apps: #show_env has audit event

The environment can contain sensitive information, access to sensitive
information should be audited

Signed-off-by: toby lorne <toby@toby.codes>

Author: tlwr

app/controllers/v3/apps_controller.rb

@@ -32,6 +32,7 @@
 require 'fetchers/app_fetcher'
 require 'fetchers/app_delete_fetcher'
 require 'fetchers/assign_current_droplet_fetcher'
+require 'repositories/app_event_repository'
 
 class AppsV3Controller < ApplicationController
   def index
@@ -245,6 +246,8 @@ def show_env
 
     FeatureFlag.raise_unless_enabled!(:space_developer_env_var_visibility)
 
+    Repositories::AppEventRepository.new.record_app_show_env(app, user_audit_info)
+
     render status: :ok, json: Presenters::V3::AppEnvPresenter.new(app)
   end
 

app/repositories/app_event_repository.rb

@@ -155,6 +155,11 @@ def record_app_ssh_authorized(app, user_audit_info, index)
         create_app_audit_event('audit.app.ssh-authorized', app, app.space, actor_hash, { index: index })
       end
 
+      def record_app_show_env(app, user_audit_info)
+        actor_hash = { name: user_audit_info.user_email, guid: user_audit_info.user_guid, user_name: user_audit_info.user_name, type: 'user' }
+        create_app_audit_event('audit.app.environment.show', app, app.space, actor_hash, {})
+      end
+
       private
 
       def create_app_audit_event(type, app, space, actor, metadata)

spec/unit/controllers/v3/apps_controller_spec.rb

@@ -1718,7 +1718,7 @@
     let(:user) { VCAP::CloudController::User.make }
 
     before do
-      set_current_user(user)
+      set_current_user(user, email: 'mona@example.com')
       allow_user_read_access_for(user, spaces: [space])
       allow_user_write_access(user, space: space)
       allow_user_secret_access(user, space: space)
@@ -1732,6 +1732,25 @@
       expect(parsed_body['environment_variables']).to eq(app_model.environment_variables)
     end
 
+    it 'records an audit event' do
+      expect {
+        get :show_env, params: { guid: app_model.guid }
+      }.to change { VCAP::CloudController::Event.count }.by(1)
+
+      event = VCAP::CloudController::Event.find(type: 'audit.app.environment.show')
+      expect(event).not_to be_nil
+      expect(event.actor).to eq(user.guid)
+      expect(event.actor_type).to eq('user')
+      expect(event.actor_name).to eq('mona@example.com')
+      expect(event.actee).to eq(app_model.guid)
+      expect(event.actee_type).to eq('app')
+      expect(event.actee_name).to eq(app_model.name)
+      expect(event.timestamp).to be
+      expect(event.space_guid).to eq(app_model.space_guid)
+      expect(event.organization_guid).to eq(app_model.space.organization.guid)
+      expect(event.metadata).to eq({})
+    end
+
     context 'permissions' do
       context 'when the user does not have read permissions' do
         before do