Role and User update logs

This commit is contained in:
sayali 2021-01-27 19:10:13 -08:00
parent 6eeafcf56b
commit b9be18f281
4 changed files with 34 additions and 5 deletions

View File

@ -20,6 +20,7 @@ from lemur.common.utils import get_psuedo_random_string
from lemur.users import service as user_service from lemur.users import service as user_service
from lemur.roles import service as role_service from lemur.roles import service as role_service
from lemur.logs import service as log_service
from lemur.auth.service import create_token, fetch_token_header, get_rsa_public_key from lemur.auth.service import create_token, fetch_token_header, get_rsa_public_key
from lemur.auth import ldap from lemur.auth import ldap
@ -184,8 +185,6 @@ def create_user_roles(profile):
current_app.config["LEMUR_DEFAULT_ROLE"], current_app.config["LEMUR_DEFAULT_ROLE"],
description="This is the default Lemur role.", description="This is the default Lemur role.",
) )
if not default.third_party:
role_service.set_third_party(default.id, third_party_status=True)
roles.append(default) roles.append(default)
return roles return roles
@ -198,7 +197,7 @@ def update_user(user, profile, roles):
:param profile: :param profile:
:param roles: :param roles:
""" """
log_service.audit_log("TEST", user.name, "Edit role")
# if we get an sso user create them an account # if we get an sso user create them an account
if not user: if not user:
user = user_service.create( user = user_service.create(
@ -215,6 +214,8 @@ def update_user(user, profile, roles):
for ur in user.roles: for ur in user.roles:
if not ur.third_party: if not ur.third_party:
roles.append(ur) roles.append(ur)
else:
log_service.audit_log("unassign_role", ur.name, f"Un-assigning the role for {user.name}")
# update any changes to the user # update any changes to the user
user_service.update( user_service.update(

View File

@ -7,7 +7,7 @@
:license: Apache, see LICENSE for more details. :license: Apache, see LICENSE for more details.
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com> .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
""" """
from flask import current_app from flask import current_app, g
from lemur import database from lemur import database
from lemur.logs.models import Log from lemur.logs.models import Log
@ -34,6 +34,19 @@ def create(user, type, certificate=None):
database.commit() database.commit()
def audit_log(action, entity, message):
"""
Logs given action
:param action: The action being logged e.g. assign_role, create_role etc
:param entity: The entity undergoing the action e.g. name of the role
:param message: Additional info e.g. Role being assigned to user X
:return:
"""
current_app.logger.info(
f"[lemur-audit] action: {action}, user: {g.current_user.email}, entity: {entity} [{message}]"
)
def get_all(): def get_all():
""" """
Retrieve all logs from the database. Retrieve all logs from the database.

View File

@ -12,6 +12,7 @@
from lemur import database from lemur import database
from lemur.roles.models import Role from lemur.roles.models import Role
from lemur.users.models import User from lemur.users.models import User
from lemur.logs import service as log_service
def update(role_id, name, description, users): def update(role_id, name, description, users):
@ -29,6 +30,8 @@ def update(role_id, name, description, users):
role.description = description role.description = description
role.users = users role.users = users
database.update(role) database.update(role)
log_service.audit_log("update_role", name, f"Role with id {role_id} updated")
return role return role
@ -44,6 +47,8 @@ def set_third_party(role_id, third_party_status=False):
role = get(role_id) role = get(role_id)
role.third_party = third_party_status role.third_party = third_party_status
database.update(role) database.update(role)
log_service.audit_log("update_role", role.name, f"Updated third_party_status={third_party_status}")
return role return role
@ -71,6 +76,7 @@ def create(
if users: if users:
role.users = users role.users = users
log_service.audit_log("create_role", name, "Creating new role")
return database.create(role) return database.create(role)
@ -101,7 +107,10 @@ def delete(role_id):
:param role_id: :param role_id:
:return: :return:
""" """
return database.delete(get(role_id))
role = get(role_id)
log_service.audit_log("delete_role", role.name, "Deleting role")
return database.delete(role)
def render(args): def render(args):

View File

@ -8,6 +8,7 @@
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com> .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
""" """
from lemur import database from lemur import database
from lemur.logs import service as log_service
from lemur.users.models import User from lemur.users.models import User
@ -31,6 +32,7 @@ def create(username, password, email, active, profile_picture, roles):
profile_picture=profile_picture, profile_picture=profile_picture,
) )
user.roles = roles user.roles = roles
log_service.audit_log("create_user", username, f"Creating new user")
return database.create(user) return database.create(user)
@ -52,6 +54,8 @@ def update(user_id, username, email, active, profile_picture, roles):
user.active = active user.active = active
user.profile_picture = profile_picture user.profile_picture = profile_picture
update_roles(user, roles) update_roles(user, roles)
log_service.audit_log("update_user", username, f"Updating user with id {user_id}")
return database.update(user) return database.update(user)
@ -70,6 +74,7 @@ def update_roles(user, roles):
break break
else: else:
user.roles.remove(ur) user.roles.remove(ur)
log_service.audit_log("unassign_role", ur.name, f"Un-assigning the role for user {user.username}")
for r in roles: for r in roles:
for ur in user.roles: for ur in user.roles:
@ -77,6 +82,7 @@ def update_roles(user, roles):
break break
else: else:
user.roles.append(r) user.roles.append(r)
log_service.audit_log("assign_role", ur.name, f"Assigning the role to user {user.username}")
def get(user_id): def get(user_id):