Automatic audit logging using SQLA events

2018-09-19 11:41:27 -04:00
parent b7a33de29d
commit ddc2e2fad7
27 changed files with 346 additions and 26 deletions
--- a/alembic/versions/7958cca588a1_add_view_audit_log_permission.py
+++ b/alembic/versions/7958cca588a1_add_view_audit_log_permission.py
@@ -0,0 +1,39 @@
+"""add view_audit_log permission
+
+Revision ID: 7958cca588a1
+Revises: 875841fac207
+Create Date: 2018-09-14 10:20:20.016575
+
+"""
+from alembic import op
+from sqlalchemy.orm.session import Session
+
+from atst.models.role import Role
+from atst.models.permissions import Permissions
+
+
+# revision identifiers, used by Alembic.
+revision = '7958cca588a1'
+down_revision = '875841fac207'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    session = Session(bind=op.get_bind())
+    admin_roles = session.query(Role).filter(Role.name.in_(["ccpo", "security_auditor"])).all()
+    for role in admin_roles:
+        role.add_permission(Permissions.VIEW_AUDIT_LOG)
+        session.add(role)
+
+    session.commit()
+
+
+def downgrade():
+    session = Session(bind=op.get_bind())
+    admin_roles = session.query(Role).filter(Role.name.in_(["ccpo", "security_auditor"])).all()
+    for role in admin_roles:
+        role.remove_permission(Permissions.VIEW_AUDIT_LOG)
+        session.add(role)
+
+    session.commit()
--- a/alembic/versions/875841fac207_add_audit_events_table.py
+++ b/alembic/versions/875841fac207_add_audit_events_table.py
@@ -0,0 +1,44 @@
+"""add audit_events table
+
+Revision ID: 875841fac207
+Revises: 2572be7fb7fc
+Create Date: 2018-09-13 15:34:18.815205
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = '875841fac207'
+down_revision = '359caaf8c5f1'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('audit_events',
+    sa.Column('time_created', sa.TIMESTAMP(timezone=True), server_default=sa.text('now()'), nullable=False),
+    sa.Column('time_updated', sa.TIMESTAMP(timezone=True), server_default=sa.text('now()'), nullable=False),
+    sa.Column('id', postgresql.UUID(as_uuid=True), server_default=sa.text('uuid_generate_v4()'), nullable=False),
+    sa.Column('user_id', postgresql.UUID(as_uuid=True), nullable=True),
+    sa.Column('resource_name', sa.String(), nullable=False),
+    sa.Column('resource_id', postgresql.UUID(as_uuid=True), nullable=False),
+    sa.Column('action', sa.String(), nullable=False),
+    sa.Column('workspace_id', postgresql.UUID(as_uuid=True), nullable=True),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id']),
+    sa.ForeignKeyConstraint(['workspace_id'], ['workspaces.id']),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_audit_events_resource_id'), 'audit_events', ['resource_id'], unique=False)
+    op.create_index(op.f('ix_audit_events_user_id'), 'audit_events', ['user_id'], unique=False)
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f('ix_audit_events_user_id'), table_name='audit_events')
+    op.drop_index(op.f('ix_audit_events_resource_id'), table_name='audit_events')
+    op.drop_table('audit_events')
+    # ### end Alembic commands ###