[SM-389] Event log for service account (#4679)

2023-02-24 16:44:24 +01:00 · 2023-02-24 16:44:24 +01:00 · a643074709
parent 76d6586ff8
commit a643074709
10 changed files with 65 additions and 9 deletions
--- a/apps/web/src/app/common/base.events.component.ts
+++ b/apps/web/src/app/common/base.events.component.ts
@ -139,6 +139,7 @@ export abstract class BaseEventsComponent {
          type: r.type,
          installationId: r.installationId,
          systemUser: r.systemUser,
+          serviceAccountId: r.serviceAccountId,
        });
      })
    );
--- a/apps/web/src/app/core/event.service.ts
+++ b/apps/web/src/app/core/event.service.ts
@ -36,7 +36,7 @@ export class EventService {
  }

  async getEventInfo(ev: EventResponse, options = new EventOptions()): Promise<EventInfo> {
-    const appInfo = this.getAppInfo(ev.deviceType);
+    const appInfo = this.getAppInfo(ev);
    const { message, humanReadableMessage } = await this.getEventMessage(ev, options);
    return {
      message: message,
@ -410,6 +410,11 @@ export class EventService {
      case EventType.OrganizationDomain_NotVerified:
        msg = humanReadableMsg = this.i18nService.t("domainNotVerifiedEvent", ev.domainName);
        break;
+      // Secrets Manager
+      case EventType.Secret_Retrieved:
+        msg = this.i18nService.t("accessedSecret", this.formatSecretId(ev));
+        humanReadableMsg = this.i18nService.t("accessedSecret", this.getShortId(ev.secretId));
+        break;
      default:
        break;
    }
@ -419,8 +424,12 @@ export class EventService {
    };
  }

-  private getAppInfo(deviceType: DeviceType): [string, string] {
-    switch (deviceType) {
+  private getAppInfo(ev: EventResponse): [string, string] {
+    if (ev.serviceAccountId) {
+      return ["bwi-globe", this.i18nService.t("sdk")];
+    }
+
+    switch (ev.deviceType) {
      case DeviceType.Android:
        return ["bwi-android", this.i18nService.t("mobile") + " - Android"];
      case DeviceType.iOS:
@ -554,6 +563,13 @@ export class EventService {
    return a.outerHTML;
  }

+  formatSecretId(ev: EventResponse): string {
+    const shortId = this.getShortId(ev.secretId);
+    const a = this.makeAnchor(shortId);
+    a.setAttribute("href", "#/sm/" + ev.organizationId + "/secrets?search=" + shortId);
+    return a.outerHTML;
+  }
+
  private makeAnchor(shortId: string) {
    const a = document.createElement("a");
    a.title = this.i18nService.t("view");
--- a/apps/web/src/app/organizations/manage/events.component.ts
+++ b/apps/web/src/app/organizations/manage/events.component.ts
@ -152,9 +152,19 @@ export class EventsComponent extends BaseEventsComponent implements OnInit, OnDe
      }
    }

+    if (r.serviceAccountId) {
+      return {
+        name: this.i18nService.t("serviceAccount") + " " + this.getShortId(r.serviceAccountId),
+      };
+    }
+
    return null;
  }

+  private getShortId(id: string) {
+    return id?.substring(0, 8);
+  }
+
  ngOnDestroy() {
    this.destroy$.next();
    this.destroy$.complete();
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@ -6420,6 +6420,19 @@
  "errorReadingImportFile": {
    "message": "An error occurred when trying to read the import file"
  },
+  "accessedSecret": {
+    "message": "Accessed secret $SECRET_ID$.",
+    "placeholders": {
+      "secret_id": {
+        "content": "$1",
+        "example": "4d34e8a8"
+      }
+    }
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
  "createSecret": {
    "message": "Create a secret"
  },
@ -6490,16 +6503,13 @@
  },
  "exposedMasterPasswordDesc": {
    "message": "Password found in a data breach. Use a unique password to protect your account. Are you sure you want to use an exposed password?"
-  }, 
+  },
  "weakAndExposedMasterPassword": {
    "message": "Weak and Exposed Master Password"
  },
  "weakAndBreachedMasterPasswordDesc": {
    "message": "Weak password identified and found in a data breach. Use a strong and unique password to protect your account. Are you sure you want to use this password?"
  },
-  "important": {
-    "message": "Important:"
-  },
  "characterMinimum": {
    "message": "$LENGTH$ character minimum",
    "placeholders": {
--- a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secrets.component.html
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secrets.component.html
@ -1,5 +1,5 @@
 <sm-header>
-  <input bitInput [placeholder]="'searchSecrets' | i18n" />
+  <input bitInput [placeholder]="'searchSecrets' | i18n" [(ngModel)]="search" />
  <sm-new-menu></sm-new-menu>
 </sm-header>
 <sm-secrets-list
@ -7,4 +7,5 @@
  (newSecretEvent)="openNewSecretDialog()"
  (editSecretEvent)="openEditSecret($event)"
  [secrets]="secrets$ | async"
+  [search]="search"
 ></sm-secrets-list>
--- a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secrets.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secrets.component.ts
@ -22,7 +22,8 @@ import { SecretService } from "./secret.service";
  templateUrl: "./secrets.component.html",
 })
 export class SecretsComponent implements OnInit {
-  secrets$: Observable<SecretListView[]>;
+  protected secrets$: Observable<SecretListView[]>;
+  protected search: string;

  private organizationId: string;

@ -41,6 +42,10 @@ export class SecretsComponent implements OnInit {
        return await this.getSecrets();
      })
    );
+
+    if (this.route.snapshot.queryParams.search) {
+      this.search = this.route.snapshot.queryParams.search;
+    }
  }

  private async getSecrets(): Promise<SecretListView[]> {
--- a/bitwarden_license/bit-web/src/app/secrets-manager/shared/secrets-list.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/shared/secrets-list.component.ts
@ -24,6 +24,11 @@ export class SecretsListComponent implements OnDestroy {
  }
  private _secrets: SecretListView[];

+  @Input()
+  set search(search: string) {
+    this.dataSource.filter = search;
+  }
+
  @Input() trash: boolean;

  @Output() editSecretEvent = new EventEmitter<string>();
--- a/libs/common/src/enums/eventType.ts
+++ b/libs/common/src/enums/eventType.ts
@ -78,4 +78,6 @@ export enum EventType {
  OrganizationDomain_Removed = 2001,
  OrganizationDomain_Verified = 2002,
  OrganizationDomain_NotVerified = 2003,
+
+  Secret_Retrieved = 2100,
 }
--- a/libs/common/src/models/response/event.response.ts
+++ b/libs/common/src/models/response/event.response.ts
@ -23,6 +23,8 @@ export class EventResponse extends BaseResponse {
  installationId: string;
  systemUser: EventSystemUser;
  domainName: string;
+  secretId: string;
+  serviceAccountId: string;

  constructor(response: any) {
    super(response);
@ -44,5 +46,7 @@ export class EventResponse extends BaseResponse {
    this.installationId = this.getResponseProperty("InstallationId");
    this.systemUser = this.getResponseProperty("SystemUser");
    this.domainName = this.getResponseProperty("DomainName");
+    this.secretId = this.getResponseProperty("SecretId");
+    this.serviceAccountId = this.getResponseProperty("ServiceAccountId");
  }
 }
--- a/libs/common/src/models/view/event.view.ts
+++ b/libs/common/src/models/view/event.view.ts
@ -14,6 +14,7 @@ export class EventView {
  type: EventType;
  installationId: string;
  systemUser: EventSystemUser;
+  serviceAccountId: string;

  constructor(data: Required<EventView>) {
    this.message = data.message;
@ -28,5 +29,6 @@ export class EventView {
    this.type = data.type;
    this.installationId = data.installationId;
    this.systemUser = data.systemUser;
+    this.serviceAccountId = data.serviceAccountId;
  }
 }