Skip to content

Commit fb092e8

Browse files
asloobqRelease Workflow
andauthored
Add Auditlog to call core endpoints (#302)
* Add auditlogging to all core endpoints * update shared package * [CI Pipeline] Released Snapshot version: 2.27.12-alpha-137-SNAPSHOT * Include request body from attest endpoint * Fix auditparam names * Update router with new interface for handleWithAudit * Use new shared version and update router interface * [CI Pipeline] Released Snapshot version: 2.27.13-alpha-138-SNAPSHOT * Fix enclave_id auditlog param name * Rename const for less ambiguity --------- Co-authored-by: Release Workflow <unifiedid-admin+release@thetradedesk.com>
1 parent f207680 commit fb092e8

2 files changed

Lines changed: 47 additions & 22 deletions

File tree

pom.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
<groupId>com.uid2</groupId>
88
<artifactId>uid2-core</artifactId>
9-
<version>2.27.11</version>
9+
<version>2.27.13-alpha-138-SNAPSHOT</version>
1010

1111
<properties>
1212
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -24,7 +24,7 @@
2424
<vertx.verticle>com.uid2.core.vertx.CoreVerticle</vertx.verticle>
2525
<launcher.class>io.vertx.core.Launcher</launcher.class>
2626

27-
<uid2-shared.version>9.3.8</uid2-shared.version>
27+
<uid2-shared.version>9.5.3</uid2-shared.version>
2828
<image.version>${project.version}</image.version>
2929
</properties>
3030

src/main/java/com/uid2/core/vertx/CoreVerticle.java

Lines changed: 45 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@
1212
import com.uid2.shared.attest.EncryptedAttestationToken;
1313
import com.uid2.shared.attest.IAttestationTokenService;
1414
import com.uid2.shared.attest.JwtService;
15+
import com.uid2.shared.audit.Audit;
16+
import com.uid2.shared.audit.AuditParams;
1517
import com.uid2.shared.auth.*;
1618
import com.uid2.shared.cloud.ICloudStorage;
1719
import com.uid2.shared.health.HealthComponent;
@@ -86,6 +88,8 @@ public class CoreVerticle extends AbstractVerticle {
8688

8789
private final FileSystem fileSystem;
8890

91+
private static final String OPERATOR_TYPE_REQUEST_PARAM = "operator_type";
92+
8993
public CoreVerticle(ICloudStorage cloudStorage,
9094
IAuthorizableProvider authProvider,
9195
AttestationService attestationService,
@@ -117,7 +121,7 @@ public CoreVerticle(ICloudStorage cloudStorage,
117121

118122
this.attestationMiddleware = new AttestationMiddleware(this.attestationTokenService, jwtService, jwtAudience, jwtIssuer, enforceJwt);
119123

120-
this.auth = new AuthMiddleware(authProvider);
124+
this.auth = new AuthMiddleware(authProvider, "core");
121125

122126
this.siteMetadataProvider = new SiteMetadataProvider(cloudStorage);
123127
this.clientMetadataProvider = new ClientMetadataProvider(cloudStorage);
@@ -184,27 +188,45 @@ private Router createRoutesSetup() {
184188
.allowedHeader("Content-Type"));
185189
router.route().failureHandler(new GenericFailureHandler());
186190

191+
187192
router.post(Endpoints.ATTEST.toString())
188-
.handler(new AttestationFailureHandler())
189-
.handler(auth.handle(this::handleAttestAsync, Role.OPERATOR, Role.OPTOUT_SERVICE));
190-
router.get(Endpoints.CLOUD_ENCRYPTION_KEYS_RETRIEVE.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleCloudEncryptionKeysRetrieval), Role.OPERATOR));
191-
router.get(Endpoints.SITES_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleSiteRefresh), Role.OPERATOR));
192-
router.get(Endpoints.KEY_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeyRefresh), Role.OPERATOR));
193-
router.get(Endpoints.KEY_ACL_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeyAclRefresh), Role.OPERATOR));
194-
router.get(Endpoints.KEY_KEYSET_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeysetRefresh), Role.OPERATOR));
195-
router.get(Endpoints.KEY_KEYSET_KEYS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeysetKeyRefresh), Role.OPERATOR));
196-
router.get(Endpoints.SALT_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleSaltRefresh), Role.OPERATOR));
197-
router.get(Endpoints.CLIENTS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleClientRefresh), Role.OPERATOR));
198-
router.get(Endpoints.CLIENT_SIDE_KEYPAIRS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleClientSideKeypairRefresh), Role.OPERATOR));
199-
router.get(Endpoints.SERVICES_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleServiceRefresh), Role.OPERATOR));
200-
router.get(Endpoints.SERVICE_LINKS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleServiceLinkRefresh), Role.OPERATOR));
201-
router.get(Endpoints.OPERATORS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleOperatorRefresh), Role.OPTOUT_SERVICE));
202-
router.get(Endpoints.PARTNERS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handlePartnerRefresh), Role.OPTOUT_SERVICE));
203-
router.get(Endpoints.OPS_HEALTHCHECK.toString()).handler(this::handleHealthCheck);
204-
router.get(Endpoints.OPERATOR_CONFIG.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleGetConfig), Role.OPERATOR));
193+
.handler(new AttestationFailureHandler())
194+
.handler(auth.handleWithAudit(this::handleAttestAsync, new AuditParams(Collections.emptyList(), List.of("application_name", "application_version", OPERATOR_TYPE_REQUEST_PARAM, "components.uid2-attestation-api", "components.uid2-shared")),
195+
true, List.of(Role.OPERATOR, Role.OPTOUT_SERVICE)));
196+
router.get(Endpoints.CLOUD_ENCRYPTION_KEYS_RETRIEVE.toString())
197+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleCloudEncryptionKeysRetrieval), List.of(Role.OPERATOR)));
198+
router.get(Endpoints.SITES_REFRESH.toString())
199+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleSiteRefresh), List.of(Role.OPERATOR)));
200+
router.get(Endpoints.KEY_REFRESH.toString())
201+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleKeyRefresh), List.of(Role.OPERATOR)));
202+
router.get(Endpoints.KEY_ACL_REFRESH.toString())
203+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleKeyAclRefresh), List.of(Role.OPERATOR)));
204+
router.get(Endpoints.KEY_KEYSET_REFRESH.toString())
205+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleKeysetRefresh), List.of(Role.OPERATOR)));
206+
router.get(Endpoints.KEY_KEYSET_KEYS_REFRESH.toString())
207+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleKeysetKeyRefresh), List.of(Role.OPERATOR)));
208+
router.get(Endpoints.SALT_REFRESH.toString())
209+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleSaltRefresh), List.of(Role.OPERATOR)));
210+
router.get(Endpoints.CLIENTS_REFRESH.toString())
211+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleClientRefresh), List.of(Role.OPERATOR)));
212+
router.get(Endpoints.CLIENT_SIDE_KEYPAIRS_REFRESH.toString())
213+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleClientSideKeypairRefresh), List.of(Role.OPERATOR)));
214+
router.get(Endpoints.SERVICES_REFRESH.toString())
215+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleServiceRefresh), List.of(Role.OPERATOR)));
216+
router.get(Endpoints.SERVICE_LINKS_REFRESH.toString())
217+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleServiceLinkRefresh), List.of(Role.OPERATOR)));
218+
router.get(Endpoints.OPERATORS_REFRESH.toString())
219+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleOperatorRefresh), List.of(Role.OPTOUT_SERVICE)));
220+
router.get(Endpoints.PARTNERS_REFRESH.toString())
221+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handlePartnerRefresh), List.of(Role.OPTOUT_SERVICE)));
222+
router.get(Endpoints.OPS_HEALTHCHECK.toString())
223+
.handler(this::handleHealthCheck);
224+
router.get(Endpoints.OPERATOR_CONFIG.toString())
225+
.handler(auth.handleWithAudit(attestationMiddleware.handle(this::handleGetConfig), List.of(Role.OPERATOR)));
205226

206227
if (Optional.ofNullable(ConfigStore.Global.getBoolean("enable_test_endpoints")).orElse(false)) {
207-
router.route(Endpoints.ATTEST_GET_TOKEN.toString()).handler(auth.handle(this::handleTestGetAttestationToken, Role.OPERATOR));
228+
router.route(Endpoints.ATTEST_GET_TOKEN.toString())
229+
.handler(auth.handleWithAudit(this::handleTestGetAttestationToken, List.of(Role.OPERATOR)));
208230
}
209231

210232
return router;
@@ -291,6 +313,9 @@ private void handleAttestAsync(RoutingContext rc) {
291313
}
292314

293315
final AttestationResult attestationResult = ar.result();
316+
JsonObject auditUserDetails = rc.get(Audit.USER_DETAILS, new JsonObject());
317+
auditUserDetails.put("enclave_id", attestationResult.getEnclaveId());
318+
rc.put(Audit.USER_DETAILS, auditUserDetails);
294319
if (!attestationResult.isSuccess()) {
295320
AttestationFailure failure = attestationResult.getFailure();
296321
switch (failure) {
@@ -311,7 +336,7 @@ private void handleAttestAsync(RoutingContext rc) {
311336
}
312337
}
313338

314-
if (json.containsKey("operator_type") && !operator.getOperatorType().name().equalsIgnoreCase(json.getString("operator_type"))) {
339+
if (json.containsKey(OPERATOR_TYPE_REQUEST_PARAM) && !operator.getOperatorType().name().equalsIgnoreCase(json.getString(OPERATOR_TYPE_REQUEST_PARAM))) {
315340
setAttestationFailureReason(rc, AttestationFailure.INVALID_TYPE, Collections.singletonMap("reason", AttestationFailure.INVALID_TYPE.explain()));
316341
Error("attestation failure; invalid operator type", 403, rc, null);
317342
return;

0 commit comments

Comments
 (0)