Add additional audit logs

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayJMSMessageListener.java

@@ -244,18 +244,23 @@ public void run() {
         } else if (EventType.REMOVE_APPLICATION_KEYMAPPING.toString().equals(eventType)) {
             ApplicationRegistrationEvent event = new Gson().fromJson(eventJson, ApplicationRegistrationEvent.class);
             ServiceReferenceHolder.getInstance().getKeyManagerDataService().removeApplicationKeyMapping(event);
-        } else if (EventType.SCOPE_CREATE.toString().equals(eventType)) {
-            ScopeEvent event = new Gson().fromJson(eventJson, ScopeEvent.class);
-            ServiceReferenceHolder.getInstance().getKeyManagerDataService().addScope(event);
-        } else if (EventType.SCOPE_UPDATE.toString().equals(eventType)) {
+        } else if (EventType.SCOPE_CREATE.toString().equals(eventType) ||
+                EventType.SCOPE_UPDATE.toString().equals(eventType)) {
             ScopeEvent event = new Gson().fromJson(eventJson, ScopeEvent.class);
             ServiceReferenceHolder.getInstance().getKeyManagerDataService().addScope(event);
+            APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, event.getName() + ": " + eventType,
+                    APIConstants.AuditLogConstants.DEPLOYED,
+                    APIConstants.AuditLogConstants.SYSTEM + ": " + event.getTenantDomain());
         } else if (EventType.SCOPE_DELETE.toString().equals(eventType)) {
             ScopeEvent event = new Gson().fromJson(eventJson, ScopeEvent.class);
             ServiceReferenceHolder.getInstance().getKeyManagerDataService().deleteScope(event);
+            APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, event.getName() + ": " + eventType,
+                    APIConstants.AuditLogConstants.DEPLOYED,
+                    APIConstants.AuditLogConstants.SYSTEM + ": " + event.getTenantDomain());
         } else if (EventType.POLICY_CREATE.toString().equals(eventType) ||
-                EventType.POLICY_DELETE.toString().equals(eventType) ||
-                EventType.POLICY_UPDATE.toString().equals(eventType)) {
+            EventType.POLICY_DELETE.toString().equals(eventType) ||
+            EventType.POLICY_UPDATE.toString().equals(eventType)) {
+            String policyName = null;
             PolicyEvent event = new Gson().fromJson(eventJson, PolicyEvent.class);
             boolean updatePolicy = false;
             boolean deletePolicy = false;
@@ -274,6 +279,7 @@ public void run() {
                     ServiceReferenceHolder.getInstance().getKeyManagerDataService()
                             .removeAPIPolicy(policyEvent);
                 }
+                policyName = policyEvent.getPolicyName();
             } else if (event.getPolicyType() == PolicyType.SUBSCRIPTION) {
                 SubscriptionPolicyEvent policyEvent = new Gson().fromJson(eventJson, SubscriptionPolicyEvent.class);
                 if (updatePolicy) {
@@ -283,6 +289,7 @@ public void run() {
                     ServiceReferenceHolder.getInstance().getKeyManagerDataService()
                             .removeSubscriptionPolicy(policyEvent);
                 }
+                policyName = policyEvent.getPolicyName();
             } else if (event.getPolicyType() == PolicyType.APPLICATION) {
                 ApplicationPolicyEvent policyEvent = new Gson().fromJson(eventJson, ApplicationPolicyEvent.class);
                 if (updatePolicy) {
@@ -292,7 +299,11 @@ public void run() {
                     ServiceReferenceHolder.getInstance().getKeyManagerDataService()
                             .removeApplicationPolicy(policyEvent);
                 }
+                policyName = policyEvent.getPolicyName();
             }
+            APIUtil.logAuditMessage(event.getPolicyType().toString(), policyName + ": " + eventType,
+                    APIConstants.AuditLogConstants.DEPLOYED,
+                    APIConstants.AuditLogConstants.SYSTEM + ": " + event.getTenantDomain());
         } else if (EventType.ENDPOINT_CERTIFICATE_ADD.toString().equals(eventType) ||
                 EventType.ENDPOINT_CERTIFICATE_REMOVE.toString().equals(eventType)) {
             CertificateEvent certificateEvent = new Gson().fromJson(eventJson, CertificateEvent.class);

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/service/APIGatewayAdmin.java

@@ -39,6 +39,7 @@
 import org.wso2.carbon.apimgt.impl.APIConstants;
 import org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManager;
 import org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl;
+import org.wso2.carbon.apimgt.impl.utils.APIUtil;
 import org.wso2.carbon.rest.api.APIData;
 import org.wso2.carbon.rest.api.ResourceData;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
@@ -753,6 +754,9 @@ public boolean deployAPI(GatewayAPIDTO gatewayAPIDTO) throws AxisFault {
                 } else {
                     sequenceAdminServiceProxy.addSequence(element);
                 }
+                APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, sequence.getName(),
+                        APIConstants.AuditLogConstants.DEPLOYED, APIConstants.AuditLogConstants.SYSTEM +
+                                ": " + gatewayAPIDTO.getTenantDomain());
             }
         }
 
@@ -763,6 +767,9 @@ public boolean deployAPI(GatewayAPIDTO gatewayAPIDTO) throws AxisFault {
         // Add API
         if (StringUtils.isNotEmpty(gatewayAPIDTO.getApiDefinition())) {
             restapiAdminServiceProxy.addApi(gatewayAPIDTO.getApiDefinition());
+            APIUtil.logAuditMessage(APIConstants.AuditLogConstants.API, gatewayAPIDTO.getApiId(),
+                    APIConstants.AuditLogConstants.DEPLOYED, APIConstants.AuditLogConstants.SYSTEM +
+                            ": " + gatewayAPIDTO.getTenantDomain());
         }
         if (log.isDebugEnabled()) {
             log.debug(gatewayAPIDTO.getName() + ":" + gatewayAPIDTO.getVersion() + " API Definition deployed");
@@ -804,6 +811,9 @@ private void unDeployAPI(SequenceAdminServiceProxy sequenceAdminServiceProxy,
                 gatewayAPIDTO.getName(), gatewayAPIDTO.getVersion());
         if (restapiAdminServiceProxy.getApi(qualifiedName) != null) {
             restapiAdminServiceProxy.deleteApi(qualifiedName);
+            APIUtil.logAuditMessage(APIConstants.AuditLogConstants.API, gatewayAPIDTO.getApiId(),
+                    APIConstants.AuditLogConstants.UNDEPLOYED, APIConstants.AuditLogConstants.SYSTEM +
+                            ": " + gatewayAPIDTO.getTenantDomain());
         }
         if (log.isDebugEnabled()) {
             log.debug(gatewayAPIDTO.getName() + ":" + gatewayAPIDTO.getVersion() + " API Definition undeployed " +
@@ -816,6 +826,9 @@ private void unDeployAPI(SequenceAdminServiceProxy sequenceAdminServiceProxy,
             for (String sequenceName : gatewayAPIDTO.getSequencesToBeRemove()) {
                 if (sequenceAdminServiceProxy.isExistingSequence(sequenceName)) {
                     sequenceAdminServiceProxy.deleteSequence(sequenceName);
+                    APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, sequenceName,
+                            APIConstants.AuditLogConstants.UNDEPLOYED,
+                            APIConstants.AuditLogConstants.SYSTEM + ": " + gatewayAPIDTO.getTenantDomain());
                 }
             }
         }

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java

@@ -2020,9 +2020,12 @@ public static class AuditLogConstants {
         public static final String CREATED = "created";
         public static final String UPDATED = "updated";
         public static final String DELETED = "deleted";
+        public static final String DEPLOYED = "deployed";
+        public static final String UNDEPLOYED = "undeployed";
         public static final String LIFECYCLE_CHANGED = "lifecycle-changed";
 
         public static final String API = "API";
+        public static final String SYSTEM = "SYSTEM";
         public static final String ORGANIZATION = "Organization";
         public static final String API_PRODUCT = "APIProduct";
         public static final String APPLICATION = "Application";
@@ -2031,6 +2034,7 @@ public static class AuditLogConstants {
 
         public static final String NAME = "name";
         public static final String SCOPE = "scope";
+        public static final String OPERATION_POLICY = "operation_policy";
         public static final String VERSION = "version";
         public static final String CONTEXT = "context";
         public static final String PROVIDER = "provider";

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java

@@ -528,6 +528,10 @@ private void addLocalScopes(String apiName, Set<URITemplate> uriTemplates, Strin
         Map<String, KeyManagerDto> tenantKeyManagers = KeyManagerHolder.getTenantKeyManagers(tenantDomain);
         //Get the local scopes set to register for the API from URI templates
         Set<Scope> scopesToRegister = getScopesToRegisterFromURITemplates(apiName, organization, uriTemplates);
+        if (scopesToRegister.isEmpty()) {
+            // We return since there is no scope to be registered.
+            return;
+        }
         //Register scopes
         for (Scope scope : scopesToRegister) {
             for (Map.Entry<String, KeyManagerDto> keyManagerDtoEntry : tenantKeyManagers.entrySet()) {
@@ -4900,10 +4904,10 @@ public List<APIResource> getRemovedProductResources(Set<URITemplate> updatedUriT
     private void addScopes(Set<Scope> scopes, int tenantId) throws APIManagementException {
 
         if (scopes != null) {
-            scopesDAO.addScopes(scopes, tenantId);
-            APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, APIUtil
-                            .getScopesAsString(scopes), APIConstants.AuditLogConstants.CREATED,
-                    this.username);
+            if(scopesDAO.addScopes(scopes, tenantId)) {
+                APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, APIUtil
+                                .getScopesAsString(scopes), APIConstants.AuditLogConstants.CREATED, this.username);
+            }
             for (Scope scope : scopes) {
                 ScopeEvent scopeEvent = new ScopeEvent(UUID.randomUUID().toString(),
                         System.currentTimeMillis(), APIConstants.EventType.SCOPE_CREATE.name(), tenantId,
@@ -4920,9 +4924,10 @@ private void addScopes(Set<Scope> scopes, int tenantId) throws APIManagementExce
     private void updateScope(Scope scope, int tenantId) throws APIManagementException {
 
         if (scope != null) {
-            scopesDAO.updateScope(scope, tenantId);
-            APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scope.getKey(),
-                    APIConstants.AuditLogConstants.UPDATED, this.username);
+            if (scopesDAO.updateScope(scope, tenantId)) {
+                APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scope.getKey(),
+                        APIConstants.AuditLogConstants.UPDATED, this.username);
+            }
             ScopeEvent scopeEvent = new ScopeEvent(UUID.randomUUID().toString(),
                     System.currentTimeMillis(), APIConstants.EventType.SCOPE_UPDATE.name(), tenantId,
                     tenantDomain, scope.getKey(), scope.getName(), scope.getDescription());
@@ -4936,9 +4941,10 @@ private void updateScope(Scope scope, int tenantId) throws APIManagementExceptio
     private void deleteScope(String scopeKey, int tenantId) throws APIManagementException {
 
         if (StringUtils.isNotEmpty(scopeKey)) {
-            scopesDAO.deleteScope(scopeKey, tenantId);
-            APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scopeKey,
-                    APIConstants.AuditLogConstants.DELETED, this.username);
+            if(scopesDAO.deleteScope(scopeKey, tenantId)) {
+                APIUtil.logAuditMessage(APIConstants.AuditLogConstants.SCOPE, scopeKey,
+                        APIConstants.AuditLogConstants.DELETED, this.username);
+            }
             ScopeEvent scopeEvent = new ScopeEvent(UUID.randomUUID().toString(),
                     System.currentTimeMillis(), APIConstants.EventType.SCOPE_DELETE.name(), tenantId,
                     tenantDomain, scopeKey, null, null);

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java

@@ -1971,6 +1971,8 @@ public Response addAPISpecificOperationPolicy(String apiId, InputStream policySp
                         log.debug("An API specific operation policy has been added for the API " + apiId +
                                 " with id " + policyID);
                     }
+                    APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, policyID,
+                            APIConstants.AuditLogConstants.CREATED, RestApiCommonUtil.getLoggedInUsername());
                 } else {
                     throw new APIManagementException("An API specific operation policy found for the same name.");
                 }
@@ -2152,6 +2154,8 @@ public Response deleteAPISpecificOperationPolicyByPolicyId(String apiId, String
                     log.debug("The operation policy " + operationPolicyId + " has been deleted from the the API "
                             + apiId);
                 }
+                APIUtil.logAuditMessage(APIConstants.AuditLogConstants.OPERATION_POLICY, operationPolicyId,
+                        APIConstants.AuditLogConstants.DELETED, RestApiCommonUtil.getLoggedInUsername());
                 return Response.ok().build();
             } else {
                 throw new APIMgtResourceNotFoundException("Couldn't retrieve an existing operation policy with ID: "