[SM-389] Event log for service account (#2674)

2025-07-01 08:02:49 -05:00 · 2023-02-24 16:44:33 +01:00
parent 4643f5960e
commit 64e0a981c9
22 changed files with 6744 additions and 11 deletions
--- a/src/Core/Services/IEventService.cs
+++ b/src/Core/Services/IEventService.cs
@ -1,6 +1,7 @@
 using Bit.Core.Entities;
 using Bit.Core.Entities.Provider;
 using Bit.Core.Enums;
+using Bit.Core.SecretsManager.Entities;

 namespace Bit.Core.Services;

@ -25,4 +26,5 @@ public interface IEventService
    Task LogProviderOrganizationEventAsync(ProviderOrganization providerOrganization, EventType type, DateTime? date = null);
    Task LogOrganizationDomainEventAsync(OrganizationDomain organizationDomain, EventType type, DateTime? date = null);
    Task LogOrganizationDomainEventAsync(OrganizationDomain organizationDomain, EventType type, EventSystemUser systemUser, DateTime? date = null);
+    Task LogServiceAccountSecretEventAsync(Guid serviceAccountId, Secret secret, EventType type, DateTime? date = null);
 }
--- a/src/Core/Services/Implementations/EventService.cs
+++ b/src/Core/Services/Implementations/EventService.cs
@ -5,6 +5,7 @@ using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations;
 using Bit.Core.Repositories;
+using Bit.Core.SecretsManager.Entities;
 using Bit.Core.Settings;

 namespace Bit.Core.Services;
@ -391,6 +392,25 @@ public class EventService : IEventService
        await _eventWriteService.CreateAsync(e);
    }

+    public async Task LogServiceAccountSecretEventAsync(Guid serviceAccountId, Secret secret, EventType type, DateTime? date = null)
+    {
+        var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
+        if (!CanUseEvents(orgAbilities, secret.OrganizationId))
+        {
+            return;
+        }
+
+        var e = new EventMessage(_currentContext)
+        {
+            OrganizationId = secret.OrganizationId,
+            Type = type,
+            SecretId = secret.Id,
+            ServiceAccountId = serviceAccountId,
+            Date = date.GetValueOrDefault(DateTime.UtcNow)
+        };
+        await _eventWriteService.CreateAsync(e);
+    }
+
    private async Task<Guid?> GetProviderIdAsync(Guid? orgId)
    {
        if (_currentContext == null || !orgId.HasValue)
@ -414,12 +434,12 @@ public class EventService : IEventService
    private bool CanUseEvents(IDictionary<Guid, OrganizationAbility> orgAbilities, Guid orgId)
    {
        return orgAbilities != null && orgAbilities.ContainsKey(orgId) &&
-            orgAbilities[orgId].Enabled && orgAbilities[orgId].UseEvents;
+               orgAbilities[orgId].Enabled && orgAbilities[orgId].UseEvents;
    }

    private bool CanUseProviderEvents(IDictionary<Guid, ProviderAbility> providerAbilities, Guid providerId)
    {
        return providerAbilities != null && providerAbilities.ContainsKey(providerId) &&
-                providerAbilities[providerId].Enabled && providerAbilities[providerId].UseEvents;
+               providerAbilities[providerId].Enabled && providerAbilities[providerId].UseEvents;
    }
 }
--- a/src/Core/Services/NoopImplementations/NoopEventService.cs
+++ b/src/Core/Services/NoopImplementations/NoopEventService.cs
@ -1,6 +1,7 @@
 using Bit.Core.Entities;
 using Bit.Core.Entities.Provider;
 using Bit.Core.Enums;
+using Bit.Core.SecretsManager.Entities;

 namespace Bit.Core.Services;

@ -107,4 +108,9 @@ public class NoopEventService : IEventService
        return Task.FromResult(0);
    }

+    public Task LogServiceAccountSecretEventAsync(Guid serviceAccountId, Secret secret, EventType type,
+        DateTime? date = null)
+    {
+        return Task.FromResult(0);
+    }
 }