Add Audit Logs for Configurations

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/Messages.java

@@ -242,6 +242,14 @@ public final class Messages {
 
     public static final String FETCH_TOKEN_AUDIT_LOG_CONFIG = "Access token fetch";
 
+    public static final String READ_ENV_FROM_ENVIRONMENT = "Read {0} from environment for space with id: {1}";
+
+    public static final String SUBSCRIPTION_CREATE = "Create configuration-subscription in space with id: {0}";
+    public static final String SUBSCRIPTION_UPDATE = "Update configuration-subscription in space with id: {0}";
+
+    public static final String ENTRY_CREATE = "Create configuration-entry in space with id: {0}";
+    public static final String ENTRY_UPDATE = "Update configuration-entry in space with id: {0}";
+
     // Audit log configuration
     public static final String GET_CSRF_TOKEN_AUDIT_LOG_CONFIG = "CSRF token get ";
 
@@ -265,6 +273,12 @@ public final class Messages {
     public static final String MTA_INFO_AUDIT_LOG_CONFIG = "MTA info";
     public static final String MTA_LIST_AUDIT_LOG_CONFIG = "MTA list";
 
+    public static final String ENVIRONMENT_VARIABLE_AUDIT_LOG_CONFIG = "Environment variable";
+
+    public static final String SUBSCRIPTION_CONFIG = "Configuration subscription";
+
+    public static final String ENTRY_CONFIG = "Configuration entry";
+
     public static final String API_INFO_AUDIT_LOG_CONFIG = "Api info";
     public static final String IGNORING_NAMESPACE_PARAMETERS = "Ignoring parameter \"{0}\" , as the MTA is not deployed with namespace!";
     public static final String NAMESPACE_PARSING_ERROR_MESSAGE = "Cannot parse \"{0}\" flag - expected a boolean format.";

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/ApplicationConfigurationAuditLog.java

@@ -0,0 +1,22 @@
+package org.cloudfoundry.multiapps.controller.core.auditlogging;
+
+import org.cloudfoundry.multiapps.controller.core.Messages;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration;
+
+import java.text.MessageFormat;
+
+public class ApplicationConfigurationAuditLog {
+
+    private final AuditLoggingFacade auditLoggingFacade;
+
+    public ApplicationConfigurationAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        this.auditLoggingFacade = auditLoggingFacade;
+    }
+
+    public void logEnvironmentVariableRead(String envVariableName, String spaceGuid) {
+        String performedAction = MessageFormat.format(Messages.READ_ENV_FROM_ENVIRONMENT, envVariableName, spaceGuid);
+        auditLoggingFacade.logDataAccessAuditLog(new AuditLogConfiguration(spaceGuid,
+                                                                           performedAction,
+                                                                           Messages.ENVIRONMENT_VARIABLE_AUDIT_LOG_CONFIG));
+    }
+}

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLogBean.java

@@ -1,10 +1,10 @@
 package org.cloudfoundry.multiapps.controller.core.auditlogging;
 
+import jakarta.inject.Inject;
 import org.cloudfoundry.multiapps.controller.core.auditlogging.impl.AuditLoggingFacadeSLImpl;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
-import jakarta.inject.Inject;
 import javax.sql.DataSource;
 
 @Configuration
@@ -57,4 +57,22 @@ public OperationsApiServiceAuditLog buildOperationsApiServiceAuditLog(AuditLoggi
     public MtaConfigurationPurgerAuditLog buildMtaConfigurationPurgerAuditLog(AuditLoggingFacade auditLoggingFacade) {
         return new MtaConfigurationPurgerAuditLog(auditLoggingFacade);
     }
+
+    @Bean
+    @Inject
+    public ApplicationConfigurationAuditLog buildApplicationConfigurationAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        return new ApplicationConfigurationAuditLog(auditLoggingFacade);
+    }
+
+    @Bean
+    @Inject
+    public ConfigurationSubscriptionServiceAuditLog buildAConfigurationSubscriptionServiceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        return new ConfigurationSubscriptionServiceAuditLog(auditLoggingFacade);
+    }
+
+    @Bean
+    @Inject
+    public ConfigurationEntryServiceAuditLog buildAConfigurationEntryServiceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        return new ConfigurationEntryServiceAuditLog(auditLoggingFacade);
+    }
 }

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/AuditLoggingFacade.java

@@ -1,11 +1,19 @@
 package org.cloudfoundry.multiapps.controller.core.auditlogging;
 
-import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions;
 import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions;
+
+import java.util.List;
 
 public interface AuditLoggingFacade {
 
     void logSecurityIncident(AuditLogConfiguration configuration);
+
     void logDataAccessAuditLog(AuditLogConfiguration configuration);
+
     void logConfigurationChangeAuditLog(AuditLogConfiguration configuration, ConfigurationChangeActions configurationAction);
+
+    void logConfigurationChangeAuditLog(AuditLogConfiguration configuration,
+                                        ConfigurationChangeActions configurationAction,
+                                        List<String> attributes);
 }

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/ConfigurationEntryServiceAuditLog.java

@@ -0,0 +1,72 @@
+package org.cloudfoundry.multiapps.controller.core.auditlogging;
+
+import org.cloudfoundry.multiapps.common.util.JsonUtil;
+import org.cloudfoundry.multiapps.controller.core.Messages;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions;
+import org.cloudfoundry.multiapps.controller.persistence.model.ConfigurationEntry;
+
+import java.text.MessageFormat;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+public class ConfigurationEntryServiceAuditLog {
+
+    private static final String PROVIDER_ID_PROPERTY_NAME = "providerId";
+    private static final String PROVIDER_NID_PROPERTY_NAME = "providerNid";
+    private static final String PROVIDER_VERSION_PROPERTY_NAME = "providerVersion";
+    private static final String PROVIDER_NAMESPACE_PROPERTY_NAME = "providerNamespace";
+    private static final String PROVIDER_TARGET_PROPERTY_NAME = "providerTarget";
+    private static final String PROVIDER_CONTENT_PROPERTY_NAME = "providerContent";
+    private static final String PROVIDER_CONTENT_ID_PROPERTY_NAME = "providerContentId";
+
+    private final AuditLoggingFacade auditLoggingFacade;
+
+    public ConfigurationEntryServiceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        this.auditLoggingFacade = auditLoggingFacade;
+    }
+
+    public void logAddConfigurationEntry(String username, String spaceGuid, ConfigurationEntry entry) {
+        String performedAction = MessageFormat.format(Messages.ENTRY_CREATE, spaceGuid);
+        auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username,
+                                                                                    spaceGuid,
+                                                                                    performedAction,
+                                                                                    Messages.ENTRY_CONFIG,
+                                                                                    createAddEntryConfigurationIdentifier(entry)),
+                                                          ConfigurationChangeActions.CONFIGURATION_CREATE);
+    }
+
+    public void logUpdateConfigurationEntry(String username, String spaceGuid, ConfigurationEntry oldEntry, ConfigurationEntry newEntry) {
+        String performedAction = MessageFormat.format(Messages.ENTRY_UPDATE, spaceGuid);
+
+        List<String> attributes = List.of(oldEntry.getConfigurationType(), JsonUtil.toJson(oldEntry),
+                                          JsonUtil.toJson(newEntry));
+
+        auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username,
+                                                                                    spaceGuid,
+                                                                                    performedAction,
+                                                                                    Messages.ENTRY_CONFIG),
+                                                          ConfigurationChangeActions.CONFIGURATION_UPDATE, attributes);
+    }
+
+    private Map<String, String> createAddEntryConfigurationIdentifier(ConfigurationEntry entry) {
+        Map<String, String> identifiers = new HashMap<>();
+        String providerTarget = entry.getTargetSpace()
+                                     .getOrganizationName()
+            + "/" + entry.getTargetSpace()
+                         .getSpaceName();
+
+        identifiers.put(PROVIDER_ID_PROPERTY_NAME, entry.getProviderId());
+        identifiers.put(PROVIDER_NID_PROPERTY_NAME, entry.getProviderNid());
+        identifiers.put(PROVIDER_VERSION_PROPERTY_NAME, Objects.toString(entry.getProviderVersion()));
+        identifiers.put(PROVIDER_NAMESPACE_PROPERTY_NAME, entry.getProviderNamespace());
+        identifiers.put(PROVIDER_TARGET_PROPERTY_NAME, providerTarget);
+        identifiers.put(PROVIDER_CONTENT_PROPERTY_NAME, entry.getContent());
+        identifiers.put(PROVIDER_CONTENT_ID_PROPERTY_NAME, entry.getContentId());
+
+        return identifiers;
+    }
+
+}

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/ConfigurationSubscriptionServiceAuditLog.java

@@ -0,0 +1,62 @@
+package org.cloudfoundry.multiapps.controller.core.auditlogging;
+
+import org.cloudfoundry.multiapps.common.util.JsonUtil;
+import org.cloudfoundry.multiapps.controller.core.Messages;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.AuditLogConfiguration;
+import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions;
+import org.cloudfoundry.multiapps.controller.persistence.model.ConfigurationSubscription;
+
+import java.text.MessageFormat;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class ConfigurationSubscriptionServiceAuditLog {
+
+    private static final String SUBSCRIPTION_ID_PROPERTY_NAME = "subscriptionId";
+    private static final String APPLICATION_ID_PROPERTY_NAME = "applicationId";
+    private static final String MTA_ID_PROPERTY_NAME = "mtaId";
+
+    private final AuditLoggingFacade auditLoggingFacade;
+
+    public ConfigurationSubscriptionServiceAuditLog(AuditLoggingFacade auditLoggingFacade) {
+        this.auditLoggingFacade = auditLoggingFacade;
+    }
+
+    public void logAddConfigurationSubscription(String username, String spaceGuid, ConfigurationSubscription subscription) {
+        String performedAction = MessageFormat.format(Messages.SUBSCRIPTION_CREATE, spaceGuid);
+        auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username,
+                                                                                    spaceGuid,
+                                                                                    performedAction,
+                                                                                    Messages.SUBSCRIPTION_CONFIG,
+                                                                                    createAddSubscriptionConfigurationIdentifier(
+                                                                                        subscription)),
+                                                          ConfigurationChangeActions.CONFIGURATION_CREATE);
+    }
+
+    public void logUpdateConfigurationSubscription(String username, String spaceGuid, ConfigurationSubscription oldSubscription,
+                                                   ConfigurationSubscription updatedSubscription) {
+
+        String performedAction = MessageFormat.format(Messages.SUBSCRIPTION_UPDATE, spaceGuid);
+
+        List<String> attributes = List.of(oldSubscription.getConfigurationType(), JsonUtil.toJson(oldSubscription),
+                                          JsonUtil.toJson(updatedSubscription));
+
+        auditLoggingFacade.logConfigurationChangeAuditLog(new AuditLogConfiguration(username,
+                                                                                    spaceGuid,
+                                                                                    performedAction,
+                                                                                    Messages.SUBSCRIPTION_CONFIG),
+                                                          ConfigurationChangeActions.CONFIGURATION_UPDATE, attributes);
+    }
+
+    private Map<String, String> createAddSubscriptionConfigurationIdentifier(ConfigurationSubscription subscription) {
+        Map<String, String> identifiers = new HashMap<>();
+
+        identifiers.put(APPLICATION_ID_PROPERTY_NAME, subscription.getAppName());
+        identifiers.put(MTA_ID_PROPERTY_NAME, subscription.getMtaId());
+        identifiers.put(SUBSCRIPTION_ID_PROPERTY_NAME, String.valueOf(subscription.getId()));
+
+        return identifiers;
+    }
+
+}

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/impl/AuditLoggingFacadeSLImpl.java

@@ -10,6 +10,7 @@
 import org.cloudfoundry.multiapps.controller.core.auditlogging.model.ConfigurationChangeActions;
 
 import javax.sql.DataSource;
+import java.util.List;
 
 public class AuditLoggingFacadeSLImpl implements AuditLoggingFacade {
 
@@ -35,6 +36,12 @@ public void logConfigurationChangeAuditLog(AuditLogConfiguration configuration,
         writeMessage(auditLogManager.getConfigLogger(), configuration.getPerformedAction(), Level.WARN);
     }
 
+    @Override
+    public void logConfigurationChangeAuditLog(AuditLogConfiguration configuration, ConfigurationChangeActions configurationAction,
+                                               List<String> attributes) {
+        writeMessage(auditLogManager.getConfigLogger(), configuration.getPerformedAction(), Level.WARN);
+    }
+
     private void writeMessage(Logger logger, String message, Level level) {
         Exception loggingException = null;
         synchronized (auditLogManager) {

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/auditlogging/model/AuditLogConfiguration.java

@@ -36,6 +36,14 @@ public AuditLogConfiguration(String userId, String spaceId, String performedActi
         this.parameters = parameters;
     }
 
+    public AuditLogConfiguration(String spaceId, String performedAction, String configuration) {
+        this.spaceId = spaceId;
+        this.userId = null;
+        this.performedAction = performedAction;
+        this.configuration = configuration;
+        this.parameters = Collections.emptyMap();
+    }
+
     public String getPerformedAction() {
         return performedAction;
     }

multiapps-controller-core/src/main/java/org/cloudfoundry/multiapps/controller/core/liquibase/RecoveringLockService.java

@@ -1,18 +1,17 @@
 package org.cloudfoundry.multiapps.controller.core.liquibase;
 
-import static java.text.MessageFormat.format;
-
-import java.util.Date;
-import java.util.concurrent.TimeUnit;
-
+import liquibase.exception.LockException;
+import liquibase.lockservice.DatabaseChangeLogLock;
+import liquibase.lockservice.StandardLockService;
 import org.cloudfoundry.multiapps.controller.core.Messages;
 import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import liquibase.exception.LockException;
-import liquibase.lockservice.DatabaseChangeLogLock;
-import liquibase.lockservice.StandardLockService;
+import java.util.Date;
+import java.util.concurrent.TimeUnit;
+
+import static java.text.MessageFormat.format;
 
 public class RecoveringLockService extends StandardLockService {
 
@@ -22,7 +21,7 @@ public class RecoveringLockService extends StandardLockService {
     private final long changeLogLockDuration;
 
     public RecoveringLockService() {
-        ApplicationConfiguration configuration = new ApplicationConfiguration();
+        ApplicationConfiguration configuration = new ApplicationConfiguration(null);
         this.changeLogLockAttempts = configuration.getChangeLogLockAttempts();
         this.changeLogLockDuration = configuration.getChangeLogLockDuration();
         setChangeLogLockWaitTime(configuration.getChangeLogLockPollRate());
@@ -31,7 +30,7 @@ public RecoveringLockService() {
     @Override
     public int getPriority() {
         return super.getPriority() + 1; // Liquibase chooses which LockService to use based on its priority. This line makes sure that our
-                                        // custom lock service has a higher priority than the standard one (which it extends).
+        // custom lock service has a higher priority than the standard one (which it extends).
     }
 
     @Override