From 4e9828af398ac3e13fc3dd677f1ce1bc50905db3 Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Tue, 6 Aug 2024 22:29:57 -0700 Subject: [PATCH] NAS-130459 / 24.10 / Add audit trails for snapshot and replication tasks (#14148) Generate audit trail when users configure snapshots and replication. --- .../middlewared/plugins/replication.py | 17 ++++++++++++----- src/middlewared/middlewared/plugins/snapshot.py | 16 +++++++++++++--- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/src/middlewared/middlewared/plugins/replication.py b/src/middlewared/middlewared/plugins/replication.py index cfb26f3653b98..a0af4400c1303 100644 --- a/src/middlewared/middlewared/plugins/replication.py +++ b/src/middlewared/middlewared/plugins/replication.py @@ -236,7 +236,9 @@ async def compress(self, data): Bool("enabled", default=True), register=True, strict=True, - ) + ), + audit="Replication task create:", + audit_extended=lambda data: data["name"] ) @pass_app(require=True) async def do_create(self, app, data): @@ -350,9 +352,9 @@ async def do_create(self, app, data): "replication_create", "replication_update", ("attr", {"update": True}), - )) + ), audit="Replication task update:", audit_callback=True) @pass_app(require=True) - async def do_update(self, app, id_, data): + async def do_update(self, app, audit_callback, id_, data): """ Update a Replication Task with specific `id` @@ -396,6 +398,7 @@ async def do_update(self, app, id_, data): """ old = await self.get_instance(id_) + audit_callback(old["name"]) new = old.copy() if new["ssh_credentials"]: @@ -429,9 +432,11 @@ async def do_update(self, app, id_, data): return await self.get_instance(id_) @accepts( - Int("id") + Int("id"), + audit="Replication task delete:", + audit_callback=True ) - async def do_delete(self, id_): + async def do_delete(self, audit_callback, id_): """ Delete a Replication Task with specific `id` @@ -447,6 +452,8 @@ async def do_delete(self, id_): ] } """ + task_name = (await self.get_instance(id_))["name"] + audit_callback(task_name) response = await self.middleware.call( "datastore.delete", diff --git a/src/middlewared/middlewared/plugins/snapshot.py b/src/middlewared/middlewared/plugins/snapshot.py index 7d189ba8034f4..deb02d51bda17 100644 --- a/src/middlewared/middlewared/plugins/snapshot.py +++ b/src/middlewared/middlewared/plugins/snapshot.py @@ -91,7 +91,9 @@ async def extend(self, data, context): Bool('allow_empty', default=True), Bool('enabled', default=True), register=True - ) + ), + audit='Snapshot task create:', + audit_extended=lambda data: data['dataset'] ) async def do_create(self, data): """ @@ -164,8 +166,10 @@ async def do_create(self, data): ('add', {'name': 'fixate_removal_date', 'type': 'bool'}), ('attr', {'update': True}) ), + audit='Snapshot task update:', + audit_callback=True, ) - async def do_update(self, id_, data): + async def do_update(self, audit_callback, id_, data): """ Update a Periodic Snapshot Task with specific `id` @@ -204,6 +208,7 @@ async def do_update(self, id_, data): fixate_removal_date = data.pop('fixate_removal_date', False) old = await self.get_instance(id_) + audit_callback(old['dataset']) new = old.copy() new.update(data) @@ -256,8 +261,10 @@ async def do_update(self, id_, data): 'options', Bool('fixate_removal_date', default=False), ), + audit='Snapshot task delete:', + audit_callback=True, ) - async def do_delete(self, id_, options): + async def do_delete(self, audit_callback, id_, options): """ Delete a Periodic Snapshot Task with specific `id` @@ -274,6 +281,9 @@ async def do_delete(self, id_, options): } """ + dataset = (await self.get_instance(id_))['dataset'] + audit_callback(dataset) + for replication_task in await self.middleware.call('replication.query', [ ['direction', '=', 'PUSH'], ['also_include_naming_schema', '=', []],