feat: Audit logs for resource deletion from devtron UI

Wire.go

@@ -91,6 +91,8 @@ import (
 	"github.com/devtron-labs/devtron/pkg/git"
 	"github.com/devtron-labs/devtron/pkg/gitops"
 	jira2 "github.com/devtron-labs/devtron/pkg/jira"
+	"github.com/devtron-labs/devtron/pkg/kubernetesResourceAuditLogs"
+	repository7 "github.com/devtron-labs/devtron/pkg/kubernetesResourceAuditLogs/repository"
 	"github.com/devtron-labs/devtron/pkg/notifier"
 	"github.com/devtron-labs/devtron/pkg/pipeline"
 	history3 "github.com/devtron-labs/devtron/pkg/pipeline/history"
@@ -753,7 +755,6 @@ func InitializeApp() (*App, error) {
 		cron.NewCiStatusUpdateCronImpl,
 		wire.Bind(new(cron.CiStatusUpdateCron), new(*cron.CiStatusUpdateCronImpl)),
 
-
 		restHandler.NewPipelineStatusTimelineRestHandlerImpl,
 		wire.Bind(new(restHandler.PipelineStatusTimelineRestHandler), new(*restHandler.PipelineStatusTimelineRestHandlerImpl)),
 
@@ -803,6 +804,12 @@ func InitializeApp() (*App, error) {
 		wire.Bind(new(app.PipelineStatusSyncDetailService), new(*app.PipelineStatusSyncDetailServiceImpl)),
 		pipelineConfig.NewPipelineStatusSyncDetailRepositoryImpl,
 		wire.Bind(new(pipelineConfig.PipelineStatusSyncDetailRepository), new(*pipelineConfig.PipelineStatusSyncDetailRepositoryImpl)),
+
+		repository7.NewK8sResourceHistoryRepositoryImpl,
+		wire.Bind(new(repository7.K8sResourceHistoryRepository), new(*repository7.K8sResourceHistoryRepositoryImpl)),
+
+		kubernetesResourceAuditLogs.Newk8sResourceHistoryServiceImpl,
+		wire.Bind(new(kubernetesResourceAuditLogs.K8sResourceHistoryService), new(*kubernetesResourceAuditLogs.K8sResourceHistoryServiceImpl)),
 	)
 	return &App{}, nil
 }

api/restHandler/ArgoApplicationRestHandler.go

@@ -26,8 +26,10 @@ import (
 	"github.com/devtron-labs/devtron/api/restHandler/common"
 	"github.com/devtron-labs/devtron/client/argocdServer/application"
 	"github.com/devtron-labs/devtron/pkg/cluster"
+	"github.com/devtron-labs/devtron/pkg/kubernetesResourceAuditLogs"
 	"github.com/devtron-labs/devtron/pkg/team"
 	"github.com/devtron-labs/devtron/pkg/terminal"
+	"github.com/devtron-labs/devtron/pkg/user"
 	"github.com/devtron-labs/devtron/pkg/user/casbin"
 	"github.com/devtron-labs/devtron/util"
 	"github.com/devtron-labs/devtron/util/argo"
@@ -63,15 +65,17 @@ type ArgoApplicationRestHandler interface {
 }
 
 type ArgoApplicationRestHandlerImpl struct {
-	client                 application.ServiceClient
-	logger                 *zap.SugaredLogger
-	pump                   connector.Pump
-	enforcer               casbin.Enforcer
-	teamService            team.TeamService
-	environmentService     cluster.EnvironmentService
-	enforcerUtil           rbac.EnforcerUtil
-	terminalSessionHandler terminal.TerminalSessionHandler
-	argoUserService        argo.ArgoUserService
+	client                    application.ServiceClient
+	logger                    *zap.SugaredLogger
+	pump                      connector.Pump
+	enforcer                  casbin.Enforcer
+	teamService               team.TeamService
+	environmentService        cluster.EnvironmentService
+	enforcerUtil              rbac.EnforcerUtil
+	terminalSessionHandler    terminal.TerminalSessionHandler
+	argoUserService           argo.ArgoUserService
+	K8sResourceHistoryService kubernetesResourceAuditLogs.K8sResourceHistoryService
+	userService               user.UserService
 }
 
 func NewArgoApplicationRestHandlerImpl(client application.ServiceClient,
@@ -82,17 +86,21 @@ func NewArgoApplicationRestHandlerImpl(client application.ServiceClient,
 	logger *zap.SugaredLogger,
 	enforcerUtil rbac.EnforcerUtil,
 	terminalSessionHandler terminal.TerminalSessionHandler,
-	argoUserService argo.ArgoUserService) *ArgoApplicationRestHandlerImpl {
+	argoUserService argo.ArgoUserService,
+	K8sResourceHistoryService kubernetesResourceAuditLogs.K8sResourceHistoryService,
+	userService user.UserService) *ArgoApplicationRestHandlerImpl {
 	return &ArgoApplicationRestHandlerImpl{
-		client:                 client,
-		logger:                 logger,
-		pump:                   pump,
-		enforcer:               enforcer,
-		teamService:            teamService,
-		environmentService:     environmentService,
-		enforcerUtil:           enforcerUtil,
-		terminalSessionHandler: terminalSessionHandler,
-		argoUserService:        argoUserService,
+		client:                    client,
+		logger:                    logger,
+		pump:                      pump,
+		enforcer:                  enforcer,
+		teamService:               teamService,
+		environmentService:        environmentService,
+		enforcerUtil:              enforcerUtil,
+		terminalSessionHandler:    terminalSessionHandler,
+		argoUserService:           argoUserService,
+		K8sResourceHistoryService: K8sResourceHistoryService,
+		userService:               userService,
 	}
 }
 
@@ -604,6 +612,14 @@ func (impl ArgoApplicationRestHandlerImpl) PatchResource(w http.ResponseWriter,
 }
 
 func (impl ArgoApplicationRestHandlerImpl) DeleteResource(w http.ResponseWriter, r *http.Request) {
+
+	userId, err := impl.userService.GetLoggedInUser(r)
+
+	if err != nil {
+		// not returning err because userId is only needed for audit logs and not impacting delete functionality.
+		impl.logger.Errorw("error in getting logged in user for audit logs of k8s resource")
+	}
+
 	vars := mux.Vars(r)
 	appNameACD := vars["appNameACD"]
 	name := vars["name"]
@@ -677,6 +693,14 @@ func (impl ArgoApplicationRestHandlerImpl) DeleteResource(w http.ResponseWriter,
 	ctx = context.WithValue(ctx, "token", acdToken)
 	defer cancel()
 	recv, err := impl.client.DeleteResource(ctx, query)
+
+	if err == nil {
+		ResourceHistoryErr := impl.K8sResourceHistoryService.SaveArgoCdAppsResourceDeleteHistory(query, id, eId, userId)
+		if ResourceHistoryErr != nil {
+			impl.logger.Errorw("error in saving audit logs of delete resource request for argo cd apps", "err", ResourceHistoryErr)
+		}
+	}
+
 	impl.pump.StartMessage(w, recv, err)
 }
 

cmd/external-app/wire.go

@@ -36,6 +36,8 @@ import (
 	"github.com/devtron-labs/devtron/pkg/attributes"
 	chartRepoRepository "github.com/devtron-labs/devtron/pkg/chartRepo/repository"
 	delete2 "github.com/devtron-labs/devtron/pkg/delete"
+	"github.com/devtron-labs/devtron/pkg/kubernetesResourceAuditLogs"
+	repository2 "github.com/devtron-labs/devtron/pkg/kubernetesResourceAuditLogs/repository"
 	"github.com/devtron-labs/devtron/pkg/sql"
 	util2 "github.com/devtron-labs/devtron/pkg/util"
 	util3 "github.com/devtron-labs/devtron/util"
@@ -143,6 +145,12 @@ func InitializeApp() (*App, error) {
 		repository.NewUserAttributesRepositoryImpl,
 		wire.Bind(new(repository.UserAttributesRepository), new(*repository.UserAttributesRepositoryImpl)),
 		util3.GetDevtronSecretName,
+
+		repository2.NewK8sResourceHistoryRepositoryImpl,
+		wire.Bind(new(repository2.K8sResourceHistoryRepository), new(*repository2.K8sResourceHistoryRepositoryImpl)),
+
+		kubernetesResourceAuditLogs.Newk8sResourceHistoryServiceImpl,
+		wire.Bind(new(kubernetesResourceAuditLogs.K8sResourceHistoryService), new(*kubernetesResourceAuditLogs.K8sResourceHistoryServiceImpl)),
 	)
 	return &App{}, nil
 }

pkg/kubernetesResourceAuditLogs/kubernetesResourceHistoryService.go

@@ -0,0 +1,99 @@
+package kubernetesResourceAuditLogs
+
+import (
+	"github.com/argoproj/argo-cd/v2/pkg/apiclient/application"
+	client "github.com/devtron-labs/devtron/api/helm-app"
+	application2 "github.com/devtron-labs/devtron/client/k8s/application"
+	"github.com/devtron-labs/devtron/internal/sql/repository/app"
+	repository2 "github.com/devtron-labs/devtron/pkg/cluster/repository"
+	"github.com/devtron-labs/devtron/pkg/kubernetesResourceAuditLogs/repository"
+	"github.com/devtron-labs/devtron/pkg/sql"
+	"go.uber.org/zap"
+	"time"
+)
+
+const (
+	delete string = "delete"
+	helm   string = "helm"
+	GitOps string = "argo_cd"
+)
+
+type K8sResourceHistoryService interface {
+	SaveArgoCdAppsResourceDeleteHistory(query *application.ApplicationResourceDeleteRequest, appId int, envId int, userId int32) error
+	SaveHelmAppsResourceHistory(appIdentifier *client.AppIdentifier, k8sRequestBean *application2.K8sRequestBean, userId int32, actionType string) error
+}
+
+type K8sResourceHistoryServiceImpl struct {
+	appRepository                app.AppRepository
+	K8sResourceHistoryRepository repository.K8sResourceHistoryRepository
+	logger                       *zap.SugaredLogger
+	envRepository                repository2.EnvironmentRepository
+}
+
+func Newk8sResourceHistoryServiceImpl(K8sResourceHistoryRepository repository.K8sResourceHistoryRepository,
+	logger *zap.SugaredLogger, appRepository app.AppRepository, envRepository repository2.EnvironmentRepository) *K8sResourceHistoryServiceImpl {
+	return &K8sResourceHistoryServiceImpl{
+		K8sResourceHistoryRepository: K8sResourceHistoryRepository,
+		logger:                       logger,
+		appRepository:                appRepository,
+		envRepository:                envRepository,
+	}
+}
+
+func (impl K8sResourceHistoryServiceImpl) SaveArgoCdAppsResourceDeleteHistory(query *application.ApplicationResourceDeleteRequest, appId int, envId int, userId int32) error {
+
+	k8sResourceHistory := repository.K8sResourceHistory{
+		AppId:        appId,
+		AppName:      *query.Name,
+		EnvId:        envId,
+		Namespace:    *query.Namespace,
+		ResourceName: *query.ResourceName,
+		Kind:         *query.Kind,
+		Group:        *query.Group,
+		ForceDelete:  *query.Force,
+		AuditLog: sql.AuditLog{
+			UpdatedBy: userId,
+			UpdatedOn: time.Now(),
+		},
+		ActionType:        delete,
+		DeploymentAppType: GitOps,
+	}
+
+	err := impl.K8sResourceHistoryRepository.SaveK8sResourceHistory(&k8sResourceHistory)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+
+}
+
+func (impl K8sResourceHistoryServiceImpl) SaveHelmAppsResourceHistory(appIdentifier *client.AppIdentifier, k8sRequestBean *application2.K8sRequestBean, userId int32, actionType string) error {
+
+	app, err := impl.appRepository.FindActiveByName(appIdentifier.ReleaseName)
+
+	env, err := impl.envRepository.FindOneByNamespaceAndClusterId(appIdentifier.Namespace, appIdentifier.ClusterId)
+
+	k8sResourceHistory := repository.K8sResourceHistory{
+		AppId:        app.Id,
+		AppName:      appIdentifier.ReleaseName,
+		EnvId:        env.Id,
+		Namespace:    appIdentifier.Namespace,
+		ResourceName: k8sRequestBean.ResourceIdentifier.Name,
+		Kind:         k8sRequestBean.ResourceIdentifier.GroupVersionKind.Kind,
+		Group:        k8sRequestBean.ResourceIdentifier.GroupVersionKind.Group,
+		ForceDelete:  false,
+		AuditLog: sql.AuditLog{
+			UpdatedBy: userId,
+			UpdatedOn: time.Now(),
+		},
+		ActionType:        actionType,
+		DeploymentAppType: helm,
+	}
+
+	err = impl.K8sResourceHistoryRepository.SaveK8sResourceHistory(&k8sResourceHistory)
+
+	return err
+
+}

pkg/kubernetesResourceAuditLogs/repository/kubernetesResourceHistoryRepo.go

@@ -0,0 +1,43 @@
+package repository
+
+import (
+	"github.com/devtron-labs/devtron/pkg/sql"
+	"github.com/go-pg/pg"
+	"go.uber.org/zap"
+)
+
+type K8sResourceHistory struct {
+	tableName         struct{} `sql:"kubernetes_resource_history" pg:",discard_unknown_columns"`
+	Id                int      `sql:"id,pk"`
+	AppId             int      `sql:"app_id"`
+	AppName           string   `sql:"app_name"`
+	EnvId             int      `sql:"env_id"`
+	Namespace         string   `sql:"namespace,omitempty"`
+	ResourceName      string   `sql:"resource_name,notnull"`
+	Kind              string   `sql:"kind,notnull"`
+	Group             string   `sql:"group"`
+	ForceDelete       bool     `sql:"force_delete, omitempty"`
+	ActionType        string   `sql:"action_type"`
+	DeploymentAppType string   `sql:"deployment_app_type"`
+	sql.AuditLog
+}
+
+type K8sResourceHistoryRepository interface {
+	SaveK8sResourceHistory(history *K8sResourceHistory) error
+}
+
+type K8sResourceHistoryRepositoryImpl struct {
+	dbConnection *pg.DB
+	logger       *zap.SugaredLogger
+}
+
+func NewK8sResourceHistoryRepositoryImpl(dbConnection *pg.DB, logger *zap.SugaredLogger) *K8sResourceHistoryRepositoryImpl {
+	return &K8sResourceHistoryRepositoryImpl{
+		dbConnection: dbConnection,
+		logger:       logger,
+	}
+}
+
+func (repo K8sResourceHistoryRepositoryImpl) SaveK8sResourceHistory(k8sResourceHistory *K8sResourceHistory) error {
+	return repo.dbConnection.Insert(k8sResourceHistory)
+}

scripts/sql/107_create_k8s_resource_history.down.sql

@@ -0,0 +1,2 @@
+DROP SEQUENCE IF EXISTS "id_seq_k8s_resource_history_sequence";
+DROP TABLE IF EXISTS "kubernetes_resource_history";

scripts/sql/107_create_k8s_resource_history.up.sql

@@ -0,0 +1,22 @@
+CREATE SEQUENCE IF NOT EXISTS id_seq_k8s_resource_history_sequence;
+
+-- Table Definition
+CREATE TABLE IF NOT EXISTS "public"."kubernetes_resource_history"
+(
+    "id"            integer NOT NULL DEFAULT nextval('id_seq_k8s_resource_history_sequence'::regclass),
+    "app_id"  integer,
+    "app_name" VARCHAR(100),
+    "env_id"  integer,
+    "namespace"  VARCHAR(100) ,
+    "resource_name" VARCHAR(100),
+    "kind"    VARCHAR(100),
+    "group"    VARCHAR(100),
+    "force_delete"   boolean,
+    "action_type"   VARCHAR(100),
+    "deployment_app_type"  VARCHAR(100),
+    "created_on"    timestamptz,
+    "created_by"    int4,
+    "updated_on"    timestamptz,
+    "updated_by"    int4,
+    PRIMARY KEY ("id")
+    );

util/k8s/k8sApplicationRestHandler.go

@@ -306,10 +306,18 @@ func (handler *K8sApplicationRestHandlerImpl) UpdateResource(w http.ResponseWrit
 }
 
 func (handler *K8sApplicationRestHandlerImpl) DeleteResource(w http.ResponseWriter, r *http.Request) {
+
+	userId, err := handler.userService.GetLoggedInUser(r)
+
+	if userId == 0 || err != nil {
+		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
+		return
+	}
+
 	decoder := json.NewDecoder(r.Body)
 	token := r.Header.Get("token")
 	var request ResourceRequestBean
-	err := decoder.Decode(&request)
+	err = decoder.Decode(&request)
 	if err != nil {
 		handler.logger.Errorw("error in decoding request body", "err", err)
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
@@ -349,7 +357,7 @@ func (handler *K8sApplicationRestHandlerImpl) DeleteResource(w http.ResponseWrit
 		return
 	}
 
-	resource, err := handler.k8sApplicationService.DeleteResource(&request)
+	resource, err := handler.k8sApplicationService.DeleteResource(&request, userId)
 	if err != nil {
 		handler.logger.Errorw("error in deleting resource", "err", err)
 		common.WriteJsonResp(w, err, resource, http.StatusInternalServerError)