Auto cleanup uses encryption cleanup now #3250

- wrote implementation for encryption cleanup - schedule auto cleanup uses now also schedule encryption cleanup - added unit tests - added integration test for cipher pool data cleanup (inside existing JobScenario2IntTest)
mercedes-benz · Jul 31, 2024 · 1f6ebf7 · 1f6ebf7
1 parent af92447
commit 1f6ebf7
Show file tree

Hide file tree

Showing 26 changed files with 1,544 additions and 198 deletions.
diff --git a/...esbenz/sechub/domain/administration/encryption/AdministrationEncryptionStatusService.java b/...esbenz/sechub/domain/administration/encryption/AdministrationEncryptionStatusService.java
@@ -14,7 +14,7 @@
 import com.mercedesbenz.sechub.sharedkernel.messaging.IsSendingSyncMessage;
 import com.mercedesbenz.sechub.sharedkernel.messaging.MessageDataKeys;
 import com.mercedesbenz.sechub.sharedkernel.messaging.MessageID;
-import com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseAdminStartsEncryptionRotation;
+import com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseAdminFetchesEncryptionStatus;
 
 @Service
 public class AdministrationEncryptionStatusService {
@@ -25,19 +25,19 @@ public class AdministrationEncryptionStatusService {
     @Autowired
     AuditLogService auditLogService;
 
-    @UseCaseAdminStartsEncryptionRotation(@Step(number = 2, name = "Service call", description = "Triggers rotation of encryption via domain message"))
+    @UseCaseAdminFetchesEncryptionStatus(@Step(number = 1, name = "Service call", description = "Services collects encryption status from domains via event bus", needsRestDoc = true))
     public SecHubEncryptionStatus fetchStatus() {
         auditLogService.log("starts collecting encryption status");
 
-        SecHubEncryptionStatus status = new SecHubEncryptionStatus();
-        addSchedulerStatus(status);
+        SecHubEncryptionStatus sechubEncryptionStatus = new SecHubEncryptionStatus();
+        collectScheduleEncryptionStatus(sechubEncryptionStatus);
 
-        return status;
+        return sechubEncryptionStatus;
 
     }
 
     @IsSendingSyncMessage(MessageID.GET_ENCRYPTION_STATUS_SCHEDULE_DOMAIN)
-    private void addSchedulerStatus(SecHubEncryptionStatus status) {
+    private void collectScheduleEncryptionStatus(SecHubEncryptionStatus status) {
         DomainMessage message = new DomainMessage(MessageID.GET_ENCRYPTION_STATUS_SCHEDULE_DOMAIN);
 
         DomainMessageSynchronousResult result = domainMessageService.sendSynchron(message);

diff --git a/...ub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/TestAPI.java b/...ub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/TestAPI.java
@@ -119,6 +119,10 @@ public static AssertUserJobInfo assertUserJobInfo(TestSecHubJobInfoForUserListPa
         return AssertUserJobInfo.assertInfo(page);
     }
 
+    public static AssertEncryptionStatus assertEncryptionStatus() {
+        return assertEncryptionStatus(as(SUPER_ADMIN).fetchEncryptionStatus());
+    }
+
     public static AssertEncryptionStatus assertEncryptionStatus(SecHubEncryptionStatus status) {
         return AssertEncryptionStatus.assertEncryptionStatus(status);
     }
@@ -1260,6 +1264,18 @@ public boolean runAndReturnTrueWhenSuccesfulImpl() throws Exception {
         });
     }
 
+    /**
+     * Starts cipher pool cleanup for scheduler domain directly for test scenario.
+     * Normally this is done by auto cleanup mechanism only, but with this method it
+     * is also possible to trigger the cleanup inside integration tests.
+     */
+    public static void startScheduleCipherPoolDataCleanup() {
+        resetAutoCleanupDays(0);
+
+        String url = getURLBuilder().buildIntegrationTestStartScheduleCipherPoolDataCleanup();
+        getSuperAdminRestHelper().put(url);
+    }
+
     /**
      * Will ensure complete auto cleanup inspector is reset and that auto cleanup is
      * set to "wantedFormerDays days" in configuration and also in every domain auto

diff --git a/.../src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/JobScenario2IntTest.java b/.../src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/JobScenario2IntTest.java
@@ -22,7 +22,6 @@
 import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubCipherAlgorithm;
 import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubCipherPasswordSourceType;
 import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionData;
-import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionStatus;
 
 public class JobScenario2IntTest {
 
@@ -105,7 +104,72 @@ public void a_triggered_job_is_found_in_running_jobs_list_by_admin__when_not_alr
     }
 
     @Test
-    public void a_triggered_job_is_NOT_found_in_running_jobs_list_by_admin__when_already_done_and_encryption_rotation_can_be_done() {
+    public void job_list_for_done_job__and_encryption_and_cleanup_are_working() {
+        /* step 1 : job list entries */
+        UUID doneJobUUID = assertAlreadyDoneJobIsNotListedInAdminJobList();
+        int scheduleDataSizeBeforeRotate = assertEncryptionStatus().domain("schedule").hasData().getDataSize();
+
+        /* step 2 : rotate encryption for job */
+        triggerEncryptionRotationAndAssertEncryptionIsDone(doneJobUUID);
+
+        /* step3: check status must have now one more data */
+        int scheduleDataSizeAfterRotate = assertEncryptionStatus()./* dump(). */domain("schedule").hasData().getDataSize();
+        assertThat(scheduleDataSizeAfterRotate).isEqualTo(scheduleDataSizeBeforeRotate + 1); // must be one more...
+
+        /*
+         * step4: rotate encryption for job again - means we ensure former job uses no
+         * longer the older cipher pool data and next cleanup will at least remove this
+         * one
+         */
+        triggerEncryptionRotationAndAssertEncryptionIsDone(doneJobUUID);
+
+        int scheduleDataSizeAfterRotate2 = assertEncryptionStatus()/* .dump() */.domain("schedule").hasData().getDataSize();
+        assertThat(scheduleDataSizeAfterRotate2).isEqualTo(scheduleDataSizeBeforeRotate + 2); // must be one more...
+
+        /*
+         * now cleanup cipher pool data (we do not want to wait for auto cleanup...
+         * takes too long time
+         */
+        startScheduleCipherPoolDataCleanup();
+
+        /*
+         * wait until auto cleanup is done and encryption pool is cleaned
+         */
+        executeRunnableAndAcceptAssertionsMaximumTimes(20, () -> {
+            int scheduleDataSize3 = assertEncryptionStatus()./* dump(). */domain("schedule").hasData().getDataSize();
+            LOG.info("Fetched schedule encryption pool size(3): {}", scheduleDataSize3);
+            assertThat(scheduleDataSize3).isLessThan(scheduleDataSizeAfterRotate2); // must be less
+
+        }, 500);
+    }
+
+    private void triggerEncryptionRotationAndAssertEncryptionIsDone(UUID doneJobUUID) {
+        /* @formatter:off */
+		/* prepare 3 */
+		Long formerEncryptionPoolid = fetchScheduleEncryptionPoolIdForJob(doneJobUUID);
+		LOG.info("Job: {} had encryption pool id: {}", doneJobUUID, formerEncryptionPoolid);
+
+		SecHubEncryptionData data = new SecHubEncryptionData();
+		data.setAlgorithm(SecHubCipherAlgorithm.AES_GCM_SIV_256);
+		data.setPasswordSourceType(SecHubCipherPasswordSourceType.ENVIRONMENT_VARIABLE);
+		data.setPasswordSourceData("INTEGRATION_TEST_SECRET_1_AES_256"); // see IntegrationTestEncryptionEnvironmentEntryProvider
+
+		/* execution 3 - change encryption */
+		as(SUPER_ADMIN).rotateEncryption(data);
+
+		/* test 3 */
+		executeRunnableAndAcceptAssertionsMaximumTimes(10, ()->{
+
+		    Long newEncryptionPoolid = fetchScheduleEncryptionPoolIdForJob(doneJobUUID);
+		    assertThat(newEncryptionPoolid).isNotEqualTo(formerEncryptionPoolid);
+		    LOG.info("Job: {} has now encryption pool id: {}", doneJobUUID, newEncryptionPoolid);
+
+		}, 500);
+		/* @formatter:on */
+    }
+
+    private UUID assertAlreadyDoneJobIsNotListedInAdminJobList() {
+        /* @formatter:off */
         /* prepare */
         as(SUPER_ADMIN).assignUserToProject(USER_1, PROJECT_1);
 
@@ -134,44 +198,8 @@ public void a_triggered_job_is_NOT_found_in_running_jobs_list_by_admin__when_alr
 			and().
 			onJobAdministration().
 			    canNotFindRunningJob(jobUUID); // means events are triggered and handled */
-
-		/* execute 2 - fetch encryption status is possible*/
-		SecHubEncryptionStatus status =  as(SUPER_ADMIN).fetchEncryptionStatus();
-
-		/* test 2 - fetch encryption status  is possible*/
-		int scheduleDataSize= assertEncryptionStatus(status).
-		    dump().
-		    domain("schedule").
-		        hasData().getDataSize();
-
-
-		/* prepare 3 */
-		Long formerEncryptionPoolid = fetchScheduleEncryptionPoolIdForJob(jobUUID);
-		LOG.info("formerEncryptionPoolid: {}", formerEncryptionPoolid);
-
-		SecHubEncryptionData data = new SecHubEncryptionData();
-		data.setAlgorithm(SecHubCipherAlgorithm.AES_GCM_SIV_256);
-		data.setPasswordSourceType(SecHubCipherPasswordSourceType.ENVIRONMENT_VARIABLE);
-		data.setPasswordSourceData("INTEGRATION_TEST_SECRET_1_AES_256"); // see IntegrationTestEncryptionEnvironmentEntryProvider
-
-		/* execution 3 - change encryption */
-		as(SUPER_ADMIN).rotateEncryption(data);
-
-		/* test 3 */
-		executeRunnableAndAcceptAssertionsMaximumTimes(10, ()->{
-
-		    Long newEncryptionPoolid = fetchScheduleEncryptionPoolIdForJob(jobUUID);
-		    LOG.info("newEncryptionPoolid: {}", newEncryptionPoolid);
-		    assertThat(newEncryptionPoolid).isNotEqualTo(formerEncryptionPoolid);
-
-		}, 500);
-		/* @formatter:on */
-
-        /* test 4 - status returns now one more data */
-        SecHubEncryptionStatus status2 = as(SUPER_ADMIN).fetchEncryptionStatus();
-        int scheduleDataSize2 = assertEncryptionStatus(status2).dump().domain("schedule").hasData().getDataSize();
-
-        assertThat(scheduleDataSize2).isEqualTo(scheduleDataSize + 1); // must be one more...
+        return jobUUID;
+        /* @formatter:on */
     }
 
 }
diff --git a/.../java/com/mercedesbenz/sechub/domain/schedule/IntegrationTestSchedulerRestController.java b/.../java/com/mercedesbenz/sechub/domain/schedule/IntegrationTestSchedulerRestController.java
@@ -15,6 +15,7 @@
 
 import com.mercedesbenz.sechub.domain.schedule.access.ScheduleAccessCountService;
 import com.mercedesbenz.sechub.domain.schedule.config.SchedulerConfigService;
+import com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleCipherPoolCleanupService;
 import com.mercedesbenz.sechub.domain.schedule.job.ScheduleSecHubJob;
 import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobRepository;
 import com.mercedesbenz.sechub.domain.schedule.strategy.SchedulerStrategyFactory;
@@ -47,12 +48,21 @@ public class IntegrationTestSchedulerRestController {
     @Autowired
     private SecHubJobRepository jobRepository;
 
+    @Autowired
+    private ScheduleCipherPoolCleanupService scheduleCipherPoolCleanupService;
+
     @RequestMapping(path = APIConstants.API_ANONYMOUS + "integrationtest/autocleanup/inspection/schedule/days", method = RequestMethod.GET, produces = {
             MediaType.APPLICATION_JSON_VALUE })
     public long fetchScheduleAutoCleanupConfiguredDays() {
         return scheduleConfigService.getAutoCleanupInDays();
     }
 
+    @RequestMapping(path = APIConstants.API_ANONYMOUS + "integrationtest/schedule/cipher-pool-data/cleanup", method = RequestMethod.PUT, produces = {
+            MediaType.APPLICATION_JSON_VALUE })
+    public void startScheduleAutoCleanupDirectlyForTesting() {
+        scheduleCipherPoolCleanupService.cleanupCipherPoolDataIfNecessaryAndPossible();
+    }
+
     @RequestMapping(path = APIConstants.API_ANONYMOUS + "integrationtest/project/{projectId}/schedule/access/count", method = RequestMethod.GET, produces = {
             MediaType.APPLICATION_JSON_VALUE })
     public long countProjectAccess(@PathVariable("projectId") String projectId) {
@@ -68,15 +78,13 @@ public void deleteWaitingJobs() {
     @RequestMapping(path = APIConstants.API_ANONYMOUS
             + "integrationtest/schedule/revert/job/{sechubJobUUID}/still-running", method = RequestMethod.PUT, produces = { MediaType.APPLICATION_JSON_VALUE })
     public void revertJobAsStillRunning(@PathVariable("sechubJobUUID") UUID sechubJobUUID) {
-        ;
         integrationTestSchedulerService.revertJobAsStillRunning(sechubJobUUID);
     }
 
     @RequestMapping(path = APIConstants.API_ANONYMOUS
             + "integrationtest/schedule/revert/job/{sechubJobUUID}/still-not-approved", method = RequestMethod.PUT, produces = {
                     MediaType.APPLICATION_JSON_VALUE })
     public void revertJobAsStillNotApproved(@PathVariable("sechubJobUUID") UUID sechubJobUUID) {
-        ;
         integrationTestSchedulerService.revertJobAsStillNotApproved(sechubJobUUID);
     }
 

diff --git a/...hedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/ScheduleShutdownService.java b/...hedule/src/main/java/com/mercedesbenz/sechub/domain/schedule/ScheduleShutdownService.java
@@ -0,0 +1,36 @@
+package com.mercedesbenz.sechub.domain.schedule;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.BeansException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.stereotype.Service;
+
+@Service
+public class ScheduleShutdownService implements ApplicationContextAware {
+
+    private static final Logger LOG = LoggerFactory.getLogger(ScheduleShutdownService.class);
+
+    private ApplicationContext context;
+
+    public void shutdownApplication() {
+        if (context instanceof ConfigurableApplicationContext) {
+            LOG.info("Will now trigger shutdown of application context");
+            ((ConfigurableApplicationContext) context).close();
+        } else {
+            if (context == null) {
+                LOG.error("Cannot shutdown application context because context null!");
+            } else {
+                LOG.error("Cannot shutdown application context because wrong context:" + context.getClass());
+            }
+        }
+    }
+
+    @Override
+    public void setApplicationContext(ApplicationContext ctx) throws BeansException {
+        this.context = ctx;
+
+    }
+}
diff --git a/.../java/com/mercedesbenz/sechub/domain/schedule/autocleanup/ScheduleAutoCleanupService.java b/.../java/com/mercedesbenz/sechub/domain/schedule/autocleanup/ScheduleAutoCleanupService.java
@@ -9,6 +9,7 @@
 import org.springframework.stereotype.Service;
 
 import com.mercedesbenz.sechub.domain.schedule.config.SchedulerConfigService;
+import com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleCipherPoolCleanupService;
 import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobDataRepository;
 import com.mercedesbenz.sechub.domain.schedule.job.SecHubJobRepository;
 import com.mercedesbenz.sechub.sharedkernel.Step;
@@ -37,6 +38,9 @@ public class ScheduleAutoCleanupService {
     @Autowired
     AutoCleanupResultInspector inspector;
 
+    @Autowired
+    ScheduleCipherPoolCleanupService encryptionPoolCleanupService;
+
     @UseCaseScheduleAutoCleanExecution(@Step(number = 2, name = "Delete old data", description = "deletes old job information"))
     public void cleanup() {
         /* calculate */
@@ -61,6 +65,9 @@ public void cleanup() {
                     );
         /* @formatter:on */
 
+        /* cleanup encryption */
+        encryptionPoolCleanupService.cleanupCipherPoolDataIfNecessaryAndPossible();
+
     }
 
 }