8cada58820
Audit logging is designed to be simple to use. You call the audit_log method with the object affected and the action taken on it: ```ruby audit_log(vm, "create") ``` If additional objects are affected by the same action, then you can include them in the third argument: ```ruby audit_log(ps, "connect", subnet) ``` This implements an audit logging check similar to the recently added authorization check. All successful non-GET requests to the application are checked for audit logging, and will fail in non-frozen tests if an audit logging method is not called. Currently, only create/destroy actions are logged. Audit logging in other cases is ignored. However, this approach was necessary to check that no cases that should result in audit logging were missed. It also allows for easily flipping the switch to audit log all route actions.
64 lines
1.9 KiB
Ruby
64 lines
1.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Clover
|
|
def private_subnet_list
|
|
dataset = dataset_authorize(@project.private_subnets_dataset, "PrivateSubnet:view")
|
|
|
|
if api?
|
|
dataset = dataset.where(location: @location) if @location
|
|
result = dataset.eager(nics: [:private_subnet]).paginated_result(
|
|
start_after: request.params["start_after"],
|
|
page_size: request.params["page_size"],
|
|
order_column: request.params["order_column"]
|
|
)
|
|
|
|
{
|
|
items: Serializers::PrivateSubnet.serialize(result[:records]),
|
|
count: result[:count]
|
|
}
|
|
else
|
|
@pss = Serializers::PrivateSubnet.serialize(dataset.all, {include_path: true})
|
|
view "networking/private_subnet/index"
|
|
end
|
|
end
|
|
|
|
def private_subnet_post(name)
|
|
authorize("PrivateSubnet:create", @project.id)
|
|
|
|
params = check_required_web_params(%w[name location])
|
|
firewall_id = if params["firewall_id"]
|
|
fw = Firewall.from_ubid(params["firewall_id"])
|
|
unless fw && fw.location_id == @location.id
|
|
fail Validation::ValidationFailed.new(firewall_id: "Firewall with id \"#{params["firewall_id"]}\" and location \"#{@location.display_name}\" is not found")
|
|
end
|
|
authorize("Firewall:view", fw.id)
|
|
fw.id
|
|
end
|
|
|
|
ps = nil
|
|
DB.transaction do
|
|
ps = Prog::Vnet::SubnetNexus.assemble(
|
|
@project.id,
|
|
name:,
|
|
location_id: @location.id,
|
|
firewall_id:
|
|
).subject
|
|
audit_log(ps, "create")
|
|
end
|
|
|
|
if api?
|
|
Serializers::PrivateSubnet.serialize(ps)
|
|
else
|
|
flash["notice"] = "'#{name}' will be ready in a few seconds"
|
|
request.redirect "#{@project.path}#{ps.path}"
|
|
end
|
|
end
|
|
|
|
def generate_private_subnet_options
|
|
options = OptionTreeGenerator.new
|
|
options.add_option(name: "name")
|
|
options.add_option(name: "location", values: Option.locations)
|
|
options.serialize
|
|
end
|
|
end
|