Pull request quattor#128: AQUILONAQD-1187/NON-DB-CHANGE-COMMANDS-IN-A…

…UDIT-LOGS Merge in AQUILON_AQD/aqd from ~KAMURTHY/aqd:Bug/AQUILONAQD-1187/Non-DB-Change-Commands-in-Audit-Logs to master * commit '5c00dd03c94be5613407bb8850a3f632f01a5c59': AQUILONAQD-1187/NON-DB-CHANGE-COMMANDS-IN-AUDIT-LOGS
joaocosta · May 5, 2022 · fb52542 · fb52542
2 parents fb2e6a6 + 5c00dd0
commit fb52542
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 8 deletions.
diff --git a/lib/aquilon/worker/broker.py b/lib/aquilon/worker/broker.py
@@ -116,6 +116,15 @@ class BrokerCommand(object):
 
     """
 
+    """ Require skipping of Audit logs for read only commands.
+
+    It is automatically set to True for all search and show commands,
+    but could be reversed back to False by overriding __init__ for the
+    command.
+    
+    """
+    requires_audit = False
+
 
     # Override to indicate whether the command will generally take a
     # lock during execution.
@@ -165,10 +174,6 @@ def __init__(self):
            self.action.startswith("cat"):
             self.requires_readonly = True
 
-        self.skip_audit_for_ro = True if not self.requires_readonly or \
-                                    self.command in self.non_db_change_commands \
-            else False
-
         if not self.defer_to_thread:
             if self.requires_transaction:  # pragma: no cover
                 self.defer_to_thread = True
@@ -214,6 +219,10 @@ def invoke_render(self, user=None, request=None, requestid=None,
             raise UnimplementedError("Command %s not available on a "
                                      "read-only broker." % self.command)
 
+        if not self.requires_readonly or \
+                    self.command in self.non_db_change_commands:
+            self.requires_audit = True
+
         try:
             if self.requires_transaction:
                 # Set up a session...
@@ -252,7 +261,8 @@ def invoke_render(self, user=None, request=None, requestid=None,
                 # We should therefore avoid looking up anything in the DB
                 # before this point which might be used later.
                 status = request.status
-                if self.skip_audit_for_ro:
+
+                if self.requires_audit:
                     start_xtn(session, status.requestid, status.user,
                           status.command, self.requires_readonly,
                           kwargs, _IGNORED_AUDIT_ARGS)
@@ -281,7 +291,7 @@ def invoke_render(self, user=None, request=None, requestid=None,
             if self.requires_format:
                 style = kwargs.get("style", None)
                 retval = self.formatter.format(style, retval, request)
-            if self.skip_audit_for_ro:
+            if self.requires_audit:
                 if session:
                     with exporter:
                         session.commit()
@@ -291,7 +301,7 @@ def invoke_render(self, user=None, request=None, requestid=None,
             # Need to close after the rollback, or the next time session
             # is accessed it tries to commit the transaction... (?)
             if session:
-                if self.skip_audit_for_ro:
+                if self.requires_audit:
                     try:
                         session.rollback()
                     except:  # pragma: no cover
@@ -307,7 +317,7 @@ def invoke_render(self, user=None, request=None, requestid=None,
                 # session, even if end_xtn() fails
 
                 try:
-                    if self.skip_audit_for_ro:
+                    if self.requires_audit:
                         if not rollback_failed:
                             # If session.rollback() failed for whatever
                             # reason, our best bet is to avoid touching

diff --git a/train.yaml b/train.yaml
@@ -36,6 +36,8 @@ test_types:
                mkdir -p ../install/common/test-results/
                cp tests/aqdtests.log ../install/common/test-results/aqdtests.log
                cp -R /var/tmp/$USER/run/quattor/logs/ ../install/common/test-results/quattor-logs
+               mkdir -p ../install/common/test-results/INTEGRATION/coveragepy/xml/
+               cp ../install/common/test-results/quattor-logs/coverage/aqd.xml ../install/common/test-results/INTEGRATION/coveragepy/xml/coverage-test.xml
                PYLINTHOME=../run/.pylint.d tests/pylint --msg-template='{path}:{line}: [{msg_id}({symbol}), {obj}] {msg}' lib/aquilon/ bin/*.py sbin/*.py > ../install/common/test-results/pylint.out || /bin/true
                # In the past, commits did not have the codestyle.py file available; let's use the flake8 checker directly
                module unload python/core/2.7.18-64