Merge pull request #30 from mongodb/auditing

Auditing

Author: marinsalinas

mongodbatlas/auditing.go

@@ -0,0 +1,83 @@
+package mongodbatlas
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+const (
+	auditingsPath = "groups/%s/auditLog"
+)
+
+// AuditingsService is an interface for interfacing with the Auditing
+// endpoints of the MongoDB Atlas API.
+// See more: https://docs.atlas.mongodb.com/reference/api/auditing/
+type AuditingsService interface {
+	Get(context.Context, string) (*Auditing, *Response, error)
+	Configure(context.Context, string, *Auditing) (*Auditing, *Response, error)
+}
+
+// AuditingsServiceOp handles communication with the Auditings related methods
+// of the MongoDB Atlas API
+type AuditingsServiceOp struct {
+	client *Client
+}
+
+var _ AuditingsService = &AuditingsServiceOp{}
+
+// Auditing represents MongoDB Maintenance Windows
+type Auditing struct {
+	AuditAuthorizationSuccess *bool  `json:"auditAuthorizationSuccess,omitempty"` // Indicates whether the auditing system captures successful authentication attempts for audit filters using the "atype" : "authCheck" auditing event. For more information, see auditAuthorizationSuccess
+	AuditFilter               string `json:"auditFilter,omitempty"`               // JSON-formatted audit filter used by the project
+	ConfigurationType         string `json:"configurationType,omitempty"`         // Denotes the configuration method for the audit filter. Possible values are: NONE - auditing not configured for the project.m FILTER_BUILDER - auditing configured via Atlas UI filter builderm FILTER_JSON - auditing configured via Atlas custom filter or API
+	Enabled                   *bool  `json:"enabled,omitempty"`                   // Denotes whether or not the project associated with the {GROUP-ID} has database auditing enabled.
+}
+
+// Get audit configuration for the project associated with {GROUP-ID}.
+// See more: https://docs.atlas.mongodb.com/reference/api/auditing-get-auditLog/
+func (s *AuditingsServiceOp) Get(ctx context.Context, groupID string) (*Auditing, *Response, error) {
+	if groupID == "" {
+		return nil, nil, NewArgError("groupID", "must be set")
+	}
+
+	path := fmt.Sprintf(auditingsPath, groupID)
+	req, err := s.client.NewRequest(ctx, http.MethodGet, path, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	root := new(Auditing)
+	resp, err := s.client.Do(ctx, req, root)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return root, resp, err
+}
+
+// Configure the audit configuration for the project associated with {GROUP-ID}.
+// See more: https://docs.atlas.mongodb.com/reference/api/auditing-set-auditLog/
+func (s *AuditingsServiceOp) Configure(ctx context.Context, groupID string, configRequest *Auditing) (*Auditing, *Response, error) {
+	if configRequest == nil {
+		return nil, nil, NewArgError("configRequest", "cannot be nil")
+	}
+	if groupID == "" {
+		return nil, nil, NewArgError("groupID", "cannot be nil")
+	}
+
+	path := fmt.Sprintf(auditingsPath, groupID)
+
+	req, err := s.client.NewRequest(ctx, http.MethodPatch, path, configRequest)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	root := new(Auditing)
+	resp, err := s.client.Do(ctx, req, root)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return root, resp, err
+}

mongodbatlas/auditing_test.go

@@ -0,0 +1,99 @@
+package mongodbatlas
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/go-test/deep"
+	"github.com/mwielbut/pointy"
+)
+
+func TestConfigureAuditing(t *testing.T) {
+	setup()
+	defer teardown()
+
+	groupID := "6d2065c687d9d64ae7acdg41"
+
+	mux.HandleFunc(fmt.Sprintf("/"+auditingsPath, groupID), func(w http.ResponseWriter, r *http.Request) {
+		expected := map[string]interface{}{
+			"auditAuthorizationSuccess": false,
+			"auditFilter":               "{\n  \"atype\": \"authenticate\",\n  \"param\": {\n    \"user\": \"auditAdmin\",\n    \"db\": \"admin\",\n    \"mechanism\": \"SCRAM-SHA-1\"\n  }\n}",
+			"enabled":                   true,
+		}
+
+		var v map[string]interface{}
+		err := json.NewDecoder(r.Body).Decode(&v)
+		if err != nil {
+			t.Fatalf("decode json: %v", err)
+		}
+
+		if diff := deep.Equal(v, expected); diff != nil {
+			t.Errorf("Request body\n got=%#v\nwant=%#v \n\ndiff=%#v", v, expected, diff)
+		}
+
+		fmt.Fprint(w, `{
+			"auditAuthorizationSuccess": false,
+			"auditFilter": "{\n  \"atype\": \"authenticate\",\n  \"param\": {\n    \"user\": \"auditAdmin\",\n    \"db\": \"admin\",\n    \"mechanism\": \"SCRAM-SHA-1\"\n  }\n}",
+			"configurationType": "FILTER_JSON",
+			"enabled": true
+		}`)
+	})
+
+	auditingRequest := &Auditing{
+		AuditAuthorizationSuccess: pointy.Bool(false),
+		AuditFilter:               "{\n  \"atype\": \"authenticate\",\n  \"param\": {\n    \"user\": \"auditAdmin\",\n    \"db\": \"admin\",\n    \"mechanism\": \"SCRAM-SHA-1\"\n  }\n}",
+		Enabled:                   pointy.Bool(true),
+	}
+
+	auditingResponse, _, err := client.Auditing.Configure(ctx, groupID, auditingRequest)
+	if err != nil {
+		t.Errorf("Auditing.Configure returned error: %v", err)
+		return
+	}
+
+	expected := &Auditing{
+		AuditAuthorizationSuccess: pointy.Bool(false),
+		AuditFilter:               "{\n  \"atype\": \"authenticate\",\n  \"param\": {\n    \"user\": \"auditAdmin\",\n    \"db\": \"admin\",\n    \"mechanism\": \"SCRAM-SHA-1\"\n  }\n}",
+		ConfigurationType:         "FILTER_JSON",
+		Enabled:                   pointy.Bool(true),
+	}
+
+	if diff := deep.Equal(auditingResponse, expected); diff != nil {
+		t.Errorf("Request body\n got=%#v\nwant=%#v \n\ndiff=%#v", auditingResponse, expected, diff)
+	}
+}
+
+func TestAuditing_Get(t *testing.T) {
+	setup()
+	defer teardown()
+
+	groupID := "6d2065c687d9d64ae7acdg41"
+
+	mux.HandleFunc(fmt.Sprintf("/"+auditingsPath, groupID), func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, http.MethodGet)
+		fmt.Fprint(w, fmt.Sprintf(`{
+			"auditAuthorizationSuccess": false,
+			"auditFilter": "{\n  \"atype\": \"authenticate\",\n  \"param\": {\n    \"user\": \"auditAdmin\",\n    \"db\": \"admin\",\n    \"mechanism\": \"SCRAM-SHA-1\"\n  }\n}",
+			"configurationType": "FILTER_JSON",
+			"enabled": true
+		}`))
+	})
+
+	auditing, _, err := client.Auditing.Get(ctx, groupID)
+	if err != nil {
+		t.Errorf("Auditing.Get returned error: %v", err)
+	}
+
+	expected := &Auditing{
+		AuditAuthorizationSuccess: pointy.Bool(false),
+		AuditFilter:               "{\n  \"atype\": \"authenticate\",\n  \"param\": {\n    \"user\": \"auditAdmin\",\n    \"db\": \"admin\",\n    \"mechanism\": \"SCRAM-SHA-1\"\n  }\n}",
+		ConfigurationType:         "FILTER_JSON",
+		Enabled:                   pointy.Bool(true),
+	}
+
+	if diff := deep.Equal(auditing, expected); diff != nil {
+		t.Errorf("Request body\n got=%#v\nwant=%#v \n\ndiff=%#v", auditing, expected, diff)
+	}
+}

mongodbatlas/mongodbatlas.go

@@ -49,6 +49,7 @@ type Client struct {
 	Teams                            TeamsService
 	AtlasUsers                       AtlasUsersService
 	GlobalClusters                   GlobalClustersService
+	Auditing                         AuditingsService
 
 	onRequestCompleted RequestCompletionCallback
 }
@@ -157,6 +158,7 @@ func NewClient(httpClient *http.Client) *Client {
 	c.Teams = &TeamsServiceOp{client: c}
 	c.AtlasUsers = &AtlasUsersServiceOp{client: c}
 	c.GlobalClusters = &GlobalClustersServiceOp{client: c}
+	c.Auditing = &AuditingsServiceOp{client: c}
 
 	return c
 }