revisions: #show_environment_variables audit event

tlwr · tlwr · commit 874360af5fae · 2020-08-19T11:08:19.000+01:00
Revisions environment variables can contain sensitive information,
access to sensitive information should be audited

Signed-off-by: toby lorne &lt;toby@toby.codes&gt;
diff --git a/app/controllers/v3/revisions_controller.rb b/app/controllers/v3/revisions_controller.rb
@@ -2,6 +2,7 @@
 require 'actions/revisions_update'
 require 'presenters/v3/revision_presenter'
 require 'presenters/v3/revision_environment_variables_presenter'
+require 'repositories/revision_event_repository'
 
 class RevisionsController < ApplicationController
   def show
@@ -22,6 +23,7 @@ def update
 
   def show_environment_variables
     revision = fetch_revision(hashed_params[:revision_guid], needs_secrets_read_permission: true)
+    Repositories::RevisionEventRepository.record_show_environment_variables(revision, revision.app, user_audit_info)
     render status: :ok, json: Presenters::V3::RevisionEnvironmentVariablesPresenter.new(revision)
   end
 
diff --git a/app/repositories/revision_event_repository.rb b/app/repositories/revision_event_repository.rb
@@ -22,6 +22,26 @@ def self.record_create(revision, app, user_audit_info)
           organization_guid: app.space.organization_guid,
         )
       end
+
+      def self.record_show_environment_variables(revision, app, user_audit_info)
+        Event.create(
+          type:              'audit.app.revision.environment_variables.show',
+          actor:             user_audit_info.user_guid,
+          actor_type:        'user',
+          actor_name:        user_audit_info.user_email,
+          actor_username:    user_audit_info.user_name,
+          actee:             app.guid,
+          actee_type:        'app',
+          actee_name:        app.name,
+          timestamp:         Sequel::CURRENT_TIMESTAMP,
+          metadata:          {
+            revision_guid: revision.guid,
+            revision_version: revision.version
+          },
+          space_guid:        app.space_guid,
+          organization_guid: app.space.organization_guid,
+        )
+      end
     end
   end
 end
diff --git a/spec/unit/controllers/v3/revisions_controller_spec.rb b/spec/unit/controllers/v3/revisions_controller_spec.rb
@@ -343,7 +343,7 @@
     }
 
     before do
-      set_current_user(user)
+      set_current_user(user, email: 'mona@example.com')
       allow_user_read_access_for(user, spaces: [space])
       allow_user_secret_access(user, space: space)
     end
@@ -355,6 +355,28 @@
       expect(parsed_body['var']).to eq({ 'key' => 'value' })
     end
 
+    it 'records an audit event' do
+      expect {
+        get :show_environment_variables, params: { revision_guid: revision.guid }
+      }.to change { VCAP::CloudController::Event.count }.by(1)
+
+      event = VCAP::CloudController::Event.find(type: 'audit.app.revision.environment_variables.show')
+      expect(event).not_to be_nil
+      expect(event.actor).to eq(user.guid)
+      expect(event.actor_type).to eq('user')
+      expect(event.actor_name).to eq('mona@example.com')
+      expect(event.actee).to eq(app_model.guid)
+      expect(event.actee_type).to eq('app')
+      expect(event.actee_name).to eq(app_model.name)
+      expect(event.timestamp).to be
+      expect(event.space_guid).to eq(app_model.space_guid)
+      expect(event.organization_guid).to eq(app_model.space.organization.guid)
+      expect(event.metadata).to eq({
+        'revision_guid' => revision.guid,
+        'revision_version' => revision.version,
+      })
+    end
+
     context 'when retrieving env variables for revision that do not exist' do
       it '404s' do
         get :show_environment_variables, params: { revision_guid: 'nonsense' }
