From 53113e5eeb792eb03f2d705370495a5fd0eec67c Mon Sep 17 00:00:00 2001 From: Paul Van de Vreede Date: Tue, 4 Jul 2017 23:39:16 +1000 Subject: [PATCH] Add auditing for creating or updating a cert. (#845) --- lemur/certificates/views.py | 8 ++++++-- lemur/logs/models.py | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py index ae491aa3..63b8cff1 100644 --- a/lemur/certificates/views.py +++ b/lemur/certificates/views.py @@ -269,7 +269,9 @@ class CertificatesList(AuthenticatedResource): if authority_permission.can(): data['creator'] = g.user - return service.create(**data) + cert = service.create(**data) + log_service.create(g.user, 'create_cert', certificate=cert) + return cert return dict(message="You are not authorized to use the authority: {0}".format(data['authority'].name)), 403 @@ -644,7 +646,9 @@ class Certificates(AuthenticatedResource): ) ), 400 - return service.update(certificate_id, **data) + cert = service.update(certificate_id, **data) + log_service.create(g.current_user, 'update_cert', certificate=cert) + return cert class NotificationCertificatesList(AuthenticatedResource): diff --git a/lemur/logs/models.py b/lemur/logs/models.py index 59787083..fe69b715 100644 --- a/lemur/logs/models.py +++ b/lemur/logs/models.py @@ -18,6 +18,6 @@ class Log(db.Model): __tablename__ = 'logs' id = Column(Integer, primary_key=True) certificate_id = Column(Integer, ForeignKey('certificates.id')) - log_type = Column(Enum('key_view', name='log_type'), nullable=False) + log_type = Column(Enum('key_view', 'create_cert', 'update_cert', name='log_type'), nullable=False) logged_at = Column(ArrowType(), PassiveDefault(func.now()), nullable=False) user_id = Column(Integer, ForeignKey('users.id'), nullable=False)