diff --git a/java/com/google/gerrit/httpd/BUILD b/java/com/google/gerrit/httpd/BUILD index bbb5b660e2..3e71098a90 100644 --- a/java/com/google/gerrit/httpd/BUILD +++ b/java/com/google/gerrit/httpd/BUILD @@ -13,6 +13,7 @@ java_library( "//java/com/google/gerrit/metrics", "//java/com/google/gerrit/reviewdb:server", "//java/com/google/gerrit/server", + "//java/com/google/gerrit/server/audit", "//java/com/google/gerrit/server/git/receive", "//java/com/google/gerrit/server/ioutil", "//java/com/google/gerrit/server/restapi", diff --git a/java/com/google/gerrit/httpd/auth/oauth/BUILD b/java/com/google/gerrit/httpd/auth/oauth/BUILD index 96726ad0db..7315ce1688 100644 --- a/java/com/google/gerrit/httpd/auth/oauth/BUILD +++ b/java/com/google/gerrit/httpd/auth/oauth/BUILD @@ -10,6 +10,7 @@ java_library( "//java/com/google/gerrit/httpd", "//java/com/google/gerrit/reviewdb:server", "//java/com/google/gerrit/server", + "//java/com/google/gerrit/server/audit", "//lib:gson", "//lib:guava", "//lib:gwtorm", diff --git a/java/com/google/gerrit/httpd/auth/openid/BUILD b/java/com/google/gerrit/httpd/auth/openid/BUILD index bfb2551570..f80e9d56bb 100644 --- a/java/com/google/gerrit/httpd/auth/openid/BUILD +++ b/java/com/google/gerrit/httpd/auth/openid/BUILD @@ -13,6 +13,7 @@ java_library( "//java/com/google/gerrit/reviewdb:server", "//java/com/google/gerrit/util/http", "//java/com/google/gerrit/server", + "//java/com/google/gerrit/server/audit", "//lib:guava", "//lib:gwtorm", "//lib:servlet-api-3_1", diff --git a/java/com/google/gerrit/httpd/init/BUILD b/java/com/google/gerrit/httpd/init/BUILD index 292ceff585..d557c0e362 100644 --- a/java/com/google/gerrit/httpd/init/BUILD +++ b/java/com/google/gerrit/httpd/init/BUILD @@ -18,6 +18,7 @@ java_library( "//java/com/google/gerrit/server", "//java/com/google/gerrit/server:module", "//java/com/google/gerrit/server/api", + "//java/com/google/gerrit/server/audit", "//java/com/google/gerrit/server/cache/h2", "//java/com/google/gerrit/server/cache/mem", "//java/com/google/gerrit/server/git/receive", diff --git a/java/com/google/gerrit/httpd/init/WebAppInitializer.java b/java/com/google/gerrit/httpd/init/WebAppInitializer.java index 9ce769018e..8e380f5b49 100644 --- a/java/com/google/gerrit/httpd/init/WebAppInitializer.java +++ b/java/com/google/gerrit/httpd/init/WebAppInitializer.java @@ -47,6 +47,7 @@ import com.google.gerrit.server.StartupChecks; import com.google.gerrit.server.account.AccountDeactivator; import com.google.gerrit.server.account.InternalAccountDirectory; import com.google.gerrit.server.api.GerritApiModule; +import com.google.gerrit.server.audit.AuditModule; import com.google.gerrit.server.cache.h2.H2CacheModule; import com.google.gerrit.server.cache.mem.DefaultMemoryCacheModule; import com.google.gerrit.server.change.ChangeCleanupRunner; @@ -342,6 +343,7 @@ public class WebAppInitializer extends GuiceServletContextListener implements Fi modules.add(new SmtpEmailSender.Module()); modules.add(new SignedTokenEmailTokenVerifier.Module()); modules.add(new LocalMergeSuperSetComputation.Module()); + modules.add(new AuditModule()); // Plugin module needs to be inserted *before* the index module. // There is the concept of LifecycleModule, in Gerrit's own extension diff --git a/java/com/google/gerrit/pgm/BUILD b/java/com/google/gerrit/pgm/BUILD index 95570ec6ac..64dd1d8b43 100644 --- a/java/com/google/gerrit/pgm/BUILD +++ b/java/com/google/gerrit/pgm/BUILD @@ -36,6 +36,7 @@ java_library( "//java/com/google/gerrit/server", "//java/com/google/gerrit/server:module", "//java/com/google/gerrit/server/api", + "//java/com/google/gerrit/server/audit", "//java/com/google/gerrit/server/cache/h2", "//java/com/google/gerrit/server/cache/mem", "//java/com/google/gerrit/server/git/receive", diff --git a/java/com/google/gerrit/pgm/Daemon.java b/java/com/google/gerrit/pgm/Daemon.java index c38e7f550c..517787cdea 100644 --- a/java/com/google/gerrit/pgm/Daemon.java +++ b/java/com/google/gerrit/pgm/Daemon.java @@ -56,6 +56,7 @@ import com.google.gerrit.server.account.AccountDeactivator; import com.google.gerrit.server.account.InternalAccountDirectory; import com.google.gerrit.server.api.GerritApiModule; import com.google.gerrit.server.api.PluginApiModule; +import com.google.gerrit.server.audit.AuditModule; import com.google.gerrit.server.cache.h2.H2CacheModule; import com.google.gerrit.server.cache.mem.DefaultMemoryCacheModule; import com.google.gerrit.server.change.ChangeCleanupRunner; @@ -422,6 +423,7 @@ public class Daemon extends SiteProgram { modules.add(cfgInjector.getInstance(GerritGlobalModule.class)); modules.add(new GerritApiModule()); modules.add(new PluginApiModule()); + modules.add(new AuditModule()); modules.add(new SearchingChangeCacheImpl.Module(slave)); modules.add(new InternalAccountDirectory.Module()); diff --git a/java/com/google/gerrit/server/audit/AuditModule.java b/java/com/google/gerrit/server/audit/AuditModule.java index 0052aaa8bc..df037b6bb9 100644 --- a/java/com/google/gerrit/server/audit/AuditModule.java +++ b/java/com/google/gerrit/server/audit/AuditModule.java @@ -16,6 +16,7 @@ package com.google.gerrit.server.audit; import com.google.gerrit.extensions.registration.DynamicSet; import com.google.gerrit.server.audit.group.GroupAuditListener; +import com.google.gerrit.server.group.GroupAuditService; import com.google.inject.AbstractModule; public class AuditModule extends AbstractModule { @@ -24,6 +25,6 @@ public class AuditModule extends AbstractModule { protected void configure() { DynamicSet.setOf(binder(), AuditListener.class); DynamicSet.setOf(binder(), GroupAuditListener.class); - bind(AuditService.class); + bind(GroupAuditService.class).to(AuditService.class); } } diff --git a/java/com/google/gerrit/server/audit/AuditService.java b/java/com/google/gerrit/server/audit/AuditService.java index 9528670ae1..2055e335a0 100644 --- a/java/com/google/gerrit/server/audit/AuditService.java +++ b/java/com/google/gerrit/server/audit/AuditService.java @@ -22,12 +22,13 @@ import com.google.gerrit.reviewdb.client.AccountGroup; import com.google.gerrit.server.audit.group.GroupAuditListener; import com.google.gerrit.server.audit.group.GroupMemberAuditEvent; import com.google.gerrit.server.audit.group.GroupSubgroupAuditEvent; +import com.google.gerrit.server.group.GroupAuditService; import com.google.inject.Inject; import com.google.inject.Singleton; import java.sql.Timestamp; @Singleton -public class AuditService { +public class AuditService implements GroupAuditService { private static final FluentLogger logger = FluentLogger.forEnclosingClass(); private final DynamicSet auditListeners; @@ -47,6 +48,7 @@ public class AuditService { } } + @Override public void dispatchAddMembers( Account.Id actor, AccountGroup.UUID updatedGroup, @@ -63,6 +65,7 @@ public class AuditService { } } + @Override public void dispatchDeleteMembers( Account.Id actor, AccountGroup.UUID updatedGroup, @@ -79,6 +82,7 @@ public class AuditService { } } + @Override public void dispatchAddSubgroups( Account.Id actor, AccountGroup.UUID updatedGroup, @@ -95,6 +99,7 @@ public class AuditService { } } + @Override public void dispatchDeleteSubgroups( Account.Id actor, AccountGroup.UUID updatedGroup, diff --git a/java/com/google/gerrit/server/audit/BUILD b/java/com/google/gerrit/server/audit/BUILD new file mode 100644 index 0000000000..5efdc5a614 --- /dev/null +++ b/java/com/google/gerrit/server/audit/BUILD @@ -0,0 +1,73 @@ +java_library( + name = "audit", + srcs = glob( + ["**/*.java"], + ), + resource_strip_prefix = "resources", + resources = ["//resources/com/google/gerrit/server"], + visibility = ["//visibility:public"], + deps = [ + "//java/com/google/gerrit/common:annotations", + "//java/com/google/gerrit/common:server", + "//java/com/google/gerrit/extensions:api", + "//java/com/google/gerrit/index", + "//java/com/google/gerrit/index:query_exception", + "//java/com/google/gerrit/index/project", + "//java/com/google/gerrit/lifecycle", + "//java/com/google/gerrit/metrics", + "//java/com/google/gerrit/prettify:server", + "//java/com/google/gerrit/reviewdb:server", + "//java/com/google/gerrit/server", + "//java/com/google/gerrit/server/ioutil", + "//java/com/google/gerrit/util/cli", + "//java/com/google/gerrit/util/ssl", + "//java/org/apache/commons/net", + "//java/org/eclipse/jgit:server", + "//lib:args4j", + "//lib:automaton", + "//lib:blame-cache", + "//lib:grappa", + "//lib:gson", + "//lib:guava", + "//lib:guava-retrying", + "//lib:gwtjsonrpc", + "//lib:gwtorm", + "//lib:jsch", + "//lib:juniversalchardet", + "//lib:mime-util", + "//lib:pegdown", + "//lib:protobuf", + "//lib:servlet-api-3_1", + "//lib:soy", + "//lib:tukaani-xz", + "//lib/auto:auto-value", + "//lib/auto:auto-value-annotations", + "//lib/bouncycastle:bcpkix-neverlink", + "//lib/bouncycastle:bcprov-neverlink", + "//lib/commons:codec", + "//lib/commons:compress", + "//lib/commons:dbcp", + "//lib/commons:lang", + "//lib/commons:net", + "//lib/commons:validator", + "//lib/flogger:api", + "//lib/guice", + "//lib/guice:guice-assistedinject", + "//lib/guice:guice-servlet", + "//lib/jgit/org.eclipse.jgit.archive:jgit-archive", + "//lib/jgit/org.eclipse.jgit:jgit", + "//lib/jsoup", + "//lib/log:jsonevent-layout", + "//lib/log:log4j", + "//lib/lucene:lucene-analyzers-common", + "//lib/lucene:lucene-core-and-backward-codecs", + "//lib/lucene:lucene-queryparser", + "//lib/mime4j:core", + "//lib/mime4j:dom", + "//lib/ow2:ow2-asm", + "//lib/ow2:ow2-asm-tree", + "//lib/ow2:ow2-asm-util", + "//lib/prolog:runtime", + "//proto:cache_java_proto", + ], +) diff --git a/java/com/google/gerrit/server/config/GerritGlobalModule.java b/java/com/google/gerrit/server/config/GerritGlobalModule.java index 57255a3e30..b6a257b8b5 100644 --- a/java/com/google/gerrit/server/config/GerritGlobalModule.java +++ b/java/com/google/gerrit/server/config/GerritGlobalModule.java @@ -91,7 +91,6 @@ import com.google.gerrit.server.account.GroupControl; import com.google.gerrit.server.account.GroupIncludeCacheImpl; import com.google.gerrit.server.account.VersionedAuthorizedKeys; import com.google.gerrit.server.account.externalids.ExternalIdModule; -import com.google.gerrit.server.audit.AuditModule; import com.google.gerrit.server.auth.AuthBackend; import com.google.gerrit.server.auth.UniversalAuthBackend; import com.google.gerrit.server.auth.oauth.OAuthTokenCache; @@ -301,7 +300,6 @@ public class GerritGlobalModule extends FactoryModule { bind(IdentifiedUser.GenericFactory.class).in(SINGLETON); bind(AccountControl.Factory.class); - install(new AuditModule()); bind(UiActions.class); bind(GitReferenceUpdated.class); diff --git a/java/com/google/gerrit/server/group/GroupAuditService.java b/java/com/google/gerrit/server/group/GroupAuditService.java new file mode 100644 index 0000000000..c543a6e409 --- /dev/null +++ b/java/com/google/gerrit/server/group/GroupAuditService.java @@ -0,0 +1,48 @@ +// Copyright (C) 2018 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.gerrit.server.group; + +import com.google.common.collect.ImmutableSet; +import com.google.gerrit.reviewdb.client.Account; +import com.google.gerrit.reviewdb.client.Account.Id; +import com.google.gerrit.reviewdb.client.AccountGroup; +import java.sql.Timestamp; + +public interface GroupAuditService { + + void dispatchAddMembers( + Account.Id actor, + AccountGroup.UUID updatedGroup, + ImmutableSet addedMembers, + Timestamp addedOn); + + void dispatchDeleteMembers( + Account.Id actor, + AccountGroup.UUID updatedGroup, + ImmutableSet deletedMembers, + Timestamp deletedOn); + + void dispatchAddSubgroups( + Account.Id actor, + AccountGroup.UUID updatedGroup, + ImmutableSet addedSubgroups, + Timestamp addedOn); + + void dispatchDeleteSubgroups( + Account.Id actor, + AccountGroup.UUID updatedGroup, + ImmutableSet deletedSubgroups, + Timestamp deletedOn); +} diff --git a/java/com/google/gerrit/server/group/db/GroupsUpdate.java b/java/com/google/gerrit/server/group/db/GroupsUpdate.java index 38db2e60e4..cd38c6a90e 100644 --- a/java/com/google/gerrit/server/group/db/GroupsUpdate.java +++ b/java/com/google/gerrit/server/group/db/GroupsUpdate.java @@ -31,13 +31,13 @@ import com.google.gerrit.server.account.AccountCache; import com.google.gerrit.server.account.GroupBackend; import com.google.gerrit.server.account.GroupCache; import com.google.gerrit.server.account.GroupIncludeCache; -import com.google.gerrit.server.audit.AuditService; import com.google.gerrit.server.config.AllUsersName; import com.google.gerrit.server.config.GerritServerId; import com.google.gerrit.server.extensions.events.GitReferenceUpdated; import com.google.gerrit.server.git.GitRepositoryManager; import com.google.gerrit.server.git.LockFailureException; import com.google.gerrit.server.git.meta.MetaDataUpdate; +import com.google.gerrit.server.group.GroupAuditService; import com.google.gerrit.server.group.InternalGroup; import com.google.gerrit.server.index.group.GroupIndexer; import com.google.gerrit.server.update.RefUpdateUtil; @@ -89,7 +89,7 @@ public class GroupsUpdate { private final GroupCache groupCache; private final GroupIncludeCache groupIncludeCache; private final Provider indexer; - private final AuditService auditService; + private final GroupAuditService groupAuditService; private final RenameGroupOp.Factory renameGroupOpFactory; @Nullable private final IdentifiedUser currentUser; private final AuditLogFormatter auditLogFormatter; @@ -106,7 +106,7 @@ public class GroupsUpdate { GroupCache groupCache, GroupIncludeCache groupIncludeCache, Provider indexer, - AuditService auditService, + GroupAuditService auditService, AccountCache accountCache, RenameGroupOp.Factory renameGroupOpFactory, @GerritServerId String serverId, @@ -120,7 +120,7 @@ public class GroupsUpdate { this.groupCache = groupCache; this.groupIncludeCache = groupIncludeCache; this.indexer = indexer; - this.auditService = auditService; + this.groupAuditService = auditService; this.renameGroupOpFactory = renameGroupOpFactory; this.gitRefUpdated = gitRefUpdated; this.retryHelper = retryHelper; @@ -384,14 +384,14 @@ public class GroupsUpdate { } if (!createdGroup.getMembers().isEmpty()) { - auditService.dispatchAddMembers( + groupAuditService.dispatchAddMembers( currentUser.getAccountId(), createdGroup.getGroupUUID(), createdGroup.getMembers(), createdGroup.getCreatedOn()); } if (!createdGroup.getSubgroups().isEmpty()) { - auditService.dispatchAddSubgroups( + groupAuditService.dispatchAddSubgroups( currentUser.getAccountId(), createdGroup.getGroupUUID(), createdGroup.getSubgroups(), @@ -405,19 +405,19 @@ public class GroupsUpdate { } if (!result.getAddedMembers().isEmpty()) { - auditService.dispatchAddMembers( + groupAuditService.dispatchAddMembers( currentUser.getAccountId(), result.getGroupUuid(), result.getAddedMembers(), updatedOn); } if (!result.getDeletedMembers().isEmpty()) { - auditService.dispatchDeleteMembers( + groupAuditService.dispatchDeleteMembers( currentUser.getAccountId(), result.getGroupUuid(), result.getDeletedMembers(), updatedOn); } if (!result.getAddedSubgroups().isEmpty()) { - auditService.dispatchAddSubgroups( + groupAuditService.dispatchAddSubgroups( currentUser.getAccountId(), result.getGroupUuid(), result.getAddedSubgroups(), updatedOn); } if (!result.getDeletedSubgroups().isEmpty()) { - auditService.dispatchDeleteSubgroups( + groupAuditService.dispatchDeleteSubgroups( currentUser.getAccountId(), result.getGroupUuid(), result.getDeletedSubgroups(), diff --git a/java/com/google/gerrit/sshd/BUILD b/java/com/google/gerrit/sshd/BUILD index 6c810a369d..4743b35969 100644 --- a/java/com/google/gerrit/sshd/BUILD +++ b/java/com/google/gerrit/sshd/BUILD @@ -11,6 +11,7 @@ java_library( "//java/com/google/gerrit/metrics", "//java/com/google/gerrit/reviewdb:server", "//java/com/google/gerrit/server", + "//java/com/google/gerrit/server/audit", "//java/com/google/gerrit/server/cache/h2", "//java/com/google/gerrit/server/git/receive", "//java/com/google/gerrit/server/ioutil", diff --git a/java/com/google/gerrit/testing/BUILD b/java/com/google/gerrit/testing/BUILD index 55565ad1d8..cf65908c81 100644 --- a/java/com/google/gerrit/testing/BUILD +++ b/java/com/google/gerrit/testing/BUILD @@ -26,6 +26,7 @@ java_library( "//java/com/google/gerrit/server", "//java/com/google/gerrit/server:module", "//java/com/google/gerrit/server/api", + "//java/com/google/gerrit/server/audit", "//java/com/google/gerrit/server/cache/h2", "//java/com/google/gerrit/server/cache/mem", "//java/com/google/gerrit/server/restapi", diff --git a/java/com/google/gerrit/testing/InMemoryModule.java b/java/com/google/gerrit/testing/InMemoryModule.java index b3f6222b9e..8f9aa14f7b 100644 --- a/java/com/google/gerrit/testing/InMemoryModule.java +++ b/java/com/google/gerrit/testing/InMemoryModule.java @@ -35,6 +35,7 @@ import com.google.gerrit.server.GerritPersonIdentProvider; import com.google.gerrit.server.PluginUser; import com.google.gerrit.server.api.GerritApiModule; import com.google.gerrit.server.api.PluginApiModule; +import com.google.gerrit.server.audit.AuditModule; import com.google.gerrit.server.cache.h2.H2CacheModule; import com.google.gerrit.server.cache.mem.DefaultMemoryCacheModule; import com.google.gerrit.server.config.AllProjectsName; @@ -178,6 +179,7 @@ public class InMemoryModule extends FactoryModule { install(new DefaultPermissionBackendModule()); install(new SearchingChangeCacheImpl.Module()); factory(GarbageCollection.Factory.class); + install(new AuditModule()); bindScope(RequestScoped.class, PerThreadRequestScope.REQUEST);