NAS-133314 / 25.04 / Add audit support for app plugin

src/middlewared/middlewared/plugins/apps/app_scale.py

@@ -15,7 +15,12 @@ class Config:
         namespace = 'app'
         cli_namespace = 'app'
 
-    @api_method(AppStopArgs, AppStopResult, roles=['APPS_WRITE'])
+    @api_method(
+        AppStopArgs, AppStopResult,
+        audit='App: Stopping',
+        audit_extended=lambda app_name: app_name,
+        roles=['APPS_WRITE']
+    )
     @job(lock=lambda args: f'app_stop_{args[0]}')
     def stop(self, job, app_name):
         """
@@ -41,7 +46,12 @@ def stop(self, job, app_name):
             )
             self.middleware.call_sync('cache.pop', cache_key)
 
-    @api_method(AppStartArgs, AppStartResult, roles=['APPS_WRITE'])
+    @api_method(
+        AppStartArgs, AppStartResult,
+        audit='App: Starting',
+        audit_extended=lambda app_name: app_name,
+        roles=['APPS_WRITE']
+    )
     @job(lock=lambda args: f'app_start_{args[0]}')
     def start(self, job, app_name):
         """
@@ -52,7 +62,12 @@ def start(self, job, app_name):
         compose_action(app_name, app_config['version'], 'up', force_recreate=True, remove_orphans=True)
         job.set_progress(100, f'Started {app_name!r} app')
 
-    @api_method(AppRedeployArgs, AppRedeployResult, roles=['APPS_WRITE'])
+    @api_method(
+        AppRedeployArgs, AppRedeployResult,
+        audit='App: Redeploying',
+        audit_extended=lambda app_name: app_name,
+        roles=['APPS_WRITE']
+    )
     @job(lock=lambda args: f'app_redeploy_{args[0]}')
     async def redeploy(self, job, app_name):
         """

src/middlewared/middlewared/plugins/apps/crud.py

@@ -95,15 +95,25 @@ def config(self, app_name):
         app = self.get_instance__sync(app_name)
         return get_current_app_config(app_name, app['version'])
 
-    @api_method(AppConvertToCustomArgs, AppConvertToCustomResult, roles=['APPS_WRITE'])
+    @api_method(
+        AppConvertToCustomArgs, AppConvertToCustomResult,
+        audit='App: Converting',
+        audit_extended=lambda app_name: f'{app_name} to custom app',
+        roles=['APPS_WRITE']
+    )
     @job(lock=lambda args: f'app_start_{args[0]}')
     async def convert_to_custom(self, job, app_name):
         """
         Convert `app_name` to a custom app.
         """
         return await self.middleware.call('app.custom.convert', job, app_name)
 
-    @api_method(AppCreateArgs, AppCreateResult, roles=['APPS_WRITE'])
+    @api_method(
+        AppCreateArgs, AppCreateResult,
+        audit='App: Creating',
+        audit_extended=lambda data: data['app_name'],
+        roles=['APPS_WRITE']
+    )
     @job(lock=lambda args: f'app_create_{args[0].get("app_name")}')
     def do_create(self, job, data):
         """
@@ -204,7 +214,12 @@ def remove_failed_resources(self, app_name, version, remove_ds=False):
         self.middleware.call_sync('app.metadata.generate').wait_sync(raise_error=True)
         self.middleware.send_event('app.query', 'REMOVED', id=app_name)
 
-    @api_method(AppUpdateArgs, AppUpdateResult, roles=['APPS_WRITE'])
+    @api_method(
+        AppUpdateArgs, AppUpdateResult,
+        audit='App: Updating',
+        audit_extended=lambda app_name, data: app_name,
+        roles=['APPS_WRITE']
+    )
     @job(lock=lambda args: f'app_update_{args[0]}')
     def do_update(self, job, app_name, data):
         """
@@ -254,7 +269,12 @@ def update_internal(self, job, app, data, progress_keyword='Update', trigger_com
         job.set_progress(100, f'{progress_keyword} completed for {app_name!r}')
         return self.get_instance__sync(app_name)
 
-    @api_method(AppDeleteArgs, AppDeleteResult, roles=['APPS_WRITE'])
+    @api_method(
+        AppDeleteArgs, AppDeleteResult,
+        audit='App: Deleting',
+        audit_extended=lambda app_name, options=None: app_name,
+        roles=['APPS_WRITE']
+    )
     @job(lock=lambda args: f'app_delete_{args[0]}')
     def do_delete(self, job, app_name, options):
         """

src/middlewared/middlewared/plugins/apps/pull_images.py

@@ -28,7 +28,12 @@ async def outdated_docker_images(self, app_name):
 
         return images
 
-    @api_method(AppPullImagesArgs, AppPullImagesResult, roles=['APPS_WRITE'])
+    @api_method(
+        AppPullImagesArgs, AppPullImagesResult,
+        audit='App: Pulling Images for',
+        audit_extended=lambda app_name, options=None: app_name,
+        roles=['APPS_WRITE']
+    )
     @job(lock=lambda args: f'pull_images_{args[0]}')
     def pull_images(self, job, app_name, options):
         """

src/middlewared/middlewared/plugins/apps/rollback.py

@@ -17,7 +17,12 @@ class Config:
         namespace = 'app'
         cli_namespace = 'app'
 
-    @api_method(AppRollbackArgs, AppRollbackResult, roles=['APPS_WRITE'])
+    @api_method(
+        AppRollbackArgs, AppRollbackResult,
+        audit='App: Rollback',
+        audit_extended=lambda app_name, options: app_name,
+        roles=['APPS_WRITE']
+    )
     @job(lock=lambda args: f'app_rollback_{args[0]}')
     def rollback(self, job, app_name, options):
         """

src/middlewared/middlewared/plugins/apps/upgrade.py

@@ -19,7 +19,12 @@ class Config:
         namespace = 'app'
         cli_namespace = 'app'
 
-    @api_method(AppUpgradeArgs, AppUpgradeResult, roles=['APPS_WRITE'])
+    @api_method(
+        AppUpgradeArgs, AppUpgradeResult,
+        audit='App: Upgrading',
+        audit_extended=lambda app_name, options=None: app_name,
+        roles=['APPS_WRITE']
+    )
     @job(lock=lambda args: f'app_upgrade_{args[0]}')
     def upgrade(self, job, app_name, options):
         """

src/middlewared/middlewared/plugins/docker/backup.py

@@ -26,7 +26,12 @@ class DockerService(Service):
     class Config:
         cli_namespace = 'app.docker'
 
-    @api_method(DockerBackupArgs, DockerBackupResult, roles=['DOCKER_WRITE'])
+    @api_method(
+        DockerBackupArgs, DockerBackupResult,
+        audit='Docker: Backup',
+        audit_extended=lambda backup_name: backup_name,
+        roles=['DOCKER_WRITE']
+    )
     @job(lock='docker_backup')
     def backup(self, job, backup_name):
         """
@@ -114,7 +119,12 @@ def list_backups(self):
 
         return backups
 
-    @api_method(DockerDeleteBackupArgs, DockerDeleteBackupResult, roles=['DOCKER_WRITE'])
+    @api_method(
+        DockerDeleteBackupArgs, DockerDeleteBackupResult,
+        audit='Docker: Deleting Backup',
+        audit_extended=lambda backup_name: backup_name,
+        roles=['DOCKER_WRITE']
+    )
     def delete_backup(self, backup_name):
         """
         Delete `backup_name` app backup.

src/middlewared/middlewared/plugins/docker/restore_backup.py

@@ -17,7 +17,12 @@ class DockerService(Service):
     class Config:
         cli_namespace = 'app.docker'
 
-    @api_method(DockerRestoreBackupArgs, DockerRestoreBackupResult, roles=['DOCKER_WRITE'])
+    @api_method(
+        DockerRestoreBackupArgs, DockerRestoreBackupResult,
+        audit='Docker: Restoring Backup',
+        audit_extended=lambda backup_name: backup_name,
+        roles=['DOCKER_WRITE']
+    )
     @job(lock='docker_restore_backup')
     def restore_backup(self, job, backup_name):
         """

src/middlewared/middlewared/plugins/docker/update.py

@@ -47,7 +47,7 @@ async def config_extend(self, data):
         data['dataset'] = applications_ds_name(data['pool']) if data.get('pool') else None
         return data
 
-    @api_method(DockerUpdateArgs, DockerUpdateResult)
+    @api_method(DockerUpdateArgs, DockerUpdateResult, audit='Docker: Updating Configurations')
     @job(lock='docker_update')
     async def do_update(self, job, data):
         """