feat(2700): Add audit log of operations on the Options page (#2766)

screwdriver-cd · Sep 9, 2022 · a6e9f3f · a6e9f3f
1 parent 78e7d73
commit a6e9f3f
Show file tree

Hide file tree

Showing 9 changed files with 44 additions and 2 deletions.
diff --git a/plugins/pipelines/create.js b/plugins/pipelines/create.js
@@ -67,6 +67,7 @@ module.exports = () => ({
                 scmUri
             };
 
+            logger.info(`[Audit] user ${user.username}:${scmContext} creates the pipeline for ${scmUri}.`);
             pipeline = await pipelineFactory.create(pipelineConfig);
 
             const collections = await collectionFactory.list({

diff --git a/plugins/pipelines/remove.js b/plugins/pipelines/remove.js
@@ -3,6 +3,7 @@
 const boom = require('@hapi/boom');
 const joi = require('joi');
 const schema = require('screwdriver-data-schema');
+const logger = require('screwdriver-logger');
 const idSchema = schema.models.pipeline.base.extract('id');
 
 module.exports = () => ({
@@ -67,7 +68,12 @@ module.exports = () => ({
                                 throw boom.boomify(error, { statusCode: error.statusCode });
                             })
                             // user has good permissions, remove the pipeline
-                            .then(() => pipeline.remove())
+                            .then(async () => {
+                                logger.info(
+                                    `[Audit] user ${user.username}:${scmContext} deletes the pipeline pipelineId:${request.params.id}, scmUri:${pipeline.scmUri}.`
+                                );
+                                await pipeline.remove();
+                            })
                             .then(() => h.response().code(204))
                     );
                 })

diff --git a/plugins/pipelines/tokens/create.js b/plugins/pipelines/tokens/create.js
@@ -3,6 +3,7 @@
 const boom = require('@hapi/boom');
 const joi = require('joi');
 const schema = require('screwdriver-data-schema');
+const logger = require('screwdriver-logger');
 const urlLib = require('url');
 const pipelineIdSchema = schema.models.pipeline.base.extract('id');
 const tokenCreateSchema = schema.models.token.create;
@@ -52,6 +53,9 @@ module.exports = () => ({
                 throw boom.conflict(`Token ${match.name} already exists`);
             }
 
+            logger.info(
+                `[Audit] user ${username}:${scmContext} creates the token name:${request.payload.name} for pipelineId:${pipelineId}.`
+            );
             const token = await tokenFactory.create({
                 name: request.payload.name,
                 description: request.payload.description,

diff --git a/plugins/pipelines/tokens/refresh.js b/plugins/pipelines/tokens/refresh.js
@@ -3,6 +3,7 @@
 const boom = require('@hapi/boom');
 const joi = require('joi');
 const schema = require('screwdriver-data-schema');
+const logger = require('screwdriver-logger');
 const tokenIdSchema = schema.models.token.base.extract('id');
 const pipelineIdSchema = schema.models.pipeline.base.extract('id');
 const { getUserPermissions, getScmUri } = require('../../helper');
@@ -52,6 +53,9 @@ module.exports = () => ({
                 throw boom.forbidden('Pipeline does not own token');
             }
 
+            logger.info(
+                `[Audit] user ${username}:${scmContext} refreshes the token name:${token.name} for pipelineId:${pipelineId}.`
+            );
             const refreshed = await token.refresh();
 
             return h.response(refreshed.toJson()).code(200);

diff --git a/plugins/pipelines/tokens/remove.js b/plugins/pipelines/tokens/remove.js
@@ -3,6 +3,7 @@
 const boom = require('@hapi/boom');
 const joi = require('joi');
 const schema = require('screwdriver-data-schema');
+const logger = require('screwdriver-logger');
 const tokenIdSchema = schema.models.token.base.extract('id');
 const pipelineIdSchema = schema.models.pipeline.base.extract('id');
 const { getUserPermissions, getScmUri } = require('../../helper');
@@ -52,6 +53,10 @@ module.exports = () => ({
                 throw boom.forbidden('Pipeline does not own token');
             }
 
+            logger.info(
+                `[Audit] user ${username}:${scmContext} deletes the token name:${token.name} for pipelineId:${pipeline.id}.`
+            );
+
             return token.remove().then(() => h.response().code(204));
         },
         validate: {

diff --git a/plugins/pipelines/update.js b/plugins/pipelines/update.js
@@ -3,6 +3,7 @@
 const boom = require('@hapi/boom');
 const joi = require('joi');
 const schema = require('screwdriver-data-schema');
+const logger = require('screwdriver-logger');
 const idSchema = schema.models.pipeline.base.extract('id');
 const { formatCheckoutUrl, sanitizeRootDir } = require('./helper');
 const { getUserPermissions } = require('../helper');
@@ -138,6 +139,12 @@ module.exports = () => ({
                 oldPipeline.settings = { ...oldPipeline.settings, ...settings };
             }
 
+            if (checkoutUrl || rootDir) {
+                logger.info(
+                    `[Audit] user ${user.username}:${scmContext} updates the scmUri for pipelineID:${id} to ${oldPipeline.scmUri}.`
+                );
+            }
+
             // update pipeline
             const updatedPipeline = await oldPipeline.update();
 

diff --git a/plugins/secrets/create.js b/plugins/secrets/create.js
@@ -2,6 +2,7 @@
 
 const boom = require('@hapi/boom');
 const schema = require('screwdriver-data-schema');
+const logger = require('screwdriver-logger');
 const urlLib = require('url');
 const { getUserPermissions, getScmUri } = require('../helper');
 
@@ -56,6 +57,9 @@ module.exports = () => ({
                 throw boom.conflict(`Secret already exists with the ID: ${secret.id}`);
             }
 
+            logger.info(
+                `[Audit] user ${user.username}:${scmContext} creates the secret key:${request.payload.name} for pipelineId:${request.payload.pipelineId}.`
+            );
             const newSecret = await secretFactory.create(request.payload);
 
             const location = urlLib.format({

diff --git a/plugins/secrets/remove.js b/plugins/secrets/remove.js
@@ -3,6 +3,7 @@
 const boom = require('@hapi/boom');
 const joi = require('joi');
 const schema = require('screwdriver-data-schema');
+const logger = require('screwdriver-logger');
 const idSchema = schema.models.secret.base.extract('id');
 
 module.exports = () => ({
@@ -32,7 +33,12 @@ module.exports = () => ({
 
                     // Make sure that user has permission before deleting
                     return canAccess(credentials, secret, 'admin', request.server.app)
-                        .then(() => secret.remove())
+                        .then(async () => {
+                            logger.info(
+                                `[Audit] user ${credentials.username}:${credentials.scmContext} deletes the secret key:${secret.name} from pipelineId:${secret.pipelineId}.`
+                            );
+                            await secret.remove();
+                        })
                         .then(() => h.response().code(204));
                 })
                 .catch(err => {

diff --git a/plugins/secrets/update.js b/plugins/secrets/update.js
@@ -3,6 +3,7 @@
 const boom = require('@hapi/boom');
 const joi = require('joi');
 const schema = require('screwdriver-data-schema');
+const logger = require('screwdriver-logger');
 const idSchema = schema.models.secret.base.extract('id');
 
 module.exports = () => ({
@@ -36,6 +37,10 @@ module.exports = () => ({
                                 secret[key] = request.payload[key];
                             });
 
+                            logger.info(
+                                `[Audit] user ${credentials.username}:${credentials.scmContext} updates the secret key:${secret.name} for pipelineId:${secret.pipelineId}.`
+                            );
+
                             return secret.update();
                         })
                         .then(() => {