From 5c00dd03c94be5613407bb8850a3f632f01a5c59 Mon Sep 17 00:00:00 2001 From: Karthik Kamurthy Date: Tue, 3 May 2022 16:36:44 -0400 Subject: [PATCH] AQUILONAQD-1187/NON-DB-CHANGE-COMMANDS-IN-AUDIT-LOGS * Bug Fix to capture Non DB Change Commands (compile & pxeswitch) in transaction/Audit logs. * aq search_audit --command ro will not return the read only commands since they are not part of audit logs. * Updated train.yaml since Automatic approval of Test results on SDLC Release Jira failed due to non-parseable test evidences. AQUILONAQD-1187/NON-DB-CHANGE-COMMANDS-IN-AUDIT-LOGS * Changed the variable to requires_audit since its easier to understand the conditions. --- lib/aquilon/worker/broker.py | 26 ++++++++++++++++++-------- train.yaml | 2 ++ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/lib/aquilon/worker/broker.py b/lib/aquilon/worker/broker.py index c58bd5451..41405939f 100644 --- a/lib/aquilon/worker/broker.py +++ b/lib/aquilon/worker/broker.py @@ -116,6 +116,15 @@ class BrokerCommand(object): """ + """ Require skipping of Audit logs for read only commands. + + It is automatically set to True for all search and show commands, + but could be reversed back to False by overriding __init__ for the + command. + + """ + requires_audit = False + # Override to indicate whether the command will generally take a # lock during execution. @@ -165,10 +174,6 @@ def __init__(self): self.action.startswith("cat"): self.requires_readonly = True - self.skip_audit_for_ro = True if not self.requires_readonly or \ - self.command in self.non_db_change_commands \ - else False - if not self.defer_to_thread: if self.requires_transaction: # pragma: no cover self.defer_to_thread = True @@ -214,6 +219,10 @@ def invoke_render(self, user=None, request=None, requestid=None, raise UnimplementedError("Command %s not available on a " "read-only broker." % self.command) + if not self.requires_readonly or \ + self.command in self.non_db_change_commands: + self.requires_audit = True + try: if self.requires_transaction: # Set up a session... @@ -252,7 +261,8 @@ def invoke_render(self, user=None, request=None, requestid=None, # We should therefore avoid looking up anything in the DB # before this point which might be used later. status = request.status - if self.skip_audit_for_ro: + + if self.requires_audit: start_xtn(session, status.requestid, status.user, status.command, self.requires_readonly, kwargs, _IGNORED_AUDIT_ARGS) @@ -281,7 +291,7 @@ def invoke_render(self, user=None, request=None, requestid=None, if self.requires_format: style = kwargs.get("style", None) retval = self.formatter.format(style, retval, request) - if self.skip_audit_for_ro: + if self.requires_audit: if session: with exporter: session.commit() @@ -291,7 +301,7 @@ def invoke_render(self, user=None, request=None, requestid=None, # Need to close after the rollback, or the next time session # is accessed it tries to commit the transaction... (?) if session: - if self.skip_audit_for_ro: + if self.requires_audit: try: session.rollback() except: # pragma: no cover @@ -307,7 +317,7 @@ def invoke_render(self, user=None, request=None, requestid=None, # session, even if end_xtn() fails try: - if self.skip_audit_for_ro: + if self.requires_audit: if not rollback_failed: # If session.rollback() failed for whatever # reason, our best bet is to avoid touching diff --git a/train.yaml b/train.yaml index 1c9960365..36718ce09 100644 --- a/train.yaml +++ b/train.yaml @@ -36,6 +36,8 @@ test_types: mkdir -p ../install/common/test-results/ cp tests/aqdtests.log ../install/common/test-results/aqdtests.log cp -R /var/tmp/$USER/run/quattor/logs/ ../install/common/test-results/quattor-logs + mkdir -p ../install/common/test-results/INTEGRATION/coveragepy/xml/ + cp ../install/common/test-results/quattor-logs/coverage/aqd.xml ../install/common/test-results/INTEGRATION/coveragepy/xml/coverage-test.xml PYLINTHOME=../run/.pylint.d tests/pylint --msg-template='{path}:{line}: [{msg_id}({symbol}), {obj}] {msg}' lib/aquilon/ bin/*.py sbin/*.py > ../install/common/test-results/pylint.out || /bin/true # In the past, commits did not have the codestyle.py file available; let's use the flake8 checker directly module unload python/core/2.7.18-64