v3: audit events for managed service instance

Derik Evangelista · Derik Evangelista · commit fc537f9f3c53 · 2020-04-20T15:11:26.000+01:00
[#171629626](https://www.pivotaltracker.com/story/show/171629626)
diff --git a/app/actions/service_instance_create_managed.rb b/app/actions/service_instance_create_managed.rb
@@ -38,7 +38,11 @@ def create(message)
 
         service_event_repository.record_service_instance_event(:start_create, instance, message.audit_hash)
 
-        creation_job = V3::CreateServiceInstanceJob.new(instance.guid, arbitrary_parameters: message.parameters)
+        creation_job = V3::CreateServiceInstanceJob.new(
+          instance.guid,
+          arbitrary_parameters: message.parameters,
+          user_audit_info: service_event_repository.user_audit_info
+        )
         pollable_job = Jobs::Enqueuer.new(creation_job, queue: Jobs::Queues.generic).enqueue_pollable
       end
 
diff --git a/app/controllers/v3/service_instances_controller.rb b/app/controllers/v3/service_instances_controller.rb
@@ -181,7 +181,7 @@ def create_user_provided(message)
   end
 
   def create_managed(message, space:)
-    service_event_repository = VCAP::CloudController::Repositories::ServiceEventRepository::WithUserActor.new(user_audit_info)
+    service_event_repository = VCAP::CloudController::Repositories::ServiceEventRepository.new(user_audit_info)
     service_plan = ServicePlan.first(guid: message.service_plan_guid)
     unprocessable_service_plan! unless service_plan &&
       visible_to_current_user?(plan: service_plan) &&
diff --git a/app/jobs/v3/services/create_service_instance_job.rb b/app/jobs/v3/services/create_service_instance_job.rb
@@ -3,9 +3,10 @@
 module VCAP::CloudController
   module V3
     class CreateServiceInstanceJob < VCAP::CloudController::Jobs::CCJob
-      def initialize(service_instance_guid, arbitrary_parameters: {})
+      def initialize(service_instance_guid, arbitrary_parameters: {}, user_audit_info:)
         @service_instance_guid = service_instance_guid
         @arbitrary_parameters = arbitrary_parameters
+        @user_audit_info = user_audit_info
       end
 
       def perform
@@ -36,7 +37,8 @@ def success(job)
           polling_job = VCAP::CloudController::V3::FetchLastOperationJob.new(
             service_instance_guid: service_instance.guid,
             pollable_job_guid: pollable_job.guid,
-            request_attrs: @arbitrary_parameters
+            request_attrs: @arbitrary_parameters,
+            user_audit_info: @user_audit_info,
           )
           enqueuer = Jobs::Enqueuer.new(polling_job, queue: Jobs::Queues.generic)
           delayed_job = enqueuer.enqueue
@@ -47,6 +49,7 @@ def success(job)
           )
         else
           pollable_job.update(state: PollableJobModel::COMPLETE_STATE)
+          record_event(service_instance, @arbitrary_parameters)
         end
       end
 
@@ -72,6 +75,14 @@ def display_name
 
       private
 
+      def repository
+        Repositories::ServiceEventRepository.new(@user_audit_info)
+      end
+
+      def record_event(service_instance, request_attrs)
+        repository.record_service_instance_event(:create, service_instance, request_attrs)
+      end
+
       def service_instance
         @service_instance ||= ManagedServiceInstance.first(guid: service_instance_guid)
       end
diff --git a/app/jobs/v3/services/fetch_last_operation_job.rb b/app/jobs/v3/services/fetch_last_operation_job.rb
@@ -8,11 +8,12 @@ class FetchLastOperationJob < VCAP::CloudController::Jobs::CCJob
 
       attr_accessor :service_instance_guid, :request_attrs, :poll_interval, :end_timestamp
 
-      def initialize(service_instance_guid:, request_attrs:, end_timestamp: nil, pollable_job_guid:)
+      def initialize(service_instance_guid:, request_attrs:, end_timestamp: nil, pollable_job_guid:, user_audit_info:)
         @service_instance_guid = service_instance_guid
         @request_attrs = request_attrs
         @end_timestamp = end_timestamp || new_end_timestamp
         @pollable_job_guid = pollable_job_guid
+        @user_audit_info = user_audit_info
         update_polling_interval
       end
 
@@ -74,6 +75,10 @@ def operation_failed!(msg)
         raise CloudController::Errors::ApiError.new_from_details('ServiceInstanceProvisionFailed', msg)
       end
 
+      def repository
+        Repositories::ServiceEventRepository.new(@user_audit_info)
+      end
+
       def pollable_job
         PollableJobModel.where(guid: @pollable_job_guid)
       end
@@ -86,6 +91,11 @@ def try_again
         )
       end
 
+      def record_event(service_instance, request_attrs)
+        type = service_instance.last_operation.type
+        repository.record_service_instance_event(type, service_instance, request_attrs)
+      end
+
       def update_with_attributes(last_operation, service_instance, intended_operation)
         ServiceInstance.db.transaction do
           service_instance.lock!
@@ -97,6 +107,7 @@ def update_with_attributes(last_operation, service_instance, intended_operation)
 
           if service_instance.last_operation.state == 'succeeded'
             apply_proposed_changes(service_instance)
+            record_event(service_instance, @request_attrs)
           end
         end
       end
diff --git a/spec/request/service_instances_spec.rb b/spec/request/service_instances_spec.rb
@@ -768,7 +768,7 @@ def check_filtered_instances(*instances)
             labels: { baz: 'qux' },
             annotations: { foo: 'bar' }
           )
-                                   )
+        )
       end
 
       it 'creates a service instance in the database' do
diff --git a/spec/unit/jobs/v3/create_service_instance_job_spec.rb b/spec/unit/jobs/v3/create_service_instance_job_spec.rb
@@ -37,16 +37,26 @@ module V3
           service_instance.service_instance_operation = operation
           service_instance
         end
+
+        let(:user) { User.make }
+        let(:user_email) { 'foo@example.com' }
+        let(:user_audit_info) { UserAuditInfo.new(user_guid: user.guid, user_email: user_email) }
+        let(:request_attr) {
+          {
+            dummy_data: 'dummy_data'
+          }
+        }
         let(:job) do
           CreateServiceInstanceJob.new(
             service_instance.guid,
-            {}
+            arbitrary_parameters: request_attr,
+            user_audit_info: user_audit_info,
           )
         end
 
-        def run_job(job, jobs_succeeded: 2, jobs_failed: 0)
+        def run_job(job, jobs_succeeded: 2, jobs_failed: 0, jobs_to_execute: 100)
           pollable_job = Jobs::Enqueuer.new(job, { queue: Jobs::Queues.generic, run_at: Delayed::Job.db_time_now }).enqueue_pollable
-          execute_all_jobs(expected_successes: jobs_succeeded, expected_failures: jobs_failed)
+          execute_all_jobs(expected_successes: jobs_succeeded, expected_failures: jobs_failed, jobs_to_execute: jobs_to_execute)
           pollable_job
         end
 
@@ -95,6 +105,12 @@ def run_job(job, jobs_succeeded: 2, jobs_failed: 0)
             expect(service_instance.last_operation.type).to eq('create')
             expect(service_instance.last_operation.state).to eq('in progress')
           end
+
+          it 'does not create an audit event`' do
+            run_job(job, jobs_succeeded: 1, jobs_to_execute: 1)
+
+            expect(Event.find(type: 'audit.service_instance.create')).to be_nil
+          end
         end
 
         context 'when broker returns `succeeded` on the provision request' do
@@ -132,6 +148,15 @@ def run_job(job, jobs_succeeded: 2, jobs_failed: 0)
             expect(service_instance.last_operation.type).to eq('create')
             expect(service_instance.last_operation.state).to eq('succeeded')
           end
+
+          it 'creates an audit event' do
+            run_job(job, jobs_succeeded: 1)
+
+            event = Event.find(type: 'audit.service_instance.create')
+            expect(event).to be
+            expect(event.actee).to eq(service_instance.guid)
+            expect(event.metadata['request']).to have_key('dummy_data')
+          end
         end
 
         context 'when the broker client raises during provision' do
diff --git a/spec/unit/jobs/v3/services/fetch_last_operation_job_spec.rb b/spec/unit/jobs/v3/services/fetch_last_operation_job_spec.rb
@@ -27,6 +27,7 @@ module V3
 
       let(:user) { User.make }
       let(:user_email) { 'fake@mail.foo' }
+      let(:user_audit_info) { UserAuditInfo.new(user_guid: user.guid, user_email: user_email) }
 
       let(:status) { 200 }
       let(:state) { 'succeeded' }
@@ -60,6 +61,7 @@ module V3
           service_instance_guid: service_instance.guid,
           request_attrs: request_attrs,
           pollable_job_guid: pollable_job_guid,
+          user_audit_info:  user_audit_info,
         )
       end
 
@@ -204,6 +206,32 @@ def run_job(job, successes: 1, failures: 0)
 
             expect(pollable_job.reload.state).to eq(PollableJobModel::COMPLETE_STATE)
           end
+
+          context 'audit events' do
+            context 'when user information is provided' do
+              it 'should create audit event' do
+                run_job(job)
+
+                event = Event.find(type: 'audit.service_instance.create')
+                expect(event).to be
+                expect(event.actee).to eq(service_instance.guid)
+                expect(event.metadata['request']).to have_key('dummy_data')
+              end
+            end
+
+            context 'when the user has gone away' do
+              it 'should create an audit event' do
+                user.destroy
+
+                run_job(job)
+
+                event = Event.find(type: 'audit.service_instance.create')
+                expect(event).to be
+                expect(event.actee).to eq(service_instance.guid)
+                expect(event.metadata['request']).to have_key('dummy_data')
+              end
+            end
+          end
         end
 
         context 'when the broker responds with state `in progress`' do
@@ -506,32 +534,6 @@ def run_job(job, successes: 1, failures: 0)
               expect(event).to be
             end
           end
-
-          context 'when user information is provided' do
-            context 'and the last operation type is create' do
-              it 'should create audit event' do
-                run_job(job)
-
-                event = Event.find(type: 'audit.service_instance.create')
-                expect(event).to be
-                expect(event.actee).to eq(service_instance.guid)
-                expect(event.metadata['request']).to have_key('dummy_data')
-              end
-            end
-          end
-
-          context 'when the user has gone away' do
-            it 'should create an audit event' do
-              user.destroy
-
-              run_job(job)
-
-              event = Event.find(type: 'audit.service_instance.create')
-              expect(event).to be
-              expect(event.actee).to eq(service_instance.guid)
-              expect(event.metadata['request']).to have_key('dummy_data')
-            end
-          end
         end
 
         context 'when the poll_interval is changed after the job was created' do

Original file line number	Diff line number	Diff line change
`@@ -768,7 +768,7 @@ def check_filtered_instances(*instances)`
`768`	`768`	`labels: { baz: 'qux' },`
`769`	`769`	`annotations: { foo: 'bar' }`
`770`	`770`	`)`
`771`		`- )`
	`771`	`+ )`
`772`	`772`	`end`
`773`	`773`
`774`	`774`	`it 'creates a service instance in the database' do`