Beispiel #1
0
    def get(self, application_name, cluster_name, key):
        """Get the audit logs of specified instance key.

        :param application_name: The name of application.
        :param cluster_name: The name of clsuter.
        :param key: The key of instance.
        :query date: The date specified to search, default is today.
        :query start: The offset of pagination. Default is ``0``.
        :>header Authorization: Huskar Token (See :ref:`token`)
        :status 403: You don't have required authority.
        :status 501: The server is in minimal mode.
        :status 200: The result is in the response.
                     (See :ref:`Audit Log Schema <audit_schema>`)
        """
        check_application(application_name)
        check_cluster_name(cluster_name, application_name)

        start = request.args.get('start', type=int, default=0)
        application = Application.get_by_name(application_name)
        can_view_sensitive_data = AuditLog.can_view_sensitive_data(
            g.auth.id, self.instance_type, application.id)
        items = AuditLog.get_multi_by_instance_index(self.instance_type,
                                                     application.id,
                                                     cluster_name, key)
        items = items[start:start + 20]
        if not can_view_sensitive_data:
            items = [item.desensitize() for item in items]
        return api_response(audit_log_schema.dump(items, many=True).data)
Beispiel #2
0
def test_normal_user_can_not_view_sensitive_data(
        user, application, team, target_type):
    if target_type == AuditLog.TYPE_SITE:
        target_id = 0
    elif target_type == AuditLog.TYPE_TEAM:
        target_id = team.id
    else:
        target_id = application.id

    assert not AuditLog.can_view_sensitive_data(
        user.id, target_type, target_id)
Beispiel #3
0
def test_application_auth_can_view_application_sensitive_data(
        user, application, team, target_type, can_view, authority):
    application.ensure_auth(authority, user.id)
    if target_type == AuditLog.TYPE_SITE:
        target_id = 0
    elif target_type == AuditLog.TYPE_TEAM:
        target_id = team.id
    else:
        target_id = application.id
    result = AuditLog.can_view_sensitive_data(user.id, target_type, target_id)
    assert result == can_view
Beispiel #4
0
def test_application_admin_can_view_team_sensitive_data(
        user, application, team, target_type, can_view):
    team.grant_admin(user.id)

    if target_type == AuditLog.TYPE_SITE:
        target_id = 0
    elif target_type == AuditLog.TYPE_TEAM:
        target_id = team.id
    else:
        target_id = application.id
    result = AuditLog.can_view_sensitive_data(user.id, target_type, target_id)
    assert result == can_view
Beispiel #5
0
    def get(self, name=None):
        """Gets the list of audit log.

        :param name: The name of team, application and also.
        :query start: The offset of pagination. Default is ``0``.
        :query date: The date specified to search.
        :<header Authorization: Huskar Token (See :ref:`token`)
        :status 403: You don't have required authority.
        :status 501: The server is in minimal mode.
        :status 200: The result is in the response.
                     (See :ref:`Audit Log Schema <audit_schema>`)
        """
        start = request.args.get('start', type=int, default=0)
        start = max(start, 0)
        date = request.args.get('date', type=strptime2date)
        target_id = self._find_target(name)
        can_view_sensitive_data = AuditLog.can_view_sensitive_data(
            g.auth.id, self.target_type, target_id)
        items = self._get_audit_logs(target_id, start, date)
        if not can_view_sensitive_data:
            items = [item.desensitize() for item in items]
        return api_response(audit_log_schema.dump(items, many=True).data)
Beispiel #6
0
def test_site_admin_can_view_all_sensitive_data(user, target_type):
    user.grant_admin()
    assert AuditLog.can_view_sensitive_data(user.id, target_type, None)