You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by "Marcus Christie (Jira)" <ji...@apache.org> on 2021/01/27 00:06:00 UTC
[jira] [Commented] (AIRAVATA-3404) Add audit log to API
[ https://issues.apache.org/jira/browse/AIRAVATA-3404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17272500#comment-17272500 ]
Marcus Christie commented on AIRAVATA-3404:
-------------------------------------------
https://stackoverflow.com/a/21597552
Use TSimpleJSONProtocol to log Thrift objects to JSON:
{code:java}
ApplicationModule appModule = new ApplicationModule("id", "name");
TSerializer serializer = new TSerializer(new TSimpleJSONProtocol.Factory());
String json = serializer.toString(appModule);
{code}
> Add audit log to API
> --------------------
>
> Key: AIRAVATA-3404
> URL: https://issues.apache.org/jira/browse/AIRAVATA-3404
> Project: Airavata
> Issue Type: Bug
> Components: Airavata API
> Reporter: Marcus Christie
> Assignee: Marcus Christie
> Priority: Major
>
> Log the user, timestamp, the id and the object of the update for gateway metadata API operations.
> The motivation is to be able to determine who made what change when, in the case of a gateway configuration (group resource profile, credential, etc.) changes by some user with admin privileges.
> h2. Design
> - only applies to app catalog create-update-delete methods
> - use annotation to decorate API methods that should have audit logging
> - annotation should have parameter to specific with argument is the id of the object
> - annotation should have parameter to specific with argument is the object that is being updated
> - like {{@SecurityCheck}}, annotation will assume first argument is AuthzToken and will use that to get the username and gatewayId
> - annotation aspect code should run after {{@SecurityCheck}}
> - use the slf4j logging API to log to a special "audit log"
> - log the username, gatewayId, method name, id, and JSON of the object being created/updated
> - log also whether the API method threw an Exception or returned without error
> - if the API method threw an Exception, then the update may or may not have persisted
--
This message was sent by Atlassian Jira
(v8.3.4#803005)