From 756854af02cab16090f8ebb818080716ad4f0d56 Mon Sep 17 00:00:00 2001 From: arshardh Date: Thu, 23 Mar 2023 04:32:22 +0530 Subject: [PATCH] Add additional audit logs --- .../listeners/GatewayJMSMessageListener.java | 23 +++++++++++----- .../gateway/service/APIGatewayAdmin.java | 13 ++++++++++ .../wso2/carbon/apimgt/impl/APIConstants.java | 4 +++ .../carbon/apimgt/impl/APIProviderImpl.java | 26 ++++++++++++------- .../publisher/v1/impl/ApisApiServiceImpl.java | 4 +++ 5 files changed, 54 insertions(+), 16 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java index 9b58cb280300..c9e5a5677775 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java +++ b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java @@ -244,18 +244,23 @@ public void run() { } else if (EventType.REMOVE_APPLICATION_KEYMAPPING.toString().equals(eventType)) { ApplicationRegistrationEvent event = new Gson().fromJson(eventJson, ApplicationRegistrationEvent.class); ServiceReferenceHolder.getInstance().getKeyManagerDataService().removeApplicationKeyMapping(event); - } else if (EventType.SCOPE_CREATE.toString().equals(eventType)) { - ScopeEvent event = new Gson().fromJson(eventJson, ScopeEvent.class); - ServiceReferenceHolder.getInstance().getKeyManagerDataService().addScope(event); - } else if (EventType.SCOPE_UPDATE.toString().equals(eventType)) { + } else if (EventType.SCOPE_CREATE.toString().equals(eventType) || + EventType.SCOPE_UPDATE.toString().equals(eventType)) { ScopeEvent event = new Gson().fromJson(eventJson, ScopeEvent.class); ServiceReferenceHolder.getInstance().getKeyManagerDataService().addScope(event); + APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, event.getName() + ": " + eventType, + APIConstants.AuditLogConstants.DEPLOYED, + APIConstants.AuditLogConstants.SYSTEM + ": " + event.getTenantDomain()); } else if (EventType.SCOPE_DELETE.toString().equals(eventType)) { ScopeEvent event = new Gson().fromJson(eventJson, ScopeEvent.class); ServiceReferenceHolder.getInstance().getKeyManagerDataService().deleteScope(event); + APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, event.getName() + ": " + eventType, + APIConstants.AuditLogConstants.DEPLOYED, + APIConstants.AuditLogConstants.SYSTEM + ": " + event.getTenantDomain()); } else if (EventType.POLICY_CREATE.toString().equals(eventType) || - EventType.POLICY_DELETE.toString().equals(eventType) || - EventType.POLICY_UPDATE.toString().equals(eventType)) { + EventType.POLICY_DELETE.toString().equals(eventType) || + EventType.POLICY_UPDATE.toString().equals(eventType)) { + String policyName = null; PolicyEvent event = new Gson().fromJson(eventJson, PolicyEvent.class); boolean updatePolicy = false; boolean deletePolicy = false; @@ -274,6 +279,7 @@ public void run() { ServiceReferenceHolder.getInstance().getKeyManagerDataService() .removeAPIPolicy(policyEvent); } + policyName = policyEvent.getPolicyName(); } else if (event.getPolicyType() == PolicyType.SUBSCRIPTION) { SubscriptionPolicyEvent policyEvent = new Gson().fromJson(eventJson, SubscriptionPolicyEvent.class); if (updatePolicy) { @@ -283,6 +289,7 @@ public void run() { ServiceReferenceHolder.getInstance().getKeyManagerDataService() .removeSubscriptionPolicy(policyEvent); } + policyName = policyEvent.getPolicyName(); } else if (event.getPolicyType() == PolicyType.APPLICATION) { ApplicationPolicyEvent policyEvent = new Gson().fromJson(eventJson, ApplicationPolicyEvent.class); if (updatePolicy) { @@ -292,7 +299,11 @@ public void run() { ServiceReferenceHolder.getInstance().getKeyManagerDataService() .removeApplicationPolicy(policyEvent); } + policyName = policyEvent.getPolicyName(); } + APIUtil.logAuditMessage(event.getPolicyType().toString(), policyName + ": " + eventType, + APIConstants.AuditLogConstants.DEPLOYED, + APIConstants.AuditLogConstants.SYSTEM + ": " + event.getTenantDomain()); } else if (EventType.ENDPOINT_CERTIFICATE_ADD.toString().equals(eventType) || EventType.ENDPOINT_CERTIFICATE_REMOVE.toString().equals(eventType)) { CertificateEvent certificateEvent = new Gson().fromJson(eventJson, CertificateEvent.class); diff --git a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java index 62889a7a7efd..7625e13b3744 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java +++ b/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java @@ -39,6 +39,7 @@ import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManager; import org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl; +import org.wso2.carbon.apimgt.impl.utils.APIUtil; import org.wso2.carbon.rest.api.APIData; import org.wso2.carbon.rest.api.ResourceData; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; @@ -753,6 +754,9 @@ public boolean deployAPI(GatewayAPIDTO gatewayAPIDTO) throws AxisFault { } else { sequenceAdminServiceProxy.addSequence(element); } + APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, sequence.getName(), + APIConstants.AuditLogConstants.DEPLOYED, APIConstants.AuditLogConstants.SYSTEM + + ": " + gatewayAPIDTO.getTenantDomain()); } } @@ -763,6 +767,9 @@ public boolean deployAPI(GatewayAPIDTO gatewayAPIDTO) throws AxisFault { // Add API if (StringUtils.isNotEmpty(gatewayAPIDTO.getApiDefinition())) { restapiAdminServiceProxy.addApi(gatewayAPIDTO.getApiDefinition()); + APIUtil.logAuditMessage(APIConstants.AuditLogConstants.API, gatewayAPIDTO.getApiId(), + APIConstants.AuditLogConstants.DEPLOYED, APIConstants.AuditLogConstants.SYSTEM + + ": " + gatewayAPIDTO.getTenantDomain()); } if (log.isDebugEnabled()) { log.debug(gatewayAPIDTO.getName() + ":" + gatewayAPIDTO.getVersion() + " API Definition deployed"); @@ -804,6 +811,9 @@ private void unDeployAPI(SequenceAdminServiceProxy sequenceAdminServiceProxy, gatewayAPIDTO.getName(), gatewayAPIDTO.getVersion()); if (restapiAdminServiceProxy.getApi(qualifiedName) != null) { restapiAdminServiceProxy.deleteApi(qualifiedName); + APIUtil.logAuditMessage(APIConstants.AuditLogConstants.API, gatewayAPIDTO.getApiId(), + APIConstants.AuditLogConstants.UNDEPLOYED, APIConstants.AuditLogConstants.SYSTEM + + ": " + gatewayAPIDTO.getTenantDomain()); } if (log.isDebugEnabled()) { log.debug(gatewayAPIDTO.getName() + ":" + gatewayAPIDTO.getVersion() + " API Definition undeployed " + @@ -816,6 +826,9 @@ private void unDeployAPI(SequenceAdminServiceProxy sequenceAdminServiceProxy, for (String sequenceName : gatewayAPIDTO.getSequencesToBeRemove()) { if (sequenceAdminServiceProxy.isExistingSequence(sequenceName)) { sequenceAdminServiceProxy.deleteSequence(sequenceName); + APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, sequenceName, + APIConstants.AuditLogConstants.UNDEPLOYED, + APIConstants.AuditLogConstants.SYSTEM + ": " + gatewayAPIDTO.getTenantDomain()); } } } diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java index bb2d8a8ece9e..6108eafc1a29 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java @@ -2020,9 +2020,12 @@ public static class AuditLogConstants { public static final String CREATED = "created"; public static final String UPDATED = "updated"; public static final String DELETED = "deleted"; + public static final String DEPLOYED = "deployed"; + public static final String UNDEPLOYED = "undeployed"; public static final String LIFECYCLE_CHANGED = "lifecycle-changed"; public static final String API = "API"; + public static final String SYSTEM = "SYSTEM"; public static final String ORGANIZATION = "Organization"; public static final String API_PRODUCT = "APIProduct"; public static final String APPLICATION = "Application"; @@ -2031,6 +2034,7 @@ public static class AuditLogConstants { public static final String NAME = "name"; public static final String SCOPE = "scope"; + public static final String OPERATION_POLICY = "operation_policy"; public static final String VERSION = "version"; public static final String CONTEXT = "context"; public static final String PROVIDER = "provider"; diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java index e7221876ac68..2dc543a2c67d 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java @@ -528,6 +528,10 @@ private void addLocalScopes(String apiName, Set uriTemplates, Strin Map tenantKeyManagers = KeyManagerHolder.getTenantKeyManagers(tenantDomain); //Get the local scopes set to register for the API from URI templates Set scopesToRegister = getScopesToRegisterFromURITemplates(apiName, organization, uriTemplates); + if (scopesToRegister.isEmpty()) { + // We return since there is no scope to be registered. + return; + } //Register scopes for (Scope scope : scopesToRegister) { for (Map.Entry keyManagerDtoEntry : tenantKeyManagers.entrySet()) { @@ -4900,10 +4904,10 @@ public List getRemovedProductResources(Set updatedUriT private void addScopes(Set scopes, int tenantId) throws APIManagementException { if (scopes != null) { - scopesDAO.addScopes(scopes, tenantId); - APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, APIUtil - .getScopesAsString(scopes), APIConstants.AuditLogConstants.CREATED, - this.username); + if(scopesDAO.addScopes(scopes, tenantId)) { + APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, APIUtil + .getScopesAsString(scopes), APIConstants.AuditLogConstants.CREATED, this.username); + } for (Scope scope : scopes) { ScopeEvent scopeEvent = new ScopeEvent(UUID.randomUUID().toString(), System.currentTimeMillis(), APIConstants.EventType.SCOPE_CREATE.name(), tenantId, @@ -4920,9 +4924,10 @@ private void addScopes(Set scopes, int tenantId) throws APIManagementExce private void updateScope(Scope scope, int tenantId) throws APIManagementException { if (scope != null) { - scopesDAO.updateScope(scope, tenantId); - APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scope.getKey(), - APIConstants.AuditLogConstants.UPDATED, this.username); + if (scopesDAO.updateScope(scope, tenantId)) { + APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scope.getKey(), + APIConstants.AuditLogConstants.UPDATED, this.username); + } ScopeEvent scopeEvent = new ScopeEvent(UUID.randomUUID().toString(), System.currentTimeMillis(), APIConstants.EventType.SCOPE_UPDATE.name(), tenantId, tenantDomain, scope.getKey(), scope.getName(), scope.getDescription()); @@ -4936,9 +4941,10 @@ private void updateScope(Scope scope, int tenantId) throws APIManagementExceptio private void deleteScope(String scopeKey, int tenantId) throws APIManagementException { if (StringUtils.isNotEmpty(scopeKey)) { - scopesDAO.deleteScope(scopeKey, tenantId); - APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scopeKey, - APIConstants.AuditLogConstants.DELETED, this.username); + if(scopesDAO.deleteScope(scopeKey, tenantId)) { + APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scopeKey, + APIConstants.AuditLogConstants.DELETED, this.username); + } ScopeEvent scopeEvent = new ScopeEvent(UUID.randomUUID().toString(), System.currentTimeMillis(), APIConstants.EventType.SCOPE_DELETE.name(), tenantId, tenantDomain, scopeKey, null, null); diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java index 84e5b75a4ae8..b7024001114e 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java @@ -1971,6 +1971,8 @@ public Response addAPISpecificOperationPolicy(String apiId, InputStream policySp log.debug("An API specific operation policy has been added for the API " + apiId + " with id " + policyID); } + APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, policyID, + APIConstants.AuditLogConstants.CREATED, RestApiCommonUtil.getLoggedInUsername()); } else { throw new APIManagementException("An API specific operation policy found for the same name."); } @@ -2152,6 +2154,8 @@ public Response deleteAPISpecificOperationPolicyByPolicyId(String apiId, String log.debug("The operation policy " + operationPolicyId + " has been deleted from the the API " + apiId); } + APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, operationPolicyId, + APIConstants.AuditLogConstants.DELETED, RestApiCommonUtil.getLoggedInUsername()); return Response.ok().build(); } else { throw new APIMgtResourceNotFoundException("Couldn't retrieve an existing operation policy with ID: "