[midPoint-git] [Evolveum/midpoint] a512e6: Add auditing of runAsRef/runPrivileged items

mederly noreply at github.com
Tue Aug 8 20:42:22 CEST 2023 

  Branch: refs/heads/tmp/run-as-auditing
  Home:   https://github.com/Evolveum/midpoint
  Commit: a512e69f48467c389766c0f30ec06e790b787cbc
      https://github.com/Evolveum/midpoint/commit/a512e69f48467c389766c0f30ec06e790b787cbc
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2023-08-08 (Tue, 08 Aug 2023)

  Changed paths:
    M config/sql/native-new/postgres-new-audit.sql
    M config/sql/native-new/postgres-new-upgrade-audit.sql
    M infra/schema/src/main/resources/xml/ns/public/common/audit-3.xsd
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/AuthorizationDiagEvaluation.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/GuiProfiledPrincipalManagerImpl.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestRunAs.java
    M model/model-intest/src/test/resources/profiles/role-restricted-auto-bad-mapping-condition.xml
    M model/model-test/src/main/java/com/evolveum/midpoint/model/test/AbstractModelIntegrationTest.java
    M repo/audit-api/src/main/java/com/evolveum/midpoint/audit/api/AuditEventRecord.java
    M repo/audit-log-impl/src/main/java/com/evolveum/midpoint/audit/impl/LoggerAuditServiceImpl.java
    M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepoContext.java
    M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleUtils.java
    M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/SqaleAuditService.java
    M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/MAuditEventRecord.java
    M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditEventRecord.java
    M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/audit/qmodel/QAuditEventRecordMapping.java
    M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/AuditSearchTest.java
    M repo/security-api/src/main/java/com/evolveum/midpoint/security/api/MidPointPrincipal.java
    M repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/SecurityContextManagerImpl.java
    M repo/system-init/src/main/java/com/evolveum/midpoint/init/AuditServiceProxy.java

  Log Message:
  -----------
  Add auditing of runAsRef/runPrivileged items

Now effective principal and effective privileges modification are fully
audited, with the following changes to the original schema:

- effectivePrivilegesModified -> effectivePrivilegesModification
- instead of boolean, we now use an enum describing the nature of change

Only native implementation (SqaleAuditService) was updated.

More information about the midPoint-svn mailing list