From 9e4ce5fad6f36baf8db88bf1820df28cc6e4e1a5 Mon Sep 17 00:00:00 2001 From: Barbora Smejkalová Date: Apr 05 2019 11:05:32 +0000 Subject: Issue 50026 - Audit log does not capture the operation where nsslapd-lookthroughlimit is modified Description: Updated test case to check modification of attributes in audit log, because it wasn't logged in correct format. Also removed function in test_internal_log_level_131076 in ds_logs_test.py that I used for debugging when making that test and forgot to delete it. https://pagure.io/389-ds-base/issue/50026 Reviewed by: mreynolds, tbordaz, spichugi (Thanks!) --- diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py index 46fc164..7e1471a 100644 --- a/dirsrvtests/tests/suites/basic/basic_test.py +++ b/dirsrvtests/tests/suites/basic/basic_test.py @@ -22,6 +22,9 @@ from lib389.idm.organizationalunit import OrganizationalUnits from lib389._constants import DN_DM, PASSWORD, PW_DM from lib389.topologies import topology_st from lib389.paths import Paths +from lib389.idm.directorymanager import DirectoryManager +from lib389.config import LDBMConfig + default_paths = Paths() @@ -1100,56 +1103,50 @@ def test_critical_msg_on_empty_range_idl(topology_st): assert not topology_st.standalone.searchErrorsLog('CRIT - list_candidates - NULL idl was recieved from filter_candidates_ext.') -def audit_pattern_found(server, log_pattern): - file_obj = open(server.ds_paths.audit_log, "r") - - found = None - # Use a while true iteration because 'for line in file: hit a - log.info('Audit log contains') - while True: - line = file_obj.readline() - log.info(line) - found = log_pattern.search(line) - if ((line == '') or (found)): - break - - return found - - +@pytest.mark.bz1647099 @pytest.mark.ds50026 -def test_ticketldbm_audit(topology_st): +def test_ldbm_modification_audit_log(topology_st): """When updating LDBM config attributes, those attributes/values are not listed in the audit log :id: 5bf75c47-a283-430e-a65c-3c5fd8dbadb8 :setup: Standalone Instance :steps: - 1. Enable audit log - 2. Update a set of config attrs in LDBM config - 3. Disable audit log (to restore the default config) - 4. Check that config attrs are listed in the audit log + 1. Bind as DM + 2. Enable audit log + 3. Update a set of config attrs in LDBM config + 4. Restart the server + 5. Check that config attrs are listed in the audit log :expectedresults: - 1. Should succeeds - 2. Should succeeds - 3. Should succeeds - 4. Should succeeds + 1. Operation successful + 2. Operation successful + 3. Operation successful + 4. Operation successful + 5. Audit log should contain modification of attrs" """ - inst = topology_st[0] - inst.config.enable_log('audit') + VALUE = '10001' + + d_manager = DirectoryManager(topology_st.standalone) + conn = d_manager.bind() + config_ldbm = LDBMConfig(conn) + + log.info("Enable audit logging") + conn.config.enable_log('audit') - #inst.ds_paths.audit_log attrs = ['nsslapd-lookthroughlimit', 'nsslapd-pagedidlistscanlimit', 'nsslapd-idlistscanlimit', 'nsslapd-db-locks'] - mods = [] + for attr in attrs: - mods.append((ldap.MOD_REPLACE, attr, b'10001')) - inst.modify_s(DN_CONFIG_LDBM, mods) - inst.config.enable_log('audit') + log.info("Set attribute %s to value %s" % (attr, VALUE)) + config_ldbm.set(attr, VALUE) + + log.info('Restart the server to flush the logs') + conn.restart() for attr in attrs: - log.info("Check %s is replaced in the audit log" % attr) - regex = re.compile("^replace: %s" % attr) - assert audit_pattern_found(inst, regex) + log.info("Check if attribute %s is replaced in the audit log" % attr) + assert conn.searchAuditLog('replace: %s' % attr) + assert conn.searchAuditLog('%s: %s' % (attr, VALUE)) @pytest.mark.skipif(not get_user_is_root() or not default_paths.perl_enabled, diff --git a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py index a45dd46..d54d793 100644 --- a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py +++ b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py @@ -17,6 +17,7 @@ from lib389.idm.user import UserAccounts from lib389.idm.group import Groups from lib389.idm.organizationalunit import OrganizationalUnits + logging.getLogger(__name__).setLevel(logging.DEBUG) log = logging.getLogger(__name__) @@ -474,10 +475,6 @@ def test_internal_log_level_131076(topology_st, add_user_log_level_131076): log.info('Restart the server to flush the logs') topo.restart() - path = topo.ds_access_log._get_log_path() - with open(path) as f: - print(f.read()) - # These comments contain lines we are trying to find without regex log.info("Check the access logs for ADD operation of the user") # op=10 ADD dn="uid=test_user_777,ou=branch1,dc=example,dc=com"