[SM-389] Event log for service account (#2674)

2025-06-30 23:52:50 -05:00 · 2023-02-24 16:44:33 +01:00
parent 4643f5960e
commit 64e0a981c9
22 changed files with 6744 additions and 11 deletions
--- a/src/Api/Models/Response/EventResponseModel.cs
+++ b/src/Api/Models/Response/EventResponseModel.cs
@ -32,6 +32,8 @@ public class EventResponseModel : ResponseModel
        InstallationId = ev.InstallationId;
        SystemUser = ev.SystemUser;
        DomainName = ev.DomainName;
+        SecretId = ev.SecretId;
+        ServiceAccountId = ev.ServiceAccountId;
    }

    public EventType Type { get; set; }
@ -52,4 +54,6 @@ public class EventResponseModel : ResponseModel
    public string IpAddress { get; set; }
    public EventSystemUser? SystemUser { get; set; }
    public string DomainName { get; set; }
+    public Guid? SecretId { get; set; }
+    public Guid? ServiceAccountId { get; set; }
 }
--- a/src/Api/SecretsManager/Controllers/SecretsController.cs
+++ b/src/Api/SecretsManager/Controllers/SecretsController.cs
@ -4,6 +4,7 @@ using Bit.Api.SecretsManager.Models.Response;
 using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Identity;
 using Bit.Core.SecretsManager.Commands.Secrets.Interfaces;
 using Bit.Core.SecretsManager.Entities;
 using Bit.Core.SecretsManager.Repositories;
@ -18,22 +19,32 @@ namespace Bit.Api.SecretsManager.Controllers;
 public class SecretsController : Controller
 {
    private readonly ICurrentContext _currentContext;
-    private readonly ISecretRepository _secretRepository;
    private readonly IProjectRepository _projectRepository;
+    private readonly ISecretRepository _secretRepository;
    private readonly ICreateSecretCommand _createSecretCommand;
    private readonly IUpdateSecretCommand _updateSecretCommand;
    private readonly IDeleteSecretCommand _deleteSecretCommand;
    private readonly IUserService _userService;
+    private readonly IEventService _eventService;

-    public SecretsController(ISecretRepository secretRepository, IProjectRepository projectRepository, ICreateSecretCommand createSecretCommand, IUpdateSecretCommand updateSecretCommand, IDeleteSecretCommand deleteSecretCommand, IUserService userService, ICurrentContext currentContext)
+    public SecretsController(
+        ICurrentContext currentContext,
+        IProjectRepository projectRepository,
+        ISecretRepository secretRepository,
+        ICreateSecretCommand createSecretCommand,
+        IUpdateSecretCommand updateSecretCommand,
+        IDeleteSecretCommand deleteSecretCommand,
+        IUserService userService,
+        IEventService eventService)
    {
        _currentContext = currentContext;
+        _projectRepository = projectRepository;
        _secretRepository = secretRepository;
        _createSecretCommand = createSecretCommand;
        _updateSecretCommand = updateSecretCommand;
        _deleteSecretCommand = deleteSecretCommand;
-        _projectRepository = projectRepository;
        _userService = userService;
+        _eventService = eventService;
    }

    [HttpGet("organizations/{organizationId}/secrets")]
@ -81,6 +92,12 @@ public class SecretsController : Controller
            throw new NotFoundException();
        }

+        if (_currentContext.ClientType == ClientType.ServiceAccount)
+        {
+            var userId = _userService.GetProperUserId(User).Value;
+            await _eventService.LogServiceAccountSecretEventAsync(userId, secret, EventType.Secret_Retrieved);
+        }
+
        return new SecretResponseModel(secret);
    }