public async Task WhenNoEnrollmentProvided_ThenDeviceCertiticateAuthenticationIsOff( [Credential(Role = PredefinedRole.ComputeViewer)] ResourceTask <ICredential> credential) { var adapter = new AuditLogAdapter(await credential); Assert.IsFalse(adapter.IsDeviceCertiticateAuthenticationEnabled); }
public async Task WhenUsingInvalidProjectId_ThenListEventsAsyncThrowsException( [Credential(Role = PredefinedRole.LogsViewer)] CredentialRequest credential) { var startDate = DateTime.UtcNow.AddDays(-30); var request = new ListLogEntriesRequest() { ResourceNames = new[] { "projects/invalid" }, Filter = $"resource.type=\"gce_instance\" " + $"AND protoPayload.methodName:{InsertInstanceEvent.Method} " + $"AND timestamp > {startDate:yyyy-MM-dd}", PageSize = 1000, OrderBy = "timestamp desc" }; var adapter = new AuditLogAdapter(await credential.GetCredentialAsync()); AssertEx.ThrowsAggregateException <GoogleApiException>( () => adapter.ListEventsAsync( request, _ => { }, new Apis.Util.ExponentialBackOff(), CancellationToken.None).Wait()); }
public async Task WhenInstanceCreated_ThenListInstanceEventsAsyncCanFeedHistorySetBuilder( [LinuxInstance] InstanceRequest testInstance) { await testInstance.AwaitReady(); var instanceRef = await testInstance.GetInstanceAsync(); var instanceBuilder = new InstanceSetHistoryBuilder( DateTime.UtcNow.AddDays(-7), DateTime.UtcNow); var computeAdapter = new ComputeEngineAdapter(Defaults.GetCredential()); instanceBuilder.AddExistingInstances( await computeAdapter.ListInstancesAsync(Defaults.ProjectId, CancellationToken.None), await computeAdapter.ListDisksAsync(Defaults.ProjectId, CancellationToken.None), Defaults.ProjectId); var adapter = new AuditLogAdapter(Defaults.GetCredential()); await adapter.ListInstanceEventsAsync( new[] { Defaults.ProjectId }, null, // all zones. null, // all instances. instanceBuilder.StartDate, instanceBuilder, CancellationToken.None); var set = instanceBuilder.Build(); var testInstanceHistory = set.Instances.FirstOrDefault(i => i.Reference == instanceRef); Assert.IsNotNull(testInstanceHistory, "Instance found in history"); }
public async Task WhenUserNotInRole_ThenListCloudStorageSinksAsyncThrowsResourceAccessDeniedException( [Credential(Role = PredefinedRole.ComputeViewer)] ResourceTask <ICredential> credential) { var adapter = new AuditLogAdapter(await credential); AssertEx.ThrowsAggregateException <ResourceAccessDeniedException>( () => adapter.ListCloudStorageSinksAsync( TestProject.ProjectId, CancellationToken.None).Wait()); }
public async Task WhenSinkExists_ThenListCloudStorageSinksAsyncReturnsList( [Credential(Role = PredefinedRole.LogsViewer)] ResourceTask <ICredential> credential) { var adapter = new AuditLogAdapter(await credential); var buckets = await adapter.ListCloudStorageSinksAsync( TestProject.ProjectId, CancellationToken.None); Assert.IsNotNull(buckets); }
public void WhenMethodAndSeveritiesEmpty_ThenCreateFilterStringSkipsCriteria() { var filter = AuditLogAdapter.CreateFilterString( null, Enumerable.Empty <ulong>(), Enumerable.Empty <string>(), Enumerable.Empty <string>(), new DateTime(2020, 1, 2, 3, 4, 5, 6, DateTimeKind.Utc)); Assert.AreEqual( "resource.type=\"gce_instance\" " + "AND timestamp > \"2020-01-02T03:04:05.0060000Z\"", filter); }
public void WhenZonesSpecified_ThenCreateFilterStringAddsCriteria() { var filter = AuditLogAdapter.CreateFilterString( new[] { "us-central1-a" }, null, Enumerable.Empty <string>(), Enumerable.Empty <string>(), new DateTime(2020, 1, 2, 3, 4, 5, 6, DateTimeKind.Utc)); Assert.AreEqual( "resource.labels.zone=(\"us-central1-a\") " + "AND resource.type=\"gce_instance\" " + "AND timestamp > \"2020-01-02T03:04:05.0060000Z\"", filter); }
public void WhenInstanceIdSpecified_ThenCreateFilterStringAddsCriteria() { var filter = AuditLogAdapter.CreateFilterString( null, new[] { 123454321234ul }, Enumerable.Empty <string>(), Enumerable.Empty <string>(), new DateTime(2020, 1, 2, 3, 4, 5, 6, DateTimeKind.Utc)); Assert.AreEqual( "resource.labels.instance_id=(\"123454321234\") " + "AND resource.type=\"gce_instance\" " + "AND timestamp > \"2020-01-02T03:04:05.0060000Z\"", filter); }
public void WhenMethodAndSeveritiesSpecified_ThenCreateFilterStringAddsCriteria() { var filter = AuditLogAdapter.CreateFilterString( null, null, new[] { "method-1", "method-2" }, new[] { "INFO", "ERROR" }, new DateTime(2020, 1, 2, 3, 4, 5, 6, DateTimeKind.Utc)); Assert.AreEqual( "protoPayload.methodName=(\"method-1\" OR \"method-2\") " + "AND severity=(\"INFO\" OR \"ERROR\") AND resource.type=\"gce_instance\" " + "AND timestamp > \"2020-01-02T03:04:05.0060000Z\"", filter); }
public async Task WhenInstanceCreated_ThenListLogEntriesReturnsInsertEvent( [LinuxInstance] InstanceRequest testInstance, [Credential(Role = PredefinedRole.LogsViewer)] CredentialRequest credential) { await testInstance.AwaitReady(); var instanceRef = await testInstance.GetInstanceAsync(); var startDate = DateTime.UtcNow.AddDays(-30); var endDate = DateTime.UtcNow; var adapter = new AuditLogAdapter(await credential.GetCredentialAsync()); var request = new ListLogEntriesRequest() { ResourceNames = new[] { "projects/" + TestProject.ProjectId }, Filter = $"resource.type=\"gce_instance\" " + $"AND protoPayload.methodName:{InsertInstanceEvent.Method} " + $"AND timestamp > {startDate:yyyy-MM-dd}", PageSize = 1000, OrderBy = "timestamp desc" }; var events = new List <EventBase>(); var instanceBuilder = new InstanceSetHistoryBuilder(startDate, endDate); // Creating the VM might be quicker than the logs become available. for (int retry = 0; retry < 4 && !events.Any(); retry++) { await adapter.ListEventsAsync( request, events.Add, new Apis.Util.ExponentialBackOff(), CancellationToken.None); if (!events.Any()) { await Task.Delay(20 * 1000); } } var insertEvent = events.OfType <InsertInstanceEvent>() .First(e => e.InstanceReference == instanceRef); Assert.IsNotNull(insertEvent); }
public async Task WhenUserNotInRole_ThenProcessInstanceEventsAsyncThrowsResourceAccessDeniedException( [LinuxInstance] ResourceTask <InstanceLocator> testInstance, [Credential(Role = PredefinedRole.ComputeViewer)] ResourceTask <ICredential> credential) { await testInstance; var instanceRef = await testInstance; var instanceBuilder = new InstanceSetHistoryBuilder( DateTime.UtcNow.AddDays(-7), DateTime.UtcNow); var adapter = new AuditLogAdapter(await credential); AssertEx.ThrowsAggregateException <ResourceAccessDeniedException>( () => adapter.ProcessInstanceEventsAsync( new[] { TestProject.ProjectId }, null, // all zones. null, // all instances. instanceBuilder.StartDate, instanceBuilder, CancellationToken.None).Wait()); }
public async Task WhenInstanceCreated_ThenProcessInstanceEventsAsyncCanFeedHistorySetBuilder( [LinuxInstance] ResourceTask <InstanceLocator> testInstance, [Credential(Roles = new[] { PredefinedRole.ComputeViewer, PredefinedRole.LogsViewer })] ResourceTask <ICredential> credential) { await testInstance; var instanceRef = await testInstance; var instanceBuilder = new InstanceSetHistoryBuilder( DateTime.UtcNow.AddDays(-7), DateTime.UtcNow); var computeAdapter = new ComputeEngineAdapter(await credential); instanceBuilder.AddExistingInstances( await computeAdapter.ListInstancesAsync(TestProject.ProjectId, CancellationToken.None), await computeAdapter.ListNodesAsync(TestProject.ProjectId, CancellationToken.None), await computeAdapter.ListDisksAsync(TestProject.ProjectId, CancellationToken.None), TestProject.ProjectId); var adapter = new AuditLogAdapter(await credential); await adapter.ProcessInstanceEventsAsync( new[] { TestProject.ProjectId }, null, // all zones. null, // all instances. instanceBuilder.StartDate, instanceBuilder, CancellationToken.None); var set = instanceBuilder.Build(); var testInstanceHistory = set.Instances.FirstOrDefault(i => i.Reference == instanceRef); Assert.IsNotNull(testInstanceHistory, "Instance found in history"); }
public void WhenEnrollmentProvided_ThenDeviceCertiticateAuthenticationIsOn() { var adapter = new AuditLogAdapter(CreateAuthorizationAdapterForSecureConnectUser()); Assert.IsTrue(adapter.IsDeviceCertiticateAuthenticationEnabled); }