Refactored audit logs for save/delete tenant profile operations;

moved setDefaultTenantProfile to the service layer;
added Awaitility-based audit log checks in controller tests;
allowed SYS_ADMIN access to audit endpoints;
made BuildProperties optional with version fallback;
used tenantAdminUser in updateDefaultTenantProfile;
updated logging config for audit debugging.

Signed-off-by: Oleksandra_Matviienko <al.zzzeebra@gmail.com>

application/src/main/java/org/thingsboard/server/controller/AuditLogController.java

@@ -139,7 +139,7 @@ public class AuditLogController extends BaseController {
                     "Basically, this API call is used to get the full lifecycle of some specific entity. " +
                     "For example to see when a device was created, updated, assigned to some customer, or even deleted from the system. " +
                     PAGE_DATA_PARAMETERS + TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @RequestMapping(value = "/audit/logs/entity/{entityType}/{entityId}", params = {"pageSize", "page"}, method = RequestMethod.GET)
     @ResponseBody
     public PageData<AuditLog> getAuditLogsByEntityId(
@@ -174,7 +174,7 @@ public class AuditLogController extends BaseController {
     @ApiOperation(value = "Get all audit logs (getAuditLogs)",
             notes = "Returns a page of audit logs related to all entities in the scope of the current user's Tenant. " +
                     PAGE_DATA_PARAMETERS + TENANT_AUTHORITY_PARAGRAPH)
-    @PreAuthorize("hasAuthority('TENANT_ADMIN')")
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
     @RequestMapping(value = "/audit/logs", params = {"pageSize", "page"}, method = RequestMethod.GET)
     @ResponseBody
     public PageData<AuditLog> getAuditLogs(

application/src/main/java/org/thingsboard/server/controller/TenantProfileController.java

@@ -217,7 +217,7 @@ public class TenantProfileController extends BaseController {
         checkParameter("tenantProfileId", strTenantProfileId);
         TenantProfileId tenantProfileId = new TenantProfileId(toUUID(strTenantProfileId));
         TenantProfile tenantProfile = checkTenantProfileId(tenantProfileId, Operation.WRITE);
-        tenantProfileService.setDefaultTenantProfile(getTenantId(), tenantProfileId);
+        tenantProfile = tbTenantProfileService.setDefaultTenantProfile(getTenantId(), tenantProfile, getCurrentUser());
         return tenantProfile;
     }
 

application/src/main/java/org/thingsboard/server/service/entitiy/tenant/profile/DefaultTbTenantProfileService.java

@@ -18,11 +18,14 @@ package org.thingsboard.server.service.entitiy.tenant.profile;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
+import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.TenantProfile;
 import org.thingsboard.server.common.data.audit.ActionType;
+import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.dao.exception.DataValidationException;
 import org.thingsboard.server.dao.tenant.TbTenantProfileCache;
 import org.thingsboard.server.dao.tenant.TenantProfileService;
 import org.thingsboard.server.dao.tenant.TenantService;
@@ -43,23 +46,67 @@ public class DefaultTbTenantProfileService extends AbstractTbEntityService imple
     private final TbTenantProfileCache tenantProfileCache;
 
     @Override
-    public TenantProfile save(TenantId tenantId, TenantProfile tenantProfile, TenantProfile oldTenantProfile, User user) throws ThingsboardException {
+    public TenantProfile
+    save(TenantId tenantId, TenantProfile tenantProfile, TenantProfile oldTenantProfile, User user) throws ThingsboardException {
         ActionType actionType = tenantProfile.getId() == null ? ActionType.ADDED : ActionType.UPDATED;
-        TenantProfile savedTenantProfile = checkNotNull(tenantProfileService.saveTenantProfile(tenantId, tenantProfile));
-        tenantProfileCache.put(savedTenantProfile);
+        try {
+            TenantProfile savedTenantProfile = checkNotNull(tenantProfileService.saveTenantProfile(tenantId, tenantProfile));
+            tenantProfileCache.put(savedTenantProfile);
 
-        List<TenantId> tenantIds = tenantService.findTenantIdsByTenantProfileId(savedTenantProfile.getId());
-        tbQueueService.updateQueuesByTenants(tenantIds, savedTenantProfile, oldTenantProfile);
-        logEntityActionService.logEntityAction(tenantId, savedTenantProfile.getId(), savedTenantProfile, null,
-                actionType, user);
+            List<TenantId> tenantIds = tenantService.findTenantIdsByTenantProfileId(savedTenantProfile.getId());
+            tbQueueService.updateQueuesByTenants(tenantIds, savedTenantProfile, oldTenantProfile);
+            logEntityActionService.logEntityAction(tenantId, savedTenantProfile.getId(), savedTenantProfile, null,
+                    actionType, user);
+
+            return savedTenantProfile;
+        } catch (ThingsboardException e) {
+            log.error("Failed to save tenant profile because ThingsboardException [{}]", tenantProfile, e);
+            logEntityActionService.logEntityAction(tenantId, emptyId(EntityType.TENANT_PROFILE), tenantProfile, actionType, user, e);
+            throw e;
+        } catch (DataValidationException e) {
+            log.error("Failed to save tenant profile because data validation [{}]", tenantProfile, e);
+            logEntityActionService.logEntityAction(tenantId, emptyId(EntityType.TENANT_PROFILE), tenantProfile, actionType, user, e);
+            throw new ThingsboardException(e.getMessage(), ThingsboardErrorCode.BAD_REQUEST_PARAMS);
+        } catch (Exception e) {
+            log.error("Failed to save tenant profile because Exception [{}]", tenantProfile, e);
+            logEntityActionService.logEntityAction(tenantId, emptyId(EntityType.TENANT_PROFILE), tenantProfile, actionType, user, e);
+            throw new ThingsboardException(e, ThingsboardErrorCode.GENERAL);
+        }
 
-        return savedTenantProfile;
     }
 
     @Override
     public void delete(TenantId tenantId, TenantProfile tenantProfile, User user) throws ThingsboardException {
         ActionType actionType = ActionType.DELETED;
-        tenantProfileService.deleteTenantProfile(tenantId, tenantProfile.getId());
-        logEntityActionService.logEntityAction(tenantId, tenantProfile.getId(), tenantProfile, null, actionType, user);
+        try {
+            tenantProfileService.deleteTenantProfile(tenantId, tenantProfile.getId());
+            logEntityActionService.logEntityAction(tenantId, tenantProfile.getId(), tenantProfile, null, actionType, user);
+        } catch (Exception e) {
+            logEntityActionService.logEntityAction(tenantId, tenantProfile.getId(), tenantProfile, null, actionType, user);
+            throw e;
+        }
+    }
+
+    @Override
+    public TenantProfile setDefaultTenantProfile(TenantId tenantId, TenantProfile tenantProfile, User user) throws ThingsboardException {
+        ActionType actionType = ActionType.UPDATED;
+        try {
+            boolean changed = tenantProfileService.setDefaultTenantProfile(tenantId, tenantProfile.getId());
+            TenantProfile result = tenantProfileService.findTenantProfileById(tenantId, tenantProfile.getId());
+            if (changed && result != null) {
+                // Update application-level cache
+                tenantProfileCache.put(result);
+            }
+            logEntityActionService.logEntityAction(tenantId, result != null ? result.getId() : tenantProfile.getId(), result, null, actionType, user);
+            return result != null ? result : tenantProfile;
+        } catch (DataValidationException e) {
+            log.error("Failed to set default tenant profile due to data validation [{}]", tenantProfile, e);
+            logEntityActionService.logEntityAction(tenantId, emptyId(EntityType.TENANT_PROFILE), tenantProfile, actionType, user, e);
+            throw new ThingsboardException(e.getMessage(), ThingsboardErrorCode.BAD_REQUEST_PARAMS);
+        } catch (Exception e) {
+            log.error("Failed to set default tenant profile [{}]", tenantProfile, e);
+            logEntityActionService.logEntityAction(tenantId, emptyId(EntityType.TENANT_PROFILE), tenantProfile, actionType, user, e);
+            throw new ThingsboardException(e, ThingsboardErrorCode.GENERAL);
+        }
     }
 }

application/src/main/java/org/thingsboard/server/service/entitiy/tenant/profile/TbTenantProfileService.java

@@ -25,4 +25,6 @@ public interface TbTenantProfileService {
     TenantProfile save(TenantId tenantId, TenantProfile tenantProfile, TenantProfile oldTenantProfile, User user) throws ThingsboardException;
 
     void delete(TenantId tenantId, TenantProfile tenantProfile, User user) throws ThingsboardException;
+
+    TenantProfile setDefaultTenantProfile(TenantId tenantId, TenantProfile tenantProfile, User user) throws ThingsboardException;
 }

application/src/test/java/org/thingsboard/server/controller/AbstractNotifyEntityTest.java

@@ -18,6 +18,8 @@ package org.thingsboard.server.controller;
 import lombok.extern.slf4j.Slf4j;
 import org.mockito.ArgumentMatcher;
 import org.mockito.Mockito;
+import org.springframework.boot.info.BuildProperties;
+import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.boot.test.mock.mockito.SpyBean;
 import org.thingsboard.server.cluster.TbClusterService;
 import org.thingsboard.server.common.data.EdgeUtils;
@@ -59,6 +61,9 @@ public abstract class AbstractNotifyEntityTest extends AbstractWebTest {
     @SpyBean
     protected AuditLogService auditLogService;
 
+    @MockBean
+    BuildProperties buildProperties;
+
     protected final String msgErrorPermission = "You don't have permission to perform this operation!";
     protected final String msgErrorShouldBeSpecified = "should be specified";
     protected final String msgErrorNotFound = "Requested item wasn't found!";

application/src/test/java/org/thingsboard/server/controller/AbstractWebTest.java

@@ -1265,11 +1265,10 @@ public abstract class AbstractWebTest extends AbstractInMemoryStorageTest {
     }
 
     protected void updateDefaultTenantProfile(Consumer<TenantProfile> updater) throws ThingsboardException {
-        User user = Mockito.mock(User.class);
         TenantProfile oldTenantProfile = tenantProfileService.findDefaultTenantProfile(TenantId.SYS_TENANT_ID);
         TenantProfile tenantProfile = JacksonUtil.clone(oldTenantProfile);
         updater.accept(tenantProfile);
-        tbTenantProfileService.save(TenantId.SYS_TENANT_ID, tenantProfile, oldTenantProfile, user);
+        tbTenantProfileService.save(TenantId.SYS_TENANT_ID, tenantProfile, oldTenantProfile, tenantAdminUser);
     }
 
     protected OAuth2Client createOauth2Client(TenantId tenantId, String title) {

application/src/test/java/org/thingsboard/server/controller/TenantProfileControllerTest.java

@@ -25,9 +25,12 @@ import org.thingsboard.server.common.data.EntityInfo;
 import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.Tenant;
 import org.thingsboard.server.common.data.TenantProfile;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.id.TenantProfileId;
 import org.thingsboard.server.common.data.page.PageData;
 import org.thingsboard.server.common.data.page.PageLink;
+import org.thingsboard.server.common.data.page.TimePageLink;
+import org.thingsboard.server.common.data.audit.AuditLog;
 import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
 import org.thingsboard.server.common.data.queue.ProcessingStrategy;
 import org.thingsboard.server.common.data.queue.ProcessingStrategyType;
@@ -39,6 +42,7 @@ import org.thingsboard.server.common.data.tenant.profile.TenantProfileQueueConfi
 import org.thingsboard.server.common.data.validation.RateLimit;
 import org.thingsboard.server.dao.service.DaoSqlTest;
 import org.thingsboard.server.queue.TbQueueCallback;
+import org.awaitility.Awaitility;
 
 import java.lang.reflect.Field;
 import java.util.ArrayList;
@@ -47,6 +51,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
+import java.util.concurrent.TimeUnit;
 import java.util.function.Function;
 import java.util.stream.Collectors;
 
@@ -81,12 +86,17 @@ public class TenantProfileControllerTest extends AbstractControllerTest {
 
         testBroadcastEntityStateChangeEventTimeManyTimeTenantProfile(savedTenantProfile, ComponentLifecycleEvent.CREATED, 1);
 
+        awaitAuditLog("Wait for async audit log to be persisted (ADDED expected)", savedTenantProfile.getId(), ActionType.ADDED);
+
         savedTenantProfile.setName("New tenant profile");
         doPost("/api/tenantProfile", savedTenantProfile, TenantProfile.class);
         TenantProfile foundTenantProfile = doGet("/api/tenantProfile/" + savedTenantProfile.getId().getId().toString(), TenantProfile.class);
         Assert.assertEquals(foundTenantProfile.getName(), savedTenantProfile.getName());
 
         testBroadcastEntityStateChangeEventTimeManyTimeTenantProfile(savedTenantProfile, ComponentLifecycleEvent.UPDATED, 1);
+
+        awaitAuditLog("Wait for async audit log to be persisted (UPDATED expected)", savedTenantProfile.getId(), ActionType.UPDATED);
+
     }
 
     @Test
@@ -180,7 +190,8 @@ public class TenantProfileControllerTest extends AbstractControllerTest {
         Assert.assertNotNull(foundDefaultTenantProfile);
         Assert.assertEquals(savedTenantProfile.getName(), foundDefaultTenantProfile.getName());
         Assert.assertEquals(savedTenantProfile.getId(), foundDefaultTenantProfile.getId());
-    }
+
+        awaitAuditLog("Wait for async audit log to be persisted (UPDATED expected for NEW DEFAULT Tenant Profile)", savedTenantProfile.getId(), ActionType.UPDATED);    }
 
     @Test
     public void testSaveTenantProfileWithEmptyName() throws Exception {
@@ -245,6 +256,8 @@ public class TenantProfileControllerTest extends AbstractControllerTest {
         doDelete("/api/tenantProfile/" + savedTenantProfile.getId().getId().toString())
                 .andExpect(status().isOk());
 
+        awaitAuditLog("Wait for async audit log to be persisted for deleted tenant profile", savedTenantProfile.getId(), ActionType.DELETED);
+
         testBroadcastEntityStateChangeEventTimeManyTimeTenantProfile(savedTenantProfile, ComponentLifecycleEvent.DELETED, 1);
 
         doGet("/api/tenantProfile/" + savedTenantProfile.getId().getId().toString())
@@ -393,6 +406,22 @@ public class TenantProfileControllerTest extends AbstractControllerTest {
         testBroadcastEntityStateChangeEventNeverTenantProfile();
     }
 
+    private void awaitAuditLog(String awaitMessage, TenantProfileId tenantProfileId, ActionType expectedAction) throws Exception {
+        Awaitility.await(awaitMessage)
+                .atMost(TIMEOUT, TimeUnit.SECONDS)
+                .until(() ->
+                        doGetTypedWithTimePageLink(
+                                "/api/audit/logs/entity/TENANT_PROFILE/" + tenantProfileId.getId() + "?",
+                                new TypeReference<PageData<AuditLog>>() {
+                                },
+                                new TimePageLink(5))
+                                .getData()
+                                .stream()
+                                .anyMatch(log -> log.getActionType() == expectedAction)
+                );
+
+    }
+
     private TenantProfile createTenantProfile(String name) {
         TenantProfile tenantProfile = new TenantProfile();
         tenantProfile.setName(name);
@@ -429,7 +458,6 @@ public class TenantProfileControllerTest extends AbstractControllerTest {
         tenantProfile.setProfileData(profileData);
     }
 
-
     private void testBroadcastEntityStateChangeEventTimeManyTimeTenantProfile(TenantProfile tenantProfile, ComponentLifecycleEvent event, int cntTime) {
         ArgumentMatcher<TenantProfile> matcherTenantProfile = cntTime == 1 ? argument -> argument.equals(tenantProfile) :
                 argument -> argument.getClass().equals(TenantProfile.class);

application/src/test/resources/logback-test.xml

@@ -16,6 +16,7 @@
     <logger name="org.testcontainers" level="INFO" />
     <logger name="org.eclipse.leshan" level="INFO"/>
     <logger name="org.thingsboard.server.controller.AbstractWebTest" level="INFO"/>
+    <logger name="org.thingsboard.server.controller.TenantProfileController" level="INFO"/>
     <logger name="org.thingsboard.server.service.script" level="INFO"/>
 
     <!-- mute TelemetryEdgeSqlTest that causes a lot of randomly generated errors -->

dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java

@@ -119,7 +119,7 @@ public class AuditLogServiceImpl implements AuditLogService {
     public <E extends HasName, I extends EntityId> ListenableFuture<Void>
     logEntityAction(TenantId tenantId, CustomerId customerId, UserId userId, String userName, I entityId, E entity,
                     ActionType actionType, Exception e, Object... additionalInfo) {
-        if (canLog(entityId.getEntityType(), actionType)) {
+        if (canLog(entityId.getEntityType(), actionType) || tenantId.isSysTenantId()) {
             JsonNode actionData = constructActionData(entityId, entity, actionType, additionalInfo);
             ActionStatus actionStatus = ActionStatus.SUCCESS;
             String failureDetails = "";