Re-working the way audit logs work.

* Adding more checks.

lemur/certificates/models.py

@@ -79,7 +79,7 @@ class Certificate(db.Model):
                             secondaryjoin=id == certificate_replacement_associations.c.replaced_certificate_id,  # noqa
                             backref='replaced')
 
-    views = relationship("View", backref="certificate")
+    logs = relationship("Log", backref="certificate")
     endpoints = relationship("Endpoint", backref='certificate')
 
     def __init__(self, **kwargs):

lemur/certificates/service.py

@@ -10,6 +10,11 @@ import arrow
 from sqlalchemy import func, or_
 from flask import current_app
 
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+
 from lemur import database
 from lemur.extensions import metrics
 from lemur.plugins.base import plugins
@@ -19,16 +24,10 @@ from lemur.destinations.models import Destination
 from lemur.notifications.models import Notification
 from lemur.authorities.models import Authority
 from lemur.domains.models import Domain
-from lemur.users.models import View
 
 from lemur.roles.models import Role
 from lemur.roles import service as role_service
 
-from cryptography import x509
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.asymmetric import rsa
-
 
 def get(cert_id):
     """
@@ -130,19 +129,6 @@ def update(cert_id, owner, description, notify, destinations, notifications, rep
     return database.update(cert)
 
 
-def log_private_key_view(certificate, user):
-    """
-    Creates a record each time a certificates private key is viewed.
-
-    :param certificate:
-    :param user:
-    :return:
-    """
-    view = View(user_id=user.id, certificate_id=certificate.id)
-    database.add(view)
-    database.commit()
-
-
 def create_certificate_roles(**kwargs):
     # create an role for the owner and assign it
     owner_role = role_service.get_by_name(kwargs['owner'])

lemur/certificates/views.py

@@ -22,6 +22,7 @@ from lemur.certificates.schemas import certificate_input_schema, certificate_out
     certificate_upload_input_schema, certificates_output_schema, certificate_export_input_schema, certificate_edit_input_schema
 
 from lemur.roles import service as role_service
+from lemur.logs import service as log_service
 
 
 mod = Blueprint('certificates', __name__)
@@ -444,7 +445,7 @@ class CertificatePrivateKey(AuthenticatedResource):
             if not permission.can():
                 return dict(message='You are not authorized to view this key'), 403
 
-        service.log_private_key_view(cert, g.current_user)
+        log_service.create(g.current_user, 'key_view', certificate=cert)
         response = make_response(jsonify(key=cert.private_key), 200)
         response.headers['cache-control'] = 'private, max-age=0, no-cache, no-store'
         response.headers['pragma'] = 'no-cache'
@@ -931,7 +932,7 @@ class CertificateExport(AuthenticatedResource):
 
         options = data['plugin']['plugin_options']
 
-        service.log_private_key_view(cert, g.current_user)
+        log_service.create(g.current_user, 'key_view', certificate=cert)
         extension, passphrase, data = plugin.export(cert.body, cert.chain, cert.private_key, options)
 
         # we take a hit in message size when b64 encoding