[midPoint-git] [Evolveum/midpoint] a512e6: Add auditing of runAsRef/runPrivileged items
mederly
noreply at github.com
Wed Aug 9 21:15:15 CEST 2023
Branch: refs/heads/master
Home: https://github.com/Evolveum/midpoint
Commit: a512e69f48467c389766c0f30ec06e790b787cbc
https://github.com/Evolveum/midpoint/commit/a512e69f48467c389766c0f30ec06e790b787cbc
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-08-08 (Tue, 08 Aug 2023)
Changed paths:
M config/sql/native-new/postgres-new-audit.sql
M config/sql/native-new/postgres-new-upgrade-audit.sql
M infra/schema/src/main/resources/xml/ns/public/common/audit-3.xsd
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/AuthorizationDiagEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestRunAs.java
M model/model-intest/src/test/resources/profiles/role-restricted-auto-bad-mapping-condition.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M repo/audit-api/src/main/java/com/evolveum/midpoint/audit/api/AuditEventRecord.java
M repo/audit-log-impl/src/main/java/com/evolveum/midpoint/audit/impl/LoggerAuditServiceImpl.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepoContext.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleUtils.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/SqaleAuditService.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/MAuditEventRecord.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditEventRecord.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditEventRecordMapping.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/AuditSearchTest.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java
M repo/system-init/src/main/java/com/evolveum/midpoint/init/AuditServiceProxy.java
Log Message:
-----------
Add auditing of runAsRef/runPrivileged items
Now effective principal and effective privileges modification are fully
audited, with the following changes to the original schema:
- effectivePrivilegesModified -> effectivePrivilegesModification
- instead of boolean, we now use an enum describing the nature of change
Only native implementation (SqaleAuditService) was updated.
Commit: be69d332d7959310ecd09ea2d9176366044bc201
https://github.com/Evolveum/midpoint/commit/be69d332d7959310ecd09ea2d9176366044bc201
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-08-09 (Wed, 09 Aug 2023)
Changed paths:
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageAuditLogDetails.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageAuditLogDetails.java
M infra/schema/src/main/resources/xml/ns/public/common/audit-3.xsd
M repo/audit-api/src/main/java/com/evolveum/midpoint/audit/api/AuditEventRecord.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
Log Message:
-----------
Adapt GUI for auditing of runAsRef/runPrivileges
Plus some clarifications in the effectivePrivilegesModification docs.
Commit: ef939a8dd26969459cebddeeb04d512ca340b84a
https://github.com/Evolveum/midpoint/commit/ef939a8dd26969459cebddeeb04d512ca340b84a
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2023-08-09 (Wed, 09 Aug 2023)
Changed paths:
M config/sql/native-new/postgres-new-audit.sql
M config/sql/native-new/postgres-new-upgrade-audit.sql
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageAuditLogDetails.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/reports/PageAuditLogDetails.java
M infra/schema/src/main/resources/xml/ns/public/common/audit-3.xsd
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/AuthorizationDiagEvaluation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestRunAs.java
M model/model-intest/src/test/resources/profiles/role-restricted-auto-bad-mapping-condition.xml
M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
M repo/audit-api/src/main/java/com/evolveum/midpoint/audit/api/AuditEventRecord.java
M repo/audit-log-impl/src/main/java/com/evolveum/midpoint/audit/impl/LoggerAuditServiceImpl.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepoContext.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleUtils.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/SqaleAuditService.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/MAuditEventRecord.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditEventRecord.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditEventRecordMapping.java
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/AuditSearchTest.java
M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java
M repo/system-init/src/main/java/com/evolveum/midpoint/init/AuditServiceProxy.java
Log Message:
-----------
Merge branch 'tmp/run-as-auditing'
Compare: https://github.com/Evolveum/midpoint/compare/c82e53978d26...ef939a8dd269
More information about the midPoint-svn
mailing list