This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.
quay/util/audit.py

98 lines
3.5 KiB
Python
Raw Normal View History

import logging
2015-09-15 19:23:06 +00:00
import random
2015-12-16 18:43:31 +00:00
from urlparse import urlparse
from flask import request
2016-07-25 22:55:10 +00:00
from app import analytics, userevents, ip_resolver
2016-07-25 22:55:10 +00:00
from data import model
from auth.registry_jwt_auth import get_granted_entity
2015-11-19 22:40:33 +00:00
from auth.auth_context import (get_authenticated_user, get_validated_token,
get_validated_oauth_token)
logger = logging.getLogger(__name__)
2016-07-25 22:55:10 +00:00
def track_and_log(event_name, repo_obj, analytics_name=None, analytics_sample=1, **kwargs):
repo_name = repo_obj.name
namespace_name = repo_obj.namespace_name
metadata = {
2016-07-25 22:55:10 +00:00
'repo': repo_name,
'namespace': namespace_name,
}
metadata.update(kwargs)
analytics_id = 'anonymous'
authenticated_oauth_token = get_validated_oauth_token()
authenticated_user = get_authenticated_user()
authenticated_token = get_validated_token() if not authenticated_user else None
2015-11-19 22:40:33 +00:00
if not authenticated_user and not authenticated_token and not authenticated_oauth_token:
entity = get_granted_entity()
if entity:
authenticated_user = entity.user
authenticated_token = entity.token
authenticated_oauth_token = entity.oauth
logger.debug('Logging the %s to Mixpanel and the log system', event_name)
if authenticated_oauth_token:
metadata['oauth_token_id'] = authenticated_oauth_token.id
metadata['oauth_token_application_id'] = authenticated_oauth_token.application.client_id
metadata['oauth_token_application'] = authenticated_oauth_token.application.name
2015-07-21 19:39:23 +00:00
analytics_id = 'oauth:{0}'.format(authenticated_oauth_token.id)
elif authenticated_user:
metadata['username'] = authenticated_user.username
analytics_id = authenticated_user.username
elif authenticated_token:
metadata['token'] = authenticated_token.friendly_name
metadata['token_code'] = authenticated_token.code
if authenticated_token.kind:
metadata['token_type'] = authenticated_token.kind.name
2015-07-21 19:39:23 +00:00
analytics_id = 'token:{0}'.format(authenticated_token.code)
else:
metadata['public'] = True
analytics_id = 'anonymous'
# Publish the user event (if applicable)
logger.debug('Checking publishing %s to the user events system', event_name)
if authenticated_user and not authenticated_user.robot:
logger.debug('Publishing %s to the user events system', event_name)
user_event_data = {
'action': event_name,
2016-07-25 22:55:10 +00:00
'repository': repo_name,
'namespace': namespace_name,
}
event = userevents.get_event(authenticated_user.username)
event.publish_event_data('docker-cli', user_event_data)
# Save the action to mixpanel.
2015-09-15 19:23:06 +00:00
if random.random() < analytics_sample:
if analytics_name is None:
analytics_name = event_name
2015-09-15 19:23:06 +00:00
logger.debug('Logging the %s to Mixpanel', analytics_name)
request_parsed = urlparse(request.url_root)
extra_params = {
'repository': '%s/%s' % (namespace_name, repo_name),
'user-agent': request.user_agent.string,
'hostname': request_parsed.hostname,
}
2015-09-15 19:23:06 +00:00
analytics.track(analytics_id, analytics_name, extra_params)
# Add the resolved information to the metadata.
resolved_ip = ip_resolver.resolve_ip(request.remote_addr)
if resolved_ip is not None:
metadata['resolved_ip'] = resolved_ip._asdict()
# Log the action to the database.
logger.debug('Logging the %s to logs system', event_name)
2016-07-25 22:55:10 +00:00
model.log.log_action(event_name, namespace_name, performer=authenticated_user,
ip=request.remote_addr, metadata=metadata, repository=repo_obj)
logger.debug('Track and log of %s complete', event_name)