From 2dd0924f7b484337def116958c6cd75e9c6e5b68 Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Date: Wed, 15 Jan 2025 23:35:51 +0500 Subject: [PATCH] Add audit support for app plugin --- .../middlewared/plugins/apps/app_scale.py | 21 ++++++++++++-- .../middlewared/plugins/apps/crud.py | 28 ++++++++++++++++--- .../middlewared/plugins/apps/pull_images.py | 7 ++++- .../middlewared/plugins/apps/rollback.py | 7 ++++- .../middlewared/plugins/apps/upgrade.py | 7 ++++- .../middlewared/plugins/docker/backup.py | 14 ++++++++-- .../plugins/docker/restore_backup.py | 7 ++++- .../middlewared/plugins/docker/update.py | 2 +- 8 files changed, 79 insertions(+), 14 deletions(-) diff --git a/src/middlewared/middlewared/plugins/apps/app_scale.py b/src/middlewared/middlewared/plugins/apps/app_scale.py index 81830095b180a..e3c0c3709a8dc 100644 --- a/src/middlewared/middlewared/plugins/apps/app_scale.py +++ b/src/middlewared/middlewared/plugins/apps/app_scale.py @@ -15,7 +15,12 @@ class Config: namespace = 'app' cli_namespace = 'app' - @api_method(AppStopArgs, AppStopResult, roles=['APPS_WRITE']) + @api_method( + AppStopArgs, AppStopResult, + audit='App: Stopping', + audit_extended=lambda app_name: app_name, + roles=['APPS_WRITE'] + ) @job(lock=lambda args: f'app_stop_{args[0]}') def stop(self, job, app_name): """ @@ -41,7 +46,12 @@ def stop(self, job, app_name): ) self.middleware.call_sync('cache.pop', cache_key) - @api_method(AppStartArgs, AppStartResult, roles=['APPS_WRITE']) + @api_method( + AppStartArgs, AppStartResult, + audit='App: Starting', + audit_extended=lambda app_name: app_name, + roles=['APPS_WRITE'] + ) @job(lock=lambda args: f'app_start_{args[0]}') def start(self, job, app_name): """ @@ -52,7 +62,12 @@ def start(self, job, app_name): compose_action(app_name, app_config['version'], 'up', force_recreate=True, remove_orphans=True) job.set_progress(100, f'Started {app_name!r} app') - @api_method(AppRedeployArgs, AppRedeployResult, roles=['APPS_WRITE']) + @api_method( + AppRedeployArgs, AppRedeployResult, + audit='App: Redeploying', + audit_extended=lambda app_name: app_name, + roles=['APPS_WRITE'] + ) @job(lock=lambda args: f'app_redeploy_{args[0]}') async def redeploy(self, job, app_name): """ diff --git a/src/middlewared/middlewared/plugins/apps/crud.py b/src/middlewared/middlewared/plugins/apps/crud.py index be3fd5cb3a14b..f3c4f79201c0d 100644 --- a/src/middlewared/middlewared/plugins/apps/crud.py +++ b/src/middlewared/middlewared/plugins/apps/crud.py @@ -95,7 +95,12 @@ def config(self, app_name): app = self.get_instance__sync(app_name) return get_current_app_config(app_name, app['version']) - @api_method(AppConvertToCustomArgs, AppConvertToCustomResult, roles=['APPS_WRITE']) + @api_method( + AppConvertToCustomArgs, AppConvertToCustomResult, + audit='App: Converting', + audit_extended=lambda app_name: f'{app_name} to custom app', + roles=['APPS_WRITE'] + ) @job(lock=lambda args: f'app_start_{args[0]}') async def convert_to_custom(self, job, app_name): """ @@ -103,7 +108,12 @@ async def convert_to_custom(self, job, app_name): """ return await self.middleware.call('app.custom.convert', job, app_name) - @api_method(AppCreateArgs, AppCreateResult, roles=['APPS_WRITE']) + @api_method( + AppCreateArgs, AppCreateResult, + audit='App: Creating', + audit_extended=lambda data: data['app_name'], + roles=['APPS_WRITE'] + ) @job(lock=lambda args: f'app_create_{args[0].get("app_name")}') def do_create(self, job, data): """ @@ -204,7 +214,12 @@ def remove_failed_resources(self, app_name, version, remove_ds=False): self.middleware.call_sync('app.metadata.generate').wait_sync(raise_error=True) self.middleware.send_event('app.query', 'REMOVED', id=app_name) - @api_method(AppUpdateArgs, AppUpdateResult, roles=['APPS_WRITE']) + @api_method( + AppUpdateArgs, AppUpdateResult, + audit='App: Updating', + audit_extended=lambda app_name, data: app_name, + roles=['APPS_WRITE'] + ) @job(lock=lambda args: f'app_update_{args[0]}') def do_update(self, job, app_name, data): """ @@ -254,7 +269,12 @@ def update_internal(self, job, app, data, progress_keyword='Update', trigger_com job.set_progress(100, f'{progress_keyword} completed for {app_name!r}') return self.get_instance__sync(app_name) - @api_method(AppDeleteArgs, AppDeleteResult, roles=['APPS_WRITE']) + @api_method( + AppDeleteArgs, AppDeleteResult, + audit='App: Deleting', + audit_extended=lambda app_name, options=None: app_name, + roles=['APPS_WRITE'] + ) @job(lock=lambda args: f'app_delete_{args[0]}') def do_delete(self, job, app_name, options): """ diff --git a/src/middlewared/middlewared/plugins/apps/pull_images.py b/src/middlewared/middlewared/plugins/apps/pull_images.py index 24a1b22ed1fb5..9b04324bef7a8 100644 --- a/src/middlewared/middlewared/plugins/apps/pull_images.py +++ b/src/middlewared/middlewared/plugins/apps/pull_images.py @@ -28,7 +28,12 @@ async def outdated_docker_images(self, app_name): return images - @api_method(AppPullImagesArgs, AppPullImagesResult, roles=['APPS_WRITE']) + @api_method( + AppPullImagesArgs, AppPullImagesResult, + audit='App: Pulling Images for', + audit_extended=lambda app_name, options=None: app_name, + roles=['APPS_WRITE'] + ) @job(lock=lambda args: f'pull_images_{args[0]}') def pull_images(self, job, app_name, options): """ diff --git a/src/middlewared/middlewared/plugins/apps/rollback.py b/src/middlewared/middlewared/plugins/apps/rollback.py index c1a36b267c58d..d535a606db8bc 100644 --- a/src/middlewared/middlewared/plugins/apps/rollback.py +++ b/src/middlewared/middlewared/plugins/apps/rollback.py @@ -17,7 +17,12 @@ class Config: namespace = 'app' cli_namespace = 'app' - @api_method(AppRollbackArgs, AppRollbackResult, roles=['APPS_WRITE']) + @api_method( + AppRollbackArgs, AppRollbackResult, + audit='App: Rollback', + audit_extended=lambda app_name, options: app_name, + roles=['APPS_WRITE'] + ) @job(lock=lambda args: f'app_rollback_{args[0]}') def rollback(self, job, app_name, options): """ diff --git a/src/middlewared/middlewared/plugins/apps/upgrade.py b/src/middlewared/middlewared/plugins/apps/upgrade.py index b81cd52fa9dfe..e49a8e551fba0 100644 --- a/src/middlewared/middlewared/plugins/apps/upgrade.py +++ b/src/middlewared/middlewared/plugins/apps/upgrade.py @@ -19,7 +19,12 @@ class Config: namespace = 'app' cli_namespace = 'app' - @api_method(AppUpgradeArgs, AppUpgradeResult, roles=['APPS_WRITE']) + @api_method( + AppUpgradeArgs, AppUpgradeResult, + audit='App: Upgrading', + audit_extended=lambda app_name, options=None: app_name, + roles=['APPS_WRITE'] + ) @job(lock=lambda args: f'app_upgrade_{args[0]}') def upgrade(self, job, app_name, options): """ diff --git a/src/middlewared/middlewared/plugins/docker/backup.py b/src/middlewared/middlewared/plugins/docker/backup.py index cc8bf9ec86c52..a8b0c0a6a87f6 100644 --- a/src/middlewared/middlewared/plugins/docker/backup.py +++ b/src/middlewared/middlewared/plugins/docker/backup.py @@ -26,7 +26,12 @@ class DockerService(Service): class Config: cli_namespace = 'app.docker' - @api_method(DockerBackupArgs, DockerBackupResult, roles=['DOCKER_WRITE']) + @api_method( + DockerBackupArgs, DockerBackupResult, + audit='Docker: Backup', + audit_extended=lambda backup_name: backup_name, + roles=['DOCKER_WRITE'] + ) @job(lock='docker_backup') def backup(self, job, backup_name): """ @@ -114,7 +119,12 @@ def list_backups(self): return backups - @api_method(DockerDeleteBackupArgs, DockerDeleteBackupResult, roles=['DOCKER_WRITE']) + @api_method( + DockerDeleteBackupArgs, DockerDeleteBackupResult, + audit='Docker: Deleting Backup', + audit_extended=lambda backup_name: backup_name, + roles=['DOCKER_WRITE'] + ) def delete_backup(self, backup_name): """ Delete `backup_name` app backup. diff --git a/src/middlewared/middlewared/plugins/docker/restore_backup.py b/src/middlewared/middlewared/plugins/docker/restore_backup.py index 3c2c444d5de44..48ef5ee19dcd9 100644 --- a/src/middlewared/middlewared/plugins/docker/restore_backup.py +++ b/src/middlewared/middlewared/plugins/docker/restore_backup.py @@ -17,7 +17,12 @@ class DockerService(Service): class Config: cli_namespace = 'app.docker' - @api_method(DockerRestoreBackupArgs, DockerRestoreBackupResult, roles=['DOCKER_WRITE']) + @api_method( + DockerRestoreBackupArgs, DockerRestoreBackupResult, + audit='Docker: Restoring Backup', + audit_extended=lambda backup_name: backup_name, + roles=['DOCKER_WRITE'] + ) @job(lock='docker_restore_backup') def restore_backup(self, job, backup_name): """ diff --git a/src/middlewared/middlewared/plugins/docker/update.py b/src/middlewared/middlewared/plugins/docker/update.py index 68df011c37122..60740e7bbe078 100644 --- a/src/middlewared/middlewared/plugins/docker/update.py +++ b/src/middlewared/middlewared/plugins/docker/update.py @@ -47,7 +47,7 @@ async def config_extend(self, data): data['dataset'] = applications_ds_name(data['pool']) if data.get('pool') else None return data - @api_method(DockerUpdateArgs, DockerUpdateResult) + @api_method(DockerUpdateArgs, DockerUpdateResult, audit='Docker: Updating Configurations') @job(lock='docker_update') async def do_update(self, job, data): """