You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@airavata.apache.org by "Marcus Christie (Jira)" <ji...@apache.org> on 2021/01/27 00:06:00 UTC

[jira] [Commented] (AIRAVATA-3404) Add audit log to API

    [ https://issues.apache.org/jira/browse/AIRAVATA-3404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17272500#comment-17272500 ] 

Marcus Christie commented on AIRAVATA-3404:
-------------------------------------------

https://stackoverflow.com/a/21597552

Use TSimpleJSONProtocol to log Thrift objects to JSON:
{code:java}
        ApplicationModule appModule = new ApplicationModule("id", "name");
        TSerializer serializer = new TSerializer(new TSimpleJSONProtocol.Factory());
        String json = serializer.toString(appModule);
{code}


> Add audit log to API
> --------------------
>
>                 Key: AIRAVATA-3404
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-3404
>             Project: Airavata
>          Issue Type: Bug
>          Components: Airavata API
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>            Priority: Major
>
> Log the user, timestamp, the id and the object of the update for gateway metadata API operations.
> The motivation is to be able to determine who made what change when, in the case of a gateway configuration (group resource profile, credential, etc.) changes by some user with admin privileges.
> h2. Design
> - only applies to app catalog create-update-delete methods
> - use annotation to decorate API methods that should have audit logging
> - annotation should have parameter to specific with argument is the id of the object
> - annotation should have parameter to specific with argument is the object that is being updated
> - like {{@SecurityCheck}}, annotation will assume first argument is AuthzToken and will use that to get the username and gatewayId 
> - annotation aspect code should run after {{@SecurityCheck}}
> - use the slf4j logging API to log to a special "audit log"
> - log the username, gatewayId, method name, id, and JSON of the object being created/updated
> - log also whether the API method threw an Exception or returned without error
> - if the API method threw an Exception, then the update may or may not have persisted



--
This message was sent by Atlassian Jira
(v8.3.4#803005)