[CLOUDTRUST-1711] Exclude some events from GetEvents

api/events/swagger-api_events.yaml

@@ -56,6 +56,12 @@ paths:
         required: false
         schema:
           type: string
+      - name: exclude
+        in: query
+        description: CT event type to be excluded
+        required: false
+        schema:
+          type: string
       summary: Get all events
       responses:
         200:

api/management/api.go

@@ -229,7 +229,7 @@ func ConvertToKCUser(user UserRepresentation) kc.UserRepresentation {
 // Validate is a validator for UserRepresentation
 func (user UserRepresentation) Validate() error {
 	if user.Id != nil && !matchesRegExp(*user.Id, RegExpID) {
-		return errors.New(internal.MsgErrInvalidParam + "." + internal.UserId)
+		return errors.New(internal.MsgErrInvalidParam + "." + internal.UserID)
 	}
 
 	if user.Username != nil && !matchesRegExp(*user.Username, RegExpUsername) {
@@ -267,15 +267,15 @@ func (user UserRepresentation) Validate() error {
 	if user.Groups != nil {
 		for _, groupID := range *(user.Groups) {
 			if !matchesRegExp(groupID, RegExpID) {
-				return errors.New(internal.MsgErrInvalidParam + "." + internal.GroudId)
+				return errors.New(internal.MsgErrInvalidParam + "." + internal.GroudID)
 			}
 		}
 	}
 
 	if user.Roles != nil {
 		for _, roleID := range *(user.Roles) {
 			if !matchesRegExp(roleID, RegExpID) {
-				return errors.New(internal.MsgErrInvalidParam + "." + internal.RoleId)
+				return errors.New(internal.MsgErrInvalidParam + "." + internal.RoleID)
 			}
 		}
 	}
@@ -290,7 +290,7 @@ func (user UserRepresentation) Validate() error {
 // Validate is a validator for RoleRepresentation
 func (role RoleRepresentation) Validate() error {
 	if role.Id != nil && !matchesRegExp(*role.Id, RegExpID) {
-		return errors.New(internal.MsgErrInvalidParam + "." + internal.RoleId)
+		return errors.New(internal.MsgErrInvalidParam + "." + internal.RoleID)
 	}
 
 	if role.Name != nil && !matchesRegExp(*role.Name, RegExpName) {
@@ -302,7 +302,7 @@ func (role RoleRepresentation) Validate() error {
 	}
 
 	if role.ContainerId != nil && !matchesRegExp(*role.ContainerId, RegExpID) {
-		return errors.New(internal.MsgErrInvalidParam + "." + internal.ContainerId)
+		return errors.New(internal.MsgErrInvalidParam + "." + internal.ContainerID)
 	}
 
 	return nil

internal/keycloakb/errormessages.go

@@ -1,5 +1,6 @@
 package keycloakb
 
+// Normalized error messages
 const (
 	MsgErrInvalidParam         = "invalidParameter"
 	MsgErrMissingParam         = "missingParameter"
@@ -18,9 +19,9 @@ const (
 	ConfirmPassword    = "confirmPassword"
 	Password           = "password"
 	Type               = "type"
-	Id                 = "id"
+	ID                 = "id"
 	Label              = "label"
-	UserId             = "userID"
+	UserID             = "userId"
 	Username           = "username"
 	User               = "user"
 	Email              = "email"
@@ -29,13 +30,13 @@ const (
 	PhoneNumber        = "phoneNumber"
 	Gender             = "gender"
 	Birthdate          = "birthdate"
-	GroudId            = "groupId"
-	GroudIds           = "groupIds"
-	RoleId             = "roleId"
+	GroudID            = "groupId"
+	GroudIDs           = "groupIds"
+	RoleID             = "roleId"
 	Locale             = "locale"
 	Description        = "description"
-	ContainerId        = "containerId"
-	DefaultClientID    = "defaultClientID"
+	ContainerID        = "containerId"
+	DefaultClientID    = "defaultClientId"
 	DefaultRedirectURI = "defaultRedirectURI"
 	RequiredAction     = "requiredAction"
 	DurationLabel      = "durationLabel"
@@ -47,6 +48,7 @@ const (
 	Response           = "response"
 	ListOfRealms       = "listOfRealms"
 	Groups             = "groups"
-	ClientId           = "clientId"
+	ClientID           = "clientId"
 	RedirectURI        = "redirectURI"
+	Exclude            = "exclude"
 )

internal/keycloakb/eventsdbmodule.go

@@ -6,6 +6,8 @@ import (
 	"regexp"
 	"strings"
 
+	errorhandler "github.com/cloudtrust/common-service/errors"
+
 	"github.com/cloudtrust/common-service/database"
 	api "github.com/cloudtrust/keycloak-bridge/api/events"
 )
@@ -39,6 +41,7 @@ type selectAuditEventsParameters struct {
 	dateTo      interface{}
 	first       interface{}
 	max         interface{}
+	exclude     interface{}
 }
 
 const (
@@ -48,6 +51,7 @@ const (
 	AND user_id = IFNULL(?, user_id)
 	AND ct_event_type = IFNULL(?, ct_event_type)
 	AND unix_timestamp(audit_time) between IFNULL(?, unix_timestamp(audit_time)) and IFNULL(?, unix_timestamp(audit_time))
+	AND ct_event_type <> IFNULL(?, 'not-a-ct-event-type')
 	`
 
 	selectAuditEventsStmt = `SELECT audit_id, unix_timestamp(audit_time), origin, realm_name, agent_user_id, agent_username, agent_realm_name,
@@ -64,8 +68,8 @@ const (
 	selectAuditSummaryCtEventTypeStmt = `SELECT distinct ct_event_type FROM audit;`
 )
 
-func createAuditEventsParametersFromMap(m map[string]string) selectAuditEventsParameters {
-	return selectAuditEventsParameters{
+func createAuditEventsParametersFromMap(m map[string]string) (selectAuditEventsParameters, error) {
+	res := selectAuditEventsParameters{
 		origin:      getSQLParam(m, "origin", nil),
 		realm:       getSQLParam(m, "realm", nil),
 		userID:      getSQLParam(m, "userID", nil),
@@ -74,16 +78,25 @@ func createAuditEventsParametersFromMap(m map[string]string) selectAuditEventsPa
 		dateTo:      getSQLParam(m, "dateTo", nil),
 		first:       getSQLParam(m, "first", 0),
 		max:         getSQLParam(m, "max", 500),
+		exclude:     getSQLParam(m, "exclude", nil),
+	}
+	if res.exclude != nil && strings.Contains(res.exclude.(string), ",") {
+		// Multiple values are not supported yet
+		return res, errorhandler.CreateInvalidQueryParameterError(Exclude)
 	}
+	return res, nil
 }
 
 // GetEvents gets the count of events matching some criterias (dateFrom, dateTo, realm, ...)
 func (cm *eventsDBModule) GetEventsCount(_ context.Context, m map[string]string) (int, error) {
-	params := createAuditEventsParametersFromMap(m)
+	params, err := createAuditEventsParametersFromMap(m)
+	if err != nil {
+		return 0, err
+	}
 
 	var count int
-	row := cm.db.QueryRow(selectCountAuditEventsStmt, params.origin, params.realm, params.userID, params.ctEventType, params.dateFrom, params.dateTo)
-	err := row.Scan(&count)
+	row := cm.db.QueryRow(selectCountAuditEventsStmt, params.origin, params.realm, params.userID, params.ctEventType, params.dateFrom, params.dateTo, params.exclude)
+	err = row.Scan(&count)
 	if err != nil {
 		return 0, err
 	}
@@ -93,9 +106,12 @@ func (cm *eventsDBModule) GetEventsCount(_ context.Context, m map[string]string)
 // GetEvents gets the events matching some criterias (dateFrom, dateTo, realm, ...)
 func (cm *eventsDBModule) GetEvents(_ context.Context, m map[string]string) ([]api.AuditRepresentation, error) {
 	var res = []api.AuditRepresentation{}
-	params := createAuditEventsParametersFromMap(m)
+	params, errParams := createAuditEventsParametersFromMap(m)
+	if errParams != nil {
+		return nil, errParams
+	}
 
-	rows, err := cm.db.Query(selectAuditEventsStmt, params.origin, params.realm, params.userID, params.ctEventType, params.dateFrom, params.dateTo, params.first, params.max)
+	rows, err := cm.db.Query(selectAuditEventsStmt, params.origin, params.realm, params.userID, params.ctEventType, params.dateFrom, params.dateTo, params.exclude, params.first, params.max)
 	if err != nil {
 		return res, err
 	}

internal/keycloakb/eventsdbmodule_test.go

@@ -19,16 +19,26 @@ func TestModuleGetEvents(t *testing.T) {
 	dbEvents := mock.NewDBEvents(mockCtrl)
 	module := NewEventsDBModule(dbEvents)
 
-	params := map[string]string{"origin": "origin-1", "max": "5"}
-	var empty [0]api.AuditRepresentation
-	var expectedResult = empty[:]
-	var expectedError error = errorhandler.CreateMissingParameterError("")
-	var rows sql.Rows
-	dbEvents.EXPECT().Query(gomock.Any(), params["origin"], nil, nil, nil, nil, nil, 0, params["max"]).Return(&rows, expectedError).Times(1)
-	res, err := module.GetEvents(context.Background(), params)
+	{
+		// Multiple values not yet supported for exclude
+		params := map[string]string{"exclude": "value1,value2"}
+		_, err := module.GetEvents(context.Background(), params)
 
-	assert.Equal(t, expectedResult, res)
-	assert.Equal(t, expectedError, err)
+		assert.NotNil(t, err)
+	}
+
+	{
+		params := map[string]string{"origin": "origin-1", "max": "5"}
+		var empty [0]api.AuditRepresentation
+		var expectedResult = empty[:]
+		var expectedError error = errorhandler.CreateMissingParameterError("")
+		var rows sql.Rows
+		dbEvents.EXPECT().Query(gomock.Any(), params["origin"], nil, nil, nil, nil, nil, nil, 0, params["max"]).Return(&rows, expectedError).Times(1)
+		res, err := module.GetEvents(context.Background(), params)
+
+		assert.Equal(t, expectedResult, res)
+		assert.Equal(t, expectedError, err)
+	}
 }
 
 func TestModuleGetEventsSummary(t *testing.T) {

internal/keycloakb/passwordgeneration.go

@@ -44,7 +44,7 @@ func GeneratePassword(policy *string, minLength int, userID string) (string, err
 	return pwd, err
 }
 
-// GeneratePassword generates a password of a given length
+// GeneratePasswordNoKeycloakPolicy generates a password of a given length
 func GeneratePasswordNoKeycloakPolicy(minLength int) string {
 	var pwdElems []string
 	pwdElems = appendCharacters(pwdElems, alphabet, minLength)

pkg/events/component.go

@@ -62,7 +62,7 @@ func (ec *component) GetUserEvents(ctx context.Context, params map[string]string
 		return api.AuditEventsRepresentation{}, errorhandler.CreateMissingParameterError(app.Realm)
 	}
 	if val, ok := params["userID"]; !ok || len(val) == 0 {
-		return api.AuditEventsRepresentation{}, errorhandler.CreateMissingParameterError(app.UserId)
+		return api.AuditEventsRepresentation{}, errorhandler.CreateMissingParameterError(app.UserID)
 	}
 
 	err := ec.reportEvent(ctx, "GET_ACTIVITY", database.CtEventRealmName, params["realm"], database.CtEventUserID, params["userID"])

pkg/events/endpoint.go

@@ -18,7 +18,7 @@ type Endpoints struct {
 // MakeGetEventsEndpoint makes the events endpoint.
 func MakeGetEventsEndpoint(ec Component) cs.Endpoint {
 	return func(ctx context.Context, req interface{}) (interface{}, error) {
-		params := filterParameters(req.(map[string]string), "first", "max", "dateFrom", "dateTo", "realmTarget", "origin", "ctEventType")
+		params := filterParameters(req.(map[string]string), "first", "max", "dateFrom", "dateTo", "realmTarget", "origin", "ctEventType", "exclude")
 
 		//Rewrite realmTarget into realm
 		if value, ok := params["realmTarget"]; ok {

pkg/events/http.go

@@ -30,6 +30,7 @@ func decodeEventsRequest(ctx context.Context, req *http.Request) (interface{}, e
 		"origin":      `^[\w-@.]{1,128}$`,
 		"realmTarget": `^[\w-]{1,36}$`,
 		"ctEventType": `^[\w-]{1,128}$`,
+		"exclude":     `^[\w-]{1,128}(,[\w-]{1,128})*$`,
 		"dateFrom":    `^\d{1,10}$`,
 		"dateTo":      `^\d{1,10}$`,
 		"first":       `^\d{1,10}$`,

pkg/management/component.go

@@ -909,7 +909,7 @@ func (c *component) UpdateRealmCustomConfiguration(ctx context.Context, realmNam
 	if !match {
 		return errorhandler.Error{
 			Status:  400,
-			Message: internal.MsgErrInvalidParam + "." + internal.ClientId + "Or" + internal.RedirectURI,
+			Message: internal.MsgErrInvalidParam + "." + internal.ClientID + "Or" + internal.RedirectURI,
 		}
 	}
 	// transform customConfig object into JSON string

pkg/management/endpoint.go

@@ -200,7 +200,7 @@ func MakeGetUsersEndpoint(managementComponent ManagementComponent) cs.Endpoint {
 
 		_, ok := m["groupIds"]
 		if !ok {
-			return nil, errorhandler.CreateMissingParameterError(internal.GroudIds)
+			return nil, errorhandler.CreateMissingParameterError(internal.GroudIDs)
 		}
 
 		groupIDs := strings.Split(m["groupIds"], ",")