pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #832 from dod-ccpo/add-app-audit-log

Browse Source 
Add app audit log
This commit is contained in:
leigh-mil
2019-05-22 15:07:47 -04:00
committed by GitHub
parent 2de4d1477a 7756ab8c28
commit 4df975acf9
26 changed files with 266 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
atst/domain/application_roles.py
View File

@@ -14,7 +14,9 @@ class ApplicationRoles(object):
@classmethod
def create(cls, user, application, permission_set_names):
application_role = ApplicationRole(user=user, application_id=application.id)
application_role = ApplicationRole(
user=user, application_id=application.id, application=application
)
application_role.permission_sets = ApplicationRoles._permission_sets_for_names(
permission_set_names

28
atst/domain/audit_log.py
View File

@@ -1,5 +1,3 @@
from sqlalchemy import or_
from atst.database import db
from atst.domain.common import Query
from atst.models.audit_event import AuditEvent
@@ -14,15 +12,19 @@ class AuditEventQuery(Query):
return cls.paginate(query, pagination_opts)
@classmethod
def get_ws_events(cls, portfolio_id, pagination_opts):
def get_portfolio_events(cls, portfolio_id, pagination_opts):
query = (
db.session.query(cls.model)
.filter(
or_(
cls.model.portfolio_id == portfolio_id,
cls.model.resource_id == portfolio_id,
)
)
.filter(cls.model.portfolio_id == portfolio_id)
.order_by(cls.model.time_created.desc())
)
return cls.paginate(query, pagination_opts)
@classmethod
def get_application_events(cls, application_id, pagination_opts):
query = (
db.session.query(cls.model)
.filter(cls.model.application_id == application_id)
.order_by(cls.model.time_created.desc())
)
return cls.paginate(query, pagination_opts)
@@ -30,6 +32,7 @@ class AuditEventQuery(Query):
class AuditLog(object):
@classmethod
# TODO: see if this is being used anywhere and remove if not
def log_system_event(cls, resource, action, portfolio=None):
return cls._log(resource=resource, action=action, portfolio=portfolio)
@@ -39,7 +42,11 @@ class AuditLog(object):
@classmethod
def get_portfolio_events(cls, portfolio, pagination_opts=None):
return AuditEventQuery.get_ws_events(portfolio.id, pagination_opts)
return AuditEventQuery.get_portfolio_events(portfolio.id, pagination_opts)
@classmethod
def get_application_events(cls, application, pagination_opts=None):
return AuditEventQuery.get_application_events(application.id, pagination_opts)
@classmethod
def get_by_resource(cls, resource_id):
@@ -55,6 +62,7 @@ class AuditLog(object):
return type(resource).__name__.lower()
@classmethod
# TODO: see if this is being used anywhere and remove if not
def _log(cls, user=None, portfolio=None, resource=None, action=None):
resource_id = resource.id if resource else None
resource_type = cls._resource_type(resource) if resource else None

1
atst/domain/permission_sets.py
View File

@@ -209,6 +209,7 @@ _APPLICATION_TEAM_PERMISSION_SET = {
Permissions.DELETE_APPLICATION_MEMBER,
Permissions.CREATE_APPLICATION_MEMBER,
Permissions.ASSIGN_ENVIRONMENT_MEMBER,
Permissions.VIEW_APPLICATION_ACTIVITY_LOG,
],
}

4
atst/models/application.py
View File

@@ -52,6 +52,10 @@ class Application(
def displayname(self):
return self.name
@property
def application_id(self):
return self.id
def __repr__(self): # pragma: no cover
return "<Application(name='{}', description='{}', portfolio='{}', id='{}')>".format(
self.name, self.description, self.portfolio.name, self.id

4
atst/models/application_invitation.py
View File

@@ -26,6 +26,10 @@ class ApplicationInvitation(Base, TimestampsMixin, AuditableMixin, InvitesMixin)
def application_id(self):
return self.role.application_id
@property
def portfolio_id(self):
return self.role.portfolio_id
@property
def event_details(self):
return {"email": self.email, "dod_id": self.user_dod_id}

18
atst/models/application_role.py
View File

@@ -53,7 +53,10 @@ class ApplicationRole(
@property
def user_name(self):
return self.user.full_name
if self.user:
return self.user.full_name
else:
return None
def __repr__(self):
return "<ApplicationRole(application='{}', user_id='{}', id='{}', permissions={})>".format(
@@ -75,6 +78,19 @@ class ApplicationRole(
lambda prms: prms.name == perm_set_name, self.permission_sets
)
@property
def portfolio_id(self):
return self.application.portfolio_id
@property
def event_details(self):
return {
"updated_user_name": self.user_name,
"updated_user_id": str(self.user_id),
"application": self.application.name,
"portfolio": self.application.portfolio.name,
}
Index(
"application_role_user_application",

7
atst/models/audit_event.py
View File

@@ -17,11 +17,17 @@ class AuditEvent(Base, TimestampsMixin):
portfolio_id = Column(UUID(as_uuid=True), ForeignKey("portfolios.id"), index=True)
portfolio = relationship("Portfolio", backref="audit_events")
application_id = Column(
UUID(as_uuid=True), ForeignKey("applications.id"), index=True
)
application = relationship("Application", backref="audit_events")
changed_state = Column(JSONB())
event_details = Column(JSONB())
resource_type = Column(String(), nullable=False)
resource_id = Column(UUID(as_uuid=True), index=True, nullable=False)
display_name = Column(String())
action = Column(String(), nullable=False)
@@ -29,6 +35,7 @@ class AuditEvent(Base, TimestampsMixin):
def log(self):
return {
"portfolio_id": str(self.portfolio_id),
"application_id": str(self.application_id),
"changed_state": self.changed_state,
"event_details": self.event_details,
"resource_type": self.resource_type,

3
atst/models/environment.py
View File

@@ -35,7 +35,8 @@ class Environment(
def portfolio(self):
return self.application.portfolio
def auditable_portfolio_id(self):
@property
def portfolio_id(self):
return self.application.portfolio_id
def __repr__(self):

8
atst/models/environment_role.py
View File

@@ -38,6 +38,14 @@ class EnvironmentRole(
def history(self):
return self.get_changes()
@property
def portfolio_id(self):
return self.environment.application.portfolio_id
@property
def application_id(self):
return self.environment.application_id
@property
def displayname(self):
return self.role

19
atst/models/mixins/auditable.py
View File

@@ -13,23 +13,20 @@ class AuditableMixin(object):
@staticmethod
def create_audit_event(connection, resource, action, changed_state=None):
user_id = getattr_path(g, "current_user.id")
portfolio_id = resource.portfolio_id
resource_type = resource.resource_type
display_name = resource.displayname
event_details = resource.event_details
if changed_state is None:
changed_state = resource.history if action == ACTION_UPDATE else None
audit_event = AuditEvent(
user_id=user_id,
portfolio_id=portfolio_id,
resource_type=resource_type,
portfolio_id=resource.portfolio_id,
application_id=resource.application_id,
resource_type=resource.resource_type,
resource_id=resource.id,
display_name=display_name,
display_name=resource.displayname,
action=action,
changed_state=changed_state,
event_details=event_details,
event_details=resource.event_details,
)
app.logger.info(
@@ -93,7 +90,11 @@ class AuditableMixin(object):
@property
def portfolio_id(self):
return None
raise NotImplementedError()
@property
def application_id(self):
raise NotImplementedError()
@property
def displayname(self):

20
atst/models/mixins/invites.py
View File

@@ -105,3 +105,23 @@ class InvitesMixin(object):
@property
def user_dod_id(self):
return self.user.dod_id if self.user is not None else None
@property
def event_details(self):
"""Overrides the same property in AuditableMixin.
Provides the event details for an invite that are required for the audit log
"""
return {"email": self.email, "dod_id": self.user_dod_id}
@property
def history(self):
"""Overrides the same property in AuditableMixin
Determines whether or not invite status has been updated
"""
changes = self.get_changes()
change_set = {}
if "status" in changes:
change_set["status"] = [s.name for s in changes["status"]]
return change_set

1
atst/models/permissions.py
View File

@@ -18,6 +18,7 @@ class Permissions(object):
CREATE_ENVIRONMENT = "create_environment"
DELETE_ENVIRONMENT = "delete_environment"
ASSIGN_ENVIRONMENT_MEMBER = "assign_environment_member"
VIEW_APPLICATION_ACTIVITY_LOG = "view_application_activity_log"
# funding
VIEW_PORTFOLIO_FUNDING = "view_portfolio_funding" # TO summary page

7
atst/models/portfolio.py
View File

@@ -68,9 +68,14 @@ class Portfolio(Base, mixins.TimestampsMixin, mixins.AuditableMixin):
def all_environments(self):
return list(chain.from_iterable(p.environments for p in self.applications))
def auditable_portfolio_id(self):
@property
def portfolio_id(self):
return self.id
@property
def application_id(self):
return None
def __repr__(self):
return "<Portfolio(name='{}', user_count='{}', id='{}')>".format(
self.name, self.user_count, self.id

16
atst/models/portfolio_invitation.py
View File

@@ -6,7 +6,7 @@ from atst.models import Base
from atst.models.mixins import TimestampsMixin, AuditableMixin, InvitesMixin
class PortfolioInvitation(Base, TimestampsMixin, AuditableMixin, InvitesMixin):
class PortfolioInvitation(Base, TimestampsMixin, InvitesMixin, AuditableMixin):
__tablename__ = "portfolio_invitations"
portfolio_role_id = Column(
@@ -27,15 +27,5 @@ class PortfolioInvitation(Base, TimestampsMixin, AuditableMixin, InvitesMixin):
return self.role.portfolio_id
@property
def event_details(self):
return {"email": self.email, "dod_id": self.user_dod_id}
@property
def history(self):
changes = self.get_changes()
change_set = {}
if "status" in changes:
change_set["status"] = [s.name for s in changes["status"]]
return change_set
def application_id(self):
return None

4
atst/models/portfolio_role.py
View File

@@ -164,6 +164,10 @@ class PortfolioRole(
def full_name(self):
return self.user.full_name
@property
def application_id(self):
return None
Index(
"portfolio_role_user_portfolio",

8
atst/models/user.py
View File

@@ -96,6 +96,14 @@ class User(
def displayname(self):
return self.full_name
@property
def portfolio_id(self):
return None
@property
def application_id(self):
return None
def __repr__(self):
return "<User(name='{}', dod_id='{}', email='{}', has_portfolios='{}', id='{}')>".format(
self.full_name, self.dod_id, self.email, self.has_portfolios, self.id

5
atst/routes/applications/settings.py
View File

@@ -3,6 +3,8 @@ from flask import redirect, render_template, request as http_request, url_for
from . import applications_bp
from atst.domain.environments import Environments
from atst.domain.applications import Applications
from atst.domain.audit_log import AuditLog
from atst.domain.common import Paginator
from atst.forms.app_settings import AppEnvRolesForm
from atst.forms.application import ApplicationForm, EditEnvironmentForm
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
@@ -90,6 +92,8 @@ def render_settings_page(application, **kwargs):
environments_obj = get_environments_obj_for_app(application=application)
members_form = AppEnvRolesForm(data=data_for_app_env_roles_form(application))
new_env_form = EditEnvironmentForm()
pagination_opts = Paginator.get_pagination_opts(http_request)
audit_events = AuditLog.get_application_events(application, pagination_opts)
if "application_form" not in kwargs:
kwargs["application_form"] = ApplicationForm(
@@ -102,6 +106,7 @@ def render_settings_page(application, **kwargs):
environments_obj=environments_obj,
members_form=members_form,
new_env_form=new_env_form,
audit_events=audit_events,
**kwargs,
)