go-worker/admin_audit_archive_test.go at main · hyp3rd/go-worker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package worker

import (
	"context"
	"os"
	"strings"
	"testing"
	"time"

	"github.com/hyp3rd/ewrap"
	sectools "github.com/hyp3rd/sectools/pkg/iosec"
)

const (
	testAuditArchiveWait    = 250 * time.Millisecond
	testAuditArchiveBackoff = 10 * time.Millisecond
	testAuditEventLimit     = 100
)

func TestAdminAuditArchivalWritesExpiredEvents(t *testing.T) {
	t.Parallel()

	archiveDir := t.TempDir()
	tm := NewTaskManagerWithOptions(
		context.Background(),
		WithAdminAuditEventLimit(testAuditEventLimit),
		WithAdminAuditRetention(25*time.Millisecond),
		WithAdminAuditArchiveDir(archiveDir),
		WithAdminAuditArchiveInterval(10*time.Millisecond),
	)
	t.Cleanup(tm.StopNow)

	first := AdminAuditEvent{
		At:        time.Now(),
		Actor:     "tester",
		Action:    "queue.pause",
		Target:    "default",
		Status:    "ok",
		Detail:    "pause",
		RequestID: "req-1",
	}
	second := AdminAuditEvent{
		At:        time.Now().Add(40 * time.Millisecond),
		Actor:     "tester",
		Action:    "queue.resume",
		Target:    "default",
		Status:    "ok",
		Detail:    "resume",
		RequestID: "req-2",
	}

	err := tm.AdminRecordAuditEvent(context.Background(), first, testAuditEventLimit)
	if err != nil {
		t.Fatalf("record first audit event: %v", err)
	}

	time.Sleep(40 * time.Millisecond)

	err = tm.AdminRecordAuditEvent(context.Background(), second, testAuditEventLimit)
	if err != nil {
		t.Fatalf("record second audit event: %v", err)
	}

	content, ok := waitArchiveContains(t, archiveDir, `"action":"queue.pause"`)
	if !ok {
		t.Fatalf("archived event not found; content=%q", content)
	}

	page, err := tm.AdminAuditEvents(context.Background(), AdminAuditEventFilter{Limit: 10})
	if err != nil {
		t.Fatalf("list audit events: %v", err)
	}

	for _, event := range page.Events {
		if event.Action == first.Action {
			t.Fatalf("expired event should not remain in active set: %s", event.Action)
		}
	}
}

func waitArchiveContains(t *testing.T, dir, needle string) (string, bool) {
	t.Helper()

	reader, err := sectools.NewWithOptions(
		sectools.WithAllowAbsolute(true),
		sectools.WithBaseDir(dir),
		sectools.WithAllowedRoots(dir),
		sectools.WithAllowSymlinks(true),
	)
	if err != nil {
		t.Fatalf("init archive reader: %v", ewrap.Wrap(err, "init archive reader"))
	}

	deadline := time.Now().Add(testAuditArchiveWait)
	for time.Now().Before(deadline) {
		entries, err := os.ReadDir(dir)
		if err != nil {
			t.Fatalf("read archive dir: %v", err)
		}

		for _, entry := range entries {
			if entry.IsDir() || !strings.HasSuffix(entry.Name(), ".jsonl") {
				continue
			}

			raw, err := reader.ReadFile(entry.Name())
			if err != nil {
				t.Fatalf("read archive file: %v", err)
			}

			content := string(raw)
			if strings.Contains(content, needle) {
				return content, true
			}
		}

		time.Sleep(testAuditArchiveBackoff)
	}

	return "", false
}