diff --git a/gradle.properties b/gradle.properties index 674b94489..bb23730e9 100644 --- a/gradle.properties +++ b/gradle.properties @@ -14,6 +14,6 @@ # limitations under the License. # -version=0.25.0 +version=0.26.0 groupId=com.nike.cerberus artifactId=cms diff --git a/src/main/java/com/nike/cerberus/CerberusHttpHeaders.java b/src/main/java/com/nike/cerberus/CerberusHttpHeaders.java new file mode 100644 index 000000000..77baa1c40 --- /dev/null +++ b/src/main/java/com/nike/cerberus/CerberusHttpHeaders.java @@ -0,0 +1,7 @@ +package com.nike.cerberus; + +public final class CerberusHttpHeaders { + + public static final String HEADER_X_CERBERUS_CLIENT = "X-Cerberus-Client"; + public static final String HEADER_X_REFRESH_TOKEN = "X-Refresh-Token"; +} diff --git a/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamPrincipal.java b/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamPrincipal.java index fdd2320ec..520242b12 100644 --- a/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamPrincipal.java +++ b/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamPrincipal.java @@ -26,6 +26,7 @@ import com.nike.riposte.util.AsyncNettyHelper; import com.nike.riposte.util.Matcher; import io.netty.channel.ChannelHandlerContext; +import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -34,6 +35,8 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; + /** * Authentication endpoint for IAM roles. If valid, a client token that is encrypted via KMS is returned. The * IAM role will be the only role capable of decrypting the client token via KMS. @@ -60,9 +63,16 @@ public CompletableFuture> execute(final Reques } private ResponseInfo authenticate(RequestInfo request) { - IamPrincipalCredentials credentials = request.getContent(); - log.info("IAM Auth Event: the IAM principal {} in attempting to authenticate in region {}", - credentials.getIamPrincipalArn(), credentials.getRegion()); + final IamPrincipalCredentials credentials = request.getContent(); + final HttpHeaders headers = request.getHeaders(); + final boolean clientHeaderExists = headers != null && headers.get(HEADER_X_CERBERUS_CLIENT) != null; + final String clientHeader = clientHeaderExists ? headers.get(HEADER_X_CERBERUS_CLIENT) : "Unknown"; + + log.info("{}: {}, IAM Auth Event: the IAM principal {} in attempting to authenticate in region {}", + HEADER_X_CERBERUS_CLIENT, + clientHeader, + credentials.getIamPrincipalArn(), + credentials.getRegion()); return ResponseInfo.newBuilder(authenticationService.authenticate(request.getContent())).build(); } diff --git a/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamRole.java b/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamRole.java index e7dfaa035..266f7e26e 100644 --- a/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamRole.java +++ b/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamRole.java @@ -26,6 +26,7 @@ import com.nike.riposte.util.AsyncNettyHelper; import com.nike.riposte.util.Matcher; import io.netty.channel.ChannelHandlerContext; +import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -34,6 +35,8 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; + /** * Authentication endpoint for IAM roles. If valid, a client token that is encrypted via KMS is returned. The * IAM role will be the only role capable of decrypting the client token via KMS. @@ -62,10 +65,18 @@ public CompletableFuture> execute(final Reques } private ResponseInfo authenticate(RequestInfo request) { - IamRoleCredentials credentials = request.getContent(); - log.info("IAM Auth Event: the IAM principal {} in attempting to authenticate in region {}", + final IamRoleCredentials credentials = request.getContent(); + final HttpHeaders headers = request.getHeaders(); + final boolean clientHeaderExists = headers != null && headers.get(HEADER_X_CERBERUS_CLIENT) != null; + final String clientHeader = clientHeaderExists ? headers.get(HEADER_X_CERBERUS_CLIENT) : "Unknown"; + + log.info("{}: {}, IAM Auth Event: the IAM principal {} in attempting to authenticate in region {}", + HEADER_X_CERBERUS_CLIENT, + clientHeader, String.format(AwsIamRoleArnParser.AWS_IAM_ROLE_ARN_TEMPLATE, - credentials.getAccountId(), credentials.getRoleName()), credentials.getRegion()); + credentials.getAccountId(), + credentials.getRoleName()), + credentials.getRegion()); return ResponseInfo.newBuilder(authenticationService.authenticate(request.getContent())).build(); } diff --git a/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateUser.java b/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateUser.java index 299e4ba18..7a31d8562 100644 --- a/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateUser.java +++ b/src/main/java/com/nike/cerberus/endpoints/authentication/AuthenticateUser.java @@ -39,6 +39,8 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; + /** * Authentication endpoint for user credentials. If valid, a client token will be returned. */ @@ -65,8 +67,14 @@ public CompletableFuture> execute(final RequestInfo authenticate(RequestInfo request) { final UserCredentials credentials = extractCredentials(request.getHeaders().get(HttpHeaders.AUTHORIZATION)); - - log.info("User Auth Event: the principal: {} is attempting to authenticate", credentials.getUsername()); + final io.netty.handler.codec.http.HttpHeaders headers = request.getHeaders(); + final boolean clientHeaderExists = headers != null && headers.get(HEADER_X_CERBERUS_CLIENT) != null; + final String clientHeader = clientHeaderExists ? headers.get(HEADER_X_CERBERUS_CLIENT) : "Unknown"; + + log.info("{}: {}, User Auth Event: the principal: {} is attempting to authenticate", + HEADER_X_CERBERUS_CLIENT, + clientHeader, + credentials.getUsername()); return ResponseInfo.newBuilder(authenticationService.authenticate(credentials)).build(); } diff --git a/src/main/java/com/nike/cerberus/endpoints/authentication/RefreshUserToken.java b/src/main/java/com/nike/cerberus/endpoints/authentication/RefreshUserToken.java index 87b32f574..ab9e46270 100644 --- a/src/main/java/com/nike/cerberus/endpoints/authentication/RefreshUserToken.java +++ b/src/main/java/com/nike/cerberus/endpoints/authentication/RefreshUserToken.java @@ -28,6 +28,7 @@ import com.nike.riposte.util.AsyncNettyHelper; import com.nike.riposte.util.Matcher; import io.netty.channel.ChannelHandlerContext; +import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -38,6 +39,8 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; + /** * Authentication endpoint that allows refreshing the user token to pickup any permission changes. */ @@ -69,7 +72,14 @@ public ResponseInfo getRefreshedUserToken(final RequestInfo if (securityContext.isPresent()) { final VaultAuthPrincipal vaultAuthPrincipal = (VaultAuthPrincipal) securityContext.get().getUserPrincipal(); - log.info("Refresh User Token Auth Event: the principal: {} is attempting to refresh its token", vaultAuthPrincipal.getName()); + final HttpHeaders headers = request.getHeaders(); + final boolean clientHeaderExists = headers != null && headers.get(HEADER_X_CERBERUS_CLIENT) != null; + final String clientHeader = clientHeaderExists ? headers.get(HEADER_X_CERBERUS_CLIENT) : "Unknown"; + + log.info("{}: {}, Refresh User Token Auth Event: the principal: {} is attempting to refresh its token", + HEADER_X_CERBERUS_CLIENT, + clientHeader, + vaultAuthPrincipal.getName()); return ResponseInfo.newBuilder( authenticationService.refreshUserToken( diff --git a/src/main/java/com/nike/cerberus/endpoints/authentication/RevokeToken.java b/src/main/java/com/nike/cerberus/endpoints/authentication/RevokeToken.java index 84d0f5320..28a1e08a4 100644 --- a/src/main/java/com/nike/cerberus/endpoints/authentication/RevokeToken.java +++ b/src/main/java/com/nike/cerberus/endpoints/authentication/RevokeToken.java @@ -27,6 +27,7 @@ import com.nike.riposte.util.AsyncNettyHelper; import com.nike.riposte.util.Matcher; import io.netty.channel.ChannelHandlerContext; +import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import io.netty.handler.codec.http.HttpResponseStatus; import org.slf4j.Logger; @@ -38,6 +39,8 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; + /** * Revokes the token supplied in the Vault token header. */ @@ -69,8 +72,14 @@ public ResponseInfo revokeToken(RequestInfo request) { if (securityContext.isPresent()) { final VaultAuthPrincipal vaultAuthPrincipal = (VaultAuthPrincipal) securityContext.get().getUserPrincipal(); + final HttpHeaders headers = request.getHeaders(); + final boolean clientHeaderExists = headers != null && headers.get(HEADER_X_CERBERUS_CLIENT) != null; + final String clientHeader = clientHeaderExists ? headers.get(HEADER_X_CERBERUS_CLIENT) : "Unknown"; - log.info("Delete Token Auth Event: the principal: {} is attempting to delete a token", vaultAuthPrincipal.getName()); + log.info("{}: {}, Delete Token Auth Event: the principal: {} is attempting to delete a token", + HEADER_X_CERBERUS_CLIENT, + clientHeader, + vaultAuthPrincipal.getName()); authenticationService.revoke(vaultAuthPrincipal.getClientToken().getId()); return ResponseInfo.newBuilder().withHttpStatusCode(HttpResponseStatus.NO_CONTENT.code()).build(); diff --git a/src/main/java/com/nike/cerberus/endpoints/sdb/CreateSafeDepositBoxV1.java b/src/main/java/com/nike/cerberus/endpoints/sdb/CreateSafeDepositBoxV1.java index 462f1aaed..a5e18ba1a 100644 --- a/src/main/java/com/nike/cerberus/endpoints/sdb/CreateSafeDepositBoxV1.java +++ b/src/main/java/com/nike/cerberus/endpoints/sdb/CreateSafeDepositBoxV1.java @@ -30,6 +30,7 @@ import com.nike.riposte.util.Matcher; import io.netty.channel.ChannelHandlerContext; import io.netty.handler.codec.http.DefaultHttpHeaders; +import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import io.netty.handler.codec.http.HttpResponseStatus; import org.slf4j.Logger; @@ -42,6 +43,8 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_REFRESH_TOKEN; import static io.netty.handler.codec.http.HttpHeaders.Names.LOCATION; /** @@ -54,8 +57,6 @@ public class CreateSafeDepositBoxV1 extends StandardEndpoint> createSafeDepositBox(final RequestInfo if (securityContext.isPresent()) { final VaultAuthPrincipal vaultAuthPrincipal = (VaultAuthPrincipal) securityContext.get().getUserPrincipal(); - - log.info("Create SDB Event: the principal: {} is attempting to create sdb name: '{}'", - vaultAuthPrincipal.getName(), request.getContent().getName()); + final HttpHeaders headers = request.getHeaders(); + final boolean clientHeaderExists = headers != null && headers.get(HEADER_X_CERBERUS_CLIENT) != null; + final String clientHeader = clientHeaderExists ? headers.get(HEADER_X_CERBERUS_CLIENT) : "Unknown"; + + log.info("{}: {}, Create SDB Event: the principal: {} is attempting to create sdb name: '{}'", + HEADER_X_CERBERUS_CLIENT, + clientHeader, + vaultAuthPrincipal.getName(), + request.getContent().getName()); final String id = safeDepositBoxService.createSafeDepositBoxV1(request.getContent(), vaultAuthPrincipal.getName()); diff --git a/src/main/java/com/nike/cerberus/endpoints/sdb/CreateSafeDepositBoxV2.java b/src/main/java/com/nike/cerberus/endpoints/sdb/CreateSafeDepositBoxV2.java index d4a719eb9..0fa4aded2 100644 --- a/src/main/java/com/nike/cerberus/endpoints/sdb/CreateSafeDepositBoxV2.java +++ b/src/main/java/com/nike/cerberus/endpoints/sdb/CreateSafeDepositBoxV2.java @@ -17,9 +17,7 @@ package com.nike.cerberus.endpoints.sdb; -import com.google.common.collect.Maps; import com.nike.backstopper.exception.ApiException; -import com.nike.cerberus.domain.SafeDepositBox; import com.nike.cerberus.domain.SafeDepositBoxV2; import com.nike.cerberus.error.DefaultApiError; import com.nike.cerberus.security.CmsRequestSecurityValidator; @@ -32,16 +30,20 @@ import com.nike.riposte.util.Matcher; import io.netty.channel.ChannelHandlerContext; import io.netty.handler.codec.http.DefaultHttpHeaders; +import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import io.netty.handler.codec.http.HttpResponseStatus; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import javax.inject.Inject; import javax.ws.rs.core.SecurityContext; -import java.util.Map; import java.util.Optional; import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_REFRESH_TOKEN; import static io.netty.handler.codec.http.HttpHeaders.Names.LOCATION; /** @@ -49,9 +51,9 @@ */ public class CreateSafeDepositBoxV2 extends StandardEndpoint { - public static final String BASE_PATH = "/v2/safe-deposit-box"; + private final Logger log = LoggerFactory.getLogger(getClass()); - public static final String HEADER_X_REFRESH_TOKEN = "X-Refresh-Token"; + public static final String BASE_PATH = "/v2/safe-deposit-box"; private final SafeDepositBoxService safeDepositBoxService; @@ -77,11 +79,19 @@ private ResponseInfo createSafeDepositBox(final RequestInfo { private final Logger log = LoggerFactory.getLogger(getClass()); - public static final String HEADER_X_REFRESH_TOKEN = "X-Refresh-Token"; - private final SafeDepositBoxService safeDepositBoxService; @Inject @@ -71,13 +73,20 @@ private ResponseInfo deleteSafeDepositBox(final RequestInfo request) if (securityContext.isPresent()) { final VaultAuthPrincipal vaultAuthPrincipal = (VaultAuthPrincipal) securityContext.get().getUserPrincipal(); + final HttpHeaders headers = request.getHeaders(); + final boolean clientHeaderExists = headers != null && headers.get(HEADER_X_CERBERUS_CLIENT) != null; + final String clientHeader = clientHeaderExists ? headers.get(HEADER_X_CERBERUS_CLIENT) : "Unknown"; String sdbId = request.getPathParam("id"); Optional sdbNameOptional = safeDepositBoxService.getSafeDepositBoxNameById(sdbId); - String sdbName = sdbNameOptional.isPresent() ? sdbNameOptional.get() : - String.format("(Failed to lookup name from id: %s)", sdbId); - log.info("Delete SDB Event: the principal: {} is attempting to delete sdb name: '{}' and id: '{}'", - vaultAuthPrincipal.getName(), sdbName, sdbId); + String sdbName = sdbNameOptional.orElse(String.format("(Failed to lookup name from id: %s)", sdbId)); + + log.info("{}: {}, Delete SDB Event: the principal: {} is attempting to delete sdb name: '{}' and id: '{}'", + HEADER_X_CERBERUS_CLIENT, + clientHeader, + vaultAuthPrincipal.getName(), + sdbName, + sdbId); safeDepositBoxService.deleteSafeDepositBox(vaultAuthPrincipal, sdbId); return ResponseInfo.newBuilder().withHttpStatusCode(HttpResponseStatus.OK.code()) diff --git a/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxV1.java b/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxV1.java index 70696ada8..f906cf4a5 100644 --- a/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxV1.java +++ b/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxV1.java @@ -28,6 +28,7 @@ import com.nike.riposte.util.AsyncNettyHelper; import com.nike.riposte.util.Matcher; import io.netty.channel.ChannelHandlerContext; +import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -38,6 +39,8 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; + /** * Extracts the user groups from the security context for the request and attempts to get details about the safe * deposit box by its unique id. @@ -70,13 +73,19 @@ public ResponseInfo getSafeDepositBox(final RequestInfo if (securityContext.isPresent()) { final VaultAuthPrincipal vaultAuthPrincipal = (VaultAuthPrincipal) securityContext.get().getUserPrincipal(); + final HttpHeaders headers = request.getHeaders(); + final boolean clientHeaderExists = headers != null && headers.get(HEADER_X_CERBERUS_CLIENT) != null; + final String clientHeader = clientHeaderExists ? headers.get(HEADER_X_CERBERUS_CLIENT) : "Unknown"; String sdbId = request.getPathParam("id"); Optional sdbNameOptional = safeDepositBoxService.getSafeDepositBoxNameById(sdbId); - String sdbName = sdbNameOptional.isPresent() ? sdbNameOptional.get() : - String.format("(Failed to lookup name from id: %s)", sdbId); - log.info("Read SDB Event: the principal: {} is attempting to read sdb name: '{}' and id: '{}'", - vaultAuthPrincipal.getName(), sdbName, sdbId); + String sdbName = sdbNameOptional.orElse(String.format("(Failed to lookup name from id: %s)", sdbId)); + log.info("{}: {}, Read SDB Event: the principal: {} is attempting to read sdb name: '{}' and id: '{}'", + HEADER_X_CERBERUS_CLIENT, + clientHeader, + vaultAuthPrincipal.getName(), + sdbName, + sdbId); final SafeDepositBoxV1 safeDepositBox = safeDepositBoxService.getSDBAndValidatePrincipalAssociationV1( diff --git a/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxV2.java b/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxV2.java index fef7777b0..1504c11fc 100644 --- a/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxV2.java +++ b/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxV2.java @@ -29,6 +29,7 @@ import com.nike.riposte.util.AsyncNettyHelper; import com.nike.riposte.util.Matcher; import io.netty.channel.ChannelHandlerContext; +import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -39,6 +40,8 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; + /** * Extracts the user groups from the security context for the request and attempts to get details about the safe * deposit box by its unique id. @@ -70,13 +73,19 @@ public ResponseInfo getSafeDepositBox(final RequestInfo if (securityContext.isPresent()) { final VaultAuthPrincipal vaultAuthPrincipal = (VaultAuthPrincipal) securityContext.get().getUserPrincipal(); + final HttpHeaders headers = request.getHeaders(); + final boolean clientHeaderExists = headers != null && headers.get(HEADER_X_CERBERUS_CLIENT) != null; + final String clientHeader = clientHeaderExists ? headers.get(HEADER_X_CERBERUS_CLIENT) : "Unknown"; String sdbId = request.getPathParam("id"); Optional sdbNameOptional = safeDepositBoxService.getSafeDepositBoxNameById(sdbId); - String sdbName = sdbNameOptional.isPresent() ? sdbNameOptional.get() : - String.format("(Failed to lookup name from id: %s)", sdbId); - log.info("Read SDB Event: the principal: {} is attempting to read sdb name: '{}' and id: '{}'", - vaultAuthPrincipal.getName(), sdbName, sdbId); + String sdbName = sdbNameOptional.orElse(String.format("(Failed to lookup name from id: %s)", sdbId)); + log.info("{}: {}, Read SDB Event: the principal: {} is attempting to read sdb name: '{}' and id: '{}'", + HEADER_X_CERBERUS_CLIENT, + clientHeader, + vaultAuthPrincipal.getName(), + sdbName, + sdbId); final SafeDepositBoxV2 safeDepositBox = safeDepositBoxService.getSDBAndValidatePrincipalAssociationV2( diff --git a/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxes.java b/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxes.java index 3b17f5f82..027760bdb 100644 --- a/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxes.java +++ b/src/main/java/com/nike/cerberus/endpoints/sdb/GetSafeDepositBoxes.java @@ -30,6 +30,7 @@ import com.nike.riposte.util.Matcher; import com.nike.riposte.util.MultiMatcher; import io.netty.channel.ChannelHandlerContext; +import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -41,6 +42,8 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; + /** * Extracts the user groups from the security context for the request and returns any safe deposit boxes * associated with that list of user groups. @@ -72,8 +75,13 @@ public ResponseInfo> getSafeDepositBoxes(final Reque if (securityContext.isPresent()) { final VaultAuthPrincipal vaultAuthPrincipal = (VaultAuthPrincipal) securityContext.get().getUserPrincipal(); + final HttpHeaders headers = request.getHeaders(); + final boolean clientHeaderExists = headers != null && headers.get(HEADER_X_CERBERUS_CLIENT) != null; + final String clientHeader = clientHeaderExists ? headers.get(HEADER_X_CERBERUS_CLIENT) : "Unknown"; - log.info("List SDB Event: the principal: {} is attempting to list the SDBs that it has access to", + log.info("{}: {}, List SDB Event: the principal: {} is attempting to list the SDBs that it has access to", + HEADER_X_CERBERUS_CLIENT, + clientHeader, vaultAuthPrincipal.getName()); return ResponseInfo.newBuilder( diff --git a/src/main/java/com/nike/cerberus/endpoints/sdb/UpdateSafeDepositBoxV1.java b/src/main/java/com/nike/cerberus/endpoints/sdb/UpdateSafeDepositBoxV1.java index 2f546cbbf..5572abffd 100644 --- a/src/main/java/com/nike/cerberus/endpoints/sdb/UpdateSafeDepositBoxV1.java +++ b/src/main/java/com/nike/cerberus/endpoints/sdb/UpdateSafeDepositBoxV1.java @@ -30,6 +30,7 @@ import com.nike.riposte.util.Matcher; import io.netty.channel.ChannelHandlerContext; import io.netty.handler.codec.http.DefaultHttpHeaders; +import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import io.netty.handler.codec.http.HttpResponseStatus; import org.slf4j.Logger; @@ -41,6 +42,9 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_REFRESH_TOKEN; + /** * Endpoint for updating a safe deposit box. */ @@ -49,8 +53,6 @@ public class UpdateSafeDepositBoxV1 extends StandardEndpoint updateSafeDepositBox(final RequestInfo sdbNameOptional = safeDepositBoxService.getSafeDepositBoxNameById(sdbId); String sdbName = sdbNameOptional.orElseGet(() -> String.format("(Failed to lookup name from id: %s)", sdbId)); - log.info("Update SDB Event: the principal: {} is attempting to update sdb name: '{}' and id: '{}'", - vaultAuthPrincipal.getName(), sdbName, sdbId); + + log.info("{}: {}, Update SDB Event: the principal: {} is attempting to update sdb name: '{}' and id: '{}'", + HEADER_X_CERBERUS_CLIENT, + clientHeader, + vaultAuthPrincipal.getName(), + sdbName, + sdbId); safeDepositBoxService.updateSafeDepositBoxV1(request.getContent(), vaultAuthPrincipal, diff --git a/src/main/java/com/nike/cerberus/endpoints/sdb/UpdateSafeDepositBoxV2.java b/src/main/java/com/nike/cerberus/endpoints/sdb/UpdateSafeDepositBoxV2.java index d29a59fed..457f66d85 100644 --- a/src/main/java/com/nike/cerberus/endpoints/sdb/UpdateSafeDepositBoxV2.java +++ b/src/main/java/com/nike/cerberus/endpoints/sdb/UpdateSafeDepositBoxV2.java @@ -31,8 +31,11 @@ import com.nike.riposte.util.Matcher; import io.netty.channel.ChannelHandlerContext; import io.netty.handler.codec.http.DefaultHttpHeaders; +import io.netty.handler.codec.http.HttpHeaders; import io.netty.handler.codec.http.HttpMethod; import io.netty.handler.codec.http.HttpResponseStatus; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import javax.inject.Inject; import javax.ws.rs.core.SecurityContext; @@ -40,12 +43,15 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_CERBERUS_CLIENT; +import static com.nike.cerberus.CerberusHttpHeaders.HEADER_X_REFRESH_TOKEN; + /** * Endpoint for updating a safe deposit box. */ public class UpdateSafeDepositBoxV2 extends StandardEndpoint { - public static final String HEADER_X_REFRESH_TOKEN = "X-Refresh-Token"; + private final Logger log = LoggerFactory.getLogger(getClass()); private final SafeDepositBoxService safeDepositBoxService; @@ -70,6 +76,19 @@ private ResponseInfo updateSafeDepositBox(final RequestInfo sdbNameOptional = safeDepositBoxService.getSafeDepositBoxNameById(sdbId); + String sdbName = sdbNameOptional.orElseGet(() -> String.format("(Failed to lookup name from id: %s)", sdbId)); + log.info("{}: {}, Update SDB Event: the principal: {} is attempting to update sdb name: '{}' and id: '{}'", + HEADER_X_CERBERUS_CLIENT, + clientHeader, + vaultAuthPrincipal.getName(), + sdbName, + sdbId); SafeDepositBoxV2 safeDepositBoxV2 = safeDepositBoxService.updateSafeDepositBoxV2(request.getContent(), vaultAuthPrincipal, request.getPathParam("id")); diff --git a/src/test/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamPrincipalTest.java b/src/test/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamPrincipalTest.java index 850fb8bee..63d9af996 100644 --- a/src/test/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamPrincipalTest.java +++ b/src/test/java/com/nike/cerberus/endpoints/authentication/AuthenticateIamPrincipalTest.java @@ -17,8 +17,8 @@ package com.nike.cerberus.endpoints.authentication; -import com.nike.cerberus.domain.IamRoleAuthResponse; import com.nike.cerberus.domain.IamPrincipalCredentials; +import com.nike.cerberus.domain.IamRoleAuthResponse; import com.nike.cerberus.service.AuthenticationService; import com.nike.riposte.server.http.RequestInfo; import com.nike.riposte.server.http.ResponseInfo;