opendev/gerrit
Code Issues Proposed changes

Make audit of account group membership changes pluggable

Browse Source 
Account group membership changes were logged in a database table.

Now, the audit log service allows to register listeners to group
member added and group member deleted events. A default listener logs
these events to the database as before. But additional listeners may
now be registered for these events using the GroupMemberAuditListener
interface.

Change-Id: I73872c26479a78be31bacc2cbc8eb850a097d473
This commit is contained in:
Adrian Görler
2014-07-15 13:13:26 +02:00
parent d4871bf8ff
commit 876254f0dd
13 changed files with 356 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
gerrit-server/src/main/java/com/google/gerrit/audit/AuditModule.java
View File

@@ -22,6 +22,7 @@ public class AuditModule extends AbstractModule {
@Override
protected void configure() {
DynamicSet.setOf(binder(), AuditListener.class);
DynamicSet.setOf(binder(), GroupMemberAuditListener.class);
bind(AuditService.class);
}

60
gerrit-server/src/main/java/com/google/gerrit/audit/AuditService.java
View File

@@ -15,16 +15,30 @@
package com.google.gerrit.audit;
import com.google.gerrit.extensions.registration.DynamicSet;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountGroupById;
import com.google.gerrit.reviewdb.client.AccountGroupMember;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.util.Collection;
@Singleton
public class AuditService {
private static final Logger log = LoggerFactory.getLogger(AuditService.class);
private final DynamicSet<AuditListener> auditListeners;
private final DynamicSet<GroupMemberAuditListener> groupMemberAuditListeners;
@Inject
public AuditService(DynamicSet<AuditListener> auditListeners) {
public AuditService(DynamicSet<AuditListener> auditListeners,
DynamicSet<GroupMemberAuditListener> groupMemberAuditListeners) {
this.auditListeners = auditListeners;
this.groupMemberAuditListeners = groupMemberAuditListeners;
}
public void dispatch(AuditEvent action) {
@@ -32,4 +46,48 @@ public class AuditService {
auditListener.onAuditableAction(action);
}
}
public void dispatchAddAccountsToGroup(Account.Id actor,
Collection<AccountGroupMember> added) {
for (GroupMemberAuditListener auditListener : groupMemberAuditListeners) {
try {
auditListener.onAddAccountsToGroup(actor, added);
} catch (RuntimeException e) {
log.error("failed to log add accounts to group event", e);
}
}
}
public void dispatchDeleteAccountsFromGroup(Account.Id actor,
Collection<AccountGroupMember> removed) {
for (GroupMemberAuditListener auditListener : groupMemberAuditListeners) {
try {
auditListener.onDeleteAccountsFromGroup(actor, removed);
} catch (RuntimeException e) {
log.error("failed to log delete accounts from group event", e);
}
}
}
public void dispatchAddGroupsToGroup(Account.Id actor,
Collection<AccountGroupById> added) {
for (GroupMemberAuditListener auditListener : groupMemberAuditListeners) {
try {
auditListener.onAddGroupsToGroup(actor, added);
} catch (RuntimeException e) {
log.error("failed to log add groups to group event", e);
}
}
}
public void dispatchDeleteGroupsFromGroup(Account.Id actor,
Collection<AccountGroupById> removed) {
for (GroupMemberAuditListener auditListener : groupMemberAuditListeners) {
try {
auditListener.onDeleteGroupsFromGroup(actor, removed);
} catch (RuntimeException e) {
log.error("failed to log delete groups from group event", e);
}
}
}
}

37
gerrit-server/src/main/java/com/google/gerrit/audit/GroupMemberAuditListener.java Normal file
View File

@@ -0,0 +1,37 @@
// Copyright (C) 2014 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.audit;
import com.google.gerrit.extensions.annotations.ExtensionPoint;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.Account.Id;
import com.google.gerrit.reviewdb.client.AccountGroupById;
import com.google.gerrit.reviewdb.client.AccountGroupMember;
import java.util.Collection;
@ExtensionPoint
public interface GroupMemberAuditListener {
void onAddAccountsToGroup(Account.Id actor,
Collection<AccountGroupMember> added);
void onDeleteAccountsFromGroup(Account.Id actor,
Collection<AccountGroupMember> removed);
void onAddGroupsToGroup(Id actor, Collection<AccountGroupById> added);
void onDeleteGroupsFromGroup(Id actor, Collection<AccountGroupById> deleted);
}