Improve the admin API

2025-07-13 12:04:33 +02:00
parent 746f809d28
commit 736dad748b
8 changed files with 201 additions and 14 deletions
--- a/packages/sshecret-admin/src/sshecret_admin/api/endpoints/audit.py
+++ b/packages/sshecret-admin/src/sshecret_admin/api/endpoints/audit.py
@ -0,0 +1,31 @@
+"""Audit API."""
+
+# pyright: reportUnusedFunction=false
+
+import logging
+from typing import Annotated
+from fastapi import APIRouter, Depends, Query, Security
+
+from sshecret_admin.core.dependencies import AdminDependencies
+from sshecret_admin.services import AdminBackend
+from sshecret_admin.services.models import AuditQueryFilter
+
+from sshecret.backend.models import AuditInfo, AuditListResult
+
+LOG = logging.getLogger(__name__)
+
+def create_router(dependencies: AdminDependencies) -> APIRouter:
+    """Create audit log API."""
+
+    app = APIRouter(dependencies=[Security(dependencies.get_current_active_user)])
+
+    @app.get("/audit/")
+    async def get_audit_log(
+        query_filter: Annotated[AuditQueryFilter, Query()],
+        admin: Annotated[AdminBackend, Depends(dependencies.get_admin_backend)],
+    ) -> AuditListResult:
+        """Query audit log."""
+        params = query_filter.model_dump(exclude_none=True, exclude_defaults=True)
+        return await admin.get_audit_log_detailed(**params)
+
+    return app
--- a/packages/sshecret-admin/src/sshecret_admin/api/endpoints/secrets.py
+++ b/packages/sshecret-admin/src/sshecret_admin/api/endpoints/secrets.py
@ -49,6 +49,7 @@ def create_router(dependencies: AdminDependencies) -> APIRouter:
            value=secret.get_secret(),
            clients=secret.clients,
            group=secret.group,
+            distinguisher=secret.client_distinguisher,
        )

    @app.get("/secrets/{name}")
@ -86,9 +87,10 @@ def create_router(dependencies: AdminDependencies) -> APIRouter:
    async def get_secret_groups(
        admin: Annotated[AdminBackend, Depends(dependencies.get_admin_backend)],
        filter_regex: Annotated[str | None, Query()] = None,
+        flat: bool = False,
    ) -> ClientSecretGroupList:
        """Get secret groups."""
-        result = await admin.get_secret_groups(filter_regex)
+        result = await admin.get_secret_groups(filter_regex, flat=flat)
        return result

    @app.get("/secrets/groups/{group_path:path}/")
@ -152,6 +154,19 @@ def create_router(dependencies: AdminDependencies) -> APIRouter:
            )
        return result

+    @app.delete("/secrets/group/{id}")
+    async def delete_group_id(
+        id: str,
+        admin: Annotated[AdminBackend, Depends(dependencies.get_admin_backend)],
+    ) -> None:
+        """Remove a group by ID."""
+        try:
+            await admin.delete_secret_group_by_id(id)
+        except InvalidGroupNameError:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND, detail="Group ID not found"
+            )
+
    @app.delete("/secrets/groups/{group_path:path}/")
    async def delete_secret_group(
        group_path: str,
--- a/packages/sshecret-admin/src/sshecret_admin/api/router.py
+++ b/packages/sshecret-admin/src/sshecret_admin/api/router.py
@ -17,7 +17,7 @@ from sshecret_admin.core.dependencies import BaseDependencies, AdminDependencies
 from sshecret_admin.auth import User, decode_token
 from sshecret_admin.auth.constants import LOCAL_ISSUER

-from .endpoints import auth, clients, secrets
+from .endpoints import audit, auth, clients, secrets

 LOG = logging.getLogger(__name__)

@ -112,6 +112,7 @@ def create_router(dependencies: BaseDependencies) -> APIRouter:

    LOG.debug("Registering sub-routers")

+    app.include_router(audit.create_router(endpoint_deps))
    app.include_router(auth.create_router(endpoint_deps))
    app.include_router(clients.create_router(endpoint_deps))
    app.include_router(secrets.create_router(endpoint_deps))