NAS-130459 / 24.10 / Add audit trails for snapshot and replication ta…

…sks (#14148) Generate audit trail when users configure snapshots and replication.
truenas · Aug 7, 2024 · 4e9828a · 4e9828a
1 parent 69da705
commit 4e9828a
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 8 deletions.
diff --git a/src/middlewared/middlewared/plugins/replication.py b/src/middlewared/middlewared/plugins/replication.py
@@ -236,7 +236,9 @@ async def compress(self, data):
             Bool("enabled", default=True),
             register=True,
             strict=True,
-        )
+        ),
+        audit="Replication task create:",
+        audit_extended=lambda data: data["name"]
     )
     @pass_app(require=True)
     async def do_create(self, app, data):
@@ -350,9 +352,9 @@ async def do_create(self, app, data):
         "replication_create",
         "replication_update",
         ("attr", {"update": True}),
-    ))
+    ), audit="Replication task update:", audit_callback=True)
     @pass_app(require=True)
-    async def do_update(self, app, id_, data):
+    async def do_update(self, app, audit_callback, id_, data):
         """
         Update a Replication Task with specific `id`
 
@@ -396,6 +398,7 @@ async def do_update(self, app, id_, data):
         """
 
         old = await self.get_instance(id_)
+        audit_callback(old["name"])
 
         new = old.copy()
         if new["ssh_credentials"]:
@@ -429,9 +432,11 @@ async def do_update(self, app, id_, data):
         return await self.get_instance(id_)
 
     @accepts(
-        Int("id")
+        Int("id"),
+        audit="Replication task delete:",
+        audit_callback=True
     )
-    async def do_delete(self, id_):
+    async def do_delete(self, audit_callback, id_):
         """
         Delete a Replication Task with specific `id`
 
@@ -447,6 +452,8 @@ async def do_delete(self, id_):
                 ]
             }
         """
+        task_name = (await self.get_instance(id_))["name"]
+        audit_callback(task_name)
 
         response = await self.middleware.call(
             "datastore.delete",

diff --git a/src/middlewared/middlewared/plugins/snapshot.py b/src/middlewared/middlewared/plugins/snapshot.py
@@ -91,7 +91,9 @@ async def extend(self, data, context):
             Bool('allow_empty', default=True),
             Bool('enabled', default=True),
             register=True
-        )
+        ),
+        audit='Snapshot task create:',
+        audit_extended=lambda data: data['dataset']
     )
     async def do_create(self, data):
         """
@@ -164,8 +166,10 @@ async def do_create(self, data):
             ('add', {'name': 'fixate_removal_date', 'type': 'bool'}),
             ('attr', {'update': True})
         ),
+        audit='Snapshot task update:',
+        audit_callback=True,
     )
-    async def do_update(self, id_, data):
+    async def do_update(self, audit_callback, id_, data):
         """
         Update a Periodic Snapshot Task with specific `id`
 
@@ -204,6 +208,7 @@ async def do_update(self, id_, data):
         fixate_removal_date = data.pop('fixate_removal_date', False)
 
         old = await self.get_instance(id_)
+        audit_callback(old['dataset'])
         new = old.copy()
         new.update(data)
 
@@ -256,8 +261,10 @@ async def do_update(self, id_, data):
             'options',
             Bool('fixate_removal_date', default=False),
         ),
+        audit='Snapshot task delete:',
+        audit_callback=True,
     )
-    async def do_delete(self, id_, options):
+    async def do_delete(self, audit_callback, id_, options):
         """
         Delete a Periodic Snapshot Task with specific `id`
 
@@ -274,6 +281,9 @@ async def do_delete(self, id_, options):
             }
         """
 
+        dataset = (await self.get_instance(id_))['dataset']
+        audit_callback(dataset)
+
         for replication_task in await self.middleware.call('replication.query', [
             ['direction', '=', 'PUSH'],
             ['also_include_naming_schema', '=', []],