add audit logging to app registry endpoints
This commit is contained in:
Jimmy Zelinskie
parent
f4f67c8c62
commit
4db789b656
7 changed files with 54 additions and 20 deletions
92
util/audit.py
Normal file
92
util/audit.py
Normal file
|
|
@ -0,0 +1,92 @@
|
|||
import logging
|
||||
import random
|
||||
|
||||
from urlparse import urlparse
|
||||
|
||||
from flask import request
|
||||
|
||||
from app import analytics, userevents
|
||||
from data import model
|
||||
from auth.registry_jwt_auth import get_granted_entity
|
||||
from auth.auth_context import (get_authenticated_user, get_validated_token,
|
||||
get_validated_oauth_token)
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
def track_and_log(event_name, repo_obj, analytics_name=None, analytics_sample=1, **kwargs):
|
||||
repo_name = repo_obj.name
|
||||
namespace_name = repo_obj.namespace_name
|
||||
metadata = {
|
||||
'repo': repo_name,
|
||||
'namespace': namespace_name,
|
||||
}
|
||||
metadata.update(kwargs)
|
||||
|
||||
analytics_id = 'anonymous'
|
||||
|
||||
authenticated_oauth_token = get_validated_oauth_token()
|
||||
authenticated_user = get_authenticated_user()
|
||||
authenticated_token = get_validated_token() if not authenticated_user else None
|
||||
|
||||
if not authenticated_user and not authenticated_token and not authenticated_oauth_token:
|
||||
entity = get_granted_entity()
|
||||
if entity:
|
||||
authenticated_user = entity.user
|
||||
authenticated_token = entity.token
|
||||
authenticated_oauth_token = entity.oauth
|
||||
|
||||
logger.debug('Logging the %s to Mixpanel and the log system', event_name)
|
||||
if authenticated_oauth_token:
|
||||
metadata['oauth_token_id'] = authenticated_oauth_token.id
|
||||
metadata['oauth_token_application_id'] = authenticated_oauth_token.application.client_id
|
||||
metadata['oauth_token_application'] = authenticated_oauth_token.application.name
|
||||
analytics_id = 'oauth:{0}'.format(authenticated_oauth_token.id)
|
||||
elif authenticated_user:
|
||||
metadata['username'] = authenticated_user.username
|
||||
analytics_id = authenticated_user.username
|
||||
elif authenticated_token:
|
||||
metadata['token'] = authenticated_token.friendly_name
|
||||
metadata['token_code'] = authenticated_token.code
|
||||
|
||||
if authenticated_token.kind:
|
||||
metadata['token_type'] = authenticated_token.kind.name
|
||||
|
||||
analytics_id = 'token:{0}'.format(authenticated_token.code)
|
||||
else:
|
||||
metadata['public'] = True
|
||||
analytics_id = 'anonymous'
|
||||
|
||||
# Publish the user event (if applicable)
|
||||
logger.debug('Checking publishing %s to the user events system', event_name)
|
||||
if authenticated_user and not authenticated_user.robot:
|
||||
logger.debug('Publishing %s to the user events system', event_name)
|
||||
user_event_data = {
|
||||
'action': event_name,
|
||||
'repository': repo_name,
|
||||
'namespace': namespace_name,
|
||||
}
|
||||
|
||||
event = userevents.get_event(authenticated_user.username)
|
||||
event.publish_event_data('docker-cli', user_event_data)
|
||||
|
||||
# Save the action to mixpanel.
|
||||
if random.random() < analytics_sample:
|
||||
if analytics_name is None:
|
||||
analytics_name = event_name
|
||||
|
||||
logger.debug('Logging the %s to Mixpanel', analytics_name)
|
||||
|
||||
request_parsed = urlparse(request.url_root)
|
||||
extra_params = {
|
||||
'repository': '%s/%s' % (namespace_name, repo_name),
|
||||
'user-agent': request.user_agent.string,
|
||||
'hostname': request_parsed.hostname,
|
||||
}
|
||||
|
||||
analytics.track(analytics_id, analytics_name, extra_params)
|
||||
|
||||
# Log the action to the database.
|
||||
logger.debug('Logging the %s to logs system', event_name)
|
||||
model.log.log_action(event_name, namespace_name, performer=authenticated_user,
|
||||
ip=request.remote_addr, metadata=metadata, repository=repo_obj)
|
||||
logger.debug('Track and log of %s complete', event_name)
|
||||
Reference in a new issue