v3(bindings): fix audit logs for create bindings

app/actions/service_credential_binding_create.rb

@@ -10,8 +10,9 @@ class UnprocessableCreate < StandardError
       class Unimplemented < StandardError
       end
 
-      def initialize(user_audit_info)
+      def initialize(user_audit_info, audit_hash)
         @user_audit_info = user_audit_info
+        @audit_hash = audit_hash
       end
 
       def precursor(service_instance, app: nil, name: nil, volume_mount_services_enabled: false)
@@ -46,7 +47,7 @@ def bind(binding, parameters: {}, accepts_incomplete: false)
           save_incomplete_binding(binding, details[:operation])
         else
           binding.save_with_new_operation(operation_succeeded, attributes: details[:binding])
-          event_repository.record_create(binding, @user_audit_info, manifest_triggered: false)
+          event_repository.record_create(binding, @user_audit_info, @audit_hash, manifest_triggered: false)
         end
       rescue => e
         binding.save_with_new_operation({

app/controllers/v3/service_credential_bindings_controller.rb

@@ -49,12 +49,12 @@ def create
     resource_not_accessible!('app', message.app_guid) unless can_access_resource?(app)
     unauthorized! unless can_write_to_space?(app.space)
 
-    action = V3::ServiceCredentialBindingCreate.new(user_audit_info)
+    action = V3::ServiceCredentialBindingCreate.new(user_audit_info, message.audit_hash)
     binding = action.precursor(service_instance, app: app, name: message.name, volume_mount_services_enabled: volume_services_enabled?)
 
     case service_instance
     when ManagedServiceInstance
-      pollable_job_guid = enqueue_bind_job(binding.guid, message.parameters)
+      pollable_job_guid = enqueue_bind_job(binding.guid, message)
       head :accepted, 'Location' => url_builder.build_url(path: "/v3/jobs/#{pollable_job_guid}")
     when UserProvidedServiceInstance
       action.bind(binding)
@@ -111,11 +111,12 @@ def parameters
 
   private
 
-  def enqueue_bind_job(binding_guid, parameters)
+  def enqueue_bind_job(binding_guid, message)
     bind_job = VCAP::CloudController::V3::CreateServiceCredentialBindingJob.new(
       binding_guid,
       user_audit_info: user_audit_info,
-      parameters: parameters
+      audit_hash: message.audit_hash,
+      parameters: message.parameters
     )
     pollable_job = Jobs::Enqueuer.new(bind_job, queue: Jobs::Queues.generic).enqueue_pollable
     pollable_job.guid

app/jobs/v3/create_service_credential_binding_job.rb

@@ -5,11 +5,12 @@
 module VCAP::CloudController
   module V3
     class CreateServiceCredentialBindingJob < Jobs::ReoccurringJob
-      def initialize(binding_guid, parameters:, user_audit_info:)
+      def initialize(binding_guid, parameters:, user_audit_info:, audit_hash:)
         super()
         @binding_guid = binding_guid
         @user_audit_info = user_audit_info
         @parameters = parameters
+        @audit_hash = audit_hash
         @first_time = true
       end
 
@@ -34,14 +35,14 @@ def resource_guid
       end
 
       def resource_type
-        'service_binding'
+        'service_credential_binding'
       end
 
       def perform
         binding = ServiceBinding.first(guid: @binding_guid)
         gone! unless binding
 
-        action = V3::ServiceCredentialBindingCreate.new(@user_audit_info)
+        action = V3::ServiceCredentialBindingCreate.new(@user_audit_info, @audit_hash)
 
         if @first_time
           @first_time = false

app/models/runtime/pollable_job_model.rb

@@ -26,6 +26,8 @@ def resource_exists?
                 SpaceQuotaDefinition
               when 'service_route_binding'
                 RouteBinding
+              when 'service_credential_binding'
+                ServiceBinding
               else
                 Sequel::Model(ActiveSupport::Inflector.pluralize(resource_type).to_sym)
               end

spec/request/service_credential_bindings_spec.rb

@@ -911,11 +911,13 @@ def check_filtered_bindings(*bindings)
           expect(job.state).to eq(VCAP::CloudController::PollableJobModel::PROCESSING_STATE)
           expect(job.operation).to eq('service_bindings.create')
           expect(job.resource_guid).to eq(binding.guid)
-          expect(job.resource_type).to eq('service_binding')
+          expect(job.resource_type).to eq('service_credential_binding')
 
           get "/v3/jobs/#{job.guid}", nil, admin_headers
           expect(last_response).to have_status_code(200)
           expect(parsed_response['guid']).to eq(job.guid)
+          binding_link = parsed_response.dig('links', 'service_credential_binding', 'href')
+          expect(binding_link).to end_with("/v3/service_credential_bindings/#{binding.guid}")
         end
 
         describe 'the pollable job' do
@@ -992,6 +994,17 @@ def check_filtered_bindings(*bindings)
 
               expect(job.state).to eq(VCAP::CloudController::PollableJobModel::COMPLETE_STATE)
             end
+
+            it 'logs an audit event' do
+              execute_all_jobs(expected_successes: 1, expected_failures: 0)
+
+              event = VCAP::CloudController::Event.find(type: 'audit.service_binding.create')
+              expect(event).to be
+              expect(event.actee).to eq(binding.guid)
+              expect(event.data).to include({
+                'request' => create_body.with_indifferent_access
+              })
+            end
           end
 
           context 'when the broker fails to bind' do

spec/unit/actions/service_credential_binding_create_spec.rb

@@ -5,8 +5,9 @@
 module VCAP::CloudController
   module V3
     RSpec.describe ServiceCredentialBindingCreate do
-      subject(:action) { described_class.new(user_audit_info) }
+      subject(:action) { described_class.new(user_audit_info, audit_hash) }
 
+      let(:audit_hash) { { some_info: 'some_value' } }
       let(:volume_mount_services_enabled) { true }
       let(:space) { Space.make }
       let(:app) { AppModel.make(space: space) }
@@ -176,7 +177,12 @@ module V3
 
           it 'creates an audit event' do
             action.bind(precursor)
-            expect(@service_binding_event_repository).to have_received(:record_create).with(precursor, user_audit_info, manifest_triggered: false)
+            expect(@service_binding_event_repository).to have_received(:record_create).with(
+              precursor,
+              user_audit_info,
+              audit_hash,
+              manifest_triggered: false,
+            )
           end
 
           context 'when saving to the db fails' do

spec/unit/jobs/v3/create_service_credential_binding_job_spec.rb

@@ -29,6 +29,7 @@ module V3
           binding.guid,
           parameters: parameters,
           user_audit_info: user_info,
+          audit_hash: { some_key: 'some_info' }
         )
       end
 
@@ -123,7 +124,7 @@ module V3
 
       describe '#resource_type' do
         it 'returns "service_binding"' do
-          expect(subject.resource_type).to eq('service_binding')
+          expect(subject.resource_type).to eq('service_credential_binding')
         end
       end
     end

spec/unit/models/runtime/pollable_job_model_spec.rb

@@ -95,6 +95,17 @@ module VCAP::CloudController
           job = PollableJobModel.make(resource_type: 'service_route_binding', resource_guid: 'not-a-real-guid')
           expect(job.resource_exists?).to be(false)
         end
+
+        it 'returns true if the resource exists' do
+          binding = ServiceBinding.make
+          job = PollableJobModel.make(resource_type: 'service_credential_binding', resource_guid: binding.guid)
+          expect(job.resource_exists?).to be(true)
+        end
+
+        it 'returns false if the resource does NOT exist' do
+          job = PollableJobModel.make(resource_type: 'service_credential_binding', resource_guid: 'not-a-real-guid')
+          expect(job.resource_exists?).to be(false)
+        end
       end
     end