Merge pull request RedHatInsights#1126 from Ellen-Yi-Dong/auditlog_cr…

…eate_group Add audit logs for when a group is created
petracihalova · Jul 16, 2024 · d922dd9 · d922dd9
2 parents e22cbbb + 063cc1a
commit d922dd9
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 13 deletions.
diff --git a/rbac/management/audit_log/model.py b/rbac/management/audit_log/model.py
@@ -70,7 +70,6 @@ def get_tenant_id(self, request):
     def get_resource_item(self, r_type, request, *args, **kwargs):
         """Find related information (eg, name, id, etc...) for each resource item."""
         verify_tenant = self.get_tenant_id(request)
-
         if r_type == AuditLog.ROLE:
             if request.data != {}:
                 role_object = get_object_or_404(Role, name=request.data["name"], tenant=verify_tenant)
@@ -82,7 +81,7 @@ def get_resource_item(self, r_type, request, *args, **kwargs):
             return role_object_id, role_object_name
 
         elif r_type == AuditLog.GROUP:
-            if request._data is not None:
+            if request.data != {}:
                 group_object = get_object_or_404(Group, name=request.data["name"], tenant=verify_tenant)
             else:
                 group_uuid = kwargs["kwargs"]["uuid"]
@@ -95,16 +94,14 @@ def get_resource_item(self, r_type, request, *args, **kwargs):
             # TODO: update for permission related items
             return None
 
-        elif r_type == "principal":
-            principal_object = get_object_or_404(Principal, username=request.user.username, tenant=verify_tenant)
-            return principal_object.id, principal_object.username
-
-    def log_create(self, request, resource):
+    def log_create(self, request, resource, kwargs):
         """Audit Log when a role or a group is created."""
-        self.principal_id, self.principal_username = self.get_resource_item("principal", request)
+        self.principal_id = None
+        self.principal_username = request.user.username
+
         self.resource_type = resource
 
-        self.resource_id, resource_name = self.get_resource_item(resource, request)
+        self.resource_id, resource_name = self.get_resource_item(resource, request, kwargs=kwargs)
         self.description = "Created " + resource_name
 
         self.action = AuditLog.CREATE

diff --git a/rbac/management/group/view.py b/rbac/management/group/view.py
@@ -44,6 +44,7 @@
     GroupSerializer,
     RoleMinimumSerializer,
 )
+from management.models import AuditLog
 from management.notifications.notification_handlers import (
     group_obj_change_notification_handler,
     group_principal_change_notification_handler,
@@ -250,7 +251,13 @@ def create(self, request, *args, **kwargs):
             }
         """
         validate_group_name(request.data.get("name"))
-        return super().create(request=request, args=args, kwargs=kwargs)
+        create_group = super().create(request=request, args=args, kwargs=kwargs)
+
+        if status.is_success(create_group.status_code):
+            auditlog = AuditLog()
+            auditlog.log_create(request, AuditLog.GROUP, kwargs=kwargs)
+
+        return create_group
 
     def list(self, request, *args, **kwargs):
         """Obtain the list of groups for the tenant.

diff --git a/rbac/management/role/view.py b/rbac/management/role/view.py
@@ -214,8 +214,9 @@ def create(self, request, *args, **kwargs):
 
         if status.is_success(create_role.status_code):
             auditlog = AuditLog()
-            auditlog.log_create(request, AuditLog.ROLE)
-            return create_role
+            auditlog.log_create(request, AuditLog.ROLE, kwargs=kwargs)
+
+        return create_role
 
     def list(self, request, *args, **kwargs):
         """Obtain the list of roles for the tenant.

diff --git a/tests/management/group/test_view.py b/tests/management/group/test_view.py
@@ -21,7 +21,7 @@
 
 from django.db import transaction
 from django.conf import settings
-from django.urls import reverse
+from django.urls import reverse, resolve
 from django.test.utils import override_settings
 from rest_framework import status
 from rest_framework.response import Response
@@ -183,6 +183,27 @@ def test_create_group_success(self, send_kafka_message, mock_request):
             response = client.get(url, **self.headers)
             group = Group.objects.get(uuid=uuid)
 
+            # test whether newly created group is added correctly within audit log database
+            al_url = "/api/v1/auditlogs/"
+            al_client = APIClient()
+            al_response = al_client.get(al_url, **self.headers)
+            retrieve_data = al_response.data.get("data")
+            al_list = retrieve_data
+            al_dict = al_list[0]
+
+            al_dict_principal_username = al_dict["principal_username"]
+            al_dict_description = al_dict["description"]
+            al_dict_resource = al_dict["resource_type"]
+            al_dict_action = al_dict["action"]
+
+            self.assertEqual(self.user_data["username"], al_dict_principal_username)
+            self.assertIsNotNone(al_dict_description)
+            self.assertEqual(al_dict_resource, "group")
+            self.assertEqual(al_dict_action, "create")
+
+            # test that we can retrieve the role
+            url = reverse("role-detail", kwargs={"uuid": response.data.get("uuid")})
+            client = APIClient()
             self.assertIsNotNone(uuid)
             self.assertIsNotNone(response.data.get("name"))
             self.assertEqual(group_name, response.data.get("name"))