Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AAE-23566 Fix Audit Event Message Don't Follow Schema #1496

Open
wants to merge 23 commits into
base: develop
Choose a base branch
from

Conversation

revatilimaye
Copy link
Contributor

@revatilimaye revatilimaye changed the title AAE-23566 Fix event message schema AAE-23566 Fix Audit Event Message Don't Follow Schema Aug 21, 2024
@revatilimaye revatilimaye marked this pull request as ready for review August 21, 2024 09:09
@atchertchian
Copy link
Contributor

Hello @revatilimaye please rebase over #1516 once it's merged if you have more changes coming (not needed if you merge right away), thanks!

Copy link

@@ -131,5 +131,9 @@
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.activiti.cloud</groupId>
<artifactId>activiti-cloud-services-common-security</artifactId>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not use the security dependency inside the events module. This is will put Spring Security and Activiti Security classes on the application classpath, which may have the consequences by including transitive dependencies downstream.

@@ -51,7 +55,7 @@ public void onEvent(ProcessCreatedEvent event) {
.ifPresent(details ->
runtimeService.addUserIdentityLink(
event.getEntity().getId(),
principalIdentityProvider.getUserId(principal),
identityService.findUserByName(event.getEntity().getInitiator()).getId(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not a good idea to use the identity service to enrich the identity link with initiator user guid, which will make an external rest api call to identity provider inside engine transaction. It will cause a delay for every new process instance which will impact the performance of the system in a negative way.

Besides, not every process instance will have an initiator, because it may be created by system on timer or message events. In this case, the initiator will be null and it will result in NPE.

Comment on lines +90 to +101
@MockBean
private ClientRegistrationRepository clientRegistrationRepository;

@MockBean
private JwtAccessTokenProvider jwtAccessTokenProvider;

@MockBean
private JwtDecoder jwtDecoder;

@MockBean
private IdentityService identityService;

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should avoid using mock beans in integration tests.

Comment on lines +58 to +60

@MockBean
private IdentityService identityService;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's not use mock beans in ITs.

Comment on lines +199 to +202
post("/v1/process-instances")
.contentType(APPLICATION_JSON)
.content(mapper.writeValueAsString(cmd))
.with(csrf())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the reason to add CSRF for REST API calls test? The Activiti Runtime Rest API never had the constraint to have CSRF token in cookies..

Comment on lines +175 to +179
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this dependency is needed?

Comment on lines -485 to +489
.containsOnly(tuple("hruser", expectedActor.getBytes()));
.containsOnly(tuple(id, expectedActor.getBytes()));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change affects the semantic meaning of the audit event that switches the user name with user guid. It will cause a breaking change downstream. It is better to use a new identity link record with another type to enrich the process instance context with new information from the provided principal oauth access token and use it to map to audit specific event schema dowstream.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants