diff options
author | Martin Polden <mpolden@mpolden.no> | 2019-03-07 13:52:36 +0100 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2019-03-07 14:25:17 +0100 |
commit | 9e6993064dadd73bb0bf5e93bda11f7061c59f49 (patch) | |
tree | 65b68bc887bc5c2e81279591a8a05d1b378b08ee /controller-server/src/main/java/com/yahoo/vespa/hosted/controller/auditlog/AuditLoggingRequestHandler.java | |
parent | 9cf353c5502c6c80433ada913c647a700f57236d (diff) |
Write operator actions to audit log
All mutable requests to the following paths will be written to the audit log:
* `/controller/v1/`
* `/os/v1/`
* `/zone/v2/`
Those paths cover the most important operator actions, such as:
* (De)activation of maintenance jobs on controller
* Version confidence overrides
* Scheduling OS or firmware upgrades
* Proxied calls to config servers: Feature flag changes, (de)activation of
node repository maintenance jobs, node state changes, scheduling of node reboots etc.
We can also consider adding node (de)provisioning (`/provision/v2/`), but that
needs to be changed in internal code.
Future handlers that require audit logging can simply extend
`AuditLoggingRequestHandler`.
Diffstat (limited to 'controller-server/src/main/java/com/yahoo/vespa/hosted/controller/auditlog/AuditLoggingRequestHandler.java')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/auditlog/AuditLoggingRequestHandler.java | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/auditlog/AuditLoggingRequestHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/auditlog/AuditLoggingRequestHandler.java new file mode 100644 index 00000000000..7eb38fed7ee --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/auditlog/AuditLoggingRequestHandler.java @@ -0,0 +1,30 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.auditlog; + +import com.yahoo.container.jdisc.HttpRequest; +import com.yahoo.container.jdisc.HttpResponse; +import com.yahoo.container.jdisc.LoggingRequestHandler; + +/** + * A handler that logs requests to the audit log. Handlers that need audit logging should extend this and implement + * {@link AuditLoggingRequestHandler#auditAndHandle(HttpRequest)}. + * + * @author mpolden + */ +public abstract class AuditLoggingRequestHandler extends LoggingRequestHandler { + + private final AuditLogger auditLogger; + + public AuditLoggingRequestHandler(Context ctx, AuditLogger auditLogger) { + super(ctx); + this.auditLogger = auditLogger; + } + + @Override + public HttpResponse handle(HttpRequest request) { + return auditAndHandle(auditLogger.log(request)); + } + + public abstract HttpResponse auditAndHandle(HttpRequest request); + +} |