add audit logging to app registry endpoints
This commit is contained in:
Jimmy Zelinskie
parent
f4f67c8c62
commit
4db789b656
7 changed files with 54 additions and 20 deletions
|
|
@ -13,6 +13,7 @@ from flask import jsonify, request
|
|||
from auth.auth_context import get_authenticated_user
|
||||
from auth.decorators import process_auth
|
||||
from auth.permissions import (CreateRepositoryPermission, ModifyRepositoryPermission)
|
||||
from data.interfaces.appr import oci_app_model as model
|
||||
from endpoints.appr import (appr_bp, require_app_repo_read, require_app_repo_write)
|
||||
from endpoints.appr.cnr_backend import Blob, Channel, Package, User
|
||||
from endpoints.appr.decorators import disallow_for_image_repository
|
||||
|
|
@ -102,6 +103,8 @@ def list_packages():
|
|||
def delete_package(namespace, package_name, release, media_type):
|
||||
reponame = repo_name(namespace, package_name)
|
||||
result = cnr_registry.delete_package(reponame, release, media_type, package_class=Package)
|
||||
model.log_action('delete_tag', namespace, repo_name=package_name,
|
||||
metadata={'release': release, 'mediatype': media_type})
|
||||
return jsonify(result)
|
||||
|
||||
|
||||
|
|
@ -136,7 +139,7 @@ def show_package_releases(namespace, package_name):
|
|||
@process_auth
|
||||
@require_app_repo_read
|
||||
@anon_protect
|
||||
def show_package_releasse_manifests(namespace, package_name, release):
|
||||
def show_package_release_manifests(namespace, package_name, release):
|
||||
reponame = repo_name(namespace, package_name)
|
||||
result = cnr_registry.show_package_manifests(reponame, release, package_class=Package)
|
||||
return jsonify(result)
|
||||
|
|
@ -153,6 +156,8 @@ def pull(namespace, package_name, release, media_type):
|
|||
reponame = repo_name(namespace, package_name)
|
||||
logger.info("pull %s", reponame)
|
||||
data = cnr_registry.pull(reponame, release, media_type, Package, blob_class=Blob)
|
||||
model.log_action('pull_repo', namespace, repo_name=package_name,
|
||||
metadata={'release': release, 'mediatype': media_type})
|
||||
return _pull(data)
|
||||
|
||||
|
||||
|
|
@ -178,6 +183,7 @@ def push(namespace, package_name):
|
|||
{"package": reponame,
|
||||
"scopes": ['create']})
|
||||
Package.create_repository(reponame, private, owner)
|
||||
model.log_action('create_repo', namespace, repo_name=package_name)
|
||||
|
||||
if not ModifyRepositoryPermission(namespace, package_name).can():
|
||||
raise Forbidden("Unauthorized access for: %s" % reponame,
|
||||
|
|
@ -194,6 +200,8 @@ def push(namespace, package_name):
|
|||
blob = Blob(reponame, values['blob'])
|
||||
app_release = cnr_registry.push(reponame, release_version, media_type, blob, force,
|
||||
package_class=Package, user=owner, visibility=private)
|
||||
model.log_action('push_repo', namespace, repo_name=package_name,
|
||||
metadata={'release': release_version})
|
||||
return jsonify(app_release)
|
||||
|
||||
|
||||
|
|
@ -246,6 +254,8 @@ def add_channel_release(namespace, package_name, channel_name, release):
|
|||
reponame = repo_name(namespace, package_name)
|
||||
result = cnr_registry.add_channel_release(reponame, channel_name, release, channel_class=Channel,
|
||||
package_class=Package)
|
||||
model.log_action('create_tag', namespace, repo_name=package_name,
|
||||
metadata={'channel': channel_name, 'release': release})
|
||||
return jsonify(result)
|
||||
|
||||
|
||||
|
|
@ -254,13 +264,13 @@ def _check_channel_name(channel_name, release=None):
|
|||
logger.debug('Found invalid channel name CNR add channel release: %s', channel_name)
|
||||
raise InvalidUsage("Found invalid channelname %s" % release,
|
||||
{'name': channel_name,
|
||||
"release": release})
|
||||
'release': release})
|
||||
|
||||
if release is not None and not TAG_REGEX.match(release):
|
||||
logger.debug('Found invalid release name CNR add channel release: %s', release)
|
||||
raise InvalidUsage("Found invalid channel release name %s" % release,
|
||||
raise InvalidUsage('Found invalid channel release name %s' % release,
|
||||
{'name': channel_name,
|
||||
"release": release})
|
||||
'release': release})
|
||||
|
||||
|
||||
@appr_bp.route(
|
||||
|
|
@ -275,6 +285,8 @@ def delete_channel_release(namespace, package_name, channel_name, release):
|
|||
reponame = repo_name(namespace, package_name)
|
||||
result = cnr_registry.delete_channel_release(reponame, channel_name, release,
|
||||
channel_class=Channel, package_class=Package)
|
||||
model.log_action('delete_tag', namespace, repo_name=package_name,
|
||||
metadata={'channel': channel_name, 'release': release})
|
||||
return jsonify(result)
|
||||
|
||||
|
||||
|
|
@ -289,4 +301,6 @@ def delete_channel(namespace, package_name, channel_name):
|
|||
_check_channel_name(channel_name)
|
||||
reponame = repo_name(namespace, package_name)
|
||||
result = cnr_registry.delete_channel(reponame, channel_name, channel_class=Channel)
|
||||
model.log_action('delete_tag', namespace, repo_name=package_name,
|
||||
metadata={'channel': channel_name})
|
||||
return jsonify(result)
|
||||
|
|
|
|||
Reference in a new issue