Ravi Nori has uploaded a new change for review. Change subject: engine : No audit log for failed commands ......................................................................
engine : No audit log for failed commands When a command can do action fails there is audit log for the failure. Add an audit log event CAN_DO_ACTION_FAILED with the can do action messages as message for the audit log Change-Id: I42b8f70df9b840cfb71429fa006f250b0495e41e Bug-Url: https://bugzilla.redhat.com/1147223 Signed-off-by: Ravi Nori <rn...@redhat.com> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java 2 files changed, 36 insertions(+), 21 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/91/37991/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java index a414ef5..8c67ef5 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java @@ -467,25 +467,25 @@ DbFacade.getInstance().getDaoForEntity(entityClass); switch (snapshot.getSnapshotType()) { - case CHANGED_STATUS_ONLY: - EntityStatusSnapshot entityStatusSnapshot = (EntityStatusSnapshot) snapshotData; - ((StatusAwareDao<Serializable, Enum<?>>) daoForEntity).updateStatus( - entityStatusSnapshot.getId(), entityStatusSnapshot.getStatus()); - break; - case DELETED_OR_UPDATED_ENTITY: - BusinessEntity<Serializable> entitySnapshot = (BusinessEntity<Serializable>) snapshotData; - if (daoForEntity.get(entitySnapshot.getId()) == null) { - daoForEntity.save(entitySnapshot); - } else { - daoForEntity.update(entitySnapshot); - } - break; - case UPDATED_ONLY_ENTITY: - daoForEntity.update((BusinessEntity<Serializable>)snapshotData); - break; - case NEW_ENTITY_ID: - daoForEntity.remove(snapshotData); - break; + case CHANGED_STATUS_ONLY: + EntityStatusSnapshot entityStatusSnapshot = (EntityStatusSnapshot) snapshotData; + ((StatusAwareDao<Serializable, Enum<?>>) daoForEntity).updateStatus( + entityStatusSnapshot.getId(), entityStatusSnapshot.getStatus()); + break; + case DELETED_OR_UPDATED_ENTITY: + BusinessEntity<Serializable> entitySnapshot = (BusinessEntity<Serializable>) snapshotData; + if (daoForEntity.get(entitySnapshot.getId()) == null) { + daoForEntity.save(entitySnapshot); + } else { + daoForEntity.update(entitySnapshot); + } + break; + case UPDATED_ONLY_ENTITY: + daoForEntity.update((BusinessEntity<Serializable>) snapshotData); + break; + case NEW_ENTITY_ID: + daoForEntity.remove(snapshotData); + break; } } @@ -790,9 +790,21 @@ && canDoAction() && internalValidateAndSetQuota(); if (!returnValue && getReturnValue().getCanDoActionMessages().size() > 0) { - log.warn("CanDoAction of action '{}' failed for user {}. Reasons: {}", + String message = String.format("CanDoAction of action '%s' failed for user %s. Reasons: %s", getActionType(), getUserName(), StringUtils.join(getReturnValue().getCanDoActionMessages(), ',')); + AuditLogableBase logable = new AuditLogableBase(Guid.isNullOrEmpty(getVdsId()) ? null : getVdsId(), + Guid.isNullOrEmpty(getVmId()) ? null : getVmId()); + logable.setUserId(getUserId()); + logable.setUserName(getUserName()); + logable.setExternal(true); + logable.setOrigin(getOrigin()); + logable.setCustomEventId(getCustomEventId()); + logable.setEventFloodInSec(getEventFloodInSec()); + logable.setVmTemplateId(getVmTemplateId()); + logable.setCustomData(getCustomData()); + AuditLogDirector.log(logable, AuditLogType.CAN_DO_ACTION_FAILED, message); + log.warn(message); } } finally { if (transaction != null) { diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java index 851b867..c3ba7a6 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java @@ -1122,7 +1122,10 @@ MAC_POOL_EDIT_SUCCESS(10702), MAC_POOL_EDIT_FAILED(10703, AuditLogSeverity.ERROR), MAC_POOL_REMOVE_SUCCESS(10704), - MAC_POOL_REMOVE_FAILED(10705, AuditLogSeverity.ERROR); + MAC_POOL_REMOVE_FAILED(10705, AuditLogSeverity.ERROR), + + // canDoAction failure log + CAN_DO_ACTION_FAILED(12000, AuditLogSeverity.ERROR); private int intValue; // indicates time interval in seconds on which identical events from same instance are suppressed. -- To view, visit http://gerrit.ovirt.org/37991 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I42b8f70df9b840cfb71429fa006f250b0495e41e Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rn...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
