[PLAT-13926] Validate the exporter uuid before calling the audit logg…

…ing task Summary: This diff covers 2 tickets: 1. [PLAT-13926] Validate the exporter uuid before calling the audit logging task Added validation to check if exporter is given when the export is set to active when modifying the audit log config on a universe. 2. [PLAT-13927] Get and list telemetry provider APIs return unmasked creds Added masking to the controller for these 2 APIs. Test Plan: Manually tested with empty `universeLogsExporterConfig` list and empty `exporterUuid` in the list. Manually tested the get and list TP APIs and verified the creds are not shown anymore. Reviewers: amalyshev Reviewed By: amalyshev Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D34998
yugabyte · May 14, 2024 · c5348b6 · c5348b6
1 parent 31e6da3
commit c5348b6
Show file tree

Hide file tree

Showing 5 changed files with 63 additions and 5 deletions.
diff --git a/managed/src/main/java/com/yugabyte/yw/controllers/TelemetryProviderController.java b/managed/src/main/java/com/yugabyte/yw/controllers/TelemetryProviderController.java
@@ -13,6 +13,7 @@
 import com.yugabyte.yw.models.Customer;
 import com.yugabyte.yw.models.TelemetryProvider;
 import com.yugabyte.yw.models.common.YbaApi;
+import com.yugabyte.yw.models.helpers.CommonUtils;
 import com.yugabyte.yw.models.helpers.TelemetryProviderService;
 import com.yugabyte.yw.rbac.annotations.AuthzPath;
 import com.yugabyte.yw.rbac.annotations.PermissionAttribute;
@@ -26,6 +27,7 @@
 import io.swagger.annotations.Authorization;
 import java.util.List;
 import java.util.UUID;
+import java.util.stream.Collectors;
 import play.mvc.Http;
 import play.mvc.Result;
 
@@ -51,7 +53,7 @@ public Result getTelemetryProvider(UUID customerUUID, UUID providerUUID) {
     Customer.getOrBadRequest(customerUUID);
     TelemetryProvider provider =
         telemetryProviderService.getOrBadRequest(customerUUID, providerUUID);
-    return PlatformResults.withData(provider);
+    return PlatformResults.withData(CommonUtils.maskObject(provider));
   }
 
   @ApiOperation(
@@ -69,7 +71,10 @@ public Result getTelemetryProvider(UUID customerUUID, UUID providerUUID) {
   })
   public Result listTelemetryProviders(UUID customerUUID) {
     Customer.getOrBadRequest(customerUUID);
-    List<TelemetryProvider> providers = telemetryProviderService.list(customerUUID);
+    List<TelemetryProvider> providers =
+        telemetryProviderService.list(customerUUID).stream()
+            .map(tp -> CommonUtils.maskObject(tp))
+            .collect(Collectors.toList());
     return PlatformResults.withData(providers);
   }
 

diff --git a/managed/src/main/java/com/yugabyte/yw/controllers/handlers/UpgradeUniverseHandler.java b/managed/src/main/java/com/yugabyte/yw/controllers/handlers/UpgradeUniverseHandler.java
@@ -54,6 +54,8 @@
 import com.yugabyte.yw.models.extended.SoftwareUpgradeInfoResponse;
 import com.yugabyte.yw.models.helpers.CommonUtils;
 import com.yugabyte.yw.models.helpers.TaskType;
+import com.yugabyte.yw.models.helpers.TelemetryProviderService;
+import com.yugabyte.yw.models.helpers.audit.UniverseLogsExporterConfig;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
@@ -62,6 +64,7 @@
 import java.util.UUID;
 import javax.inject.Singleton;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.collections4.MapUtils;
 import play.libs.Json;
 
@@ -77,6 +80,7 @@ public class UpgradeUniverseHandler {
   private final CertificateHelper certificateHelper;
   private final AutoFlagUtil autoFlagUtil;
   private final XClusterUniverseService xClusterUniverseService;
+  private final TelemetryProviderService telemetryProviderService;
 
   @Inject
   public UpgradeUniverseHandler(
@@ -87,7 +91,8 @@ public UpgradeUniverseHandler(
       RuntimeConfGetter confGetter,
       CertificateHelper certificateHelper,
       AutoFlagUtil autoFlagUtil,
-      XClusterUniverseService xClusterUniverseService) {
+      XClusterUniverseService xClusterUniverseService,
+      TelemetryProviderService telemetryProviderService) {
     this.commissioner = commissioner;
     this.kubernetesManagerFactory = kubernetesManagerFactory;
     this.runtimeConfigFactory = runtimeConfigFactory;
@@ -96,6 +101,7 @@ public UpgradeUniverseHandler(
     this.certificateHelper = certificateHelper;
     this.autoFlagUtil = autoFlagUtil;
     this.xClusterUniverseService = xClusterUniverseService;
+    this.telemetryProviderService = telemetryProviderService;
   }
 
   public UUID restartUniverse(
@@ -467,6 +473,35 @@ public UUID modifyAuditLoggingConfig(
     UniverseDefinitionTaskParams universeDetails = universe.getUniverseDetails();
     UserIntent userIntent = universeDetails.getPrimaryCluster().userIntent;
 
+    // Verify if exporter config is set to export active.
+    if (requestParams.auditLogConfig.isExportActive()) {
+      // If exporter config is set to export active, verify if any exporter is configured.
+      if (CollectionUtils.isEmpty(requestParams.auditLogConfig.getUniverseLogsExporterConfig())) {
+        String errorMessage =
+            String.format(
+                "Audit log config is set to export active, but no exporter configured on universe"
+                    + " '%s'.",
+                universe.getUniverseUUID());
+        log.error(errorMessage);
+        throw new PlatformServiceException(BAD_REQUEST, errorMessage);
+      }
+
+      // If exporter config is set to export active, verify if given exporter uuid(s) are empty.
+      for (UniverseLogsExporterConfig exporterConfig :
+          requestParams.auditLogConfig.getUniverseLogsExporterConfig()) {
+        UUID exporterUUID = exporterConfig.getExporterUuid();
+        if (exporterUUID == null
+            || !telemetryProviderService.checkIfExists(customer.getUuid(), exporterUUID)) {
+          String errorMessage =
+              String.format(
+                  "Exporter config UUID '%s' is invalid for universe '%s'.",
+                  exporterUUID, universe.getUniverseUUID());
+          log.error(errorMessage);
+          throw new PlatformServiceException(BAD_REQUEST, errorMessage);
+        }
+      }
+    }
+
     requestParams.verifyParams(universe, true);
     userIntent.auditLogConfig = requestParams.auditLogConfig;
     return submitUpgradeTask(

diff --git a/managed/src/main/java/com/yugabyte/yw/models/helpers/TelemetryProviderService.java b/managed/src/main/java/com/yugabyte/yw/models/helpers/TelemetryProviderService.java
@@ -80,6 +80,19 @@ public TelemetryProvider getOrBadRequest(UUID customerUUID, UUID uuid) {
     return provider;
   }
 
+  public boolean checkIfExists(UUID customerUUID, UUID uuid) {
+    try {
+      TelemetryProvider provider = getOrBadRequest(customerUUID, uuid);
+      ;
+      if (provider != null) {
+        return true;
+      }
+    } catch (Exception e) {
+      return false;
+    }
+    return false;
+  }
+
   public List<TelemetryProvider> list(Set<UUID> uuids) {
     return appendInClause(TelemetryProvider.createQuery(), "uuid", uuids).findList();
   }

diff --git a/managed/src/test/java/com/yugabyte/yw/controllers/TelemetryProviderControllerTest.java b/managed/src/test/java/com/yugabyte/yw/controllers/TelemetryProviderControllerTest.java
@@ -22,6 +22,7 @@
 import com.yugabyte.yw.models.Customer;
 import com.yugabyte.yw.models.TelemetryProvider;
 import com.yugabyte.yw.models.Users;
+import com.yugabyte.yw.models.helpers.CommonUtils;
 import com.yugabyte.yw.models.helpers.TelemetryProviderService;
 import com.yugabyte.yw.models.helpers.TelemetryProviderServiceTest;
 import java.util.Arrays;
@@ -71,7 +72,9 @@ public void testListTelemetryProviders() {
     List<TelemetryProvider> providers =
         Arrays.asList(Json.fromJson(providersJson, TelemetryProvider[].class));
     assertThat(providers, hasSize(2));
-    assertThat(providers, containsInAnyOrder(provider1, provider2));
+    assertThat(
+        providers,
+        containsInAnyOrder(CommonUtils.maskObject(provider1), CommonUtils.maskObject(provider2)));
   }
 
   @Test

diff --git a/managed/src/test/java/com/yugabyte/yw/controllers/handlers/UpgradeUniverseHandlerTest.java b/managed/src/test/java/com/yugabyte/yw/controllers/handlers/UpgradeUniverseHandlerTest.java
@@ -39,6 +39,7 @@
 import com.yugabyte.yw.models.Customer;
 import com.yugabyte.yw.models.Universe;
 import com.yugabyte.yw.models.helpers.TaskType;
+import com.yugabyte.yw.models.helpers.TelemetryProviderService;
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.Collections;
@@ -79,7 +80,8 @@ public void setUp() {
             runtimeConfGetter,
             mock(CertificateHelper.class),
             mock(AutoFlagUtil.class),
-            mock(XClusterUniverseService.class));
+            mock(XClusterUniverseService.class),
+            mock(TelemetryProviderService.class));
   }
 
   private static Object[] tlsToggleCustomTypeNameParams() {