From b0c74a0584e8073452e436d67e53b29784016fb0 Mon Sep 17 00:00:00 2001
From: "stonezdj(Daojun Zhang)" <stonezdj@gmail.com>
Date: Fri, 3 Jan 2025 14:11:09 +0800
Subject: [PATCH] Add swagger api and audit_log_ext table model (#21360)
add auditlog-ext related api in swagger
add audit_log_ext table
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
---
api/v2.0/swagger.yaml | 131 +++++++++++++++++-
.../postgresql/0160_2.13.0_schema.up.sql | 21 +++
src/server/v2.0/handler/auditlog.go | 12 ++
src/server/v2.0/handler/project.go | 8 ++
4 files changed, 168 insertions(+), 4 deletions(-)
diff --git a/api/v2.0/swagger.yaml b/api/v2.0/swagger.yaml
index 23dcec3bb..f69cd8c34 100644
--- a/api/v2.0/swagger.yaml
+++ b/api/v2.0/swagger.yaml
@@ -1723,9 +1723,9 @@ paths:
$ref: '#/responses/500'
/audit-logs:
get:
- summary: Get recent logs of the projects which the user is a member of
+ summary: Get recent logs of projects which the user is a member with project admin role, or return all audit logs for system admin user (deprecated)
description: |
- This endpoint let user see the recent operation logs of the projects which he is member of
+ This endpoint let the user see the recent operation logs of projects which the user is a member with project admin role,, or return all audit logs for system admin user, it only query the audit log in previous version.
tags:
- auditlog
operationId: listAuditLogs
@@ -1755,10 +1755,63 @@ paths:
$ref: '#/responses/401'
'500':
$ref: '#/responses/500'
+ /auditlog-exts:
+ get:
+ summary: Get recent logs of the projects which the user is a member with project_admin role, or return all audit logs for system admin user
+ description: |
+ This endpoint let user see the recent operation logs of the projects which he is member with project_admin role, or return all audit logs for system admin user.
+ tags:
+ - auditlog
+ operationId: listAuditLogExts
+ parameters:
+ - $ref: '#/parameters/requestId'
+ - $ref: '#/parameters/query'
+ - $ref: '#/parameters/sort'
+ - $ref: '#/parameters/page'
+ - $ref: '#/parameters/pageSize'
+ responses:
+ '200':
+ description: Success
+ headers:
+ X-Total-Count:
+ description: The total count of auditlogs
+ type: integer
+ Link:
+ description: Link refers to the previous page and next page
+ type: string
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/AuditLogExt'
+ '400':
+ $ref: '#/responses/400'
+ '401':
+ $ref: '#/responses/401'
+ '500':
+ $ref: '#/responses/500'
+ /auditlog-exts/events:
+ get:
+ summary: Get all event types of audit log
+ description: |
+ Get all event types of audit log
+ tags:
+ - auditlog
+ operationId: listAuditLogEventTypes
+ parameters:
+ - $ref: '#/parameters/requestId'
+ responses:
+ '200':
+ description: Success
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/AuditLogEventType'
+ '401':
+ $ref: '#/responses/401'
/projects/{project_name}/logs:
get:
- summary: Get recent logs of the projects
- description: Get recent logs of the projects
+ summary: Get recent logs of the projects (deprecated)
+ description: Get recent logs of the projects, it only query the previous version's audit log
tags:
- project
operationId: getLogs
@@ -1789,6 +1842,40 @@ paths:
$ref: '#/responses/401'
'500':
$ref: '#/responses/500'
+ /projects/{project_name}/auditlog-exts:
+ get:
+ summary: Get recent logs of the projects
+ description: Get recent logs of the projects
+ tags:
+ - project
+ operationId: getLogExts
+ parameters:
+ - $ref: '#/parameters/projectName'
+ - $ref: '#/parameters/requestId'
+ - $ref: '#/parameters/query'
+ - $ref: '#/parameters/sort'
+ - $ref: '#/parameters/page'
+ - $ref: '#/parameters/pageSize'
+ responses:
+ '200':
+ description: Success
+ headers:
+ X-Total-Count:
+ description: The total count of auditlogs
+ type: integer
+ Link:
+ description: Link refers to the previous page and next page
+ type: string
+ schema:
+ type: array
+ items:
+ $ref: '#/definitions/AuditLogExt'
+ '400':
+ $ref: '#/responses/400'
+ '401':
+ $ref: '#/responses/401'
+ '500':
+ $ref: '#/responses/500'
/p2p/preheat/providers:
get:
summary: List P2P providers
@@ -6996,6 +7083,42 @@ definitions:
format: date-time
example: '2006-01-02T15:04:05Z'
description: The time when this operation is triggered.
+ AuditLogExt:
+ type: object
+ properties:
+ id:
+ type: integer
+ description: The ID of the audit log entry.
+ username:
+ type: string
+ description: The username of the operator in this log entry.
+ resource:
+ type: string
+ description: Name of the resource in this log entry.
+ resource_type:
+ type: string
+ description: Type of the resource in this log entry.
+ operation:
+ type: string
+ description: The operation against the resource in this log entry.
+ operation_description:
+ type: string
+ description: The operation's detail description
+ operation_result:
+ type: boolean
+ description: the operation's result, true for success, false for fail
+ op_time:
+ type: string
+ format: date-time
+ example: '2006-01-02T15:04:05Z'
+ description: The time when this operation is triggered.
+ AuditLogEventType:
+ type: object
+ properties:
+ event_type:
+ type: string
+ description: the event type, such as create_user.
+ example: create_user
Metadata:
type: object
properties:
diff --git a/make/migrations/postgresql/0160_2.13.0_schema.up.sql b/make/migrations/postgresql/0160_2.13.0_schema.up.sql
index 49a13a131..88efb21b4 100644
--- a/make/migrations/postgresql/0160_2.13.0_schema.up.sql
+++ b/make/migrations/postgresql/0160_2.13.0_schema.up.sql
@@ -1,2 +1,23 @@
ALTER TABLE p2p_preheat_policy DROP COLUMN IF EXISTS scope;
ALTER TABLE p2p_preheat_policy ADD COLUMN IF NOT EXISTS extra_attrs text;
+
+CREATE TABLE IF NOT EXISTS audit_log_ext
+(
+ id BIGSERIAL PRIMARY KEY NOT NULL,
+ project_id BIGINT,
+ operation VARCHAR(50) NULL,
+ resource_type VARCHAR(50) NULL,
+ resource VARCHAR(50) NULL,
+ username VARCHAR(50) NULL,
+ op_desc VARCHAR(500) NULL,
+ op_result BOOLEAN DEFAULT true,
+ payload TEXT NULL,
+ source_ip VARCHAR(50) NULL,
+ op_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+
+-- add index to the audit_log_ext table
+CREATE INDEX IF NOT EXISTS idx_audit_log_ext_op_time ON audit_log_ext (op_time);
+CREATE INDEX IF NOT EXISTS idx_audit_log_ext_project_id_optime ON audit_log_ext (project_id, op_time);
+CREATE INDEX IF NOT EXISTS idx_audit_log_ext_project_id_resource_type ON audit_log_ext (project_id, resource_type);
+CREATE INDEX IF NOT EXISTS idx_audit_log_ext_project_id_operation ON audit_log_ext (project_id, operation);
diff --git a/src/server/v2.0/handler/auditlog.go b/src/server/v2.0/handler/auditlog.go
index 22540b1ae..a18105586 100644
--- a/src/server/v2.0/handler/auditlog.go
+++ b/src/server/v2.0/handler/auditlog.go
@@ -110,3 +110,15 @@ func (a *auditlogAPI) ListAuditLogs(ctx context.Context, params auditlog.ListAud
WithLink(a.Links(ctx, params.HTTPRequest.URL, total, query.PageNumber, query.PageSize).String()).
WithPayload(auditLogs)
}
+func (a *auditlogAPI) ListAuditLogExts(ctx context.Context, params auditlog.ListAuditLogExtsParams) middleware.Responder {
+ // TODO: implement this method
+ return auditlog.NewListAuditLogExtsOK().
+ WithXTotalCount(0).
+ WithLink(a.Links(ctx, params.HTTPRequest.URL, 0, 0, 0).String()).
+ WithPayload(nil)
+}
+
+func (a *auditlogAPI) ListAuditLogEventTypes(_ context.Context, _ auditlog.ListAuditLogEventTypesParams) middleware.Responder {
+ // TODO: implement this method
+ return auditlog.NewListAuditLogEventTypesOK().WithPayload(nil)
+}
diff --git a/src/server/v2.0/handler/project.go b/src/server/v2.0/handler/project.go
index 57e1dfb7f..22d432dfe 100644
--- a/src/server/v2.0/handler/project.go
+++ b/src/server/v2.0/handler/project.go
@@ -938,3 +938,11 @@ func highestRole(roles []int) int {
}
return highest
}
+
+func (a *projectAPI) GetLogExts(ctx context.Context, params operation.GetLogExtsParams) middleware.Responder {
+ // TODO: implement the function
+ return operation.NewGetLogExtsOK().
+ WithXTotalCount(0).
+ WithLink(a.Links(ctx, params.HTTPRequest.URL, 0, 0, 15).String()).
+ WithPayload(nil)
+}