From ad5d26f08afe2df7537a2cdc92decfb0d77c9aff Mon Sep 17 00:00:00 2001
From: dthomson25 <dthomson25@gmail.com>
Date: Tue, 9 Apr 2019 09:57:22 -0600
Subject: [PATCH] Add patch audit (#1416)

* Add auditing to patching commands

* Omit Patch Resource logs to prevent secret leaks
---
 server/application/application.go | 3 +++
 server/server.go                  | 1 +
 2 files changed, 4 insertions(+)

diff --git a/server/application/application.go b/server/application/application.go
index 4d32de0f83..ded155160d 100644
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -361,6 +361,8 @@ func (s *Server) Patch(ctx context.Context, q *ApplicationPatchRequest) (*appv1.
 		return nil, err
 	}
 
+	s.logEvent(app, ctx, argo.EventReasonResourceUpdated, fmt.Sprintf("patched application %s/%s",app.Namespace, app.Name))
+
 	err = json.Unmarshal(patchApp, &app)
 	if err != nil {
 		return nil, err
@@ -616,6 +618,7 @@ func (s *Server) PatchResource(ctx context.Context, q *ApplicationResourcePatchR
 	if err != nil {
 		return nil, err
 	}
+	s.logEvent(a, ctx, argo.EventReasonResourceUpdated, fmt.Sprintf("patched resource %s/%s '%s'", q.Group, q.Kind, q.ResourceName))
 	return &ApplicationResourceResponse{
 		Manifest: string(data),
 	}, nil
diff --git a/server/server.go b/server/server.go
index be276946f5..ac60a87f86 100644
--- a/server/server.go
+++ b/server/server.go
@@ -377,6 +377,7 @@ func (a *ArgoCDServer) newGRPCServer() *grpc.Server {
 		"/account.AccountService/UpdatePassword": true,
 		"/repository.RepositoryService/Create":   true,
 		"/repository.RepositoryService/Update":   true,
+		"/application.ApplicationService/PatchResource":   true,
 	}
 	// NOTE: notice we do not configure the gRPC server here with TLS (e.g. grpc.Creds(creds))
 	// This is because TLS handshaking occurs in cmux handling