[icinga-checkins] icinga.org: icingaweb2-module-director/master: DirectorActivityLog: optionally log to file/syslog

git at icinga.org git at icinga.org
Wed Nov 2 18:41:07 CET 2016


Module: icingaweb2-module-director
Branch: master
Commit: 468a2719a7b4d3c25b4c9755a1c29810d74b685c
URL:    https://git.icinga.org/?p=icingaweb2-module-director.git;a=commit;h=468a2719a7b4d3c25b4c9755a1c29810d74b685c

Author: Thomas Gelf <thomas at gelf.net>
Date:   Wed Nov  2 18:40:43 2016 +0100

DirectorActivityLog: optionally log to file/syslog

fixes #12976

---

 application/forms/SettingsForm.php               |   21 +++++++++
 library/Director/Objects/DirectorActivityLog.php |   53 ++++++++++++++++------
 library/Director/Settings.php                    |    1 +
 3 files changed, 61 insertions(+), 14 deletions(-)

diff --git a/application/forms/SettingsForm.php b/application/forms/SettingsForm.php
index e9cbe16..a8b7486 100644
--- a/application/forms/SettingsForm.php
+++ b/application/forms/SettingsForm.php
@@ -60,6 +60,27 @@ class SettingsForm extends QuickForm
             $settings->getStoredValue('disable_all_jobs')
         );
 
+        $this->addElement('select', 'enable_audit_log', array(
+            'label'        => $this->translate('Enable audit log'),
+            'multiOptions' => $this->eventuallyConfiguredEnum(
+                'enable_audit_log',
+                array(
+                    'n' => $this->translate('No'),
+                    'y' => $this->translate('Yes'),
+                )
+            ),
+            'description'  => $this->translate(
+                'All changes are tracked in the Director database. In addition'
+                . ' you might also want to send an audit log through the Icinga'
+                . " Web 2 logging mechanism. That way all changes would be"
+                . ' written to either Syslog or the configured log file'
+            ),
+        ));
+
+        $this->getElement('disable_all_jobs')->setValue(
+            $settings->getStoredValue('disable_all_jobs')
+        );
+
         $this->addElement('select', 'config_format', array(
             'label'        => $this->translate('Configuration format'),
             'multiOptions' => $this->eventuallyConfiguredEnum(
diff --git a/library/Director/Objects/DirectorActivityLog.php b/library/Director/Objects/DirectorActivityLog.php
index bad6718..45454a0 100644
--- a/library/Director/Objects/DirectorActivityLog.php
+++ b/library/Director/Objects/DirectorActivityLog.php
@@ -7,6 +7,7 @@ use Icinga\Module\Director\Db;
 use Icinga\Module\Director\Util;
 use Icinga\Authentication\Auth;
 use Icinga\Application\Icinga;
+use Icinga\Application\Logger;
 
 class DirectorActivityLog extends DbObject
 {
@@ -30,7 +31,11 @@ class DirectorActivityLog extends DbObject
     );
 
     /**
+     * @param $name
+     *
      * @codingStandardsIgnoreStart
+     *
+     * @return self
      */
     protected function setObject_Name($name)
     {
@@ -64,56 +69,76 @@ class DirectorActivityLog extends DbObject
         return static::load($db->fetchOne($query), $connection);
     }
 
-    public static function logCreation(DbObject $object, Db $db)
+    public static function logCreation(IcingaObject $object, Db $db)
     {
+        // TODO: extend this to support non-IcingaObjects and multikey objects
+        $name = $object->getObjectName();
+        $type = $object->getTableName();
+        $newProps = $object->toJson(null, true);
         $data = array(
-            'object_name'     => $object->object_name,
+            'object_name'     => $name,
             'action_name'     => 'create',
             'author'          => self::username(),
-            'object_type'     => $object->getTableName(),
-            'new_properties'  => $object->toJson(null, true),
+            'object_type'     => $type,
+            'new_properties'  => $newProps,
             'change_time'     => date('Y-m-d H:i:s'), // TODO -> postgres!
             'parent_checksum' => $db->getLastActivityChecksum()
         );
 
         $data['checksum'] = sha1(json_encode($data), true);
         $data['parent_checksum'] = Util::hex2binary($data['parent_checksum']);
+        if ($db->settings()->enable_audit_log === 'y') {
+            Logger::info('(director) %s[%s] has been created: %s', $type, $name, $newProps);
+        }
         return self::create($data)->store($db);
     }
 
-    public static function logModification(DbObject $object, Db $db)
+    public static function logModification(IcingaObject $object, Db $db)
     {
+        $name = $object->getObjectName();
+        $type = $object->getTableName();
+        $oldProps = json_encode($object->getPlainUnmodifiedObject());
+        $newProps = $object->toJson(null, true);
         $data = array(
-            'object_name'     => $object->object_name,
+            'object_name'     => $name,
             'action_name'     => 'modify',
             'author'          => self::username(),
-            'object_type'     => $object->getTableName(),
-            'old_properties'  => json_encode($object->getPlainUnmodifiedObject()),
-            'new_properties'  => $object->toJson(null, true),
+            'object_type'     => $type,
+            'old_properties'  => $oldProps,
+            'new_properties'  => $newProps,
             'change_time'     => date('Y-m-d H:i:s'), // TODO -> postgres!
             'parent_checksum' => $db->getLastActivityChecksum()
         );
 
         $data['checksum'] = sha1(json_encode($data), true);
         $data['parent_checksum'] = Util::hex2binary($data['parent_checksum']);
+        if ($db->settings()->enable_audit_log === 'y') {
+            Logger::info('(director) %s[%s] has been modified from %s to %s', $type, $name, $oldProps, $newProps);
+        }
         return self::create($data)->store($db);
     }
 
-    public static function logRemoval(DbObject $object, Db $db)
+    public static function logRemoval(IcingaObject $object, Db $db)
     {
-        $plain = $object->getCachedUnmodifiedObject();
+        $name = $object->getObjectName();
+        $type = $object->getTableName();
+        $oldProps = json_encode($object->getPlainUnmodifiedObject());
+
         $data = array(
-            'object_name'     => $plain->object_name,
+            'object_name'     => $name,
             'action_name'     => 'delete',
             'author'          => self::username(),
-            'object_type'     => $object->getTableName(),
-            'old_properties'  => json_encode($plain),
+            'object_type'     => $type,
+            'old_properties'  => $oldProps,
             'change_time'     => date('Y-m-d H:i:s'), // TODO -> postgres!
             'parent_checksum' => $db->getLastActivityChecksum()
         );
 
         $data['checksum'] = sha1(json_encode($data), true);
         $data['parent_checksum'] = Util::hex2binary($data['parent_checksum']);
+        if ($db->settings()->enable_audit_log === 'y') {
+            Logger::info('(director) %s[%s] has been removed: %s', $type, $name, $oldProps);
+        }
         return self::create($data)->store($db);
     }
 }
diff --git a/library/Director/Settings.php b/library/Director/Settings.php
index 788e827..5fe19d5 100644
--- a/library/Director/Settings.php
+++ b/library/Director/Settings.php
@@ -17,6 +17,7 @@ class Settings
         'override_services_varname'      => '_override_servicevars',
         'override_services_templatename' => 'host var overrides (Director)',
         'disable_all_jobs'               => 'n', // 'y'
+        'enable_audit_log'               => 'n',
         // 'experimental_features'       => null, // 'allow'
         // 'master_zone'                 => null,
     );



More information about the icinga-checkins mailing list