2018-07-05 06:18:17 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2015-07-03 07:54:50 -04:00
|
|
|
class AuditEventService
|
|
|
|
def initialize(author, entity, details = {})
|
|
|
|
@author, @entity, @details = author, entity, details
|
|
|
|
end
|
|
|
|
|
|
|
|
def for_authentication
|
|
|
|
@details = {
|
|
|
|
with: @details[:with],
|
|
|
|
target_id: @author.id,
|
2016-07-06 09:26:59 -04:00
|
|
|
target_type: 'User',
|
2017-05-03 07:22:03 -04:00
|
|
|
target_details: @author.name
|
2015-07-03 07:54:50 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
self
|
|
|
|
end
|
|
|
|
|
|
|
|
def security_event
|
Add support for JSON logging for audit events
This will add audit_json.log that writes one line per audit event. For
example:
{
"severity":"INFO",
"time":"2018-10-17T17:38:22.523Z",
"author_id":3,
"entity_id":2,
"entity_type":"Project",
"change":"visibility",
"from":"Private",
"to":"Public",
"author_name":"John Doe4",
"target_id":2,
"target_type":"Project",
"target_details":"namespace2/project2"
}
2018-10-18 15:50:21 -04:00
|
|
|
log_security_event_to_file
|
|
|
|
log_security_event_to_database
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def base_payload
|
|
|
|
{
|
2015-07-03 07:54:50 -04:00
|
|
|
author_id: @author.id,
|
|
|
|
entity_id: @entity.id,
|
Add support for JSON logging for audit events
This will add audit_json.log that writes one line per audit event. For
example:
{
"severity":"INFO",
"time":"2018-10-17T17:38:22.523Z",
"author_id":3,
"entity_id":2,
"entity_type":"Project",
"change":"visibility",
"from":"Private",
"to":"Public",
"author_name":"John Doe4",
"target_id":2,
"target_type":"Project",
"target_details":"namespace2/project2"
}
2018-10-18 15:50:21 -04:00
|
|
|
entity_type: @entity.class.name
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def file_logger
|
|
|
|
@file_logger ||= Gitlab::AuditJsonLogger.build
|
|
|
|
end
|
|
|
|
|
2019-07-03 18:58:05 -04:00
|
|
|
def formatted_details
|
|
|
|
@details.merge(@details.slice(:from, :to).transform_values(&:to_s))
|
|
|
|
end
|
|
|
|
|
Add support for JSON logging for audit events
This will add audit_json.log that writes one line per audit event. For
example:
{
"severity":"INFO",
"time":"2018-10-17T17:38:22.523Z",
"author_id":3,
"entity_id":2,
"entity_type":"Project",
"change":"visibility",
"from":"Private",
"to":"Public",
"author_name":"John Doe4",
"target_id":2,
"target_type":"Project",
"target_details":"namespace2/project2"
}
2018-10-18 15:50:21 -04:00
|
|
|
def log_security_event_to_file
|
2019-07-03 18:58:05 -04:00
|
|
|
file_logger.info(base_payload.merge(formatted_details))
|
Add support for JSON logging for audit events
This will add audit_json.log that writes one line per audit event. For
example:
{
"severity":"INFO",
"time":"2018-10-17T17:38:22.523Z",
"author_id":3,
"entity_id":2,
"entity_type":"Project",
"change":"visibility",
"from":"Private",
"to":"Public",
"author_name":"John Doe4",
"target_id":2,
"target_type":"Project",
"target_details":"namespace2/project2"
}
2018-10-18 15:50:21 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def log_security_event_to_database
|
|
|
|
SecurityEvent.create(base_payload.merge(details: @details))
|
2015-07-03 07:54:50 -04:00
|
|
|
end
|
|
|
|
end
|