Feat: add admin actions audit entries

[pieterlukasse]

Link to JIRA ticket if there is one: https://ctds-planx.atlassian.net/browse/VADC-1450

New Features

• add audit log support for /admin/ endpoints
• add audit decorator to /admin/ endpoints

Dependency updates

• depends on Feat: add new "admin_action" audit log entry type audit-service#74

[coveralls]

Pull Request Test Coverage Report for Build 13874215801

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• 79 unchanged lines in 2 files lost coverage.
• Overall coverage increased (+0.06%) to 74.935%

---

Files with Coverage Reduction	New Missed Lines	%
resources/audit/utils.py	5	89.29%
blueprints/admin.py	74	69.86%

Totals
Change from base Build 13792436927:	0.06%
Covered Lines:	8111
Relevant Lines:	10824

---

💛 - Coveralls

[github-actions]

filepath	$$\textcolor{#23d18b}{\tt{passed}}$$	$$\textcolor{#f14c4c}{\tt{failed}}$$	$$\textcolor{#ffa500}{\tt{skipped}}$$	SUBTOTAL
$$\textcolor{#23d18b}{\tt{tests/test\_centralized\_auth.py}}$$	$$\textcolor{#23d18b}{\tt{16}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{16}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_oauth2.py}}$$	$$\textcolor{#23d18b}{\tt{5}}$$	$$\textcolor{#f14c4c}{\tt{10}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#f14c4c}{\tt{15}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_data\_upload.py}}$$	$$\textcolor{#23d18b}{\tt{7}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#ffa500}{\tt{1}}$$	$$\textcolor{#f14c4c}{\tt{9}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_presigned\_url.py}}$$	$$\textcolor{#23d18b}{\tt{7}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{7}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_user\_token.py}}$$	$$\textcolor{#23d18b}{\tt{5}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{5}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_drs\_endpoint.py}}$$	$$\textcolor{#23d18b}{\tt{4}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{4}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_ras\_authn.py}}$$	$$\textcolor{#23d18b}{\tt{2}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#f14c4c}{\tt{3}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_dbgap.py}}$$	$$\textcolor{#23d18b}{\tt{3}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#ffa500}{\tt{1}}$$	$$\textcolor{#f14c4c}{\tt{5}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_oidc\_client.py}}$$	$$\textcolor{#23d18b}{\tt{2}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{2}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_client\_credentials.py}}$$	$$\textcolor{#23d18b}{\tt{1}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_audit\_service.py}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_google\_data\_access.py}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#ffa500}{\tt{tests/test\_register\_user.py}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#ffa500}{\tt{2}}$$	$$\textcolor{#ffa500}{\tt{2}}$$
$$\textcolor{#f14c4c}{\tt{TOTAL}}$$	$$\textcolor{#23d18b}{\tt{52}}$$	$$\textcolor{#f14c4c}{\tt{15}}$$	$$\textcolor{#ffa500}{\tt{4}}$$	$$\textcolor{#f14c4c}{\tt{71}}$$

Please find the detailed integration test report here

Please find the ci env pod logs here

[paulineribeyre]

See feedback in this thread

[paulineribeyre]

The create_admin_action_log method doesn't exist: https://github.com/uc-cdis/fence/blob/dccf559/fence/resources/audit/client.py

This code should fail, I'm very surprised that the existing "admin" unit tests passed. How?!

[paulineribeyre]

why are we adding audit logging to deprecated endpoints?

[paulineribeyre]

I don't think audit-logging the request method is useful at all. "admin_action_POST" isn't going to tell you what was changed in the system 🤔