cucumber for days (#5766)

This commit is contained in:
Anthony Stirling
2026-02-21 23:17:28 +00:00
committed by GitHub
parent 7631b222bd
commit 30c258ce0b
40 changed files with 4079 additions and 49 deletions
@@ -0,0 +1,138 @@
@jwt @auth @audit
Feature: Audit Dashboard API
Tests for the audit dashboard REST API endpoints, which provide
audit log data, statistics, and export capabilities.
All endpoints:
- Require ROLE_ADMIN (JWT authentication)
- Are gated by @EnterpriseEndpoint (may return 403 on non-enterprise builds)
Responses are therefore expected to be one of: 200 (enterprise enabled)
or 403 (enterprise feature not available in this build).
Admin credentials: username=admin, password=stirling
# =========================================================================
# AUDIT DATA
# =========================================================================
@positive
Scenario: Admin can retrieve audit log data
Given I am logged in as admin
When I send a GET request to "/api/v1/audit/data" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit data returns 401
When I send a GET request to "/api/v1/audit/data" with no authentication
Then the response status code should be 401
# =========================================================================
# AUDIT STATS
# =========================================================================
@positive
Scenario: Admin can retrieve audit statistics
Given I am logged in as admin
When I send a GET request to "/api/v1/audit/stats" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit stats returns 401
When I send a GET request to "/api/v1/audit/stats" with no authentication
Then the response status code should be 401
# =========================================================================
# AUDIT TYPES
# =========================================================================
@positive
Scenario: Admin can retrieve audit event types
Given I am logged in as admin
When I send a GET request to "/api/v1/audit/types" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit types returns 401
When I send a GET request to "/api/v1/audit/types" with no authentication
Then the response status code should be 401
# =========================================================================
# AUDIT EXPORT (CSV)
# =========================================================================
@positive
Scenario: Admin can export audit log as CSV
Given I am logged in as admin
When I send a GET request to "/api/v1/audit/export/csv" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit CSV export returns 401
When I send a GET request to "/api/v1/audit/export/csv" with no authentication
Then the response status code should be 401
# =========================================================================
# AUDIT EXPORT (JSON)
# =========================================================================
@positive
Scenario: Admin can export audit log as JSON
Given I am logged in as admin
When I send a GET request to "/api/v1/audit/export/json" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit JSON export returns 401
When I send a GET request to "/api/v1/audit/export/json" with no authentication
Then the response status code should be 401
# =========================================================================
# AUDIT CLEANUP
# =========================================================================
@positive
Scenario: Admin can trigger cleanup of old audit records
Given I am logged in as admin
When I send a DELETE request to "/api/v1/audit/cleanup/before" with JWT authentication and params "date=2020-01-01"
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to audit cleanup returns 401
When I send a DELETE request to "/api/v1/audit/cleanup/before" with no authentication and params "date=2020-01-01"
Then the response status code should be 401
# =========================================================================
# PROPRIETARY UI DATA AUDIT EVENTS (AuditRestController)
# Endpoint base: /api/v1/proprietary/ui-data
# =========================================================================
@positive
Scenario: Admin can retrieve paginated audit events from UI data API
Given I am logged in as admin
When I send a GET request to "/api/v1/proprietary/ui-data/audit-events" with JWT authentication
Then the response status code should be one of "200, 403"
@positive
Scenario: Admin can retrieve audit chart data
Given I am logged in as admin
When I send a GET request to "/api/v1/proprietary/ui-data/audit-charts" with JWT authentication
Then the response status code should be one of "200, 403"
@positive
Scenario: Admin can retrieve list of audit event types from UI data API
Given I am logged in as admin
When I send a GET request to "/api/v1/proprietary/ui-data/audit-event-types" with JWT authentication
Then the response status code should be one of "200, 403"
@positive
Scenario: Admin can retrieve list of audited users
Given I am logged in as admin
When I send a GET request to "/api/v1/proprietary/ui-data/audit-users" with JWT authentication
Then the response status code should be one of "200, 403"
@negative
Scenario: Unauthenticated request to proprietary audit events returns 401
When I send a GET request to "/api/v1/proprietary/ui-data/audit-events" with no authentication
Then the response status code should be 401