From 906b072e53baacc1e965879d88f0bd9c1a80c7a6 Mon Sep 17 00:00:00 2001 From: shirady <57721533+shirady@users.noreply.github.com> Date: Tue, 9 Dec 2025 14:56:43 +0200 Subject: [PATCH] IAM | Add Events Signed-off-by: shirady <57721533+shirady@users.noreply.github.com> --- src/server/system_services/account_server.js | 36 +++++++++++++++++--- src/util/account_util.js | 7 ++++ 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/src/server/system_services/account_server.js b/src/server/system_services/account_server.js index 2bfa536412..3e21732505 100644 --- a/src/server/system_services/account_server.js +++ b/src/server/system_services/account_server.js @@ -1261,6 +1261,16 @@ async function update_user(req) { } }); + const sys_id = account_util.get_system_id_for_events(req); + Dispatcher.instance().activity({ + event: 'account.update', + level: 'info', + system: sys_id, + actor: requesting_account._id, + account: requested_account._id, + desc: `${requested_account.email.unwrap()} was updated by ${requesting_account.email.unwrap()}`, + }); + return { iam_path: iam_path || IAM_DEFAULT_PATH, username: user_name, @@ -1279,11 +1289,7 @@ async function delete_user(req) { account_util._check_if_requested_account_is_root_account_or_IAM_user(action, requesting_account, requested_account); account_util._check_if_requested_is_owned_by_root_account(action, requesting_account, requested_account); account_util._check_if_user_does_not_have_resources_before_deletion(action, requested_account); - const delete_user_info = { - system: system_store.data.systems[0], - account: requested_account, - }; - return account_util.delete_account(delete_user_info, requested_account); + return account_util.delete_account(req, requested_account); } async function list_users(req) { @@ -1384,6 +1390,16 @@ async function update_access_key(req) { }] } }); + + const sys_id = account_util.get_system_id_for_events(req); + Dispatcher.instance().activity({ + event: 'account.update_credentials', + level: 'info', + system: sys_id, + actor: requesting_account._id, + account: requested_account._id, + desc: `Credentials for ${requested_account.email.unwrap()} were updated by ${requesting_account.email.unwrap()}`, + }); } async function get_access_key_last_used(req) { @@ -1423,6 +1439,16 @@ async function delete_access_key(req) { }] } }); + + const sys_id = account_util.get_system_id_for_events(req); + Dispatcher.instance().activity({ + event: 'account.delete_credentials', + level: 'info', + system: sys_id, + actor: requesting_account._id, + account: requested_account._id, + desc: `Credentials for ${requested_account.email.unwrap()} were deleted by ${requesting_account.email.unwrap()}`, + }); } async function tag_user(req) { diff --git a/src/util/account_util.js b/src/util/account_util.js index 572337665b..e9a8e3c702 100644 --- a/src/util/account_util.js +++ b/src/util/account_util.js @@ -773,6 +773,12 @@ function get_sorted_list_tags_for_user(user_tagging) { })); } +function get_system_id_for_events(req) { + const sys_id = req.rpc_params.new_system_parameters ? + system_store.parse_system_store_id(req.rpc_params.new_system_parameters.new_system_id) : + req.system && req.system._id; + return sys_id; +} exports.delete_account = delete_account; exports.create_account = create_account; @@ -801,3 +807,4 @@ exports.return_list_member = return_list_member; exports.get_owner_account_id = get_owner_account_id; exports.get_sorted_list_tags_for_user = get_sorted_list_tags_for_user; exports._check_if_iam_user_belongs_to_account_owner_by_access_key = _check_if_iam_user_belongs_to_account_owner_by_access_key; +exports.get_system_id_for_events = get_system_id_for_events;