Refactoring audit subsystem to clean-up and eliminate back-dependency from core to CLI; still needs additional work.
Change-Id: I93c04c94f27b7b89c582b359eebe125458a573a7
diff --git a/core/api/src/main/java/org/onosproject/security/AuditService.java b/core/api/src/main/java/org/onosproject/security/AuditService.java
new file mode 100644
index 0000000..f98eda4
--- /dev/null
+++ b/core/api/src/main/java/org/onosproject/security/AuditService.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2018-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security;
+
+/**
+ * Service for enabling audit logging.
+ */
+public interface AuditService {
+
+ /**
+ * Returns true if auditing is enabled.
+ *
+ * @return true if audit enabled; false otherwise
+ */
+ boolean isAuditing();
+
+ /**
+ * Logs the specified user action.
+ *
+ * @param user user that initiated the action
+ * @param action action being logged
+ */
+ void logUserAction(String user, String action);
+
+}
diff --git a/core/net/BUILD b/core/net/BUILD
index 50e0a3f..8047609 100644
--- a/core/net/BUILD
+++ b/core/net/BUILD
@@ -1,9 +1,7 @@
COMPILE_DEPS = CORE_DEPS + JACKSON + METRICS + KRYO + [
"//core/common:onos-core-common",
- "//utils/rest:onlab-rest",
"//core/store/serializers:onos-core-serializers",
"//core/store/primitives:onos-core-primitives",
- "//cli:onos-cli",
"@org_osgi_service_cm//jar",
]
diff --git a/core/net/src/main/java/org/onosproject/audit/impl/AuditManager.java b/core/net/src/main/java/org/onosproject/audit/impl/AuditManager.java
new file mode 100644
index 0000000..a871f3c
--- /dev/null
+++ b/core/net/src/main/java/org/onosproject/audit/impl/AuditManager.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2016-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.audit.impl;
+
+import org.onosproject.cfg.ComponentConfigService;
+import org.onosproject.security.AuditService;
+import org.osgi.service.component.ComponentContext;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Deactivate;
+import org.osgi.service.component.annotations.Modified;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Dictionary;
+
+import static org.onlab.util.Tools.get;
+import static org.onosproject.net.OsgiPropertyConstants.AUDIT_LOGGER;
+import static org.onosproject.net.OsgiPropertyConstants.AUDIT_LOGGER_DEFAULT;
+import static org.onosproject.net.OsgiPropertyConstants.AUDIT_ENABLED;
+import static org.onosproject.net.OsgiPropertyConstants.AUDIT_ENABLED_DEFAULT;
+
+/**
+ * Component to manage audit logging.
+ */
+@Component(
+ immediate = true,
+ service = { AuditService.class },
+ property = {
+ AUDIT_ENABLED + ":Boolean=" + AUDIT_ENABLED_DEFAULT,
+ AUDIT_LOGGER + "=" + AUDIT_LOGGER_DEFAULT,
+ })
+public class AuditManager implements AuditService {
+
+ private final Logger log = LoggerFactory.getLogger(getClass());
+
+ private Logger auditLog = log;
+
+ /** Specifies whether or not audit logging is enabled. */
+ private boolean auditEnabled = AUDIT_ENABLED_DEFAULT;
+
+ /** Name of the audit logger. */
+ private String auditFile = AUDIT_LOGGER_DEFAULT;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected ComponentConfigService cfgService;
+
+ @Activate
+ protected void activate(ComponentContext ctx) {
+ cfgService.registerProperties(getClass());
+ modified(ctx);
+ log.info("Started");
+ }
+
+ @Deactivate
+ protected void deactivate(ComponentContext ctx) {
+ log.info("Stopped");
+ }
+
+ @Modified
+ protected void modified(ComponentContext ctx) {
+ Dictionary<?, ?> properties = ctx.getProperties();
+ if (properties != null) {
+ auditEnabled = Boolean.parseBoolean(get(properties, AUDIT_ENABLED));
+ auditFile = get(properties, AUDIT_LOGGER);
+ auditLog = LoggerFactory.getLogger(auditFile);
+ log.info("Reconfigured; auditEnabled={}; auditFile={}", auditEnabled, auditFile);
+ }
+ }
+
+ @Override
+ public boolean isAuditing() {
+ return auditEnabled;
+ }
+
+ @Override
+ public void logUserAction(String user, String action) {
+ if (auditEnabled) {
+ auditLog.info("user={}; action={}", user, action);
+ }
+ }
+
+}
diff --git a/core/net/src/main/java/org/onosproject/net/audit/impl/package-info.java b/core/net/src/main/java/org/onosproject/audit/impl/package-info.java
similarity index 94%
rename from core/net/src/main/java/org/onosproject/net/audit/impl/package-info.java
rename to core/net/src/main/java/org/onosproject/audit/impl/package-info.java
index 2845808..370c9de 100644
--- a/core/net/src/main/java/org/onosproject/net/audit/impl/package-info.java
+++ b/core/net/src/main/java/org/onosproject/audit/impl/package-info.java
@@ -17,4 +17,4 @@
/**
* Implementation of Audit Configuration.
*/
-package org.onosproject.net.audit.impl;
\ No newline at end of file
+package org.onosproject.audit.impl;
\ No newline at end of file
diff --git a/core/net/src/main/java/org/onosproject/net/OsgiPropertyConstants.java b/core/net/src/main/java/org/onosproject/net/OsgiPropertyConstants.java
index db5c5e3..3d6dec4 100644
--- a/core/net/src/main/java/org/onosproject/net/OsgiPropertyConstants.java
+++ b/core/net/src/main/java/org/onosproject/net/OsgiPropertyConstants.java
@@ -125,10 +125,10 @@
public static final String DTP_MAX_BATCH_MS = "maxBatchMs";
public static final int DTP_MAX_BATCH_MS_DEFAULT = 50;
- public static final String AUDIT_STATUS_DESC = "auditEnabled";
- public static final boolean AUDIT_STATUS_DEFAULT = false;
+ public static final String AUDIT_ENABLED = "auditEnabled";
+ public static final boolean AUDIT_ENABLED_DEFAULT = false;
- public static final String AUDIT_FILE_TYPE_DESC = "auditFile";
- public static final String AUDIT_FILE_TYPE_DEFAULT = "all";
+ public static final String AUDIT_LOGGER = "auditLogger";
+ public static final String AUDIT_LOGGER_DEFAULT = "securityAudit";
}
diff --git a/core/net/src/main/java/org/onosproject/net/audit/impl/AuditManager.java b/core/net/src/main/java/org/onosproject/net/audit/impl/AuditManager.java
deleted file mode 100644
index 31b6a18..0000000
--- a/core/net/src/main/java/org/onosproject/net/audit/impl/AuditManager.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright 2016-present Open Networking Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onosproject.net.audit.impl;
-
-import org.onlab.rest.AuditFilter;
-
-import org.onosproject.cfg.ComponentConfigService;
-import org.onosproject.cli.AbstractShellCommand;
-import org.osgi.service.component.ComponentContext;
-import org.osgi.service.component.annotations.Component;
-import org.osgi.service.component.annotations.Modified;
-import org.osgi.service.component.annotations.Activate;
-import org.osgi.service.component.annotations.Reference;
-import org.osgi.service.component.annotations.ReferenceCardinality;
-
-import java.util.Dictionary;
-
-import static org.onlab.util.Tools.get;
-import static org.onosproject.net.OsgiPropertyConstants.AUDIT_FILE_TYPE_DESC;
-import static org.onosproject.net.OsgiPropertyConstants.AUDIT_FILE_TYPE_DEFAULT;
-import static org.onosproject.net.OsgiPropertyConstants.AUDIT_STATUS_DESC;
-import static org.onosproject.net.OsgiPropertyConstants.AUDIT_STATUS_DEFAULT;
-
-
-/**
- * Component to manage REST API Audit.
- */
-@Component(
- immediate = true,
- property = {
- AUDIT_FILE_TYPE_DESC + "=" + AUDIT_FILE_TYPE_DEFAULT,
- AUDIT_STATUS_DESC + ":Boolean=" + AUDIT_STATUS_DEFAULT
- })
-public class AuditManager {
-
- public String auditFile = AUDIT_FILE_TYPE_DEFAULT;
- public boolean auditEnabled = AUDIT_STATUS_DEFAULT;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY)
- protected ComponentConfigService cfgService;
-
- @Activate
- public void activate(ComponentContext context) {
- cfgService.registerProperties(getClass());
- setAuditStatus(auditFile, auditEnabled);
- }
-
- @Modified
- protected void modifyFileType(ComponentContext context) {
- Dictionary<?, ?> properties = context.getProperties();
- if (properties == null) {
- return;
- }
- auditFile = get(properties, AUDIT_FILE_TYPE_DESC);
- String enableAuditStr = get(properties, AUDIT_STATUS_DESC);
-
- auditEnabled = Boolean.parseBoolean(enableAuditStr);
- setAuditStatus(auditFile, auditEnabled);
- }
-
- /**
- * To enable Audit and set file type for REST API and CLI as per the changes in configuration properties.
- *
- * @param auditFile file which audit logs are saved.
- * @param auditEnabled status of REST API Audit and CLI Audit.
- */
- public void setAuditStatus(String auditFile, boolean auditEnabled) {
- if (auditEnabled) {
- AuditFilter.enableAudit();
- AbstractShellCommand.enableAudit();
- } else {
- AuditFilter.disableAudit();
- AbstractShellCommand.disableAudit();
- }
- AuditFilter.setAuditFile(auditFile);
- AbstractShellCommand.setAuditFile(auditFile);
- }
-}