-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WFLY-456 Audit Logging #4889
WFLY-456 Audit Logging #4889
Conversation
Build 350 is now running using a merge of 7c82717b4aa901150fe9d1e69146e30103848406 |
I stopped build 350 since I force pushed a rebase onto brian's rbac stuff |
Retest this please! |
Build 351 is now running using a merge of cf0efe1b5c9319477d2225357ead65f51cc3dbda |
For stuff like ServerSecurityManager that's been repackaged and that was public API, we need a compatibility solution. Since controller depends on core-security, for ServerSecurityManager that could just be a deprecated subclass. This is more critical for the port to EAP 6, but might as well do it in WF 8 both to provide proper deprecation and to make the EAP port easier. I haven't looked into whether other classes than ServerSecurityManager are relevant. |
Build 351 outcome was FAILURE using a merge of cf0efe1b5c9319477d2225357ead65f51cc3dbda Failed tests
|
Build 362 is now running using a merge of 2a3c5be303a1cec7cab95a71c0709007304df38e I stopped this one since it would have failed |
Build 363 is now running using a merge of 837239de40d79fa077790322401793032795b8c8 |
Build 363 outcome was FAILURE using a merge of 837239de40d79fa077790322401793032795b8c8 Failed tests
|
Just a general question on the audit logging. Is there anything we could do in the logmanager to help with audit logging? |
Build 379 is now running using a merge of f5321304d41026c4dc56893081a46da4dc553264 |
Build 379 outcome was FAILURE using a merge of f5321304d41026c4dc56893081a46da4dc553264 Failed tests
|
Build 380 is now running using a merge of 2b72eda0015958806e492dd9ffdcbedbc7c9148f |
Build 380 outcome was FAILURE using a merge of 2b72eda0015958806e492dd9ffdcbedbc7c9148f Failed tests
|
Build 385 is now running using a merge of 6b8a3f19a4ca38260ce9b416cc37d2daa0778143 |
Build 385 outcome was FAILURE using a merge of 6b8a3f19a4ca38260ce9b416cc37d2daa0778143 Failed tests
|
Build 387 is now running using a merge of 27eae07a46538bcf615b219395551144766a0f45 |
Build 387 outcome was FAILURE using a merge of 27eae07a46538bcf615b219395551144766a0f45 Failed tests
|
…x is null. Fix bug undefining ApplicationTypeConfig.configuredApplication
…ect.ADDRESS for attributes
…ect.ADDRESS for operations
…dd/remove operations. Also update the operations to fail if inconsistent runtime state is detected. It should not be possible for the runtime state to be out of synch as the model is always updated first - however if it was detected that it is out of synch the only option is to restart the server. Also minor test update, we never added the role so should not be removing it.
Retest this please! |
Build 395 is now running using a merge of dedeb28a587c1d2b22f542716d0ab9a23f83f132 |
Build 197 is now running using a merge of dedeb28a587c1d2b22f542716d0ab9a23f83f132 |
Build 197 outcome was FAILURE using a merge of dedeb28a587c1d2b22f542716d0ab9a23f83f132 |
Build 395 outcome was SUCCESS using a merge of dedeb28a587c1d2b22f542716d0ab9a23f83f132 |
…s changed so much [WFLY-456] Minor OperationContext impl cleanups [WFLY-456] Bring in John Bailey's audit log classes [WFLY-456] Add real audit loggers into the model controllers; integrate management handlers [WFLY-456] Log the full set of information [WFLY-456] Fix problems from rebase [WFLY-456] Use SecurityContext when invoking JMX methods via remoting [WFLY-456] Move core security classes into own module [WFLY-456] Rework things and make the controller logger work [WFLY-456] Include the access mechanism in the log, move some more classes to core-security [WFLY-456] Make audit logger available to JMX [WFLY-456] Pluggable MBeanServer delegate to audit logger, and loads of exception handling [WFLY-456] Jmx audit log proxy [WFLY-456] Separate the configuration for the core controller and jmx audit logs [WFLY-456] Set the booting flag in the jmx layer [WFLY-456] Integrate audit logging resource and ops into JMX extension so it can be configured there [WFLY-456] Correct copyright notices in my new files [WFLY-456] fix problems from rebase [WFLY-456] Get rid of the original hashing implementation [WFLY-456] Add missing originalResultTxControl from rebase [WFLY-456] Add config for appenders [WFLY-456] Basic file appender and json formatter. The output needs cleaning up and everything is currently hardcoded [WFLY-456] Back up the previous log file. Basic syslog appender (awaiting the improved logmanager SyslogHandler) [WFLY-456] Use the org.wildfly:wildfly-xxx names. Start configuring file appenders [WFLY-456] Configure model for syslog appender [WFLY-456] Log audit log records for ParallelBootOperationContext and ReadOnlyContext [WFLY-456] Make whether to log on boot configurable [WFLY-456] Be able to add/remove appender references at runtime and update the appenders at runtime [WFLY-456] Add boot-log to jmx audit-log as well and update xsd's for both core and jmx [WFLY-456] Make additive changes to appenders take effect right away, and delay changes/removals until the current audit record has been written [WFLY-456] Add schema support and parsing for managed server path overrides, and clean up the handlers [WFLY-456] Use 'handler' rather than 'appender' [WFLY-456] Pass in audit log operations to managed servers on boot [WFLY-456] Separate handler chains for host and managed server audit logs [WFLY-456] i18n and get rid of code no longer needed [WFLY-456] Fix problems from rebase, revisit security after moved WildFlySecurityManager [WFLY-456] Flesh out the syslog handler, tried with UDP [WFLY-456] Start testing the handlers and ops [WFLY-456] Set up proper syslog host and app names [WFLY-456] More tests [WFLY-456] Complete renaming appender->handler. Really [WFLY-456] Nicer separate configuration for JMX [WFLY-456] Better testing for enabled and log-read-only audit log write attribute handlers [WFLY-456] Separate handlers for JMX subsystem audit logging, and tests [WFLY-456] Maintan a failure count per appender [WFLY-456] Configure the json formatter and reference from the audit log handlers Expose 'max-length' and 'truncate' for the syslog handler [WFLY-456] Make audit logging work in admin-only mode Fix bug not enabling the appender in domain mode [WFLY-456] Fixes to tls syslog handler having tried it out against rsyslog [WFLY-456] don't enable log by default [WFLY-456] Test jmx audit log transformation [WFLY-456] Test audit logging in testsuite [WFLY-456] Move new i18n bits into domain-management, rather than using the ones from controller [WFLY-456] Recycle handler operation, make max-failure-count configurable per handler, expose runtime attributes for handler failure counts [WFLY-456] Use strings instead of byte[] for the formatters for now. We can revisit the byte[] part if more tamper detecting formatters are used in the future [WFLY-456] Use platform independent line terminator [WFLY-456] Changes to work with latest logmanager following a squash
Bump up jmx subsystem to 2.0 Better syncing of writing in FileAuditLogHandler Various other small fixes
TODO to populate the subject higher up the chain https://issues.jboss.org/browse/WFLY-1852 Missing copyright notices Implement MBeanServerAuditLogger.shouldLog()
…moting into the http management server module
It is needed for JmxAuditLogHandlerTestCase (which also sets it) so if it runs after the tests creating an mbean server we are in trouble
merged |
DO NOT MERGE UNTIL #4884 has been merged, only my last commit (or more if some work needed) belong to this. The rest come from #4884. I figured that these need to go in at the same time, so I rebased on Brian's rbac work to avoid conflicts once one or the other was merged first.