CLOUDP-136708: AtlasCLI: Support Get/Update Audit configs for projects (#3036)

Author: andreaangiolillo

docs/command/atlas-auditing-update.txt

@@ -0,0 +1,114 @@
+.. _atlas-auditing-update:
+
+=====================
+atlas auditing update
+=====================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+Updates the auditing configuration for the specified project
+
+To use this command, you must authenticate with a user account or an API key with the Project Owner role.
+
+Syntax
+------
+
+.. code-block::
+   :caption: Command Syntax
+
+   atlas auditing update [options]
+
+.. Code end marker, please don't delete this comment
+
+Options
+-------
+
+.. list-table::
+   :header-rows: 1
+   :widths: 20 10 10 60
+
+   * - Name
+     - Type
+     - Required
+     - Description
+   * - --auditAuthorizationSuccess
+     - 
+     - false
+     - Flag that indicates whether someone set auditing to track successful authentications. This only applies to the "atype" : "authCheck" audit filter. Setting this parameter to true degrades cluster performance.
+   * - --auditFilter
+     - string
+     - false
+     - JSON document that specifies which events to record. Escape any characters that may prevent parsing, such as single or double quotes, using a backslash (\).
+
+       Mutually exclusive with --file.
+   * - --enabled
+     - 
+     - false
+     - Flag that indicates whether someone enabled database auditing for the specified project.
+   * - -f, --file
+     - string
+     - false
+     - Path to an optional JSON configuration file that defines auditing filters. To learn more about auditing configuration files for the Atlas CLI, see https://www.mongodb.com/docs/atlas/database-auditing/#example-auditing-filters
+
+       Mutually exclusive with --auditFilter.
+   * - -h, --help
+     - 
+     - false
+     - help for update
+   * - -o, --output
+     - string
+     - false
+     - Output format. Valid values are json, json-path, go-template, or go-template-file. To see the full output, use the -o json option.
+   * - --projectId
+     - string
+     - false
+     - Hexadecimal string that identifies the project to use. This option overrides the settings in the configuration file or environment variable.
+
+Inherited Options
+-----------------
+
+.. list-table::
+   :header-rows: 1
+   :widths: 20 10 10 60
+
+   * - Name
+     - Type
+     - Required
+     - Description
+   * - -P, --profile
+     - string
+     - false
+     - Name of the profile to use from your configuration file. To learn about profiles for the Atlas CLI, see https://dochub.mongodb.org/core/atlas-cli-save-connection-settings.
+
+Output
+------
+
+If the command succeeds, the CLI returns output similar to the following sample. Values in brackets represent your values.
+
+.. code-block::
+
+   Auditing configuration successfully updated.
+   
+
+Examples
+--------
+
+.. code-block::
+   :copyable: false
+
+   # Audit all authentication events for known users:
+   atlas auditing update --auditFilter '{"atype": "authenticate"}'
+
+   
+.. code-block::
+   :copyable: false
+
+   # Audit all authentication events for known user via a configuration file:
+   atlas auditing update -f filter.json
+

docs/command/atlas-auditing.txt

@@ -50,10 +50,12 @@ Related Commands
 ----------------
 
 * :ref:`atlas-auditing-describe` - Returns the auditing configuration for the specified project.
+* :ref:`atlas-auditing-update` - Updates the auditing configuration for the specified project
 
 
 .. toctree::
    :titlesonly:
 
    describe </command/atlas-auditing-describe>
+   update </command/atlas-auditing-update>
 

internal/cli/auditing/auditing.go

@@ -25,6 +25,7 @@ func Builder() *cobra.Command {
 	}
 	cmd.AddCommand(
 		DescribeBuilder(),
+		UpdateBuilder(),
 	)
 
 	return cmd

internal/cli/auditing/auditing_test.go

@@ -26,7 +26,7 @@ func TestBuilder(t *testing.T) {
 	test.CmdValidator(
 		t,
 		Builder(),
-		1,
+		2,
 		[]string{},
 	)
 }

internal/cli/auditing/describe_test.go

@@ -22,7 +22,9 @@ import (
 
 	"github.com/golang/mock/gomock"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/cli"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/flag"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/mocks"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/test"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	atlasv2 "go.mongodb.org/atlas-sdk/v20231115014/admin"
@@ -53,3 +55,12 @@ func TestDescribeOpts_Run(t *testing.T) {
 `, buf.String())
 	t.Log(buf.String())
 }
+
+func TestDescribeBuilder(t *testing.T) {
+	test.CmdValidator(
+		t,
+		UpdateBuilder(),
+		0,
+		[]string{flag.Output, flag.ProjectID},
+	)
+}

internal/cli/auditing/update.go

@@ -0,0 +1,127 @@
+// Copyright 2024 MongoDB Inc
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auditing
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/cli"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/cli/require"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/config"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/file"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/flag"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/store"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/usage"
+	"github.com/spf13/afero"
+	"github.com/spf13/cobra"
+	atlasv2 "go.mongodb.org/atlas-sdk/v20231115014/admin"
+)
+
+type UpdateOpts struct {
+	cli.GlobalOpts
+	cli.OutputOpts
+	enabled                   bool
+	auditAuthorizationSuccess bool
+	filename                  string
+	auditFilter               string
+	fs                        afero.Fs
+	store                     store.AuditingUpdater
+}
+
+func (opts *UpdateOpts) initStore(ctx context.Context) func() error {
+	return func() error {
+		var err error
+		opts.store, err = store.New(store.AuthenticatedPreset(config.Default()), store.WithContext(ctx))
+		return err
+	}
+}
+
+var updateTemplate = "Auditing configuration successfully updated.\n"
+
+func (opts *UpdateOpts) Run() error {
+	auditLog, err := opts.newAuditLog()
+	if err != nil {
+		return err
+	}
+	r, err := opts.store.UpdateAuditingConfig(opts.ConfigProjectID(), auditLog)
+	if err != nil {
+		return err
+	}
+	return opts.Print(r)
+}
+
+func (opts *UpdateOpts) newAuditLog() (*atlasv2.AuditLog, error) {
+	if opts.filename != "" {
+		fileContent, err := file.LoadFile(opts.fs, opts.filename)
+		if err != nil {
+			return nil, err
+		}
+		opts.auditFilter = string(fileContent)
+	}
+
+	return &atlasv2.AuditLog{
+		Enabled:                   &opts.enabled,
+		AuditAuthorizationSuccess: &opts.auditAuthorizationSuccess,
+		AuditFilter:               &opts.auditFilter,
+	}, nil
+}
+
+// UpdateBuilder atlas auditing update [--file filter.json] [--auditFilter "{"atype": "authenticate"}"] [--auditAuthorizationSuccess] [--enabled] --projectId projectId.
+func UpdateBuilder() *cobra.Command {
+	opts := &UpdateOpts{
+		fs: afero.NewOsFs(),
+	}
+	cmd := &cobra.Command{
+		Use:   "update",
+		Short: "Updates the auditing configuration for the specified project",
+		Long:  fmt.Sprintf(usage.RequiredRole, "Project Owner"),
+		Args:  require.NoArgs,
+		Annotations: map[string]string{
+			"output": updateTemplate,
+		},
+		Example: `  # Audit all authentication events for known users:
+  atlas auditing update --auditFilter '{"atype": "authenticate"}'
+
+  # Audit all authentication events for known user via a configuration file:
+  atlas auditing update -f filter.json
+`,
+		PreRunE: func(cmd *cobra.Command, _ []string) error {
+			return opts.PreRunE(
+				opts.ValidateProjectID,
+				opts.initStore(cmd.Context()),
+				opts.InitOutput(cmd.OutOrStdout(), updateTemplate),
+			)
+		},
+		RunE: func(_ *cobra.Command, _ []string) error {
+			return opts.Run()
+		},
+	}
+
+	cmd.Flags().StringVar(&opts.ProjectID, flag.ProjectID, "", usage.ProjectID)
+	cmd.Flags().StringVar(&opts.auditFilter, flag.AuditFilter, "", usage.AuditFilter)
+	cmd.Flags().BoolVar(&opts.enabled, flag.Enabled, false, usage.EnabledAuditing)
+	cmd.Flags().StringVarP(&opts.filename, flag.File, flag.FileShort, "", usage.AuditingFilename)
+	cmd.Flags().BoolVar(&opts.auditAuthorizationSuccess, flag.AuditAuthorizationSuccess, false, usage.AuditAuthorizationSuccess)
+	cmd.Flags().StringVarP(&opts.Output, flag.Output, flag.OutputShort, "", usage.FormatOut)
+	_ = cmd.RegisterFlagCompletionFunc(flag.Output, opts.AutoCompleteOutputFlag())
+
+	_ = cmd.MarkFlagFilename(flag.File)
+
+	cmd.MarkFlagsMutuallyExclusive(flag.File, flag.AuditFilter)
+	cmd.MarkFlagsOneRequired(flag.File, flag.AuditFilter)
+
+	return cmd
+}

internal/cli/auditing/update_test.go

@@ -0,0 +1,75 @@
+// Copyright 2024 MongoDB Inc
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build unit
+
+package auditing
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/golang/mock/gomock"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/cli"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/flag"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/mocks"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/pointer"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/test"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	atlasv2 "go.mongodb.org/atlas-sdk/v20231115014/admin"
+)
+
+func TestUpdateOpts_Run(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	mockStore := mocks.NewMockAuditingUpdater(ctrl)
+	buf := new(bytes.Buffer)
+	opts := &UpdateOpts{
+		store: mockStore,
+		OutputOpts: cli.OutputOpts{
+			OutWriter: buf,
+			Template:  updateTemplate,
+		},
+		auditFilter:               "test",
+		enabled:                   false,
+		auditAuthorizationSuccess: false,
+	}
+
+	expected := &atlasv2.AuditLog{
+		Enabled:                   pointer.Get(false),
+		AuditFilter:               pointer.Get("test"),
+		AuditAuthorizationSuccess: pointer.Get(false),
+	}
+
+	body, err := opts.newAuditLog()
+	require.NoError(t, err)
+	mockStore.
+		EXPECT().
+		UpdateAuditingConfig(opts.ConfigProjectID(), body).
+		Return(expected, nil).
+		Times(1)
+
+	require.NoError(t, opts.Run())
+	assert.Equal(t, "Auditing configuration successfully updated.\n", buf.String())
+	t.Log(buf.String())
+}
+
+func TestUpdateBuilder(t *testing.T) {
+	test.CmdValidator(
+		t,
+		UpdateBuilder(),
+		0,
+		[]string{flag.Output, flag.ProjectID, flag.AuditAuthorizationSuccess, flag.AuditFilter, flag.Enabled, flag.File},
+	)
+}