Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CHEF-6440(CHEF-7426): Adds audit log support #749

Merged
merged 22 commits into from
Nov 8, 2023
Merged

CHEF-6440(CHEF-7426): Adds audit log support #749

merged 22 commits into from
Nov 8, 2023

Conversation

Vasu1105
Copy link
Contributor

@Vasu1105 Vasu1105 commented Oct 6, 2023
edited by clintoncwolfe
Loading

Description

This PR adds the ability to configure the audit log option using train and if the audit log is enabled it generates the audit log files in the default location.

This includes the following changes

  • By default audit log is disabled. Users can set the enable_audit_log option to true while creating train transport to enable it.
  • User can use audit_log_location and audit_log_size options to set the location and size of the audit log file
  • Currently we only do audit logging for commands executed using train connection object and logging file path that the user is trying to access or read. It also logs the file upload operations that are happening through train connection (Note currently audit log for file operations is not in a matured state so it will not work for transport which overrides the upload functionality or any other file related actions for example reading content of the file etc.).

Test using irb

bundle exec irb -I lib
require 'train'
t = Train.create("local")
c = t.connection
c.run_command("whoami")

audit_log_location is a required parameter so any library or plugin using train to pass the audit log location be they want to enable the audit log.

Pending: dev-docs

Related Issue

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New content (non-breaking change)
  • Breaking change (a content change which would break existing functionality or processes)

Checklist:

  • I have read the CONTRIBUTING document.

@Vasu1105 Vasu1105 requested a review from a team as a code owner October 6, 2023 13:15
@Vasu1105 Vasu1105 changed the title [WIP-Do-not-merge] Adds audit log support [WIP-Do-not-merge] CHEF-6440: Adds audit log support Oct 6, 2023
@Vasu1105 Vasu1105 force-pushed the vj/audit-log-implementation branch 8 times, most recently from cb52bc4 to 99bda39 Compare October 17, 2023 11:46
@Vasu1105
Integrate audit log functionality
a793882 
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105 Vasu1105 force-pushed the vj/audit-log-implementation branch from 99bda39 to a793882 Compare October 17, 2023 12:23
@Vasu1105
Fixed failing unit test
0d9ec3d 
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105 Vasu1105 force-pushed the vj/audit-log-implementation branch from 0dbc3db to 0d9ec3d Compare October 17, 2023 12:34
@Vasu1105 Vasu1105 changed the title [WIP-Do-not-merge] CHEF-6440: Adds audit log support CHEF-6440: Adds audit log support Oct 17, 2023
@Vasu1105
Refactored code to make formatting dynamic. Removes parsing of data f…
f37b8fa 
…rom audit logger as it is not required which makes it dynamic

Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105
Fix failing test due to audit log changes
079a5f7 
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105 Vasu1105 force-pushed the vj/audit-log-implementation branch from af1cf18 to 079a5f7 Compare October 18, 2023 08:28
@Vasu1105
Validates newly added audit log configuration options at the time of …
b7e707b 
…creating train transport and before creating connection

Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105
Revert "Validates newly added audit log configuration options at the …
54af656 
…time of creating train transport and before creating connection"

This reverts commit b7e707b.
clintoncwolfe
clintoncwolfe reviewed Oct 18, 2023
View reviewed changes
lib/train/options.rb
# should we keep it to $stdout.
{
enable_audit_log: { default: false },
audit_log_location: { required: true, default: nil },
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, yeah, that required: true broke all the tests. We can compromise.

How about set it to a path like ~/.chef/logs/train-audit.log - Use a peculiar train-specific default, and any reasonable application would have to override it. Does that work?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that should work.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@clintoncwolfe I think we can keep the required. We are able to separate our validation implementation for the audit log from the existing validate_option method, and we separated the audit log options from the current default_options so that those can be handled separately. This I think will make this change less breaking.

@Vasu1105
Fix typo
7ec5261 
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105
Adds the method to validate the audit log options and removes the log…
090d5ec 
…ic to merge the audit log options in default_options hash and keep the audit log options in sperated from the existing default options. This make sure it should not break existing behavior of any train plugin

Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105 Vasu1105 changed the title CHEF-6440: Adds audit log support [W.I.P]CHEF-6440: Adds audit log support Oct 19, 2023
@Vasu1105
Revert "Fixed failing unit test"
efca4c7 
This reverts commit 0d9ec3d.
@Vasu1105
Fix the unit test after introducing seprate method for default audit …
ccca06c 
…log option

Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105 Vasu1105 force-pushed the vj/audit-log-implementation branch from 2156ea3 to ccca06c Compare October 19, 2023 07:22
@Vasu1105
Removed TODO comments
39d7e93 
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105 Vasu1105 force-pushed the vj/audit-log-implementation branch 2 times, most recently from 7f1eac4 to ebbe953 Compare October 23, 2023 12:21
@Vasu1105
Dev docs for audit logs
1124cd9 
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105 Vasu1105 force-pushed the vj/audit-log-implementation branch from ebbe953 to 1124cd9 Compare October 23, 2023 12:24
@Vasu1105 Vasu1105 changed the title [W.I.P]CHEF-6440: Adds audit log support CHEF-6440: Adds audit log support Nov 3, 2023
@Vasu1105 Vasu1105 force-pushed the vj/audit-log-implementation branch from 4ab5c53 to 30a4f5a Compare November 3, 2023 09:31
@Vasu1105
Rename enable_audit_log option to disable_audit_log.
ccfb41e 
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105 Vasu1105 force-pushed the vj/audit-log-implementation branch from 30a4f5a to ccfb41e Compare November 3, 2023 10:41
@Vasu1105
Revert "Rename enable_audit_log option to disable_audit_log."
04bb22a 
This reverts commit ccfb41e.
@Vasu1105
Merget the audit log options in the options so those are available in…
9737794 
… the transport for validation

Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105
Update unit test
a0ee928 
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105
Fix the variable
1355658 
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105 Vasu1105 mentioned this pull request Nov 6, 2023
Merged
4 tasks
@Vasu1105 Vasu1105 changed the title CHEF-6440: Adds audit log support CHEF-6440(CHEF-7426): Adds audit log support Nov 6, 2023
clintoncwolfe and others added 5 commits November 6, 2023 11:58
@clintoncwolfe
Doc edits
dbf607e 
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
@clintoncwolfe
Monkeypatch Logger to disable the comment at the beginning of the fil…
3f75487 
…e, making it unreadable to JSON

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
@Vasu1105
Fix liniting
f4b8b48 
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@Vasu1105
Removes default audit log rotation implementation
cd68202 
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
@IanMadd
Docs editing
a08d511 
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
@clintoncwolfe clintoncwolfe merged commit 479bcf1 into main Nov 8, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clintoncwolfe clintoncwolfe clintoncwolfe left review comments

@Nik08 Nik08 Nik08 approved these changes

@sathish-progress sathish-progress Awaiting requested review from sathish-progress sathish-progress is a code owner automatically assigned from inspec/inspec-core-team

Assignees

@Vasu1105 Vasu1105

Labels
Expeditor: Bump Minor Version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Vasu1105 @clintoncwolfe @Nik08 @IanMadd