app/interactors/authorize_request.rb +++ b/app/interactors/authorize_cert_request.rb @@ -1,4 +1,4 @@ -class AuthorizeRequest +class AuthorizeCertRequest include Interactor include FailOnError include AuditLogging diff --git a/app/interactors/issue_cert.rb b/app/interactors/issue_cert.rb index d2513f8..318f9d7 100644 --- a/app/interactors/issue_cert.rb +++ b/app/interactors/issue_cert.rb @@ -2,5 +2,5 @@ class IssueCert include Interactor::Organizer include FailOnError - organize RefreshDomain, AuthorizeRequest, ObtainCert + organize RefreshDomain, AuthorizeCertRequest, ObtainCert end diff --git a/app/lib/requests/secret_request.rb b/app/lib/requests/secret_request.rb index 5ac2803..2ec6517 100644 --- a/app/lib/requests/secret_request.rb +++ b/app/lib/requests/secret_request.rb @@ -5,6 +5,7 @@ class SecretRequest attribute :path, :string attribute :data + alias_attribute :kv_path, :path validates :path, presence: true end diff --git a/app/lib/services/vault_service.rb b/app/lib/services/vault_service.rb index cc47319..5566ede 100644 --- a/app/lib/services/vault_service.rb +++ b/app/lib/services/vault_service.rb @@ -32,6 +32,7 @@ def client end def enable_engine(mount, type) + # create the engine mount if not present already unless client.sys.mounts.key?(mount.to_sym) client.sys.mount(mount, type, "#{type} secrets engine") end diff --git a/test/integration/certificates_test.rb b/test/integration/certificates_test.rb index 375d459..af403cb 100644 --- a/test/integration/certificates_test.rb +++ b/test/integration/certificates_test.rb @@ -1,7 +1,7 @@ require "test_helper" class CertificatesTest < ActionDispatch::IntegrationTest - test "#create unauthorized" do + test "#create with missing token" do post certificates_path assert_response :unauthorized end diff --git a/test/interactors/authorize_request_test.rb b/test/interactors/authorize_cert_request_test.rb similarity index 92% rename from test/interactors/authorize_request_test.rb rename to test/interactors/authorize_cert_request_test.rb index e1d9dd3..6ed51a6 100644 --- a/test/interactors/authorize_request_test.rb +++ b/test/interactors/authorize_cert_request_test.rb @@ -1,11 +1,11 @@ require "test_helper" -class AuthorizeRequestTest < ActiveSupport::TestCase +class AuthorizeCertRequestTest < ActiveSupport::TestCase def setup @domain = domains(:group_match) @identity = Identity.new(subject: @domain.users_array.first) @cr = Requests::CertIssueRequest.new(common_name: @domain.fqdn) - @interactor = AuthorizeRequest + @interactor = AuthorizeCertRequest end test ".call with matching owner" do