aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat (authmethod/password): add additional telmemetry for passwd acct authen (#3958)

Browse Source
pull/3960/head
Jim 3 years ago committed by GitHub
parent b528696325
commit 75cef86a34
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File

7
internal/daemon/controller/handlers/authmethods/password.go
Unescape View File

@ -13,6 +13,7 @@ import (
"github.com/hashicorp/boundary/internal/daemon/controller/auth"
"github.com/hashicorp/boundary/internal/daemon/controller/handlers"
"github.com/hashicorp/boundary/internal/errors"
"github.com/hashicorp/boundary/internal/event"
pbs "github.com/hashicorp/boundary/internal/gen/controller/api/services"
"github.com/hashicorp/boundary/internal/types/action"
pb "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/authmethods"
@ -100,6 +101,7 @@ func (s Service) authenticatePassword(ctx context.Context, req *pbs.Authenticate
}
func (s Service) authenticateWithPwRepo(ctx context.Context, scopeId, authMethodId, loginName, pw string) (*pba.AuthToken, error) {
const op = "authmethods.(Service).authenticateWithPwRepo"
iamRepo, err := s.iamRepoFn()
if err != nil {
return nil, err
@ -130,6 +132,11 @@ func (s Service) authenticateWithPwRepo(ctx context.Context, scopeId, authMethod
return nil, err
}
if err := event.WriteObservation(ctx, op, event.WithDetails("user_id", u.GetPublicId(), "auth_token_start",
tok.GetCreateTime(), "auth_token_end", tok.GetExpirationTime())); err != nil {
return nil, errors.Wrap(ctx, err, op, errors.WithMsg("Unable to write observation event for authenticate method"))
}
return s.ConvertInternalAuthTokenToApiAuthToken(
ctx,
tok,

32
internal/daemon/controller/handlers/authmethods/password_test.go
Unescape View File

@ -5,7 +5,10 @@ package authmethods_test
import (
"context"
"encoding/json"
"os"
"strings"
"sync"
"testing"
"github.com/google/go-cmp/cmp"
@ -19,12 +22,15 @@ import (
"github.com/hashicorp/boundary/internal/daemon/controller/handlers/authmethods"
"github.com/hashicorp/boundary/internal/db"
"github.com/hashicorp/boundary/internal/errors"
"github.com/hashicorp/boundary/internal/event"
pbs "github.com/hashicorp/boundary/internal/gen/controller/api/services"
"github.com/hashicorp/boundary/internal/iam"
"github.com/hashicorp/boundary/internal/kms"
"github.com/hashicorp/boundary/internal/types/scope"
pb "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/authmethods"
scopepb "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/scopes"
"github.com/hashicorp/eventlogger/formatter_filters/cloudevents"
"github.com/hashicorp/go-hclog"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"google.golang.org/genproto/protobuf/field_mask"
@ -508,6 +514,18 @@ func TestAuthenticate_Password(t *testing.T) {
require.NoError(t, err)
require.NotNil(t, acct)
c := event.TestEventerConfig(t, "Test_StartAuth_to_Callback", event.TestWithObservationSink(t))
testLock := &sync.Mutex{}
testLogger := hclog.New(&hclog.LoggerOptions{
Mutex: testLock,
Name: "test",
})
require.NoError(t, event.InitSysEventer(testLogger, testLock, "use-Test_Authenticate", event.WithEventerConfig(&c.EventerConfig)))
sinkFileName := c.ObservationEvents.Name()
t.Cleanup(func() {
require.NoError(t, os.Remove(sinkFileName))
})
cases := []struct {
name string
request *pbs.AuthenticateRequest
@ -648,6 +666,20 @@ func TestAuthenticate_Password(t *testing.T) {
assert.Equal(acct.GetPublicId(), aToken.GetAccountId())
assert.Equal(am.GetPublicId(), aToken.GetAuthMethodId())
assert.Equal(tc.wantType, resp.GetType())
defer func() { _ = os.WriteFile(sinkFileName, nil, 0o666) }()
b, err := os.ReadFile(sinkFileName)
require.NoError(err)
gotRes := &cloudevents.Event{}
err = json.Unmarshal(b, gotRes)
require.NoErrorf(err, "json: %s", string(b))
details, ok := gotRes.Data.(map[string]any)["details"]
require.True(ok)
for _, key := range details.([]any) {
assert.Contains(key.(map[string]any)["payload"], "user_id")
assert.Contains(key.(map[string]any)["payload"], "auth_token_start")
assert.Contains(key.(map[string]any)["payload"], "auth_token_end")
}
})
}
}

Write Preview
Loading…
Cancel
Save