From 41159098cba104082f774f499ba38c498437f0c0 Mon Sep 17 00:00:00 2001 From: Kian Parvin Date: Thu, 7 Sep 2023 11:18:14 +0200 Subject: [PATCH] Audit log fixes --- cmd/jimmctl/cmd/listauditevents.go | 2 +- cmd/jimmctl/cmd/purge_logs.go | 4 +++- internal/jimm/audit_log.go | 10 +++++----- internal/rpc/proxy.go | 11 ++++++----- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/cmd/jimmctl/cmd/listauditevents.go b/cmd/jimmctl/cmd/listauditevents.go index e25446d3d..3b3723fe8 100644 --- a/cmd/jimmctl/cmd/listauditevents.go +++ b/cmd/jimmctl/cmd/listauditevents.go @@ -71,7 +71,7 @@ func (c *listAuditEventsCommand) SetFlags(f *gnuflag.FlagSet) { f.StringVar(&c.args.UserTag, "user-tag", "", "display events performed by authenticated user") f.StringVar(&c.args.Method, "method", "", "display events for a specific method call") f.StringVar(&c.args.Model, "model", "", "display events for a specific model (model name is controller/model)") - f.IntVar(&c.args.Limit, "offset", 0, "offset the set of returned audit events") + f.IntVar(&c.args.Offset, "offset", 0, "offset the set of returned audit events") f.IntVar(&c.args.Limit, "limit", 0, "limit the maximum number of returned audit events") f.BoolVar(&c.args.SortTime, "reverse", false, "reverse the order of logs, showing the most recent first") diff --git a/cmd/jimmctl/cmd/purge_logs.go b/cmd/jimmctl/cmd/purge_logs.go index cbb126bb4..0a168b249 100644 --- a/cmd/jimmctl/cmd/purge_logs.go +++ b/cmd/jimmctl/cmd/purge_logs.go @@ -25,7 +25,9 @@ const purgeLogsDoc = ` // NewPurgeLogsCommand returns a command to purge logs. func NewPurgeLogsCommand() cmd.Command { - cmd := &purgeLogsCommand{} + cmd := &purgeLogsCommand{ + store: jujuclient.NewFileClientStore(), + } return modelcmd.WrapBase(cmd) } diff --git a/internal/jimm/audit_log.go b/internal/jimm/audit_log.go index bb049f37c..504016bd0 100644 --- a/internal/jimm/audit_log.go +++ b/internal/jimm/audit_log.go @@ -26,9 +26,9 @@ type DbAuditLogger struct { getUser func() names.UserTag } -// newConversationID generates a unique ID that is used for the +// NewConversationID generates a unique ID that is used for the // lifetime of a websocket connection. -func newConversationID() string { +func NewConversationID() string { buf := make([]byte, 8) rand.Read(buf) // Can't fail return hex.EncodeToString(buf) @@ -38,7 +38,7 @@ func newConversationID() string { func NewDbAuditLogger(j *JIMM, getUserFunc func() names.UserTag) DbAuditLogger { logger := DbAuditLogger{ jimm: j, - conversationId: newConversationID(), + conversationId: NewConversationID(), getUser: getUserFunc, } return logger @@ -112,7 +112,7 @@ type recorder struct { func NewRecorder(logger DbAuditLogger) recorder { return recorder{ start: time.Now(), - conversationId: newConversationID(), + conversationId: NewConversationID(), logger: logger, } } @@ -166,11 +166,11 @@ func (a *auditLogCleanupService) Start(ctx context.Context) { // from the service's context. It calculates the poll duration at 9am each day // UTC. func (a *auditLogCleanupService) poll(ctx context.Context) { - retentionDate := time.Now().AddDate(0, 0, -(a.auditLogRetentionPeriodInDays)) for { select { case <-time.After(calculateNextPollDuration(time.Now().UTC())): + retentionDate := time.Now().AddDate(0, 0, -(a.auditLogRetentionPeriodInDays)) deleted, err := a.db.DeleteAuditLogsBefore(ctx, retentionDate) if err != nil { zapctx.Error(ctx, "failed to cleanup audit logs", zap.Error(err)) diff --git a/internal/rpc/proxy.go b/internal/rpc/proxy.go index fc9933596..8c7f52dc8 100644 --- a/internal/rpc/proxy.go +++ b/internal/rpc/proxy.go @@ -17,6 +17,7 @@ import ( "github.com/canonical/jimm/internal/auth" "github.com/canonical/jimm/internal/dbmodel" "github.com/canonical/jimm/internal/errors" + "github.com/canonical/jimm/internal/jimm" ) // TokenGenerator authenticates a user and generates a JWT token. @@ -286,7 +287,6 @@ func (p *controllerProxy) start(ctx context.Context) error { zapctx.Debug(ctx, "Reading on controller connection") msg := new(message) if err := p.src.readJson(msg); err != nil { - zapctx.Error(ctx, "controllerProxy error reading from src", zap.Error(err)) // Error reading on the socket implies it is closed, simply return. return err } @@ -460,10 +460,11 @@ func ProxySockets(ctx context.Context, helpers ProxyHelpers) error { // after the first message has been received so that any errors can be properly sent back to the client. clProxy := clientProxy{ modelProxy: modelProxy{ - src: &client, - msgs: &msgInFlight, - tokenGen: helpers.TokenGen, - auditLog: helpers.AuditLog, + src: &client, + msgs: &msgInFlight, + tokenGen: helpers.TokenGen, + auditLog: helpers.AuditLog, + conversationId: jimm.NewConversationID(), }, errChan: errChan, createControllerConn: helpers.ConnectController,