Merge pull request TencentBlueKing#93 from Canway-shiisa/development

fix: 审计支持失败记录 TencentBlueKing#71
yuri0528 · Oct 26, 2021 · 2d9c70d · 2d9c70d
2 parents 02f3f01 + f5c0cbe
commit 2d9c70d
Show file tree

Hide file tree

Showing 8 changed files with 101 additions and 10 deletions.
diff --git a/src/api/bkuser_core/audit/constants.py b/src/api/bkuser_core/audit/constants.py
@@ -14,7 +14,6 @@
 
 RESET_PASSWORD_VAILD_MINUTES = 3 * 60
 
-
 TOKEN_IS_OK = 0
 TOKEN_USED_CODE = 10000
 TOKEN_EXPIRED_CODE = 10001
@@ -23,7 +22,6 @@
 
 
 class LogInFailReasonEnum(AutoLowerEnum):
-
     BAD_PASSWORD = auto()
     EXPIRED_PASSWORD = auto()
     TOO_MANY_FAILURE = auto()
@@ -40,7 +38,6 @@ class LogInFailReasonEnum(AutoLowerEnum):
 
 
 class OperationEnum(AutoLowerEnum):
-
     CREATE = auto()
     UPDATE = auto()
     DELETE = auto()
@@ -61,3 +58,13 @@ class OperationEnum(AutoLowerEnum):
         (IMPORT, "导入"),
         (RESTORATION, "恢复"),
     )
+
+
+class OperationStatusEnum(AutoLowerEnum):
+    SUCCEED = auto()
+    FAILED = auto()
+
+    _choices_labels = (
+        (SUCCEED, "成功"),
+        (FAILED, "失败"),
+    )
diff --git a/src/api/bkuser_core/audit/migrations/0004_auto_20211021_1852.py b/src/api/bkuser_core/audit/migrations/0004_auto_20211021_1852.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.5 on 2021-10-21 10:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('audit', '0003_auto_20210516_1652'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='generallog',
+            name='status',
+            field=models.CharField(choices=[('succeed', '成功'), ('failed', '失败')], default='successed', max_length=16, verbose_name='状态'),
+        ),
+    ]
diff --git a/src/api/bkuser_core/audit/models.py b/src/api/bkuser_core/audit/models.py
@@ -17,7 +17,7 @@
 from django.db import models
 from jsonfield import JSONField
 
-from .constants import LogInFailReasonEnum
+from .constants import LogInFailReasonEnum, OperationStatusEnum
 from .managers import LogInManager, ResetPasswordManager
 
 
@@ -60,6 +60,8 @@ class Meta:
 class GeneralLog(Log):
     """通用操作日志"""
 
+    status = models.CharField("状态", max_length=16, choices=OperationStatusEnum.get_choices())
+
 
 class ApiRequest(Log):
     """API 请求日志"""

diff --git a/src/api/bkuser_core/audit/serializers.py b/src/api/bkuser_core/audit/serializers.py
@@ -18,6 +18,7 @@ class GeneralLogSerializer(CustomFieldsMixin, serializers.Serializer):
     extra_value = serializers.JSONField(help_text=_("额外信息"))
     operator = serializers.CharField(help_text=_("操作者"))
     create_time = serializers.DateTimeField(help_text=_("创建时间"))
+    status = serializers.CharField(help_text=_("状态"))
 
 
 class LoginLogSerializer(CustomFieldsMixin, serializers.Serializer):

diff --git a/src/api/bkuser_core/audit/utils.py b/src/api/bkuser_core/audit/utils.py
@@ -13,8 +13,9 @@
 
 from django.conf import settings
 
+from ..common.error_codes import CoreAPIError
 from . import models
-from .constants import OperationEnum
+from .constants import OperationEnum, OperationStatusEnum
 from .models import GeneralLog, ProfileRelatedLog
 
 if TYPE_CHECKING:
@@ -46,6 +47,7 @@ def create_general_log(
     operator: str,
     operate_type: str,
     operator_obj: Any,
+    status: str = OperationStatusEnum.SUCCEED.value,
     extra_info: Dict = None,
     request=None,
 ) -> Optional[GeneralLog]:
@@ -77,7 +79,7 @@ def create_general_log(
         operator_obj,
         operator_obj.__class__.__name__,
     )
-    return GeneralLog.objects.create(operator=operator, extra_value=extra_value)
+    return GeneralLog.objects.create(operator=operator, extra_value=extra_value, status=status)
 
 
 def create_profile_log(
@@ -93,3 +95,27 @@ def create_profile_log(
         raise ValueError("unknown operation for profile log")
     except Exception:
         raise ValueError("operation is not a profile log type")
+
+
+def audit_error_general_log(operate_type):
+    """定义捕获异常的审计日志装饰器"""
+
+    def catch_exc(func):
+        def _catch_exc(self, request, *args, **kwargs):
+            try:
+                func(self, request, *args, **kwargs)
+
+            except CoreAPIError as e:
+                create_general_log(
+                    operator=request.operator,
+                    operate_type=operate_type,
+                    operator_obj=self.get_object(),
+                    request=request,
+                    status=OperationStatusEnum.FAILED.value,
+                    extra_info={"failed_info": f"{e.message}"},
+                )
+                return
+
+        return _catch_exc
+
+    return catch_exc
diff --git a/src/api/bkuser_core/categories/views.py b/src/api/bkuser_core/categories/views.py
@@ -12,7 +12,7 @@
 from typing import List
 
 from bkuser_core.audit.constants import OperationEnum
-from bkuser_core.audit.utils import create_general_log
+from bkuser_core.audit.utils import audit_error_general_log, create_general_log
 from bkuser_core.bkiam.permissions import IAMAction, IAMHelper, IAMPermissionExtraInfo, need_iam
 from bkuser_core.categories.constants import CategoryType, SyncTaskType
 from bkuser_core.categories.exceptions import ExistsSyncingTaskError, FetchDataFromRemoteFailed
@@ -118,15 +118,13 @@ def create(self, request, *args, **kwargs):
         max_order = ProfileCategory.objects.get_max_order()
         instance.order = max_order + 1
         instance.save(update_fields=["order"])
-
         post_category_create.send(sender=self, category=instance, creator=request.operator)
         create_general_log(
             operator=request.operator,
             operate_type=OperationEnum.CREATE.value,
             operator_obj=instance,
             request=request,
         )
-
         return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
 
     def get_serializer(self, *args, **kwargs):
@@ -135,6 +133,7 @@ def get_serializer(self, *args, **kwargs):
         else:
             return self.serializer_class(*args, **kwargs)
 
+    @audit_error_general_log(operate_type=OperationEnum.UPDATE.value)
     @method_decorator(clear_cache_if_succeed)
     def update(self, request, *args, **kwargs):
         """
@@ -170,6 +169,7 @@ def update(self, request, *args, **kwargs):
 
         return Response(serializer.data)
 
+    @audit_error_general_log(operate_type=OperationEnum.DELETE.value)
     def destroy(self, request, *args, **kwargs):
         """
         删除用户目录
@@ -179,6 +179,12 @@ def destroy(self, request, *args, **kwargs):
             raise error_codes.CANNOT_DELETE_DEFAULT_CATEGORY
 
         post_category_delete.send(sender=self, category=instance, operator=request.operator)
+        create_general_log(
+            operator=request.operator,
+            operate_type=OperationEnum.DELETE.value,
+            operator_obj=instance,
+            request=request,
+        )
         return super().destroy(request, *args, **kwargs)
 
     @swagger_auto_schema(
@@ -257,6 +263,7 @@ def test_fetch_data(self, request, lookup_value):
 
         return Response()
 
+    @audit_error_general_log(operate_type=OperationEnum.SYNC.value)
     @method_decorator(clear_cache_if_succeed)
     @swagger_auto_schema(request_body=CategorySyncSerializer, responses={"200": CategorySyncResponseSLZ()})
     def sync(self, request, lookup_value):
@@ -303,6 +310,7 @@ class CategoryFileViewSet(AdvancedModelViewSet, AdvancedListAPIView):
     lookup_field = "id"
     ordering = ["-create_time"]
 
+    @audit_error_general_log(operate_type=OperationEnum.IMPORT.value)
     @method_decorator(clear_cache_if_succeed)
     @swagger_auto_schema(request_body=CategorySyncSerializer, responses={"200": EmptySerializer()})
     def import_data_file(self, request, lookup_value):

diff --git a/src/api/bkuser_core/common/viewset.py b/src/api/bkuser_core/common/viewset.py
@@ -14,7 +14,7 @@
 from operator import or_
 from typing import Any, Dict, List, Optional
 
-from bkuser_core.audit.constants import OperationEnum
+from bkuser_core.audit.constants import OperationEnum, OperationStatusEnum
 from bkuser_core.audit.utils import create_general_log
 from bkuser_core.bkiam.exceptions import IAMPermissionDenied
 from bkuser_core.bkiam.filters import IAMFilter
@@ -324,6 +324,17 @@ def restoration(self, request, lookup_value):
             instance.enable()
         except Exception as why:
             # TODO: 基于 issue71 更新操作日志
+            create_general_log(
+                operator=request.operator,
+                operate_type=OperationEnum.RESTORATION.value,
+                operator_obj=instance,
+                request=request,
+                status=OperationStatusEnum.FAILED.value,
+                extra_info={
+                    "action": f"restoration {instance._meta.model_name}.{self.lookup_field}-{lookup_value}",
+                    "FAILED_info": f"{why}",
+                },
+            )
             logger.exception("failed to restoration instance: %s, error: %s", instance, why)
         else:
             create_general_log(

diff --git a/src/api/bkuser_core/user_settings/migrations/0009_alter_settingmeta_category_type.py b/src/api/bkuser_core/user_settings/migrations/0009_alter_settingmeta_category_type.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.5 on 2021-09-26 11:08
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('user_settings', '0008_auto_20210706_1702'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='settingmeta',
+            name='category_type',
+            field=models.CharField(choices=[('local', '本地目录'), ('mad', 'Microsoft Active Directory'), ('ldap', 'OpenLDAP'), ('tof', 'TOF'), ('custom', '自定义目录'), ('pluggable', '可插拔目录')], max_length=32, verbose_name='类型'),
+        ),
+    ]