[code-1524] audit trail for import repositories (#1209)

app/api/controller/repo/import.go

@@ -20,8 +20,12 @@ import (
 
 	"github.com/harness/gitness/app/api/controller/limiter"
 	"github.com/harness/gitness/app/auth"
+	"github.com/harness/gitness/app/paths"
 	"github.com/harness/gitness/app/services/importer"
+	"github.com/harness/gitness/audit"
 	"github.com/harness/gitness/types"
+
+	"github.com/rs/zerolog/log"
 )
 
 type ImportInput struct {
@@ -77,7 +81,12 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
 			return fmt.Errorf("failed to create repository in storage: %w", err)
 		}
 
-		err = c.importer.Run(ctx, provider, repo, remoteRepository.CloneURL, in.Pipelines)
+		err = c.importer.Run(ctx,
+			provider,
+			repo,
+			remoteRepository.CloneURL,
+			in.Pipelines,
+		)
 		if err != nil {
 			return fmt.Errorf("failed to start import repository job: %w", err)
 		}
@@ -90,6 +99,17 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
 
 	repo.GitURL = c.urlProvider.GenerateGITCloneURL(repo.Path)
 
+	err = c.auditService.Log(ctx,
+		session.Principal,
+		audit.NewResource(audit.ResourceTypeRepository, repo.Identifier),
+		audit.ActionCreated,
+		paths.Parent(repo.Path),
+		audit.WithNewObject(repo),
+	)
+	if err != nil {
+		log.Warn().Msgf("failed to insert audit log for import repository operation: %s", err)
+	}
+
 	return repo, nil
 }
 

app/api/controller/space/controller.go

@@ -24,6 +24,7 @@ import (
 	"github.com/harness/gitness/app/sse"
 	"github.com/harness/gitness/app/store"
 	"github.com/harness/gitness/app/url"
+	"github.com/harness/gitness/audit"
 	"github.com/harness/gitness/store/database/dbtx"
 	"github.com/harness/gitness/types"
 	"github.com/harness/gitness/types/check"
@@ -57,6 +58,7 @@ type Controller struct {
 	importer        *importer.Repository
 	exporter        *exporter.Repository
 	resourceLimiter limiter.ResourceLimiter
+	auditService    audit.Service
 }
 
 func NewController(config *types.Config, tx dbtx.Transactor, urlProvider url.Provider,
@@ -65,7 +67,7 @@ func NewController(config *types.Config, tx dbtx.Transactor, urlProvider url.Pro
 	connectorStore store.ConnectorStore, templateStore store.TemplateStore, spaceStore store.SpaceStore,
 	repoStore store.RepoStore, principalStore store.PrincipalStore, repoCtrl *repo.Controller,
 	membershipStore store.MembershipStore, importer *importer.Repository, exporter *exporter.Repository,
-	limiter limiter.ResourceLimiter,
+	limiter limiter.ResourceLimiter, auditService audit.Service,
 ) *Controller {
 	return &Controller{
 		nestedSpacesEnabled:           config.NestedSpacesEnabled,
@@ -88,5 +90,6 @@ func NewController(config *types.Config, tx dbtx.Transactor, urlProvider url.Pro
 		importer:                      importer,
 		exporter:                      exporter,
 		resourceLimiter:               limiter,
+		auditService:                  auditService,
 	}
 }

app/api/controller/space/import.go

@@ -21,8 +21,12 @@ import (
 	"github.com/harness/gitness/app/api/controller/limiter"
 	"github.com/harness/gitness/app/api/usererror"
 	"github.com/harness/gitness/app/auth"
+	"github.com/harness/gitness/app/paths"
 	"github.com/harness/gitness/app/services/importer"
+	"github.com/harness/gitness/audit"
 	"github.com/harness/gitness/types"
+
+	"github.com/rs/zerolog/log"
 )
 
 type ProviderInput struct {
@@ -64,6 +68,7 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
 
 	repoIDs := make([]int64, len(remoteRepositories))
 	cloneURLs := make([]string, len(remoteRepositories))
+	repos := make([]*types.Repository, 0, len(remoteRepositories))
 
 	var space *types.Space
 	err = c.tx.WithTx(ctx, func(ctx context.Context) error {
@@ -90,13 +95,19 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
 			if err != nil {
 				return fmt.Errorf("failed to create repository in storage: %w", err)
 			}
-
+			repos = append(repos, repo)
 			repoIDs[i] = repo.ID
 			cloneURLs[i] = remoteRepository.CloneURL
 		}
 
 		jobGroupID := fmt.Sprintf("space-import-%d", space.ID)
-		err = c.importer.RunMany(ctx, jobGroupID, provider, repoIDs, cloneURLs, in.Pipelines)
+		err = c.importer.RunMany(ctx,
+			jobGroupID,
+			provider,
+			repoIDs,
+			cloneURLs,
+			in.Pipelines,
+		)
 		if err != nil {
 			return fmt.Errorf("failed to start import repository jobs: %w", err)
 		}
@@ -107,6 +118,19 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
 		return nil, err
 	}
 
+	for _, repo := range repos {
+		err = c.auditService.Log(ctx,
+			session.Principal,
+			audit.NewResource(audit.ResourceTypeRepository, repo.Identifier),
+			audit.ActionCreated,
+			paths.Parent(repo.Path),
+			audit.WithNewObject(repo),
+		)
+		if err != nil {
+			log.Warn().Msgf("failed to insert audit log for import repository operation: %s", err)
+		}
+	}
+
 	return space, nil
 }
 

app/api/controller/space/import_repositories.go

@@ -23,7 +23,9 @@ import (
 	"github.com/harness/gitness/app/api/controller/limiter"
 	"github.com/harness/gitness/app/api/usererror"
 	"github.com/harness/gitness/app/auth"
+	"github.com/harness/gitness/app/paths"
 	"github.com/harness/gitness/app/services/importer"
+	"github.com/harness/gitness/audit"
 	"github.com/harness/gitness/store"
 	"github.com/harness/gitness/types"
 	"github.com/harness/gitness/types/enum"
@@ -133,7 +135,13 @@ func (c *Controller) ImportRepositories(
 		}
 
 		jobGroupID := fmt.Sprintf("space-import-%d", space.ID)
-		err = c.importer.RunMany(ctx, jobGroupID, provider, repoIDs, cloneURLs, in.Pipelines)
+		err = c.importer.RunMany(ctx,
+			jobGroupID,
+			provider,
+			repoIDs,
+			cloneURLs,
+			in.Pipelines,
+		)
 		if err != nil {
 			return fmt.Errorf("failed to start import repository jobs: %w", err)
 		}
@@ -144,5 +152,18 @@ func (c *Controller) ImportRepositories(
 		return ImportRepositoriesOutput{}, err
 	}
 
+	for _, repo := range repos {
+		err = c.auditService.Log(ctx,
+			session.Principal,
+			audit.NewResource(audit.ResourceTypeRepository, repo.Identifier),
+			audit.ActionCreated,
+			paths.Parent(repo.Path),
+			audit.WithNewObject(repo),
+		)
+		if err != nil {
+			log.Warn().Msgf("failed to insert audit log for import repository operation: %s", err)
+		}
+	}
+
 	return ImportRepositoriesOutput{ImportingRepos: repos, DuplicateRepos: duplicateRepos}, nil
 }

app/api/controller/space/wire.go

@@ -23,6 +23,7 @@ import (
 	"github.com/harness/gitness/app/sse"
 	"github.com/harness/gitness/app/store"
 	"github.com/harness/gitness/app/url"
+	"github.com/harness/gitness/audit"
 	"github.com/harness/gitness/store/database/dbtx"
 	"github.com/harness/gitness/types"
 	"github.com/harness/gitness/types/check"
@@ -41,11 +42,11 @@ func ProvideController(config *types.Config, tx dbtx.Transactor, urlProvider url
 	connectorStore store.ConnectorStore, templateStore store.TemplateStore,
 	spaceStore store.SpaceStore, repoStore store.RepoStore, principalStore store.PrincipalStore,
 	repoCtrl *repo.Controller, membershipStore store.MembershipStore, importer *importer.Repository,
-	exporter *exporter.Repository, limiter limiter.ResourceLimiter,
+	exporter *exporter.Repository, limiter limiter.ResourceLimiter, auditService audit.Service,
 ) *Controller {
 	return NewController(config, tx, urlProvider, sseStreamer, identifierCheck, authorizer,
 		spacePathStore, pipelineStore, secretStore,
 		connectorStore, templateStore,
 		spaceStore, repoStore, principalStore,
-		repoCtrl, membershipStore, importer, exporter, limiter)
+		repoCtrl, membershipStore, importer, exporter, limiter, auditService)
 }

audit/audit.go

@@ -91,14 +91,16 @@ type DiffObject struct {
 }
 
 type Event struct {
-	ID         string
-	Timestamp  int64
-	Action     Action          // example: ActionCreated
-	User       types.Principal // example: Admin
-	SpacePath  string          // example: /root/projects
-	Resource   Resource
-	DiffObject DiffObject
-	Data       map[string]string // internal data like correlationID/requestID
+	ID            string
+	Timestamp     int64
+	Action        Action          // example: ActionCreated
+	User          types.Principal // example: Admin
+	SpacePath     string          // example: /root/projects
+	Resource      Resource
+	DiffObject    DiffObject
+	ClientIP      string
+	RequestMethod string
+	Data          map[string]string // internal data like correlationID/requestID
 }
 
 func (e *Event) Validate() error {
@@ -163,6 +165,18 @@ func WithOldObject(value any) FuncOption {
 	}
 }
 
+func WithClientIP(value string) FuncOption {
+	return func(e *Event) {
+		e.ClientIP = value
+	}
+}
+
+func WithRequestMethod(value string) FuncOption {
+	return func(e *Event) {
+		e.RequestMethod = value
+	}
+}
+
 func WithData(keyValues ...string) FuncOption {
 	return func(e *Event) {
 		if e.Data == nil {

cmd/gitness/wire_gen.go

@@ -225,7 +225,7 @@ func initSystem(ctx context.Context, config *types.Config) (*server.System, erro
 	if err != nil {
 		return nil, err
 	}
-	spaceController := space.ProvideController(config, transactor, provider, streamer, spaceIdentifier, authorizer, spacePathStore, pipelineStore, secretStore, connectorStore, templateStore, spaceStore, repoStore, principalStore, repoController, membershipStore, repository, exporterRepository, resourceLimiter)
+	spaceController := space.ProvideController(config, transactor, provider, streamer, spaceIdentifier, authorizer, spacePathStore, pipelineStore, secretStore, connectorStore, templateStore, spaceStore, repoStore, principalStore, repoController, membershipStore, repository, exporterRepository, resourceLimiter, auditService)
 	pipelineController := pipeline.ProvideController(repoStore, triggerStore, authorizer, pipelineStore)
 	secretController := secret.ProvideController(encrypter, secretStore, authorizer, spaceStore)
 	triggerController := trigger.ProvideController(authorizer, triggerStore, pipelineStore, repoStore)