Add support for full logging of all actions in Quay, and the ability to view and filter these logs in the org’s admin view

2013-11-27 02:29:31 -05:00 · 2013-11-27 02:29:31 -05:00 · cca5daf097
commit cca5daf097
parent d5c0f768c2
16 changed files with 25024 additions and 16 deletions
--- a/endpoints/index.py
+++ b/endpoints/index.py
@ -16,6 +16,7 @@ from auth.permissions import (ModifyRepositoryPermission, UserPermission,
                              ReadRepositoryPermission,
                              CreateRepositoryPermission)

+from util.log import log_action

 logger = logging.getLogger(__name__)

@ -169,11 +170,28 @@ def create_repository(namespace, repository):
    'repository': '%s/%s' % (namespace, repository),
  }

+  metadata = {
+    'repo': repository,
+    'namespace': namespace
+  }
+
+  description = ''
+
  if get_authenticated_user():
    mixpanel.track(get_authenticated_user().username, 'push_repo',
                   extra_params)
+    metadata['username'] = get_authenticated_user().username
+    description = 'Repository {repo} pushed by user {username}'
  else:
    mixpanel.track(get_validated_token().code, 'push_repo', extra_params)
+    metadata['token'] = get_validated_token().friendly_name
+    metadata['token_code'] = get_validated_token().code
+    description = 'Repository {repo} pushed via access token {token}'
+
+  model.log_action('push_repo', namespace, performer = get_authenticated_user(), ip = request.remote_addr, 
+                   description = description,
+                   metadata = metadata,
+                   repository = repo)

  return response

@ -232,8 +250,8 @@ def get_repository_images(namespace, repository):
  permission = ReadRepositoryPermission(namespace, repository)

  # TODO invalidate token?
-
-  if permission.can() or model.repository_is_public(namespace, repository):
+  is_public = model.repository_is_public(namespace, repository)
+  if permission.can() or is_public:
    # We can't rely on permissions to tell us if a repo exists anymore
    repo = model.get_repository(namespace, repository)
    if not repo:
@ -257,8 +275,17 @@ def get_repository_images(namespace, repository):
    extra_params = {
      'repository': '%s/%s' % (namespace, repository),
    }
-    mixpanel.track(pull_username, 'pull_repo', extra_params)

+    mixpanel.track(pull_username, 'pull_repo', extra_params)
+    model.log_action('pull_repo', namespace, performer = get_authenticated_user(), ip = request.remote_addr, 
+                     description = 'Repository {repo} pulled',
+                     metadata = {
+                       'repo': repository,
+                       'namespace': namespace,
+                       'username': pull_username,
+                       'public': is_public
+                     },
+                     repository = repo)
    return resp

  abort(403)