Merge pull request RedHatInsights#1005 from Ellen-Yi-Dong/audit_log_1b

 Adding Serializer and View for Audit Logs

rbac/management/audit_log/serializer.py

@@ -0,0 +1,34 @@
+#
+# Copyright 2024 Red Hat, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+"""Serializer for Audit Logs."""
+from management.models import AuditLog
+from rest_framework import serializers
+
+
+class AuditLogSerializer(serializers.ModelSerializer):
+    """Serializer for Audit Log."""
+
+    class Meta:
+        model = AuditLog
+        fields = (
+            "created",
+            "principal_username",
+            "description",
+            "resource_type",
+            "action",
+        )

rbac/management/audit_log/view.py

@@ -0,0 +1,39 @@
+#
+# Copyright 2024 Red Hat, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+"""View for Audit Logs."""
+from management.models import AuditLog
+from management.permissions import AuditLogAccessPermission
+from management.serializers import AuditLogSerializer
+from management.utils import filter_queryset_by_tenant
+from rest_framework import mixins, viewsets
+
+
+class AuditLogViewSet(mixins.ListModelMixin, viewsets.GenericViewSet):
+    """Audit Logs View.
+
+    A viewset that provides default `list()` actions.
+    """
+
+    queryset = AuditLog.objects.all()
+    serializer_class = AuditLogSerializer
+    permission_classes = (AuditLogAccessPermission,)
+
+    def list(self, request, *args, **kwargs):
+        """List all of the audit logs within database by tenant."""
+        self.queryset = filter_queryset_by_tenant(AuditLog.objects.all(), request.tenant)
+        return super().list(request=request, args=args, kwargs=kwargs)

rbac/management/permissions/__init__.py

@@ -21,3 +21,4 @@
 from management.permissions.group_access import GroupAccessPermission
 from management.permissions.policy_access import PolicyAccessPermission
 from management.permissions.role_access import RoleAccessPermission
+from management.permissions.auditlog_access import AuditLogAccessPermission

rbac/management/permissions/auditlog_access.py

@@ -0,0 +1,26 @@
+#
+# Copyright 2024 Red Hat, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+"""Defines the Audit Log Access Permissions class."""
+from rest_framework import permissions
+
+
+class AuditLogAccessPermission(permissions.BasePermission):
+    """Determines if a user is an Account Admin."""
+
+    def has_permission(self, request, view):
+        """Check permission based on Account Admin property."""
+        return request.user.admin

rbac/management/serializers.py

@@ -21,3 +21,4 @@
 from management.group.serializer import GroupSerializer
 from management.role.serializer import RoleSerializer
 from management.policy.serializer import PolicySerializer
+from management.audit_log.serializer import AuditLogSerializer

rbac/management/urls.py

@@ -16,7 +16,15 @@
 """Describes the urls and patterns for the management application."""
 from django.conf.urls import include
 from django.urls import re_path
-from management.views import AccessView, GroupViewSet, PermissionViewSet, PolicyViewSet, PrincipalView, RoleViewSet
+from management.views import (
+    AccessView,
+    AuditLogViewSet,
+    GroupViewSet,
+    PermissionViewSet,
+    PolicyViewSet,
+    PrincipalView,
+    RoleViewSet,
+)
 from rest_framework.routers import DefaultRouter
 
 
@@ -25,6 +33,7 @@
 ROUTER.register(r"roles", RoleViewSet)
 ROUTER.register(r"policies", PolicyViewSet)
 ROUTER.register(r"permissions", PermissionViewSet)
+ROUTER.register(r"auditlogs", AuditLogViewSet)
 
 # pylint: disable=invalid-name
 urlpatterns = [

rbac/management/views.py

@@ -24,3 +24,4 @@
 from management.policy.view import PolicyViewSet
 from management.access.view import AccessView
 from management.permission.view import PermissionViewSet
+from management.audit_log.view import AuditLogViewSet

tests/management/audit_log/__init__.py

@@ -0,0 +1 @@
+# noqa

tests/management/audit_log/test_model.py

@@ -0,0 +1,54 @@
+#
+# Copyright 2024 Red Hat, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+"""Test the Audit Logs Model."""
+from django.test import TestCase
+from unittest.mock import Mock
+
+from management.models import AuditLog
+from tests.identity_request import IdentityRequest
+
+
+class AuditLogModelTests(IdentityRequest):
+    """ "Test the Audit Log Model."""
+
+    def setUp(self):
+        """Set up the audit log model tests."""
+        super().setUp()
+
+        self.audit_log = AuditLog.objects.create(
+            principal_id="1",
+            principal_username="test_user",
+            resource_type=AuditLog.ROLE,
+            resource_id="1",
+            description="Created a role asdf1234",
+            action=AuditLog.CREATE,
+            tenant_id="2",
+        )
+
+    def tearDown(self):
+        """Tear down group model tests."""
+        AuditLog.objects.all().delete()
+
+    def test_audit_log_creation(self):
+        """Test whether log was created through model."""
+        self.assertEqual(self.audit_log.principal_id, "1")
+        self.assertEqual(self.audit_log.principal_username, "test_user")
+        self.assertEqual(self.audit_log.resource_type, "role")
+        self.assertEqual(self.audit_log.resource_id, "1")
+        self.assertEqual(self.audit_log.description, "Created a role asdf1234")
+        self.assertEqual(self.audit_log.action, "create")
+        self.assertEqual(self.audit_log.tenant_id, "2")