move all AuditLog.audit! calls to templates

nerves-hub · Dec 18, 2024 · 86a718e · 86a718e
1 parent 1d0967e
commit 86a718e
Show file tree

Hide file tree

Showing 10 changed files with 133 additions and 98 deletions.
diff --git a/lib/nerves_hub/audit_logs/templates.ex b/lib/nerves_hub/audit_logs/templates.ex
@@ -3,6 +3,38 @@ defmodule NervesHub.AuditLogs.Templates do
 
   require Logger
 
+  ### RESOURCE: DEVICE
+
+  ## General
+
+  def audit_reboot(user, device) do
+    description = "#{user.name} rebooted device #{device.identifier}"
+    AuditLogs.audit!(user, device, description)
+  end
+
+  def audit_request_action(user, device, action) do
+    description = "#{user.name} requested the device (#{device.identifier}) #{action}"
+    AuditLogs.audit!(user, device, description)
+  end
+
+  def audit_unsupported_api_version(device) do
+    description =
+      "device #{device.identifier} could not get extensions: Unsupported API version."
+
+    AuditLogs.audit!(device, device, description)
+    Logger.info("[DeviceChannel] #{description}")
+  end
+
+  ## Firmware and upgrades
+  # Deprecated?
+  def audit_device_assigned(device, reference_id) do
+    description =
+      "device #{device.identifier} reloaded deployment and is attached to deployment #{device.deployment.name}"
+
+    AuditLogs.audit_with_ref!(device, device, description, reference_id)
+  end
+
+  # Deprecated?
   def audit_resolve_changed_deployment(device, reference_id) do
     description =
       if device.deployment_id do
@@ -14,6 +46,46 @@ defmodule NervesHub.AuditLogs.Templates do
     AuditLogs.audit_with_ref!(device, device, description, reference_id)
   end
 
+  def audit_update_attempt(device) do
+    description = "device #{device.identifier} is attempting to update"
+    AuditLogs.audit(device, device, description)
+  end
+
+  def audit_pushed_available_update(user, device, deployment) do
+    description =
+      "#{user.name} pushed available firmware update #{deployment.firmware.version} #{deployment.firmware.uuid} to device #{device.identifier}"
+
+    AuditLogs.audit!(user, device, description)
+  end
+
+  def audit_firmware_pushed(user, device, firmware) do
+    description =
+      "#{user.name} pushed firmware #{firmware.version} #{firmware.uuid} to device #{device.identifier}"
+
+    AuditLogs.audit!(user, device, description)
+  end
+
+  def audit_firmware_metadata_updated(device) do
+    description = "device #{device.identifier} updated firmware metadata"
+    AuditLogs.audit!(device, device, description)
+  end
+
+  def audit_firmware_upgrade_blocked(deployment, device) do
+    description = """
+    Device #{device.identifier} automatically blocked firmware upgrades for #{deployment.penalty_timeout_minutes} minutes.
+    Device failure rate met for firmware #{deployment.firmware.uuid} in deployment #{deployment.name}.
+    """
+
+    AuditLogs.audit!(deployment, device, description)
+  end
+
+  def audit_firmware_updated(device) do
+    description =
+      "device #{device.identifier} firmware set to version #{device.firmware_metadata.version} (#{device.firmware_metadata.uuid})"
+
+    AuditLogs.audit!(device, device, description)
+  end
+
   def audit_device_deployment_update_triggered(device, reference_id) do
     deployment = device.deployment
     firmware = deployment.firmware
@@ -24,18 +96,37 @@ defmodule NervesHub.AuditLogs.Templates do
     AuditLogs.audit_with_ref!(deployment, device, description, reference_id)
   end
 
-  def audit_device_assigned(device, reference_id) do
-    description =
-      "device #{device.identifier} reloaded deployment and is attached to deployment #{device.deployment.name}"
+  ### RESOUCE: DEPLOYMENT
 
-    AuditLogs.audit_with_ref!(device, device, description, reference_id)
+  def audit_deployment_created(user, deployment) do
+    description = "#{user.name} created deployment #{deployment.name}"
+    AuditLogs.audit!(user, deployment, description)
   end
 
-  def audit_unsupported_api_version(device) do
+  def audit_deployment_updated(user, deployment) do
+    description = "#{user.name} updated deployment #{deployment.name}"
+    AuditLogs.audit!(user, deployment, description)
+  end
+
+  def audit_deployment_deleted(user, deployment) do
+    description = "#{user.name} deleted deployment #{deployment.name}"
+    AuditLogs.audit!(user, deployment, description)
+  end
+
+  def audit_deployment_toggle_active(user, deployment, status) do
+    description = "#{user.name} marked deployment #{deployment.name} #{status}"
+    AuditLogs.audit!(user, deployment, description)
+  end
+
+  def audit_deployment_mismatch(device, deployment, reason) do
     description =
-      "device #{device.identifier} could not get extensions: Unsupported API version."
+      "device no longer matches deployment #{deployment.name}'s requirements because of #{reason}"
 
-    AuditLogs.audit!(device, device, description)
-    Logger.info("[DeviceChannel] #{description}")
+    AuditLogs.audit!(device, deployment, description)
+  end
+
+  def audit_deployment_change(deployment, change_string) do
+    description = "deployment #{deployment.name} #{change_string}"
+    AuditLogs.audit!(deployment, deployment, description)
   end
 end
diff --git a/lib/nerves_hub/deployments.ex b/lib/nerves_hub/deployments.ex
@@ -3,7 +3,7 @@ defmodule NervesHub.Deployments do
 
   require Logger
 
-  alias NervesHub.AuditLogs
+  alias NervesHub.AuditLogs.Templates
   alias NervesHub.Deployments.Deployment
   alias NervesHub.Deployments.InflightDeploymentCheck
   alias NervesHub.Devices.Device
@@ -177,16 +177,13 @@ defmodule NervesHub.Deployments do
         payload = %{archive_id: archive_id}
         _ = broadcast(deployment, "archives/updated", payload)
 
-        description = "deployment #{deployment.name} has a new archive"
-        AuditLogs.audit!(deployment, deployment, description)
+        Templates.audit_deployment_change(deployment, "has a new archive")
 
       {:conditions, _new_conditions} ->
-        description = "deployment #{deployment.name} conditions changed"
-        AuditLogs.audit!(deployment, deployment, description)
+        Templates.audit_deployment_change(deployment, "conditions changed")
 
       {:is_active, is_active} when is_active != true ->
-        description = "deployment #{deployment.name} is inactive"
-        AuditLogs.audit!(deployment, deployment, description)
+        Templates.audit_deployment_change(deployment, "is inactive")
 
       _ ->
         :ignore
@@ -331,11 +328,7 @@ defmodule NervesHub.Deployments do
         |> Ecto.Changeset.change(%{deployment_id: nil})
         |> Repo.update!()
 
-      AuditLogs.audit!(
-        device,
-        device,
-        "device no longer matches deployment #{deployment.name}'s requirements because of #{reason}"
-      )
+      Templates.audit_deployment_mismatch(device, deployment, reason)
     else
       device
     end

diff --git a/lib/nerves_hub/devices.ex b/lib/nerves_hub/devices.ex
@@ -8,6 +8,7 @@ defmodule NervesHub.Devices do
   alias NervesHub.Accounts.OrgKey
   alias NervesHub.Accounts.User
   alias NervesHub.AuditLogs
+  alias NervesHub.AuditLogs.Templates
   alias NervesHub.Certificate
   alias NervesHub.Deployments.Deployment
   alias NervesHub.Deployments.Orchestrator
@@ -790,8 +791,7 @@ defmodule NervesHub.Devices do
   end
 
   def update_firmware_metadata(device, metadata) do
-    description = "device #{device.identifier} updated firmware metadata"
-    AuditLogs.audit!(device, device, description)
+    Templates.audit_firmware_metadata_updated(device)
     update_device(device, %{firmware_metadata: metadata})
   end
 
@@ -941,12 +941,7 @@ defmodule NervesHub.Devices do
           |> DateTime.truncate(:second)
           |> DateTime.add(deployment.penalty_timeout_minutes * 60, :second)
 
-        description = """
-        Device #{device.identifier} automatically blocked firmware upgrades for #{deployment.penalty_timeout_minutes} minutes.
-        Device failure rate met for firmware #{deployment.firmware.uuid} in deployment #{deployment.name}.
-        """
-
-        AuditLogs.audit!(deployment, device, description)
+        Templates.audit_firmware_upgrade_blocked(deployment, device)
         clear_inflight_update(device)
 
         {:ok, device} = update_device(device, %{updates_blocked_until: blocked_until})
@@ -959,12 +954,7 @@ defmodule NervesHub.Devices do
           |> DateTime.truncate(:second)
           |> DateTime.add(deployment.penalty_timeout_minutes * 60, :second)
 
-        description = """
-        Device #{device.identifier} automatically blocked firmware upgrades for #{deployment.penalty_timeout_minutes} minutes.
-        Device failure threshold met for firmware #{deployment.firmware.uuid} in deployment #{deployment.name}.
-        """
-
-        AuditLogs.audit!(deployment, device, description)
+        Templates.audit_firmware_upgrade_blocked(deployment, device)
         clear_inflight_update(device)
 
         {:ok, device} = update_device(device, %{updates_blocked_until: blocked_until})
@@ -987,8 +977,7 @@ defmodule NervesHub.Devices do
     Multi.new()
     |> Multi.update(:device, changeset)
     |> Multi.run(:audit_device, fn _, _ ->
-      description = "device #{device.identifier} is attempting to update"
-      AuditLogs.audit(device, device, description)
+      Templates.audit_update_attempt(device)
     end)
     |> Repo.transaction()
     |> case do
@@ -1006,10 +995,7 @@ defmodule NervesHub.Devices do
       firmware_uuid: device.firmware_metadata.uuid
     })
 
-    description =
-      "device #{device.identifier} firmware set to version #{device.firmware_metadata.version} (#{device.firmware_metadata.uuid})"
-
-    AuditLogs.audit!(device, device, description)
+    Templates.audit_firmware_updated(device)
 
     # Clear the inflight update, no longer inflight!
     inflight_update =

diff --git a/lib/nerves_hub_web/controllers/api/deployment_controller.ex b/lib/nerves_hub_web/controllers/api/deployment_controller.ex
@@ -1,7 +1,7 @@
 defmodule NervesHubWeb.API.DeploymentController do
   use NervesHubWeb, :api_controller
 
-  alias NervesHub.AuditLogs
+  alias NervesHub.AuditLogs.Templates
   alias NervesHub.Deployments
   alias NervesHub.Deployments.Deployment
   alias NervesHub.Firmwares
@@ -29,11 +29,7 @@ defmodule NervesHubWeb.API.DeploymentController do
              params <- Map.put(params, "org_id", org.id),
              params <- whitelist(params, @whitelist_fields),
              {:ok, deployment} <- Deployments.create_deployment(params) do
-          AuditLogs.audit!(
-            user,
-            deployment,
-            "#{user.name} created deployment #{deployment.name}"
-          )
+          Templates.audit_deployment_created(user, deployment)
 
           conn
           |> put_status(:created)
@@ -61,11 +57,7 @@ defmodule NervesHubWeb.API.DeploymentController do
          deployment_params <- whitelist(deployment_params, @whitelist_fields),
          {:ok, %Deployment{} = updated_deployment} <-
            Deployments.update_deployment(deployment, deployment_params) do
-      AuditLogs.audit!(
-        user,
-        deployment,
-        "#{user.name} updated deployment #{deployment.name}"
-      )
+      Templates.audit_deployment_updated(user, deployment)
 
       render(conn, "show.json", deployment: updated_deployment)
     end

diff --git a/lib/nerves_hub_web/controllers/api/device_controller.ex b/lib/nerves_hub_web/controllers/api/device_controller.ex
@@ -2,7 +2,7 @@ defmodule NervesHubWeb.API.DeviceController do
   use NervesHubWeb, :api_controller
 
   alias NervesHub.Accounts
-  alias NervesHub.AuditLogs
+  alias NervesHub.AuditLogs.Templates
   alias NervesHub.Devices
   alias NervesHub.Devices.DeviceCertificate
   alias NervesHub.Devices.UpdatePayload
@@ -117,8 +117,7 @@ defmodule NervesHubWeb.API.DeviceController do
     case Devices.get_by_identifier(identifier) do
       {:ok, device} ->
         if Accounts.has_org_role?(device.org, user, :manage) do
-          message = "#{user.name} rebooted device #{device.identifier}"
-          AuditLogs.audit!(user, device, message)
+          Templates.audit_reboot(user, device)
 
           _ = Endpoint.broadcast_from(self(), "device:#{device.id}", "reboot", %{})
 
@@ -205,10 +204,7 @@ defmodule NervesHubWeb.API.DeviceController do
           {:ok, device} = Devices.disable_updates(device, user)
           device = Repo.preload(device, [:device_certificates])
 
-          description =
-            "#{user.name} pushed firmware #{firmware.version} #{firmware.uuid} to device #{device.identifier}"
-
-          AuditLogs.audit!(user, device, description)
+          Templates.audit_firmware_pushed(user, device, firmware)
 
           payload = %UpdatePayload{
             update_available: true,

diff --git a/lib/nerves_hub_web/live/deployments/edit.ex b/lib/nerves_hub_web/live/deployments/edit.ex
@@ -2,7 +2,7 @@ defmodule NervesHubWeb.Live.Deployments.Edit do
   use NervesHubWeb, :updated_live_view
 
   alias NervesHub.Archives
-  alias NervesHub.AuditLogs
+  alias NervesHub.AuditLogs.Templates
   alias NervesHub.Deployments
   alias NervesHub.Deployments.Deployment
   alias NervesHub.Firmwares
@@ -46,11 +46,7 @@ defmodule NervesHubWeb.Live.Deployments.Edit do
       {:ok, updated} ->
         # Use original deployment so changes will get
         # marked in audit log
-        AuditLogs.audit!(
-          user,
-          updated,
-          "#{user.name} updated deployment #{updated.name}"
-        )
+        Templates.audit_deployment_updated(user, updated)
 
         socket
         |> put_flash(:info, "Deployment updated")

diff --git a/lib/nerves_hub_web/live/deployments/new.ex b/lib/nerves_hub_web/live/deployments/new.ex
@@ -1,7 +1,7 @@
 defmodule NervesHubWeb.Live.Deployments.New do
   use NervesHubWeb, :updated_live_view
 
-  alias NervesHub.AuditLogs
+  alias NervesHub.AuditLogs.Templates
   alias NervesHub.Deployments
   alias NervesHub.Deployments.Deployment
   alias NervesHub.Firmwares
@@ -80,11 +80,7 @@ defmodule NervesHubWeb.Live.Deployments.New do
         |> noreply()
 
       {_, {:ok, deployment}} ->
-        AuditLogs.audit!(
-          user,
-          deployment,
-          "#{user.name} created deployment #{deployment.name}"
-        )
+        Templates.audit_deployment_created(user, deployment)
 
         socket
         |> put_flash(:info, "Deployment created")

diff --git a/lib/nerves_hub_web/live/deployments/show.ex b/lib/nerves_hub_web/live/deployments/show.ex
@@ -2,6 +2,7 @@ defmodule NervesHubWeb.Live.Deployments.Show do
   use NervesHubWeb, :updated_live_view
 
   alias NervesHub.AuditLogs
+  alias NervesHub.AuditLogs.Templates
   alias NervesHub.Deployments
   alias NervesHub.Deployments.Deployment
   alias NervesHub.Devices
@@ -64,8 +65,7 @@ defmodule NervesHubWeb.Live.Deployments.Show do
     {:ok, deployment} = Deployments.update_deployment(deployment, %{is_active: value})
 
     active_str = if value, do: "active", else: "inactive"
-    description = "#{user.name} marked deployment #{deployment.name} #{active_str}"
-    AuditLogs.audit!(user, deployment, description)
+    Templates.audit_deployment_toggle_active(user, deployment, active_str)
 
     socket
     |> put_flash(:info, "Deployment set #{active_str}")
@@ -78,12 +78,10 @@ defmodule NervesHubWeb.Live.Deployments.Show do
 
     %{deployment: deployment, org: org, product: product, user: user} = socket.assigns
 
-    description = "#{user.name} deleted deployment #{deployment.name}"
-
-    AuditLogs.audit!(user, deployment, description)
-
     {:ok, _} = Deployments.delete_deployment(deployment)
 
+    Templates.audit_deployment_deleted(user, deployment)
+
     socket
     |> put_flash(:info, "Deployment successfully deleted")
     |> push_navigate(to: ~p"/org/#{org.name}/#{product.name}/deployments")