Add better logging #15
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 4 commits
February 5, 2015 11:33
This function outputs SFLvault commands to JSON.
Log all commands that change the state of the database or send secrets to a user.
When with_groups is set, an accessible_services is added to the logged command. This variable keeps track of all the services that are available in the tree.
This parameter is only used to determine if the client will display the list of groups. However, it is checked everywhere in the vault. To make the code easier to read, with_groups is removed on the server side, and verbose is used to do the filtering is done on the client side. It is kept in the XML-RPC interfaces for compatibility, but a deprecation notice has been added in the documentation.
ghost
merged commit 
|
Normally, a change from "human-redable" logging to JSON logging would have many implications, but because we never logged anything that mattered, the implications of this PR are small. So yay or logging. I would have put the |
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implement better logging
Introduction
In general
log_commandfunction invault.py. Thislog_commandfunction may take any argument and will output it to JSON.What exactly is logged?
All commands that have an effect on the database are logged. More precisely, here are the logged commands with a sample log message:
customer-add{"username": "admin", "command": "customer_add", "user_id": 1, "arguments": {"customer_id": 8, "customer_name": "new customer"}, "success": true}customer-del{"username": "admin", "command": "customer_del", "user_id": 1, "arguments": {"customer_id": 8}, "success": true}customer-edit{"username": "admin", "command": "customer_put", "user_id": 1, "arguments": {"customer_id": 7, "data": {"name": "Test name"}}, "success": true}group-add{"username": "admin", "user_id": 1, "success": true, "command": "customer_put", "arguments": {"customer_id": 1, "data": {"name": "sdfdsfsd"}}}group-add-service{"username": "admin", "command": "group_add_service", "user_id": 1, "arguments": {"service_id": 1, "group_id": 2}, "success": true}group-del-service{"username": "admin", "command": "group_del_service", "user_id": 1, "arguments": {"service_id": 1, "group_id": 2}, "success": true}group-add-user{"username": "admin", "command": "group_add_user", "user_id": 1, "arguments": {"group_id": 2, "user_id": 2}, "success": true}group-del-user{"username": "admin", "command": "group_del_user", "user_id": 1, "arguments": {"group_id": 2, "user_id": 2}, "success": true}group-edit{"username": "admin", "command": "group_put", "user_id": 1, "arguments": {"group_id": 2, "data": {"name": "New group name"}}, "success": true}machine-add{"username": "admin", "command": "machine_add", "user_id": 1, "arguments": {"machine_id": 21}, "success": true}machine-del{"username": "admin", "command": "machine_del", "user_id": 1, "arguments": {"machine_id": 3}, "success": true}machine-edit{"username": "admin", "command": "machine_put", "user_id": 1, "arguments": {"machine_id": 21, "data": {"name": "test name", "ip": "test ip", "notes": "test notes", "fqdn": "test fqdn", "location": "test location", "customer_id": "2"}}, "success": true}service-add{"username": "admin", "command": "service_add", "user_id": 1, "arguments": {"service_id": 2}, "success": true}service-del{"username": "admin", "command": "service_del", "user_id": 1, "arguments": {"service_id": 2}, "success": true}service-edit{"username": "admin", "command": "service_put", "user_id": 1, "arguments": {"service_id": 2, "data": {"machine_id": "2", "parent_service_id": "1", "metadata": {"a": "2", "b": "3"}}}, "success": true}service-passwd{"username": "admin", "command": "service_passwd", "user_id": 1, "arguments": {"service_id": 2}, "success": true}user-add{"username": "admin", "command": "user_add", "user_id": 1, "arguments": {"username": "david", "new_user_id": 4, "is_admin": false}, "success": true}user-del{"username": "admin", "command": "user_del", "user_id": 1, "arguments": {"username": "david"}, "success": true}user-setup{"username": "admin", "command": "user_setup", "user_id": 1, "arguments": {"username": "david"}, "success": true}Please see [1]
The following immutable commands are of crucial importance for anyone willing to use the logs to perform an audit and are also logged:
showandconnect{"username": "admin", "command": "show", "user_id": 1, "arguments": {"service_ids": [1, 2]}, "success": true}You will notice that
shownow returns two lists of service_ids. Here is their descriptions:all_service_idsaccessible_service_idsThe reason we make this distintion is because SFLvault sends the secret to the user regardless of the groups he's in. Maybe this shouldn't be happening, and the server should only send secrets to "legitimate" users. I think we should eventually fix this, but this should be part of another PR.
Notes
user-setupshould read{ "username": "None", "user_id":"None" }. This is a separate issue. (See The myself_id and myself_username variables should not be set directly on the vault #14)