X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/96cc8940e7926453f4728c5aec1374e7b99db201..8ce476b7864f1a2d1f05cd0a770ae159eeb845eb:/services/api/test/unit/log_test.rb

diff --git a/services/api/test/unit/log_test.rb b/services/api/test/unit/log_test.rb
index 632271e98c..66c8c8d923 100644
--- a/services/api/test/unit/log_test.rb
+++ b/services/api/test/unit/log_test.rb
@@ -1,4 +1,9 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 require 'test_helper'
+require 'audit_logs'
 
 class LogTest < ActiveSupport::TestCase
   include CurrentApiClient
@@ -6,7 +11,7 @@ class LogTest < ActiveSupport::TestCase
   EVENT_TEST_METHODS = {
     :create => [:created_at, :assert_nil, :assert_not_nil],
     :update => [:modified_at, :assert_not_nil, :assert_not_nil],
-    :destroy => [nil, :assert_not_nil, :assert_nil],
+    :delete => [nil, :assert_not_nil, :assert_nil],
   }
 
   setup do
@@ -51,6 +56,10 @@ class LogTest < ActiveSupport::TestCase
                       'old_etag', 'old_attributes')
     assert_properties(new_props_test, event_type, props,
                       'new_etag', 'new_attributes')
+    ['old_attributes', 'new_attributes'].each do |logattr|
+      next if !props[logattr]
+      assert_match /"created_at":"\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{9}Z"/, Oj.dump(props, mode: :compat)
+    end
     yield props if block_given?
   end
 
@@ -116,7 +125,7 @@ class LogTest < ActiveSupport::TestCase
     orig_attrs = auth.attributes
     orig_attrs.delete 'api_token'
     auth.destroy
-    assert_logged(auth, :destroy) do |props|
+    assert_logged(auth, :delete) do |props|
       assert_equal(orig_etag, props['old_etag'], "destroyed auth etag mismatch")
       assert_equal(orig_attrs, props['old_attributes'],
                    "destroyed auth attributes mismatch")
@@ -219,6 +228,20 @@ class LogTest < ActiveSupport::TestCase
     assert_logged(auth, :update)
   end
 
+  test "don't log changes only to Collection.preserve_version" do
+    set_user_from_auth :admin_trustedclient
+    col = collections(:collection_owned_by_active)
+    start_log_count = get_logs_about(col).size
+    assert_equal false, col.preserve_version
+    col.preserve_version = true
+    col.save!
+    assert_equal(start_log_count, get_logs_about(col).size,
+                 "log count changed after updating Collection.preserve_version")
+    col.name = 'updated by admin'
+    col.save!
+    assert_logged(col, :update)
+  end
+
   test "token isn't included in ApiClientAuthorization logs" do
     set_user_from_auth :admin_trustedclient
     auth = ApiClientAuthorization.new
@@ -230,7 +253,7 @@ class LogTest < ActiveSupport::TestCase
     auth.save!
     assert_logged_with_clean_properties(auth, :update, 'api_token')
     auth.destroy
-    assert_logged_with_clean_properties(auth, :destroy, 'api_token')
+    assert_logged_with_clean_properties(auth, :delete, 'api_token')
   end
 
   test "use ownership and permission links to determine which logs a user can see" do
@@ -263,7 +286,7 @@ class LogTest < ActiveSupport::TestCase
     # appear too, but only if they are _not_ listed in known_logs
     # (i.e., we do not make any assertions about logs not mentioned in
     # either "known" or "expected".)
-    result_ids = result.collect &:id
+    result_ids = result.collect(&:id)
     expected_logs.each do |want|
       assert_includes result_ids, logs(want).id
     end
@@ -273,7 +296,7 @@ class LogTest < ActiveSupport::TestCase
   end
 
   test "non-empty configuration.unlogged_attributes" do
-    Rails.configuration.unlogged_attributes = ["manifest_text"]
+    Rails.configuration.AuditLogs.UnloggedAttributes = ConfigLoader.to_OrderedOptions({"manifest_text"=>{}})
     txt = ". acbd18db4cc2f85cedef654fccc4a4d8+3 0:3:foo\n"
 
     act_as_system_user do
@@ -283,12 +306,12 @@ class LogTest < ActiveSupport::TestCase
       coll.save!
       assert_logged_with_clean_properties(coll, :update, 'manifest_text')
       coll.destroy
-      assert_logged_with_clean_properties(coll, :destroy, 'manifest_text')
+      assert_logged_with_clean_properties(coll, :delete, 'manifest_text')
     end
   end
 
   test "empty configuration.unlogged_attributes" do
-    Rails.configuration.unlogged_attributes = []
+    Rails.configuration.AuditLogs.UnloggedAttributes = ConfigLoader.to_OrderedOptions({})
     txt = ". acbd18db4cc2f85cedef654fccc4a4d8+3 0:3:foo\n"
 
     act_as_system_user do
@@ -302,9 +325,74 @@ class LogTest < ActiveSupport::TestCase
         assert_equal(txt, props['new_attributes']['manifest_text'])
       end
       coll.destroy
-      assert_logged(coll, :destroy) do |props|
+      assert_logged(coll, :delete) do |props|
         assert_equal(txt, props['old_attributes']['manifest_text'])
       end
     end
   end
+
+  def assert_no_logs_deleted
+    logs_before = Log.unscoped.all.count
+    assert logs_before > 0
+    yield
+    assert_equal logs_before, Log.unscoped.all.count
+  end
+
+  def remaining_audit_logs
+    Log.unscoped.where('event_type in (?)', %w(create update destroy delete))
+  end
+
+  # Default settings should not delete anything -- some sites rely on
+  # the original "keep everything forever" behavior.
+  test 'retain old audit logs with default settings' do
+    assert_no_logs_deleted do
+      AuditLogs.delete_old(
+        max_age: Rails.configuration.AuditLogs.MaxAge,
+        max_batch: Rails.configuration.AuditLogs.MaxDeleteBatch)
+    end
+  end
+
+  # Batch size 0 should retain all logs -- even if max_age is very
+  # short, and even if the default settings (and associated test) have
+  # changed.
+  test 'retain old audit logs with max_audit_log_delete_batch=0' do
+    assert_no_logs_deleted do
+      AuditLogs.delete_old(max_age: 1, max_batch: 0)
+    end
+  end
+
+  # We recommend a more conservative age of 5 minutes for production,
+  # but 3 minutes suits our test data better (and is test-worthy in
+  # that it's expected to work correctly in production).
+  test 'delete old audit logs with production settings' do
+    initial_log_count = remaining_audit_logs.count
+    assert initial_log_count > 0
+    AuditLogs.delete_old(max_age: 180, max_batch: 100000)
+    assert_operator remaining_audit_logs.count, :<, initial_log_count
+  end
+
+  test 'delete all audit logs in multiple batches' do
+    assert remaining_audit_logs.count > 2
+    AuditLogs.delete_old(max_age: 0.00001, max_batch: 2)
+    assert_equal [], remaining_audit_logs.collect(&:uuid)
+  end
+
+  test 'delete old audit logs in thread' do
+    Rails.configuration.AuditLogs.MaxAge = 20
+    Rails.configuration.AuditLogs.MaxDeleteBatch = 100000
+    Rails.cache.delete 'AuditLogs'
+    initial_audit_log_count = remaining_audit_logs.count
+    assert initial_audit_log_count > 0
+    act_as_system_user do
+      Log.create!()
+    end
+    deadline = Time.now + 10
+    while remaining_audit_logs.count == initial_audit_log_count
+      if Time.now > deadline
+        raise "timed out"
+      end
+      sleep 0.1
+    end
+    assert_operator remaining_audit_logs.count, :<, initial_audit_log_count
+  end
 end