dumplingmiku/ubicloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
enes/normalize-platforms
ubicloud/routes/project/location/vm.rb
Jeremy Evans 8cada58820 Add audit logging to all route actions 
Audit logging is designed to be simple to use.  You call the audit_log
method with the object affected and the action taken on it:

```ruby
audit_log(vm, "create")
```

If additional objects are affected by the same action, then you can
include them in the third argument:

```ruby
audit_log(ps, "connect", subnet)
```

This implements an audit logging check similar to the recently
added authorization check.  All successful non-GET requests to the
application are checked for audit logging, and will fail in
non-frozen tests if an audit logging method is not called.

Currently, only create/destroy actions are logged.  Audit logging
in other cases is ignored.  However, this approach was necessary
to check that no cases that should result in audit logging were
missed. It also allows for easily flipping the switch to audit log
all route actions.
2025-05-13 06:38:49 +09:00

60 lines
1.4 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
class Clover
hash_branch(:project_location_prefix, "vm") do |r|
r.get api? do
vm_list_api_response(vm_list_dataset)
end
r.on VM_NAME_OR_UBID do |vm_name, vm_ubid|
if vm_name
r.post api? do
check_visible_location
vm_post(vm_name)
end
filter = {Sequel[:vm][:name] => vm_name}
else
filter = {Sequel[:vm][:id] => UBID.to_uuid(vm_ubid)}
end
filter[:location_id] = @location.id
vm = @project.vms_dataset.eager(:location).first(filter)
check_found_object(vm)
r.get true do
authorize("Vm:view", vm.id)
@vm = Serializers::Vm.serialize(vm, {detailed: true, include_path: web?})
api? ? @vm : view("vm/show")
end
r.delete true do
authorize("Vm:delete", vm.id)
DB.transaction do
vm.incr_destroy
audit_log(vm, "destroy")
end
204
end
r.post "restart" do
authorize("Vm:edit", vm.id)
DB.transaction do
vm.incr_restart
audit_log(vm, "restart")
end
if api?
Serializers::Vm.serialize(vm, {detailed: true})
else
flash["notice"] = "'#{vm.name}' will be restarted in a few seconds"
r.redirect "#{@project.path}#{vm.path}"
end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink