public async Task WhenNoEnrollmentProvided_ThenDeviceCertiticateAuthenticationIsOff(
[Credential(Role = PredefinedRole.ComputeViewer)] ResourceTask <ICredential> credential)
{
var adapter = new AuditLogAdapter(await credential);
Assert.IsFalse(adapter.IsDeviceCertiticateAuthenticationEnabled);
}
public async Task WhenUsingInvalidProjectId_ThenListEventsAsyncThrowsException(
[Credential(Role = PredefinedRole.LogsViewer)] CredentialRequest credential)
{
var startDate = DateTime.UtcNow.AddDays(-30);
var request = new ListLogEntriesRequest()
{
ResourceNames = new[]
{
"projects/invalid"
},
Filter = $"resource.type=\"gce_instance\" " +
$"AND protoPayload.methodName:{InsertInstanceEvent.Method} " +
$"AND timestamp > {startDate:yyyy-MM-dd}",
PageSize = 1000,
OrderBy = "timestamp desc"
};
var adapter = new AuditLogAdapter(await credential.GetCredentialAsync());
AssertEx.ThrowsAggregateException <GoogleApiException>(
() => adapter.ListEventsAsync(
request,
_ => { },
new Apis.Util.ExponentialBackOff(),
CancellationToken.None).Wait());
}
public async Task WhenInstanceCreated_ThenListInstanceEventsAsyncCanFeedHistorySetBuilder(
[LinuxInstance] InstanceRequest testInstance)
{
await testInstance.AwaitReady();
var instanceRef = await testInstance.GetInstanceAsync();
var instanceBuilder = new InstanceSetHistoryBuilder(
DateTime.UtcNow.AddDays(-7),
DateTime.UtcNow);
var computeAdapter = new ComputeEngineAdapter(Defaults.GetCredential());
instanceBuilder.AddExistingInstances(
await computeAdapter.ListInstancesAsync(Defaults.ProjectId, CancellationToken.None),
await computeAdapter.ListDisksAsync(Defaults.ProjectId, CancellationToken.None),
Defaults.ProjectId);
var adapter = new AuditLogAdapter(Defaults.GetCredential());
await adapter.ListInstanceEventsAsync(
new[] { Defaults.ProjectId },
null, // all zones.
null, // all instances.
instanceBuilder.StartDate,
instanceBuilder,
CancellationToken.None);
var set = instanceBuilder.Build();
var testInstanceHistory = set.Instances.FirstOrDefault(i => i.Reference == instanceRef);
Assert.IsNotNull(testInstanceHistory, "Instance found in history");
}
public async Task WhenUserNotInRole_ThenListCloudStorageSinksAsyncThrowsResourceAccessDeniedException(
[Credential(Role = PredefinedRole.ComputeViewer)] ResourceTask <ICredential> credential)
{
var adapter = new AuditLogAdapter(await credential);
AssertEx.ThrowsAggregateException <ResourceAccessDeniedException>(
() => adapter.ListCloudStorageSinksAsync(
TestProject.ProjectId,
CancellationToken.None).Wait());
}
public async Task WhenSinkExists_ThenListCloudStorageSinksAsyncReturnsList(
[Credential(Role = PredefinedRole.LogsViewer)] ResourceTask <ICredential> credential)
{
var adapter = new AuditLogAdapter(await credential);
var buckets = await adapter.ListCloudStorageSinksAsync(
TestProject.ProjectId,
CancellationToken.None);
Assert.IsNotNull(buckets);
}
public void WhenMethodAndSeveritiesEmpty_ThenCreateFilterStringSkipsCriteria()
{
var filter = AuditLogAdapter.CreateFilterString(
null,
Enumerable.Empty <ulong>(),
Enumerable.Empty <string>(),
Enumerable.Empty <string>(),
new DateTime(2020, 1, 2, 3, 4, 5, 6, DateTimeKind.Utc));
Assert.AreEqual(
"resource.type=\"gce_instance\" " +
"AND timestamp > \"2020-01-02T03:04:05.0060000Z\"",
filter);
}
public void WhenZonesSpecified_ThenCreateFilterStringAddsCriteria()
{
var filter = AuditLogAdapter.CreateFilterString(
new[] { "us-central1-a" },
null,
Enumerable.Empty <string>(),
Enumerable.Empty <string>(),
new DateTime(2020, 1, 2, 3, 4, 5, 6, DateTimeKind.Utc));
Assert.AreEqual(
"resource.labels.zone=(\"us-central1-a\") " +
"AND resource.type=\"gce_instance\" " +
"AND timestamp > \"2020-01-02T03:04:05.0060000Z\"",
filter);
}
public void WhenInstanceIdSpecified_ThenCreateFilterStringAddsCriteria()
{
var filter = AuditLogAdapter.CreateFilterString(
null,
new[] { 123454321234ul },
Enumerable.Empty <string>(),
Enumerable.Empty <string>(),
new DateTime(2020, 1, 2, 3, 4, 5, 6, DateTimeKind.Utc));
Assert.AreEqual(
"resource.labels.instance_id=(\"123454321234\") " +
"AND resource.type=\"gce_instance\" " +
"AND timestamp > \"2020-01-02T03:04:05.0060000Z\"",
filter);
}
public void WhenMethodAndSeveritiesSpecified_ThenCreateFilterStringAddsCriteria()
{
var filter = AuditLogAdapter.CreateFilterString(
null,
null,
new[] { "method-1", "method-2" },
new[] { "INFO", "ERROR" },
new DateTime(2020, 1, 2, 3, 4, 5, 6, DateTimeKind.Utc));
Assert.AreEqual(
"protoPayload.methodName=(\"method-1\" OR \"method-2\") " +
"AND severity=(\"INFO\" OR \"ERROR\") AND resource.type=\"gce_instance\" " +
"AND timestamp > \"2020-01-02T03:04:05.0060000Z\"",
filter);
}
public async Task WhenInstanceCreated_ThenListLogEntriesReturnsInsertEvent(
[LinuxInstance] InstanceRequest testInstance,
[Credential(Role = PredefinedRole.LogsViewer)] CredentialRequest credential)
{
await testInstance.AwaitReady();
var instanceRef = await testInstance.GetInstanceAsync();
var startDate = DateTime.UtcNow.AddDays(-30);
var endDate = DateTime.UtcNow;
var adapter = new AuditLogAdapter(await credential.GetCredentialAsync());
var request = new ListLogEntriesRequest()
{
ResourceNames = new[]
{
"projects/" + TestProject.ProjectId
},
Filter = $"resource.type=\"gce_instance\" " +
$"AND protoPayload.methodName:{InsertInstanceEvent.Method} " +
$"AND timestamp > {startDate:yyyy-MM-dd}",
PageSize = 1000,
OrderBy = "timestamp desc"
};
var events = new List <EventBase>();
var instanceBuilder = new InstanceSetHistoryBuilder(startDate, endDate);
// Creating the VM might be quicker than the logs become available.
for (int retry = 0; retry < 4 && !events.Any(); retry++)
{
await adapter.ListEventsAsync(
request,
events.Add,
new Apis.Util.ExponentialBackOff(),
CancellationToken.None);
if (!events.Any())
{
await Task.Delay(20 * 1000);
}
}
var insertEvent = events.OfType <InsertInstanceEvent>()
.First(e => e.InstanceReference == instanceRef);
Assert.IsNotNull(insertEvent);
}
public async Task WhenUserNotInRole_ThenProcessInstanceEventsAsyncThrowsResourceAccessDeniedException(
[LinuxInstance] ResourceTask <InstanceLocator> testInstance,
[Credential(Role = PredefinedRole.ComputeViewer)] ResourceTask <ICredential> credential)
{
await testInstance;
var instanceRef = await testInstance;
var instanceBuilder = new InstanceSetHistoryBuilder(
DateTime.UtcNow.AddDays(-7),
DateTime.UtcNow);
var adapter = new AuditLogAdapter(await credential);
AssertEx.ThrowsAggregateException <ResourceAccessDeniedException>(
() => adapter.ProcessInstanceEventsAsync(
new[] { TestProject.ProjectId },
null, // all zones.
null, // all instances.
instanceBuilder.StartDate,
instanceBuilder,
CancellationToken.None).Wait());
}
public async Task WhenInstanceCreated_ThenProcessInstanceEventsAsyncCanFeedHistorySetBuilder(
[LinuxInstance] ResourceTask <InstanceLocator> testInstance,
[Credential(Roles = new[] {
PredefinedRole.ComputeViewer,
PredefinedRole.LogsViewer
})] ResourceTask <ICredential> credential)
{
await testInstance;
var instanceRef = await testInstance;
var instanceBuilder = new InstanceSetHistoryBuilder(
DateTime.UtcNow.AddDays(-7),
DateTime.UtcNow);
var computeAdapter = new ComputeEngineAdapter(await credential);
instanceBuilder.AddExistingInstances(
await computeAdapter.ListInstancesAsync(TestProject.ProjectId, CancellationToken.None),
await computeAdapter.ListNodesAsync(TestProject.ProjectId, CancellationToken.None),
await computeAdapter.ListDisksAsync(TestProject.ProjectId, CancellationToken.None),
TestProject.ProjectId);
var adapter = new AuditLogAdapter(await credential);
await adapter.ProcessInstanceEventsAsync(
new[] { TestProject.ProjectId },
null, // all zones.
null, // all instances.
instanceBuilder.StartDate,
instanceBuilder,
CancellationToken.None);
var set = instanceBuilder.Build();
var testInstanceHistory = set.Instances.FirstOrDefault(i => i.Reference == instanceRef);
Assert.IsNotNull(testInstanceHistory, "Instance found in history");
}
public void WhenEnrollmentProvided_ThenDeviceCertiticateAuthenticationIsOn()
{
var adapter = new AuditLogAdapter(CreateAuthorizationAdapterForSecureConnectUser());
Assert.IsTrue(adapter.IsDeviceCertiticateAuthenticationEnabled);
}
