Re-working the way audit logs work.

* Adding more checks.

lemur/logs/models.py

@@ -0,0 +1,23 @@
+"""
+.. module: lemur.logs.models
+    :platform: unix
+    :synopsis: This module contains all of the models related private key audit log.
+    :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
+    :license: Apache, see LICENSE for more details.
+
+.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
+"""
+from sqlalchemy import Column, Integer, ForeignKey, PassiveDefault, func, Enum
+
+from sqlalchemy_utils.types.arrow import ArrowType
+
+from lemur.database import db
+
+
+class Log(db.Model):
+    __tablename__ = 'log'
+    id = Column(Integer, primary_key=True)
+    certificate_id = Column(Integer, ForeignKey('certificates.id'))
+    log_type = Column(Enum('key_view', name='log_type'), nullable=False)
+    logged_at = Column(ArrowType(), PassiveDefault(func.now()), nullable=False)
+    user_id = Column(Integer, ForeignKey('users.id'), nullable=False)

lemur/logs/schemas.py

@@ -0,0 +1,23 @@
+"""
+.. module: lemur.logs.schemas
+    :platform: unix
+    :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
+    :license: Apache, see LICENSE for more details.
+.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
+"""
+from marshmallow import fields
+
+from lemur.common.schema import LemurOutputSchema
+from lemur.certificates.schemas import CertificateNestedOutputSchema
+from lemur.users.schemas import UserNestedOutputSchema
+
+
+class LogOutputSchema(LemurOutputSchema):
+    id = fields.Integer()
+    certificate = fields.Nested(CertificateNestedOutputSchema)
+    user = fields.Nested(UserNestedOutputSchema)
+    logged_at = fields.DateTime()
+    log_type = fields.String()
+
+
+logs_output_schema = LogOutputSchema(many=True)

lemur/logs/service.py

@@ -0,0 +1,54 @@
+"""
+.. module: lemur.logs.service
+    :platform: Unix
+    :synopsis: This module contains all of the services level functions used to
+    administer logs in Lemur
+    :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
+    :license: Apache, see LICENSE for more details.
+.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
+"""
+from lemur import database
+from lemur.logs.models import Log
+
+
+def create(user, type, certificate=None):
+    """
+    Creates logs a given action.
+
+    :param user:
+    :param type:
+    :param certificate:
+    :return:
+    """
+    view = Log(user_id=user.id, log_type=type, certificate_id=certificate.id)
+    database.add(view)
+    database.commit()
+
+
+def get_all():
+    """
+    Retrieve all logs from the database.
+
+    :return:
+    """
+    query = database.session_query(Log)
+    return database.find_all(query, Log, {}).all()
+
+
+def render(args):
+    """
+    Helper that paginates and filters data when requested
+    through the REST Api
+
+    :param args:
+    :return:
+    """
+    query = database.session_query(Log)
+
+    filt = args.pop('filter')
+
+    if filt:
+        terms = filt.split(';')
+        query = database.filter(query, Log, terms)
+
+    return database.sort_and_page(query, Log, args)

lemur/logs/views.py

@@ -0,0 +1,74 @@
+"""
+.. module: lemur.log.views
+    :platform: Unix
+    :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
+    :license: Apache, see LICENSE for more details.
+.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
+"""
+from flask import Blueprint
+from flask.ext.restful import reqparse, Api
+
+from lemur.common.schema import validate_schema
+from lemur.common.utils import paginated_parser
+
+from lemur.auth.service import AuthenticatedResource
+from lemur.logs.schemas import logs_output_schema
+
+from lemur.logs import service
+
+
+mod = Blueprint('logs', __name__)
+api = Api(mod)
+
+
+class LogsList(AuthenticatedResource):
+    """ Defines the 'logs' endpoint """
+    def __init__(self):
+        self.reqparse = reqparse.RequestParser()
+        super(LogsList, self).__init__()
+
+    @validate_schema(None, logs_output_schema)
+    def get(self):
+        """
+        .. http:get:: /logs
+
+           The current log list
+
+           **Example request**:
+
+           .. sourcecode:: http
+
+              GET /logs HTTP/1.1
+              Host: example.com
+              Accept: application/json, text/javascript
+
+           **Example response**:
+
+           .. sourcecode:: http
+
+              HTTP/1.1 200 OK
+              Vary: Accept
+              Content-Type: text/javascript
+
+              {
+                "items": [
+                  ]
+                "total": 2
+              }
+
+           :query sortBy: field to sort on
+           :query sortDir: acs or desc
+           :query page: int default is 1
+           :query filter: key value pair format is k;v
+           :query count: count number default is 10
+           :reqheader Authorization: OAuth token to authenticate
+           :statuscode 200: no error
+        """
+        parser = paginated_parser.copy()
+        parser.add_argument('owner', type=str, location='args')
+        parser.add_argument('id', type=str, location='args')
+        args = parser.parse_args()
+        return service.render(args)
+
+
+api.add_resource(LogsList, '/logs', endpoint='logs')