Skip to content

/ graylog2-server

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactoring of audit events #2687

Merged
merged 42 commits into from Aug 18, 2016
Merged

Refactoring of audit events #2687

merged 42 commits into from Aug 18, 2016

Conversation

@bernd
Copy link
Member

@bernd bernd commented Aug 15, 2016

Description

  • Merge audit object and action into action
  • Create constants for each audit action
  • Create PluginAuditActions interface to make audit actions pluggable
  • Rename AuditLog annotation to the more generic AuditEvent
  • Enable captureRequestEntity and captureResponseEntity by default in AuditEvent
  • Create excludedFields in AuditEvent to make it possible to skip fields like passwords in the audit trail
  • Add test to check that all REST resources annotated with POST, PUT or DELETE also have an
    AuditEvent annotation or a NoAuditEvent annotation if they should not be included in the audit trail
  • Add Jersey model processor to check that all loaded REST resources annotated with POST, PUT and DELETE have a AuditEvent or NoAuditEvent annotation
  • Add missing AuditEvent annotations to REST resources
  • Remove now unused Actions class
  • Rename AuditLogger interface to the more generic AuditEventSender
  • Rename auditlog package to audit
  • Use URNs for audit actors

Motivation and Context

  • Make it possible to iterate over all existing audit actions
  • Ensure that all REST resources which change state have an @AuditEvent annotation
  • Unify audit actions
  • More generic naming
@bernd bernd added this to the 2.1.0 milestone Aug 15, 2016
@bernd
Copy link
Member Author

@bernd bernd commented Aug 15, 2016

Sorry, long PR is long... 😕
@kroepke kroepke self-assigned this Aug 16, 2016
@bernd bernd removed the ready-for-review label Aug 16, 2016
@bernd bernd force-pushed the refactor-audit-events branch 2 times, most recently from 90bd9cc to f978611 Aug 16, 2016
bernd added 23 commits Aug 13, 2016
@bernd
Add PluginAuditActions interface and binding helpers
88afcc6
@bernd
Add and bind AuditActions
6e2979e
@bernd
Rename AuditEventBindings to AuditBindings
910bdce
@bernd
Refactor AuditLog annotation
4e66c24 
- Replace `object` and `action` with just `action`
- Create constants for all actions
- Rename `subject` to `actor`
- Add `excludedFields` field
- Capture request and response entities by default

This also adds some missing `@AuditLog` annotations to resources.
@bernd
Add test to check if all POST, PUT and DELETE resources are annotated
689dd71 
Also add `NoAuditEvent` annotation to be able to exclude some resources
from the test.
@bernd
Add missing audit and not audit annotations
67921aa
@bernd
Add model processor to check REST resources for audit annotations
051edff 
If a POST, PUT or DELETE resource does not have an audit annotation, a
warning will be written.
@bernd
Rename AuditLog annotation to AuditEvent
53cbbf7
@bernd
Remove unused Actions class
4f16dfc
@bernd
Rename AuditLogger to AuditEventSender
2a2dbd6
@bernd
Rename auditlog package to audit
2886554
@bernd
Rename remaining auditLog* to auditEvent*
98de4de
@bernd
Use URNs for audit actors
a1f7542 
This makes it possible to differentiate between users and the system.
@bernd
Better log messages in AuditEventModelProcessor
429eb10 
Create a more use friendly WARN message and a DEBUG that is useful for
developers.
@bernd
Hook up AuditBindings
399cd05
@bernd
Check that there are no unregistered audit log actions
8b0dee5 
On startup and in tests.
@bernd
Add missing license header
966137c
@bernd
Improve unregistered audit action warning
3e7a7e4
@bernd
Return to empty array for AuditEvent#excludeFields
a65d2a5
@bernd
Only trigger ES_INDEX_RANGE_DELETE audit event if something gets deleted
cd5734a
@bernd
Trigger SYSTEM_NOTIFICATION_DELETE on notification delete
82ad79f
@bernd
Wait 120 sec before checking the running inputs
d045164 
Avoids a system notification on every server startup.
@bernd
Rename audit actions to audit event types
adf73a7
bernd added 14 commits Aug 16, 2016
@bernd
Remove excludeFields field from AuditEvent annotation
62297ee
@bernd
Change variable name in interface from action to type
c8f483b
@bernd
Refactor AuditActor
619f366 
- `.system()` now takes a NodeId object
- Change URN usage
@bernd
Change actor type from String to AuditActor
544c13b
@bernd
Create AuditEventType object
acd6cfb
@bernd
Create test for AuditActor
31e9a63
@bernd
Use AuditEventType instead of String as audit event type
43a1266
@bernd
Add test to check for invalid AuditEventType strings
3b5b156
@bernd
Mock NodeId instead of trying to create one with an empty string
b6a74e7
@bernd
Check that all audit types are exported
afaef46
@bernd
Add AuditEventFormatter and FormattedAuditEvent interfaces
679d748
@bernd
Move audit related bindings from ServerModule to AuditBindings
2841890
@bernd
Add NullAuditEventFormatter binding to avoid binding errors
8034bb1 
Without this guice will throw an error during startup because there is
no implementation binding for AuditEventFormatter.
@bernd
Move audit related method up to the other audit methods
Loading status checks…
06f99a1
@bernd bernd force-pushed the refactor-audit-events branch from bc8f430 to 06f99a1 Aug 17, 2016
@bernd
Extend FormattedAuditEvent documentation
Loading status checks…
6e601a0
graylog2-server/src/main/java/org/graylog2/audit/jersey/AuditEventModelProcessor.java
/**
* Checks all POST, PUT and DELETE resource methods for {@link AuditEvent} annotations and reports missing ones.
*
* It does not report methods which have a {@link NoAuditEvent} annotation.

This comment has been minimized.

Sign in to view
@kroepke

kroepke Aug 18, 2016
Member

I would report @NoAuditEvent annotations that use an empty string here, but that's nitpicking.
graylog2-server/src/main/java/org/graylog2/audit/AuditEventSender.java Outdated

void success(String subject, String action, String object, Map<String, Object> context);
void success(AuditActor actor, AuditEventType type, Map<String, Object> context);

This comment has been minimized.

Sign in to view
@kroepke

kroepke Aug 18, 2016
Member

I'd add a couple of convenience methods here, to make the call sites a bit more concise:

With

default void success(String actor, String type, Map<String, Object> context) {
    success(AuditActor.user(actor), AuditEventType.create(type), context);
}

it would be much easier to read on the call sites.

There are a couple of more options, too, such as allowing to append a varargs of Object pairs to implicitly create the map (or just a single String, Object pair)

This comment has been minimized.

Sign in to view
@bernd

bernd Aug 18, 2016
edited
Author Member

I can add a default method for success(AuditActor, String, Map<String, Object>). I would not create one with a String argument for AuditActor because there are two different methods (AuditActor.system(NodeId) and AuditActor.user(String) that do different things. So this can easily break.

Creating AuditEventType from a string is fine because AuditEventType.create() will throw an error if the string is not in the correct format.

default void success(AuditActor actor, String type, Map<String, Object> context) {
    success(actor, AuditEventType.create(type), context);
}
bernd added 4 commits Aug 18, 2016
@bernd
Add warning if NoAuditEvent annotation has an empty value
43fa0d1
@bernd
Create RestTools.getPathFromRestResource
5b71297 
Use this in AuditEventModelProcessor and PrintModelProcessor instead of
duplicating the code.
@bernd
Do not use Provider when not needed
6f2e8ee
@bernd
Implement convenience methods in AuditEventSender interface
Loading status checks…
234c64c 
Switch internal use to those new methods.
@bernd
Copy link
Member Author

@bernd bernd commented Aug 18, 2016

Addressed review comments.
@bernd
Copy link
Member Author

@bernd bernd commented Aug 18, 2016

Merging this on behalf of @kroepke who gave his "LGTM 👍" offline.
@bernd bernd merged commit 47d80be into master Aug 18, 2016
4 checks passed
4 checks passed
ci-server-integration Jenkins build graylog2-server-integration-pr 1300 has succeeded
Details
ci-web-linter Jenkins build graylog-pr-linter-check 783 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
@bernd bernd deleted the refactor-audit-events branch Aug 18, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kroepke kroepke

Labels
ready-for-review
Projects
None yet
Milestone
2.1.0
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
@bernd @kroepke