Skip to content

Commit

Permalink
Add additional audit logs
Browse files Browse the repository at this point in the history
  • Loading branch information
Arshardh committed Jan 10, 2024
1 parent 916acb2 commit 756854a
Show file tree
Hide file tree
Showing 5 changed files with 54 additions and 16 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -244,18 +244,23 @@ public void run() {
} else if (EventType.REMOVE_APPLICATION_KEYMAPPING.toString().equals(eventType)) {
ApplicationRegistrationEvent event = new Gson().fromJson(eventJson, ApplicationRegistrationEvent.class);
ServiceReferenceHolder.getInstance().getKeyManagerDataService().removeApplicationKeyMapping(event);
} else if (EventType.SCOPE_CREATE.toString().equals(eventType)) {
ScopeEvent event = new Gson().fromJson(eventJson, ScopeEvent.class);
ServiceReferenceHolder.getInstance().getKeyManagerDataService().addScope(event);
} else if (EventType.SCOPE_UPDATE.toString().equals(eventType)) {
} else if (EventType.SCOPE_CREATE.toString().equals(eventType) ||
EventType.SCOPE_UPDATE.toString().equals(eventType)) {
ScopeEvent event = new Gson().fromJson(eventJson, ScopeEvent.class);
ServiceReferenceHolder.getInstance().getKeyManagerDataService().addScope(event);
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, event.getName() + ": " + eventType,
APIConstants.AuditLogConstants.DEPLOYED,
APIConstants.AuditLogConstants.SYSTEM + ": " + event.getTenantDomain());
} else if (EventType.SCOPE_DELETE.toString().equals(eventType)) {
ScopeEvent event = new Gson().fromJson(eventJson, ScopeEvent.class);
ServiceReferenceHolder.getInstance().getKeyManagerDataService().deleteScope(event);
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, event.getName() + ": " + eventType,
APIConstants.AuditLogConstants.DEPLOYED,
APIConstants.AuditLogConstants.SYSTEM + ": " + event.getTenantDomain());
} else if (EventType.POLICY_CREATE.toString().equals(eventType) ||
EventType.POLICY_DELETE.toString().equals(eventType) ||
EventType.POLICY_UPDATE.toString().equals(eventType)) {
EventType.POLICY_DELETE.toString().equals(eventType) ||
EventType.POLICY_UPDATE.toString().equals(eventType)) {
String policyName = null;
PolicyEvent event = new Gson().fromJson(eventJson, PolicyEvent.class);
boolean updatePolicy = false;
boolean deletePolicy = false;
Expand All @@ -274,6 +279,7 @@ public void run() {
ServiceReferenceHolder.getInstance().getKeyManagerDataService()
.removeAPIPolicy(policyEvent);
}
policyName = policyEvent.getPolicyName();
} else if (event.getPolicyType() == PolicyType.SUBSCRIPTION) {
SubscriptionPolicyEvent policyEvent = new Gson().fromJson(eventJson, SubscriptionPolicyEvent.class);
if (updatePolicy) {
Expand All @@ -283,6 +289,7 @@ public void run() {
ServiceReferenceHolder.getInstance().getKeyManagerDataService()
.removeSubscriptionPolicy(policyEvent);
}
policyName = policyEvent.getPolicyName();
} else if (event.getPolicyType() == PolicyType.APPLICATION) {
ApplicationPolicyEvent policyEvent = new Gson().fromJson(eventJson, ApplicationPolicyEvent.class);
if (updatePolicy) {
Expand All @@ -292,7 +299,11 @@ public void run() {
ServiceReferenceHolder.getInstance().getKeyManagerDataService()
.removeApplicationPolicy(policyEvent);
}
policyName = policyEvent.getPolicyName();
}
APIUtil.logAuditMessage(event.getPolicyType().toString(), policyName + ": " + eventType,
APIConstants.AuditLogConstants.DEPLOYED,
APIConstants.AuditLogConstants.SYSTEM + ": " + event.getTenantDomain());
} else if (EventType.ENDPOINT_CERTIFICATE_ADD.toString().equals(eventType) ||
EventType.ENDPOINT_CERTIFICATE_REMOVE.toString().equals(eventType)) {
CertificateEvent certificateEvent = new Gson().fromJson(eventJson, CertificateEvent.class);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManager;
import org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.rest.api.APIData;
import org.wso2.carbon.rest.api.ResourceData;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
Expand Down Expand Up @@ -753,6 +754,9 @@ public boolean deployAPI(GatewayAPIDTO gatewayAPIDTO) throws AxisFault {
} else {
sequenceAdminServiceProxy.addSequence(element);
}
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, sequence.getName(),
APIConstants.AuditLogConstants.DEPLOYED, APIConstants.AuditLogConstants.SYSTEM +
": " + gatewayAPIDTO.getTenantDomain());
}
}

Expand All @@ -763,6 +767,9 @@ public boolean deployAPI(GatewayAPIDTO gatewayAPIDTO) throws AxisFault {
// Add API
if (StringUtils.isNotEmpty(gatewayAPIDTO.getApiDefinition())) {
restapiAdminServiceProxy.addApi(gatewayAPIDTO.getApiDefinition());
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.API, gatewayAPIDTO.getApiId(),
APIConstants.AuditLogConstants.DEPLOYED, APIConstants.AuditLogConstants.SYSTEM +
": " + gatewayAPIDTO.getTenantDomain());
}
if (log.isDebugEnabled()) {
log.debug(gatewayAPIDTO.getName() + ":" + gatewayAPIDTO.getVersion() + " API Definition deployed");
Expand Down Expand Up @@ -804,6 +811,9 @@ private void unDeployAPI(SequenceAdminServiceProxy sequenceAdminServiceProxy,
gatewayAPIDTO.getName(), gatewayAPIDTO.getVersion());
if (restapiAdminServiceProxy.getApi(qualifiedName) != null) {
restapiAdminServiceProxy.deleteApi(qualifiedName);
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.API, gatewayAPIDTO.getApiId(),
APIConstants.AuditLogConstants.UNDEPLOYED, APIConstants.AuditLogConstants.SYSTEM +
": " + gatewayAPIDTO.getTenantDomain());
}
if (log.isDebugEnabled()) {
log.debug(gatewayAPIDTO.getName() + ":" + gatewayAPIDTO.getVersion() + " API Definition undeployed " +
Expand All @@ -816,6 +826,9 @@ private void unDeployAPI(SequenceAdminServiceProxy sequenceAdminServiceProxy,
for (String sequenceName : gatewayAPIDTO.getSequencesToBeRemove()) {
if (sequenceAdminServiceProxy.isExistingSequence(sequenceName)) {
sequenceAdminServiceProxy.deleteSequence(sequenceName);
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, sequenceName,
APIConstants.AuditLogConstants.UNDEPLOYED,
APIConstants.AuditLogConstants.SYSTEM + ": " + gatewayAPIDTO.getTenantDomain());
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2020,9 +2020,12 @@ public static class AuditLogConstants {
public static final String CREATED = "created";
public static final String UPDATED = "updated";
public static final String DELETED = "deleted";
public static final String DEPLOYED = "deployed";
public static final String UNDEPLOYED = "undeployed";
public static final String LIFECYCLE_CHANGED = "lifecycle-changed";

public static final String API = "API";
public static final String SYSTEM = "SYSTEM";
public static final String ORGANIZATION = "Organization";
public static final String API_PRODUCT = "APIProduct";
public static final String APPLICATION = "Application";
Expand All @@ -2031,6 +2034,7 @@ public static class AuditLogConstants {

public static final String NAME = "name";
public static final String SCOPE = "scope";
public static final String OPERATION_POLICY = "operation_policy";
public static final String VERSION = "version";
public static final String CONTEXT = "context";
public static final String PROVIDER = "provider";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -528,6 +528,10 @@ private void addLocalScopes(String apiName, Set<URITemplate> uriTemplates, Strin
Map<String, KeyManagerDto> tenantKeyManagers = KeyManagerHolder.getTenantKeyManagers(tenantDomain);
//Get the local scopes set to register for the API from URI templates
Set<Scope> scopesToRegister = getScopesToRegisterFromURITemplates(apiName, organization, uriTemplates);
if (scopesToRegister.isEmpty()) {
// We return since there is no scope to be registered.
return;
}
//Register scopes
for (Scope scope : scopesToRegister) {
for (Map.Entry<String, KeyManagerDto> keyManagerDtoEntry : tenantKeyManagers.entrySet()) {
Expand Down Expand Up @@ -4900,10 +4904,10 @@ public List<APIResource> getRemovedProductResources(Set<URITemplate> updatedUriT
private void addScopes(Set<Scope> scopes, int tenantId) throws APIManagementException {

if (scopes != null) {
scopesDAO.addScopes(scopes, tenantId);
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, APIUtil
.getScopesAsString(scopes), APIConstants.AuditLogConstants.CREATED,
this.username);
if(scopesDAO.addScopes(scopes, tenantId)) {
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, APIUtil
.getScopesAsString(scopes), APIConstants.AuditLogConstants.CREATED, this.username);
}
for (Scope scope : scopes) {
ScopeEvent scopeEvent = new ScopeEvent(UUID.randomUUID().toString(),
System.currentTimeMillis(), APIConstants.EventType.SCOPE_CREATE.name(), tenantId,
Expand All @@ -4920,9 +4924,10 @@ private void addScopes(Set<Scope> scopes, int tenantId) throws APIManagementExce
private void updateScope(Scope scope, int tenantId) throws APIManagementException {

if (scope != null) {
scopesDAO.updateScope(scope, tenantId);
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scope.getKey(),
APIConstants.AuditLogConstants.UPDATED, this.username);
if (scopesDAO.updateScope(scope, tenantId)) {
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scope.getKey(),
APIConstants.AuditLogConstants.UPDATED, this.username);
}
ScopeEvent scopeEvent = new ScopeEvent(UUID.randomUUID().toString(),
System.currentTimeMillis(), APIConstants.EventType.SCOPE_UPDATE.name(), tenantId,
tenantDomain, scope.getKey(), scope.getName(), scope.getDescription());
Expand All @@ -4936,9 +4941,10 @@ private void updateScope(Scope scope, int tenantId) throws APIManagementExceptio
private void deleteScope(String scopeKey, int tenantId) throws APIManagementException {

if (StringUtils.isNotEmpty(scopeKey)) {
scopesDAO.deleteScope(scopeKey, tenantId);
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scopeKey,
APIConstants.AuditLogConstants.DELETED, this.username);
if(scopesDAO.deleteScope(scopeKey, tenantId)) {
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scopeKey,
APIConstants.AuditLogConstants.DELETED, this.username);
}
ScopeEvent scopeEvent = new ScopeEvent(UUID.randomUUID().toString(),
System.currentTimeMillis(), APIConstants.EventType.SCOPE_DELETE.name(), tenantId,
tenantDomain, scopeKey, null, null);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1971,6 +1971,8 @@ public Response addAPISpecificOperationPolicy(String apiId, InputStream policySp
log.debug("An API specific operation policy has been added for the API " + apiId +
" with id " + policyID);
}
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, policyID,
APIConstants.AuditLogConstants.CREATED, RestApiCommonUtil.getLoggedInUsername());
} else {
throw new APIManagementException("An API specific operation policy found for the same name.");
}
Expand Down Expand Up @@ -2152,6 +2154,8 @@ public Response deleteAPISpecificOperationPolicyByPolicyId(String apiId, String
log.debug("The operation policy " + operationPolicyId + " has been deleted from the the API "
+ apiId);
}
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, operationPolicyId,
APIConstants.AuditLogConstants.DELETED, RestApiCommonUtil.getLoggedInUsername());
return Response.ok().build();
} else {
throw new APIMgtResourceNotFoundException("Couldn't retrieve an existing operation policy with ID: "
Expand Down

0 comments on commit 756854a

Please sign in to comment.