logs: audit logs on manual build triggers and build cancellations (PROJQUAY-4726) (#1682)

data/migrations/versions/b2d1e4b95fc2_add_build_triggers_logentrykind.py

@@ -0,0 +1,33 @@
+"""add build triggers' logentrykind
+
+Revision ID: b2d1e4b95fc2
+Revises: 7bca88923f2c
+Create Date: 2022-12-15 10:49:28.895549
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = "b2d1e4b95fc2"
+down_revision = "7bca88923f2c"
+
+import sqlalchemy as sa
+
+
+def upgrade(op, tables, tester):
+    op.bulk_insert(
+        tables.logentrykind,
+        [
+            {"name": "start_build_trigger"},
+            {"name": "cancel_build"},
+        ],
+    )
+
+
+def downgrade(op, tables, tester):
+    op.execute(
+        tables.logentrykind.delete().where(
+            tables.logentrykind.name
+            == op.inline_literal("start_build_trigger") | tables.logentrykind.name
+            == op.inline_literal("cancel_build")
+        )
+    )

endpoints/api/build.py

@@ -26,6 +26,7 @@ from data import model
 from data.buildlogs import BuildStatusRetrievalError
 from endpoints.api import (
     RepositoryParamResource,
+    log_action,
     parse_args,
     query_param,
     nickname,
@@ -434,6 +435,7 @@ class RepositoryBuildResource(RepositoryParamResource):
             raise NotFound()
 
         if model.build.cancel_repository_build(build, dockerfile_build_queue):
+            log_action("cancel_build", namespace, {"build_uuid": build_uuid})
             return "Okay", 201
         else:
             raise InvalidRequest("Build is currently running or has finished")

endpoints/api/trigger.py

@@ -485,6 +485,7 @@ class ActivateBuildTrigger(RepositoryParamResource):
                 RepositoryBuildStatus, repository=repo_string, build_uuid=build_request.uuid
             ),
         }
+        log_action("start_build_trigger", namespace_name, {"trigger_uuid": trigger_uuid})
         return resp, 201, headers
 
 

initdb.py

@@ -429,6 +429,9 @@ def initialize_database():
     LogEntryKind.create(name="create_proxy_cache_config")
     LogEntryKind.create(name="delete_proxy_cache_config")
 
+    LogEntryKind.create(name="start_build_trigger")
+    LogEntryKind.create(name="cancel_build")
+
     ImageStorageLocation.create(name="local_eu")
     ImageStorageLocation.create(name="local_us")
 

static/js/directives/ui/logs-view.js

@@ -389,7 +389,14 @@ angular.module('quay').directive('logsView', function () {
         'delete_repo_webhook': 'Delete webhook in repository {repo}',
 
         'create_proxy_cache_config': 'Create proxy cache for {namespace}[[ with upstream {upstream_registry}]]',
-        'delete_proxy_cache_config': 'Create proxy cache for {namespace}'
+        'delete_proxy_cache_config': 'Create proxy cache for {namespace}',
+
+        'start_build_trigger': function(metadata) {
+          var triggerDescription = TriggerService.getDescription(
+            metadata['service'], metadata['config']);
+          return 'Manually start build from trigger[[ - ' + triggerDescription + ']]';
+        },
+        'cancel_build': 'Cancel build {build_uuid}'
 };
 
       var logKinds = {