github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-09 15:38:03 -05:00
Code Issues Packages Projects Releases Wiki Activity

audit log all endpoints

Browse Source
This commit is contained in:
x032205
2025-12-07 23:51:22 -05:00
parent bfb682b715
commit 4f41673c38
5 changed files with 380 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
backend/src/ee/services/audit-log/audit-log-types.ts
View File

@@ -559,7 +559,21 @@ export enum EventType {
PAM_RESOURCE_GET = "pam-resource-get",
PAM_RESOURCE_CREATE = "pam-resource-create",
PAM_RESOURCE_UPDATE = "pam-resource-update",
PAM_RESOURCE_DELETE = "pam-resource-delete"
PAM_RESOURCE_DELETE = "pam-resource-delete",
APPROVAL_POLICY_CREATE = "approval-policy-create",
APPROVAL_POLICY_UPDATE = "approval-policy-update",
APPROVAL_POLICY_DELETE = "approval-policy-delete",
APPROVAL_POLICY_LIST = "approval-policy-list",
APPROVAL_POLICY_GET = "approval-policy-get",
APPROVAL_REQUEST_GET = "approval-request-get",
APPROVAL_REQUEST_LIST = "approval-request-list",
APPROVAL_REQUEST_CREATE = "approval-request-create",
APPROVAL_REQUEST_APPROVE = "approval-request-approve",
APPROVAL_REQUEST_REJECT = "approval-request-reject",
APPROVAL_REQUEST_CANCEL = "approval-request-cancel",
APPROVAL_REQUEST_GRANT_LIST = "approval-request-grant-list",
APPROVAL_REQUEST_GRANT_GET = "approval-request-grant-get",
APPROVAL_REQUEST_GRANT_REVOKE = "approval-request-grant-revoke"
}
export const filterableSecretEvents: EventType[] = [
@@ -4224,6 +4238,126 @@ interface GetCertificateFromRequestEvent {
};
}
interface ApprovalPolicyCreateEvent {
type: EventType.APPROVAL_POLICY_CREATE;
metadata: {
policyType: string;
name: string;
};
}
interface ApprovalPolicyUpdateEvent {
type: EventType.APPROVAL_POLICY_UPDATE;
metadata: {
policyType: string;
policyId: string;
name: string;
};
}
interface ApprovalPolicyDeleteEvent {
type: EventType.APPROVAL_POLICY_DELETE;
metadata: {
policyType: string;
policyId: string;
};
}
interface ApprovalPolicyListEvent {
type: EventType.APPROVAL_POLICY_LIST;
metadata: {
policyType: string;
count: number;
};
}
interface ApprovalPolicyGetEvent {
type: EventType.APPROVAL_POLICY_GET;
metadata: {
policyType: string;
policyId: string;
name: string;
};
}
interface ApprovalRequestGetEvent {
type: EventType.APPROVAL_REQUEST_GET;
metadata: {
policyType: string;
requestId: string;
status: string;
};
}
interface ApprovalRequestListEvent {
type: EventType.APPROVAL_REQUEST_LIST;
metadata: {
policyType: string;
count: number;
};
}
interface ApprovalRequestCreateEvent {
type: EventType.APPROVAL_REQUEST_CREATE;
metadata: {
policyType: string;
justification?: string;
requestDuration: string;
};
}
interface ApprovalRequestApproveEvent {
type: EventType.APPROVAL_REQUEST_APPROVE;
metadata: {
policyType: string;
requestId: string;
comment?: string;
};
}
interface ApprovalRequestRejectEvent {
type: EventType.APPROVAL_REQUEST_REJECT;
metadata: {
policyType: string;
requestId: string;
comment?: string;
};
}
interface ApprovalRequestCancelEvent {
type: EventType.APPROVAL_REQUEST_CANCEL;
metadata: {
policyType: string;
requestId: string;
};
}
interface ApprovalRequestGrantListEvent {
type: EventType.APPROVAL_REQUEST_GRANT_LIST;
metadata: {
policyType: string;
count: number;
};
}
interface ApprovalRequestGrantGetEvent {
type: EventType.APPROVAL_REQUEST_GRANT_GET;
metadata: {
policyType: string;
grantId: string;
status: string;
};
}
interface ApprovalRequestGrantRevokeEvent {
type: EventType.APPROVAL_REQUEST_GRANT_REVOKE;
metadata: {
policyType: string;
grantId: string;
revocationReason?: string;
};
}
export type Event =
| CreateSubOrganizationEvent
| UpdateSubOrganizationEvent
@@ -4609,4 +4743,18 @@ export type Event =
| AutomatedRenewCertificate
| AutomatedRenewCertificateFailed
| UserLoginEvent
| SelectOrganizationEvent;
| SelectOrganizationEvent
| ApprovalPolicyCreateEvent
| ApprovalPolicyUpdateEvent
| ApprovalPolicyDeleteEvent
| ApprovalPolicyListEvent
| ApprovalPolicyGetEvent
| ApprovalRequestGetEvent
| ApprovalRequestListEvent
| ApprovalRequestCreateEvent
| ApprovalRequestApproveEvent
| ApprovalRequestRejectEvent
| ApprovalRequestCancelEvent
| ApprovalRequestGrantListEvent
| ApprovalRequestGrantGetEvent
| ApprovalRequestGrantRevokeEvent;

196
backend/src/server/routes/v1/approval-policy-routers/approval-policy-endpoints.ts
View File

@@ -11,6 +11,7 @@ import {
TUpdatePolicyDTO
} from "@app/services/approval-policy/approval-policy-types";
import { AuthMode } from "@app/services/auth/auth-type";
import { EventType } from "@app/ee/services/audit-log/audit-log-types";
export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
server,
@@ -61,7 +62,18 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
handler: async (req) => {
const { policy } = await server.services.approvalPolicy.create(policyType, req.body, req.permission);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: req.body.projectId,
event: {
type: EventType.APPROVAL_POLICY_CREATE,
metadata: {
policyType,
name: req.body.name
}
}
});
return { policy };
}
@@ -88,7 +100,18 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
handler: async (req) => {
const { policies } = await server.services.approvalPolicy.list(policyType, req.query.projectId, req.permission);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: req.query.projectId,
event: {
type: EventType.APPROVAL_POLICY_LIST,
metadata: {
policyType,
count: policies.length
}
}
});
return { policies };
}
@@ -115,7 +138,19 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
handler: async (req) => {
const { policy } = await server.services.approvalPolicy.getById(req.params.policyId, req.permission);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: policy.projectId,
event: {
type: EventType.APPROVAL_POLICY_GET,
metadata: {
policyType,
policyId: policy.id,
name: policy.name
}
}
});
return { policy };
}
@@ -143,7 +178,19 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
handler: async (req) => {
const { policy } = await server.services.approvalPolicy.updateById(req.params.policyId, req.body, req.permission);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: policy.projectId,
event: {
type: EventType.APPROVAL_POLICY_UPDATE,
metadata: {
policyType,
policyId: policy.id,
name: policy.name
}
}
});
return { policy };
}
@@ -168,9 +215,23 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
},
onRequest: verifyAuth([AuthMode.JWT]),
handler: async (req) => {
const { policyId } = await server.services.approvalPolicy.deleteById(req.params.policyId, req.permission);
const { policyId, projectId } = await server.services.approvalPolicy.deleteById(
req.params.policyId,
req.permission
);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId,
event: {
type: EventType.APPROVAL_POLICY_DELETE,
metadata: {
policyType,
policyId
}
}
});
return { policyId };
}
@@ -202,7 +263,18 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
req.permission
);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: req.query.projectId,
event: {
type: EventType.APPROVAL_REQUEST_LIST,
metadata: {
policyType,
count: requests.length
}
}
});
return { requests };
}
@@ -240,7 +312,19 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
req.permission
);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: request.projectId,
event: {
type: EventType.APPROVAL_REQUEST_CREATE,
metadata: {
policyType,
justification: req.body.justification || undefined,
requestDuration: req.body.requestDuration || "infinite"
}
}
});
return { request };
}
@@ -267,7 +351,19 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
handler: async (req) => {
const { request } = await server.services.approvalPolicy.getRequestById(req.params.requestId, req.permission);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: request.projectId,
event: {
type: EventType.APPROVAL_REQUEST_GET,
metadata: {
policyType,
requestId: request.id,
status: request.status
}
}
});
return { request };
}
@@ -301,7 +397,19 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
req.permission
);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: request.projectId,
event: {
type: EventType.APPROVAL_REQUEST_APPROVE,
metadata: {
policyType,
requestId: req.params.requestId,
comment: req.body.comment
}
}
});
return { request };
}
@@ -335,7 +443,19 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
req.permission
);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: request.projectId,
event: {
type: EventType.APPROVAL_REQUEST_REJECT,
metadata: {
policyType,
requestId: req.params.requestId,
comment: req.body.comment
}
}
});
return { request };
}
@@ -362,7 +482,18 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
handler: async (req) => {
const { request } = await server.services.approvalPolicy.cancelRequest(req.params.requestId, req.permission);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: request.projectId,
event: {
type: EventType.APPROVAL_REQUEST_CANCEL,
metadata: {
policyType,
requestId: req.params.requestId
}
}
});
return { request };
}
@@ -394,7 +525,18 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
req.permission
);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: req.query.projectId,
event: {
type: EventType.APPROVAL_REQUEST_GRANT_LIST,
metadata: {
policyType,
count: grants.length
}
}
});
return { grants };
}
@@ -421,7 +563,19 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
handler: async (req) => {
const { grant } = await server.services.approvalPolicy.getGrantById(req.params.grantId, req.permission);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: grant.projectId,
event: {
type: EventType.APPROVAL_REQUEST_GRANT_GET,
metadata: {
policyType,
grantId: grant.id,
status: grant.status
}
}
});
return { grant };
}
@@ -451,7 +605,19 @@ export const registerApprovalPolicyEndpoints = <P extends TApprovalPolicy>({
handler: async (req) => {
const { grant } = await server.services.approvalPolicy.revokeGrant(req.params.grantId, req.body, req.permission);
// TODO(andrey): Audit log
await server.services.auditLog.createAuditLog({
...req.auditLogInfo,
orgId: req.permission.orgId,
projectId: grant.projectId,
event: {
type: EventType.APPROVAL_REQUEST_GRANT_REVOKE,
metadata: {
policyType,
grantId: grant.id,
revocationReason: req.body.revocationReason
}
}
});
return { grant };
}

3
backend/src/services/approval-policy/approval-policy-service.ts
View File

@@ -355,7 +355,8 @@ export const approvalPolicyServiceFactory = ({
await approvalPolicyDAL.deleteById(policyId);
return {
policyId
policyId,
projectId: policy.projectId
};
};