From 54f6c0b4029c2d1803c229fc9f327c543f12a966 Mon Sep 17 00:00:00 2001 From: Corentin Mors Date: Wed, 19 Jul 2023 17:09:42 +0200 Subject: [PATCH] Migrate audit logs to team device authentication --- src/endpoints/getAuditLogs.ts | 36 +++++++++++++++++----------------- src/index.ts | 34 ++++++++++++++++++-------------- src/middleware/getAuditLogs.ts | 8 ++++---- 3 files changed, 41 insertions(+), 37 deletions(-) diff --git a/src/endpoints/getAuditLogs.ts b/src/endpoints/getAuditLogs.ts index 36c18851..b164db16 100644 --- a/src/endpoints/getAuditLogs.ts +++ b/src/endpoints/getAuditLogs.ts @@ -1,8 +1,8 @@ -import { requestUserApi } from '../requestApi'; -import { Secrets } from '../types'; +import { requestTeamApi } from '../requestApi'; +import { TeamDeviceCredentials } from '../types'; export interface StartAuditLogsQueryParams { - secrets: Secrets; + teamDeviceCredentials: TeamDeviceCredentials; /** * The start of the date range to query audit logs by. The format is unix timestamp in seconds. Only the date is used, not the time. @@ -49,20 +49,20 @@ export interface StartAuditLogsQueryOutput { } export const startAuditLogsQuery = (params: StartAuditLogsQueryParams) => { - const { secrets, ...payload } = params; - return requestUserApi({ - path: 'teams/StartAuditLogsQuery', - login: secrets.login, - deviceKeys: { - accessKey: secrets.accessKey, - secretKey: secrets.secretKey, + const { teamDeviceCredentials, ...payload } = params; + return requestTeamApi({ + path: 'auditlogs-teamdevice/StartAuditLogsQuery', + teamUuid: teamDeviceCredentials.uuid, + teamDeviceKeys: { + accessKey: teamDeviceCredentials.accessKey, + secretKey: teamDeviceCredentials.secretKey, }, payload, }); }; export interface GetAuditLogQueryResultsParams { - secrets: Secrets; + teamDeviceCredentials: TeamDeviceCredentials; /** * The ID associated with the query executed by the RequestAuditLogs endpoint. @@ -94,13 +94,13 @@ export interface GetAuditLogQueryResultsOutput { } export const getAuditLogQueryResults = (params: GetAuditLogQueryResultsParams) => { - const { secrets, ...payload } = params; - return requestUserApi({ - path: 'teams/GetAuditLogQueryResults', - login: secrets.login, - deviceKeys: { - accessKey: secrets.accessKey, - secretKey: secrets.secretKey, + const { teamDeviceCredentials, ...payload } = params; + return requestTeamApi({ + path: 'auditlogs-teamdevice/GetAuditLogQueryResults', + teamUuid: teamDeviceCredentials.uuid, + teamDeviceKeys: { + accessKey: teamDeviceCredentials.accessKey, + secretKey: teamDeviceCredentials.secretKey, }, payload, }); diff --git a/src/index.ts b/src/index.ts index 2ebbfb12..7874bed4 100644 --- a/src/index.ts +++ b/src/index.ts @@ -138,19 +138,6 @@ Use generate-credentials to generate some team credentials (requires to be a tea ); } -teamGroup - .command('members') - .alias('m') - .description('List team members') - .argument('[page]', 'Page number', '0') - .argument('[limit]', 'Limit of members per page', '0') - .action(async (page: string, limit: string) => { - if (!teamDeviceCredentials) { - throw new Error('Could not find team credentials'); - } - await getTeamMembers({ teamDeviceCredentials, page: parseInt(page), limit: parseInt(limit) }); - }); - teamGroup .command('generate-credentials') .option('--json', 'Output in JSON format') @@ -187,6 +174,19 @@ teamGroup console.log('The credentials have been revoked'); }); +teamGroup + .command('members') + .alias('m') + .description('List team members') + .argument('[page]', 'Page number', '0') + .argument('[limit]', 'Limit of members per page', '0') + .action(async (page: string, limit: string) => { + if (!teamDeviceCredentials) { + throw new Error('Could not find team credentials'); + } + await getTeamMembers({ teamDeviceCredentials, page: parseInt(page), limit: parseInt(limit) }); + }); + teamGroup .command('logs') .alias('l') @@ -196,12 +196,16 @@ teamGroup .option('--type ', 'log type') .option('--category ', 'log category') .action(async (options: { start: string; end: string; type: string; category: string }) => { + if (!teamDeviceCredentials) { + throw new Error('Could not find team credentials'); + } + const { start, type, category } = options; const end = options.end === 'now' ? Math.floor(Date.now() / 1000).toString() : options.end; - const { db, secrets } = await connectAndPrepare({ autoSync: false }); + const { db } = await connectAndPrepare({ autoSync: false }); await getAuditLogs({ - secrets, + teamDeviceCredentials, startDateRangeUnix: parseInt(start), endDateRangeUnix: parseInt(end), logType: type, diff --git a/src/middleware/getAuditLogs.ts b/src/middleware/getAuditLogs.ts index f2138772..a1d2c795 100644 --- a/src/middleware/getAuditLogs.ts +++ b/src/middleware/getAuditLogs.ts @@ -4,16 +4,16 @@ import { getAuditLogQueryResults, startAuditLogsQuery, StartAuditLogsQueryParams const MAX_RESULT = 1000; export const getAuditLogs = async (params: StartAuditLogsQueryParams) => { - const { secrets } = params; + const { teamDeviceCredentials } = params; const { queryExecutionId } = await startAuditLogsQuery(params); - let result = await getAuditLogQueryResults({ secrets, queryExecutionId, maxResults: MAX_RESULT }); + let result = await getAuditLogQueryResults({ teamDeviceCredentials, queryExecutionId, maxResults: MAX_RESULT }); winston.debug(`Query state: ${result.state}`); while (['QUEUED', 'RUNNING'].includes(result.state)) { await new Promise((resolve) => setTimeout(resolve, 2000)); - result = await getAuditLogQueryResults({ secrets, queryExecutionId, maxResults: MAX_RESULT }); + result = await getAuditLogQueryResults({ teamDeviceCredentials, queryExecutionId, maxResults: MAX_RESULT }); winston.debug(`Query state: ${result.state}`); } @@ -24,7 +24,7 @@ export const getAuditLogs = async (params: StartAuditLogsQueryParams) => { let logs = result.results; while (result.nextToken) { result = await getAuditLogQueryResults({ - secrets, + teamDeviceCredentials, queryExecutionId, maxResults: MAX_RESULT, nextToken: result.nextToken,