diff --git a/lib/nerves_hub/audit_logs/templates.ex b/lib/nerves_hub/audit_logs/templates.ex deleted file mode 100644 index 0215e26a0..000000000 --- a/lib/nerves_hub/audit_logs/templates.ex +++ /dev/null @@ -1,72 +0,0 @@ -defmodule NervesHub.AuditLogs.Templates do - alias NervesHub.Accounts.User - alias NervesHub.AuditLogs - alias NervesHub.AuditLogs.AuditLog - alias NervesHub.Deployments.Deployment - alias NervesHub.Devices.Device - - require Logger - - def audit_resolve_changed_deployment(device, reference_id) do - description = - if device.deployment_id do - "device #{device.identifier} reloaded deployment and is attached to deployment #{device.deployment.name}" - else - "device #{device.identifier} reloaded deployment and is no longer attached to a deployment" - end - - AuditLogs.audit_with_ref!(device, device, description, reference_id) - end - - def audit_device_deployment_update_triggered(device, reference_id) do - deployment = device.deployment - firmware = deployment.firmware - - description = - "deployment #{deployment.name} update triggered device #{device.identifier} to update firmware #{firmware.uuid}" - - AuditLogs.audit_with_ref!(deployment, device, description, reference_id) - end - - def audit_device_assigned(device, reference_id) do - description = - "device #{device.identifier} reloaded deployment and is attached to deployment #{device.deployment.name}" - - AuditLogs.audit_with_ref!(device, device, description, reference_id) - end - - def audit_unsupported_api_version(device) do - description = - "device #{device.identifier} could not get extensions: Unsupported API version." - - AuditLogs.audit!(device, device, description) - Logger.info("[DeviceChannel] #{description}") - end - - @spec audit_device_deployment_update(User.t(), Device.t(), Deployment.t()) :: AuditLog.t() - def audit_device_deployment_update(user, device, deployment) do - AuditLogs.audit!( - user, - device, - "#{user.name} set #{device.identifier}'s deployment to #{deployment.name}" - ) - end - - @spec audit_device_deployment_update(Device.t(), Deployment.t(), :one_found | :multiple_found) :: - AuditLog.t() - def audit_set_deployment(device, deployment, :one_found) do - AuditLogs.audit!( - device, - device, - "Updating #{device.identifier}'s deployment to #{deployment.name}" - ) - end - - def audit_set_deployment(device, deployment, :multiple_found) do - AuditLogs.audit!( - device, - device, - "Multiple matching deployments found, updating #{device.identifier}'s deployment to #{deployment.name}" - ) - end -end diff --git a/lib/nerves_hub/audit_logs/templates/deployment_templates.ex b/lib/nerves_hub/audit_logs/templates/deployment_templates.ex new file mode 100644 index 000000000..0c6ef90d6 --- /dev/null +++ b/lib/nerves_hub/audit_logs/templates/deployment_templates.ex @@ -0,0 +1,47 @@ +defmodule NervesHub.AuditLogs.DeploymentTemplates do + @moduledoc """ + Templates for and handling of audit logging for deployment operations. + """ + alias NervesHub.Accounts.User + alias NervesHub.AuditLogs + alias NervesHub.AuditLogs.AuditLog + alias NervesHub.Deployments.Deployment + + @spec audit_deployment_created(User.t(), Deployment.t()) :: AuditLog.t() + def audit_deployment_created(user, deployment) do + description = "User #{user.name} created deployment #{deployment.name}" + AuditLogs.audit!(user, deployment, description) + end + + @spec audit_deployment_updated(User.t(), Deployment.t()) :: AuditLog.t() + def audit_deployment_updated(user, deployment) do + description = "User #{user.name} updated deployment #{deployment.name}" + AuditLogs.audit!(user, deployment, description) + end + + @spec audit_deployment_deleted(User.t(), Deployment.t()) :: AuditLog.t() + def audit_deployment_deleted(user, deployment) do + description = "User #{user.name} deleted deployment #{deployment.name}" + AuditLogs.audit!(user, deployment, description) + end + + @spec audit_deployment_toggle_active(User.t(), Deployment.t(), String.t()) :: AuditLog.t() + def audit_deployment_toggle_active(user, deployment, status) do + description = "User #{user.name} marked deployment #{deployment.name} #{status}" + AuditLogs.audit!(user, deployment, description) + end + + @spec audit_deployment_mismatch(Device.t(), Deployment.t(), String.t()) :: AuditLog.t() + def audit_deployment_mismatch(device, deployment, reason) do + description = + "Device no longer matches deployment #{deployment.name}'s requirements because of #{reason}" + + AuditLogs.audit!(device, deployment, description) + end + + @spec audit_deployment_change(Deployment.t(), String.t()) :: AuditLog.t() + def audit_deployment_change(deployment, change_string) do + description = "Deployment #{deployment.name} #{change_string}" + AuditLogs.audit!(deployment, deployment, description) + end +end diff --git a/lib/nerves_hub/audit_logs/templates/device_templates.ex b/lib/nerves_hub/audit_logs/templates/device_templates.ex new file mode 100644 index 000000000..e9ad99ab9 --- /dev/null +++ b/lib/nerves_hub/audit_logs/templates/device_templates.ex @@ -0,0 +1,124 @@ +defmodule NervesHub.AuditLogs.DeviceTemplates do + @moduledoc """ + Templates for and handling of audit logging for device operations. + """ + alias NervesHub.Firmwares.Firmware + alias NervesHub.Accounts.User + alias NervesHub.AuditLogs + alias NervesHub.AuditLogs.AuditLog + alias NervesHub.Deployments.Deployment + alias NervesHub.Devices.Device + + require Logger + + ## General + + @spec audit_reboot(User.t(), Device.t()) :: AuditLog.t() + def audit_reboot(user, device) do + description = "User #{user.name} rebooted device #{device.identifier}" + AuditLogs.audit!(user, device, description) + end + + @spec audit_request_action(User.t(), Device.t(), String.t()) :: AuditLog.t() + def audit_request_action(user, device, action) do + description = "User #{user.name} requested the device (#{device.identifier}) #{action}" + AuditLogs.audit!(user, device, description) + end + + @spec audit_unsupported_api_version(Device.t()) :: AuditLog.t() + def audit_unsupported_api_version(device) do + description = + "Device #{device.identifier} could not get extensions: Unsupported API version." + + AuditLogs.audit!(device, device, description) + Logger.info("[DeviceChannel] #{description}") + end + + ## Firmware and upgrades + + @spec audit_update_attempt(Device.t()) :: AuditLog.t() + def audit_update_attempt(device) do + description = "Device #{device.identifier} is attempting to update" + AuditLogs.audit(device, device, description) + end + + @spec audit_pushed_available_update(User.t(), Device.t(), Deployment.t()) :: AuditLog.t() + def audit_pushed_available_update(user, device, deployment) do + description = + "User #{user.name} pushed available firmware update #{deployment.firmware.version} #{deployment.firmware.uuid} to device #{device.identifier}" + + AuditLogs.audit!(user, device, description) + end + + @spec audit_firmware_pushed(User.t(), Device.t(), Firmware.t()) :: AuditLog.t() + def audit_firmware_pushed(user, device, firmware) do + description = + "User #{user.name} pushed firmware #{firmware.version} #{firmware.uuid} to device #{device.identifier}" + + AuditLogs.audit!(user, device, description) + end + + @spec audit_firmware_metadata_updated(Device.t()) :: AuditLog.t() + def audit_firmware_metadata_updated(device) do + description = "Device #{device.identifier} updated firmware metadata" + AuditLogs.audit!(device, device, description) + end + + @spec audit_firmware_upgrade_blocked(Deployment.t(), Device.t()) :: AuditLog.t() + def audit_firmware_upgrade_blocked(deployment, device) do + description = """ + Device #{device.identifier} automatically blocked firmware upgrades for #{deployment.penalty_timeout_minutes} minutes. + Device failure rate met for firmware #{deployment.firmware.uuid} in deployment #{deployment.name}. + """ + + AuditLogs.audit!(deployment, device, description) + end + + @spec audit_firmware_updated(Device.t()) :: AuditLog.t() + def audit_firmware_updated(device) do + description = + "Device #{device.identifier} firmware set to version #{device.firmware_metadata.version} (#{device.firmware_metadata.uuid})" + + AuditLogs.audit!(device, device, description) + end + + @spec audit_device_deployment_update_triggered(Device.t(), UUIDv7.t()) :: AuditLog.t() + def audit_device_deployment_update_triggered(device, reference_id) do + deployment = device.deployment + firmware = deployment.firmware + + description = + "Deployment #{deployment.name} update triggered device #{device.identifier} to update firmware #{firmware.uuid}" + + AuditLogs.audit_with_ref!(deployment, device, description, reference_id) + end + + @spec audit_device_deployment_update(User.t(), Device.t(), Deployment.t()) :: AuditLog.t() + def audit_device_deployment_update(user, device, deployment) do + AuditLogs.audit!( + user, + device, + "User #{user.name} set #{device.identifier}'s deployment to #{deployment.name}" + ) + end + + @spec audit_device_deployment_update(Device.t(), Deployment.t(), :one_found | :multiple_found) :: + AuditLog.t() + def audit_set_deployment(device, deployment, :one_found) do + AuditLogs.audit!( + device, + device, + "Updating #{device.identifier}'s deployment to #{deployment.name}" + ) + end + + @spec audit_set_deployment(Device.t(), Deployment.t(), :one_found | :multiple_found) :: + AuditLog.t() + def audit_set_deployment(device, deployment, :multiple_found) do + AuditLogs.audit!( + device, + device, + "Multiple matching deployments found, updating #{device.identifier}'s deployment to #{deployment.name}" + ) + end +end diff --git a/lib/nerves_hub/deployments.ex b/lib/nerves_hub/deployments.ex index ed50ba733..b74eb73a6 100644 --- a/lib/nerves_hub/deployments.ex +++ b/lib/nerves_hub/deployments.ex @@ -3,8 +3,8 @@ defmodule NervesHub.Deployments do require Logger - alias NervesHub.AuditLogs - alias NervesHub.AuditLogs.Templates + alias NervesHub.AuditLogs.DeploymentTemplates + alias NervesHub.AuditLogs.DeviceTemplates alias NervesHub.Deployments.Deployment alias NervesHub.Deployments.InflightDeploymentCheck alias NervesHub.Devices @@ -186,16 +186,13 @@ defmodule NervesHub.Deployments do payload = %{archive_id: archive_id} _ = broadcast(deployment, "archives/updated", payload) - description = "deployment #{deployment.name} has a new archive" - AuditLogs.audit!(deployment, deployment, description) + DeploymentTemplates.audit_deployment_change(deployment, "has a new archive") {:conditions, _new_conditions} -> - description = "deployment #{deployment.name} conditions changed" - AuditLogs.audit!(deployment, deployment, description) + DeploymentTemplates.audit_deployment_change(deployment, "conditions changed") {:is_active, is_active} when is_active != true -> - description = "deployment #{deployment.name} is inactive" - AuditLogs.audit!(deployment, deployment, description) + DeploymentTemplates.audit_deployment_change(deployment, "is inactive") _ -> :ignore @@ -338,13 +335,7 @@ defmodule NervesHub.Deployments do |> Ecto.Changeset.change(%{deployment_id: nil}) |> Repo.update!() - AuditLogs.audit!( - device, - device, - "device no longer matches deployment #{deployment.name}'s requirements because of #{reason}" - ) - - device + DeploymentTemplates.audit_deployment_mismatch(device, deployment, reason) else device end @@ -368,7 +359,7 @@ defmodule NervesHub.Deployments do [deployment] -> set_deployment_telemetry(:one_found, device, deployment) - Templates.audit_set_deployment(device, deployment, :one_found) + DeviceTemplates.audit_set_deployment(device, deployment, :one_found) device |> Devices.update_deployment(deployment) @@ -377,7 +368,7 @@ defmodule NervesHub.Deployments do [deployment | _] -> set_deployment_telemetry(:multiple_found, device, deployment) - Templates.audit_set_deployment(device, deployment, :multiple_found) + DeviceTemplates.audit_set_deployment(device, deployment, :multiple_found) device |> Devices.update_deployment(deployment) diff --git a/lib/nerves_hub/devices.ex b/lib/nerves_hub/devices.ex index 5ace2bb2c..ef77ff26d 100644 --- a/lib/nerves_hub/devices.ex +++ b/lib/nerves_hub/devices.ex @@ -8,6 +8,7 @@ defmodule NervesHub.Devices do alias NervesHub.Accounts.OrgKey alias NervesHub.Accounts.User alias NervesHub.AuditLogs + alias NervesHub.AuditLogs.DeviceTemplates alias NervesHub.Certificate alias NervesHub.Deployments.Deployment alias NervesHub.Deployments.Orchestrator @@ -681,8 +682,7 @@ defmodule NervesHub.Devices do end def update_firmware_metadata(device, metadata) do - description = "Device #{device.identifier} updated firmware metadata" - AuditLogs.audit!(device, device, description) + DeviceTemplates.audit_firmware_metadata_updated(device) update_device(device, %{firmware_metadata: metadata}) end @@ -840,12 +840,7 @@ defmodule NervesHub.Devices do |> DateTime.truncate(:second) |> DateTime.add(deployment.penalty_timeout_minutes * 60, :second) - description = """ - Device #{device.identifier} automatically blocked firmware upgrades for #{deployment.penalty_timeout_minutes} minutes. - Device failure rate met for firmware #{deployment.firmware.uuid} in deployment #{deployment.name}. - """ - - AuditLogs.audit!(deployment, device, description) + DeviceTemplates.audit_firmware_upgrade_blocked(deployment, device) clear_inflight_update(device) {:ok, device} = update_device(device, %{updates_blocked_until: blocked_until}) @@ -858,12 +853,7 @@ defmodule NervesHub.Devices do |> DateTime.truncate(:second) |> DateTime.add(deployment.penalty_timeout_minutes * 60, :second) - description = """ - Device #{device.identifier} automatically blocked firmware upgrades for #{deployment.penalty_timeout_minutes} minutes. - Device failure threshold met for firmware #{deployment.firmware.uuid} in deployment #{deployment.name}. - """ - - AuditLogs.audit!(deployment, device, description) + DeviceTemplates.audit_firmware_upgrade_blocked(deployment, device) clear_inflight_update(device) {:ok, device} = update_device(device, %{updates_blocked_until: blocked_until}) @@ -886,8 +876,7 @@ defmodule NervesHub.Devices do Multi.new() |> Multi.update(:device, changeset) |> Multi.run(:audit_device, fn _, _ -> - description = "device #{device.identifier} is attempting to update" - AuditLogs.audit(device, device, description) + DeviceTemplates.audit_update_attempt(device) end) |> Repo.transaction() |> case do @@ -905,10 +894,7 @@ defmodule NervesHub.Devices do firmware_uuid: device.firmware_metadata.uuid }) - description = - "Device #{device.identifier} firmware set to version #{device.firmware_metadata.version} (#{device.firmware_metadata.uuid})" - - AuditLogs.audit!(device, device, description) + DeviceTemplates.audit_firmware_updated(device) # Clear the inflight update, no longer inflight! inflight_update = @@ -964,7 +950,7 @@ defmodule NervesHub.Devices do _ = maybe_copy_firmware_keys(device, product.org) description = - "user #{user.name} moved device #{device.identifier} to #{product.org.name} : #{product.name}" + "User #{user.name} moved device #{device.identifier} to #{product.org.name} : #{product.name}" source_product = %Product{ id: device.product_id, @@ -1049,7 +1035,7 @@ defmodule NervesHub.Devices do end def clear_penalty_box(%Device{} = device, user) do - description = "user #{user.name} removed device #{device.identifier} from the penalty box" + description = "User #{user.name} removed device #{device.identifier} from the penalty box" params = %{updates_blocked_until: nil, update_attempts: []} update_device_with_audit(device, params, user, description) end diff --git a/lib/nerves_hub_web/channels/device_channel.ex b/lib/nerves_hub_web/channels/device_channel.ex index 29ed69a45..93486ab3a 100644 --- a/lib/nerves_hub_web/channels/device_channel.ex +++ b/lib/nerves_hub_web/channels/device_channel.ex @@ -11,7 +11,7 @@ defmodule NervesHubWeb.DeviceChannel do require Logger alias NervesHub.Archives - alias NervesHub.AuditLogs.Templates + alias NervesHub.AuditLogs.DeviceTemplates alias NervesHub.Deployments alias NervesHub.Devices alias NervesHub.Devices.Device @@ -68,7 +68,7 @@ defmodule NervesHubWeb.DeviceChannel do # so check version before requesting extensions if safe_to_request_extensions?(socket.assigns.device_api_version), do: push(socket, "extensions:get", %{}), - else: Templates.audit_unsupported_api_version(device) + else: DeviceTemplates.audit_unsupported_api_version(device) {:noreply, socket} end @@ -138,7 +138,10 @@ defmodule NervesHubWeb.DeviceChannel do # If we get here, the device is connected and high probability it receives # the update message so we can Audit and later assert on this audit event # as a loosely valid attempt to update - Templates.audit_device_deployment_update_triggered(device, socket.assigns.reference_id) + DeviceTemplates.audit_device_deployment_update_triggered( + device, + socket.assigns.reference_id + ) Devices.update_started!(inflight_update) push(socket, "update", payload) diff --git a/lib/nerves_hub_web/components/device_page/details.ex b/lib/nerves_hub_web/components/device_page/details.ex index c6352dd3e..314a37f3e 100644 --- a/lib/nerves_hub_web/components/device_page/details.ex +++ b/lib/nerves_hub_web/components/device_page/details.ex @@ -3,8 +3,7 @@ defmodule NervesHubWeb.Components.DevicePage.Details do require Logger - alias NervesHub.AuditLogs - alias NervesHub.AuditLogs.Templates + alias NervesHub.AuditLogs.DeviceTemplates alias NervesHub.Deployments alias NervesHub.Devices alias NervesHub.Devices.Alarms @@ -437,7 +436,7 @@ defmodule NervesHubWeb.Components.DevicePage.Details do deployment = Enum.find(eligible_deployments, &(&1.id == String.to_integer(deployment_id))) device = Devices.update_deployment(device, deployment) - _ = Templates.audit_device_deployment_update(user, device, deployment) + _ = DeviceTemplates.audit_device_deployment_update(user, device, deployment) send(self(), :reload_device) @@ -454,10 +453,7 @@ defmodule NervesHubWeb.Components.DevicePage.Details do deployment = NervesHub.Repo.preload(deployment, :firmware) - description = - "#{user.name} pushed available firmware update #{deployment.firmware.version} #{deployment.firmware.uuid} to device #{device.identifier}" - - AuditLogs.audit!(user, device, description) + DeviceTemplates.audit_pushed_available_update(user, device, deployment) case Devices.told_to_update(device, deployment) do {:ok, inflight_update} -> @@ -496,10 +492,7 @@ defmodule NervesHubWeb.Components.DevicePage.Details do {:ok, meta} = Firmwares.metadata_from_firmware(firmware) {:ok, device} = Devices.disable_updates(device, user) - description = - "User #{user.name} pushed firmware #{firmware.version} #{firmware.uuid} to device #{device.identifier}" - - AuditLogs.audit!(user, device, description) + DeviceTemplates.audit_firmware_pushed(user, device, firmware) payload = %UpdatePayload{ update_available: true, diff --git a/lib/nerves_hub_web/controllers/api/deployment_controller.ex b/lib/nerves_hub_web/controllers/api/deployment_controller.ex index bb5377a44..2c0860459 100644 --- a/lib/nerves_hub_web/controllers/api/deployment_controller.ex +++ b/lib/nerves_hub_web/controllers/api/deployment_controller.ex @@ -1,7 +1,7 @@ defmodule NervesHubWeb.API.DeploymentController do use NervesHubWeb, :api_controller - alias NervesHub.AuditLogs + alias NervesHub.AuditLogs.DeploymentTemplates alias NervesHub.Deployments alias NervesHub.Deployments.Deployment alias NervesHub.Firmwares @@ -29,11 +29,7 @@ defmodule NervesHubWeb.API.DeploymentController do params <- Map.put(params, "org_id", org.id), params <- whitelist(params, @whitelist_fields), {:ok, deployment} <- Deployments.create_deployment(params) do - AuditLogs.audit!( - user, - deployment, - "#{user.name} created deployment #{deployment.name}" - ) + DeploymentTemplates.audit_deployment_created(user, deployment) conn |> put_status(:created) @@ -61,11 +57,7 @@ defmodule NervesHubWeb.API.DeploymentController do deployment_params <- whitelist(deployment_params, @whitelist_fields), {:ok, %Deployment{} = updated_deployment} <- Deployments.update_deployment(deployment, deployment_params) do - AuditLogs.audit!( - user, - deployment, - "#{user.name} updated deployment #{deployment.name}" - ) + DeploymentTemplates.audit_deployment_updated(user, deployment) render(conn, "show.json", deployment: updated_deployment) end diff --git a/lib/nerves_hub_web/controllers/api/device_controller.ex b/lib/nerves_hub_web/controllers/api/device_controller.ex index c1696f89e..01339bd76 100644 --- a/lib/nerves_hub_web/controllers/api/device_controller.ex +++ b/lib/nerves_hub_web/controllers/api/device_controller.ex @@ -2,7 +2,7 @@ defmodule NervesHubWeb.API.DeviceController do use NervesHubWeb, :api_controller alias NervesHub.Accounts - alias NervesHub.AuditLogs + alias NervesHub.AuditLogs.DeviceTemplates alias NervesHub.Devices alias NervesHub.Devices.DeviceCertificate alias NervesHub.Devices.UpdatePayload @@ -117,8 +117,7 @@ defmodule NervesHubWeb.API.DeviceController do case Devices.get_by_identifier(identifier) do {:ok, device} -> if Accounts.has_org_role?(device.org, user, :manage) do - message = "#{user.name} rebooted device #{device.identifier}" - AuditLogs.audit!(user, device, message) + DeviceTemplates.audit_reboot(user, device) _ = Endpoint.broadcast_from(self(), "device:#{device.id}", "reboot", %{}) @@ -205,10 +204,7 @@ defmodule NervesHubWeb.API.DeviceController do {:ok, device} = Devices.disable_updates(device, user) device = Repo.preload(device, [:device_certificates]) - description = - "User #{user.name} pushed firmware #{firmware.version} #{firmware.uuid} to device #{device.identifier}" - - AuditLogs.audit!(user, device, description) + DeviceTemplates.audit_firmware_pushed(user, device, firmware) payload = %UpdatePayload{ update_available: true, diff --git a/lib/nerves_hub_web/live/deployments/edit.ex b/lib/nerves_hub_web/live/deployments/edit.ex index 4ed8fd17f..e54664893 100644 --- a/lib/nerves_hub_web/live/deployments/edit.ex +++ b/lib/nerves_hub_web/live/deployments/edit.ex @@ -2,7 +2,7 @@ defmodule NervesHubWeb.Live.Deployments.Edit do use NervesHubWeb, :updated_live_view alias NervesHub.Archives - alias NervesHub.AuditLogs + alias NervesHub.AuditLogs.DeploymentTemplates alias NervesHub.Deployments alias NervesHub.Deployments.Deployment alias NervesHub.Firmwares @@ -46,11 +46,7 @@ defmodule NervesHubWeb.Live.Deployments.Edit do {:ok, updated} -> # Use original deployment so changes will get # marked in audit log - AuditLogs.audit!( - user, - updated, - "#{user.name} updated deployment #{updated.name}" - ) + DeploymentTemplates.audit_deployment_updated(user, updated) socket |> put_flash(:info, "Deployment updated") diff --git a/lib/nerves_hub_web/live/deployments/new.ex b/lib/nerves_hub_web/live/deployments/new.ex index da8f3fdf9..dd3ddf112 100644 --- a/lib/nerves_hub_web/live/deployments/new.ex +++ b/lib/nerves_hub_web/live/deployments/new.ex @@ -1,7 +1,7 @@ defmodule NervesHubWeb.Live.Deployments.New do use NervesHubWeb, :updated_live_view - alias NervesHub.AuditLogs + alias NervesHub.AuditLogs.DeploymentTemplates alias NervesHub.Deployments alias NervesHub.Deployments.Deployment alias NervesHub.Firmwares @@ -81,11 +81,7 @@ defmodule NervesHubWeb.Live.Deployments.New do |> noreply() {_, {:ok, deployment}} -> - AuditLogs.audit!( - user, - deployment, - "#{user.name} created deployment #{deployment.name}" - ) + DeploymentTemplates.audit_deployment_created(user, deployment) socket |> put_flash(:info, "Deployment created") diff --git a/lib/nerves_hub_web/live/deployments/show.ex b/lib/nerves_hub_web/live/deployments/show.ex index 49cf78375..9e4e1fe5a 100644 --- a/lib/nerves_hub_web/live/deployments/show.ex +++ b/lib/nerves_hub_web/live/deployments/show.ex @@ -2,6 +2,7 @@ defmodule NervesHubWeb.Live.Deployments.Show do use NervesHubWeb, :updated_live_view alias NervesHub.AuditLogs + alias NervesHub.AuditLogs.DeploymentTemplates alias NervesHub.Deployments alias NervesHub.Deployments.Deployment alias NervesHub.Devices @@ -64,8 +65,7 @@ defmodule NervesHubWeb.Live.Deployments.Show do {:ok, deployment} = Deployments.update_deployment(deployment, %{is_active: value}) active_str = if value, do: "active", else: "inactive" - description = "#{user.name} marked deployment #{deployment.name} #{active_str}" - AuditLogs.audit!(user, deployment, description) + DeploymentTemplates.audit_deployment_toggle_active(user, deployment, active_str) socket |> put_flash(:info, "Deployment set #{active_str}") @@ -78,12 +78,10 @@ defmodule NervesHubWeb.Live.Deployments.Show do %{deployment: deployment, org: org, product: product, user: user} = socket.assigns - description = "#{user.name} deleted deployment #{deployment.name}" - - AuditLogs.audit!(user, deployment, description) - {:ok, _} = Deployments.delete_deployment(deployment) + DeploymentTemplates.audit_deployment_deleted(user, deployment) + socket |> put_flash(:info, "Deployment successfully deleted") |> push_navigate(to: ~p"/org/#{org.name}/#{product.name}/deployments") diff --git a/lib/nerves_hub_web/live/devices/index.ex b/lib/nerves_hub_web/live/devices/index.ex index b495db4ae..3d54ec9d6 100644 --- a/lib/nerves_hub_web/live/devices/index.ex +++ b/lib/nerves_hub_web/live/devices/index.ex @@ -5,7 +5,7 @@ defmodule NervesHubWeb.Live.Devices.Index do require OpenTelemetry.Tracer, as: Tracer - alias NervesHub.AuditLogs + alias NervesHub.AuditLogs.DeviceTemplates alias NervesHub.Devices alias NervesHub.Devices.Alarms alias NervesHub.Devices.Metrics @@ -373,7 +373,7 @@ defmodule NervesHubWeb.Live.Devices.Index do {:ok, device} = Devices.get_device_by_identifier(org, device_identifier) - AuditLogs.audit!(user, device, "#{user.name} rebooted device #{device.identifier}") + DeviceTemplates.audit_reboot(user, device) socket.endpoint.broadcast_from(self(), "device:#{device.id}", "reboot", %{}) diff --git a/lib/nerves_hub_web/live/devices/show.ex b/lib/nerves_hub_web/live/devices/show.ex index a8f82eec1..2b639e655 100644 --- a/lib/nerves_hub_web/live/devices/show.ex +++ b/lib/nerves_hub_web/live/devices/show.ex @@ -4,7 +4,7 @@ defmodule NervesHubWeb.Live.Devices.Show do require Logger alias NervesHub.AuditLogs - alias NervesHub.AuditLogs.Templates + alias NervesHub.AuditLogs.DeviceTemplates alias NervesHub.Deployments alias NervesHub.Devices alias NervesHub.Devices.Alarms @@ -191,7 +191,7 @@ defmodule NervesHubWeb.Live.Devices.Show do authorized!(:"device:reboot", org_user) - AuditLogs.audit!(user, device, "#{user.name} rebooted device #{device.identifier}") + DeviceTemplates.audit_reboot(user, device) socket.endpoint.broadcast_from(self(), "device:#{device.id}", "reboot", %{}) @@ -203,11 +203,7 @@ defmodule NervesHubWeb.Live.Devices.Show do authorized!(:"device:reconnect", org_user) - AuditLogs.audit!( - user, - device, - "User #{user.name} requested the device (#{device.identifier}) reconnect" - ) + DeviceTemplates.audit_request_action(user, device, "reconnect") socket.endpoint.broadcast("device_socket:#{device.id}", "disconnect", %{}) @@ -219,11 +215,7 @@ defmodule NervesHubWeb.Live.Devices.Show do authorized!(:"device:identify", org_user) - AuditLogs.audit!( - user, - device, - "User #{user.name} requested the device (#{device.identifier}) identify itself" - ) + DeviceTemplates.audit_request_action(user, device, "identify itself") socket.endpoint.broadcast_from(self(), "device:#{socket.assigns.device.id}", "identify", %{}) @@ -319,7 +311,7 @@ defmodule NervesHubWeb.Live.Devices.Show do ) do deployment = Enum.find(eligible_deployments, &(&1.id == String.to_integer(deployment_id))) device = Devices.update_deployment(device, deployment) - _ = Templates.audit_device_deployment_update(user, device, deployment) + _ = DeviceTemplates.audit_device_deployment_update(user, device, deployment) socket |> assign(:device, device) @@ -338,10 +330,7 @@ defmodule NervesHubWeb.Live.Devices.Show do {:ok, meta} = Firmwares.metadata_from_firmware(firmware) {:ok, device} = Devices.disable_updates(device, user) - description = - "User #{user.name} pushed firmware #{firmware.version} #{firmware.uuid} to device #{device.identifier}" - - AuditLogs.audit!(user, device, description) + DeviceTemplates.audit_firmware_pushed(user, device, firmware) payload = %UpdatePayload{ update_available: true, @@ -364,13 +353,10 @@ defmodule NervesHubWeb.Live.Devices.Show do deployment = NervesHub.Repo.preload(deployment, :firmware) - description = - "#{user.name} pushed available firmware update #{deployment.firmware.version} #{deployment.firmware.uuid} to device #{device.identifier}" - - AuditLogs.audit!(user, device, description) - case Devices.told_to_update(device, deployment) do {:ok, inflight_update} -> + DeviceTemplates.audit_pushed_available_update(user, device, deployment) + _ = NervesHubWeb.Endpoint.broadcast( "device:#{device.id}", diff --git a/test/nerves_hub_web/channels/websocket_test.exs b/test/nerves_hub_web/channels/websocket_test.exs index 70fac4342..8170137b9 100644 --- a/test/nerves_hub_web/channels/websocket_test.exs +++ b/test/nerves_hub_web/channels/websocket_test.exs @@ -797,7 +797,7 @@ defmodule NervesHubWeb.WebsocketTest do [log, _, _] = AuditLogs.logs_by(device) assert log.description == - "device no longer matches deployment Every Device's requirements because of mismatched architecture and platform" + "Device no longer matches deployment Every Device's requirements because of mismatched architecture and platform" SocketClient.clean_close(socket) end