Fire audit events upon changes of the etc/gerrit.config file
If the etc/gerrit.config file is changed an audit event is fired.
The event contains the following parameter:
- "plugin" - the name of this plugin, i.e. "server-config"
- "class" - the java class that fires the event
- "file" - the name of the file that is changed
- "diff" - the changes as a unified diff
Change-Id: Ic8abf02cc143728742492984729894237429fc3f
diff --git a/src/main/java/com/googlesource/gerrit/plugins/serverconfig/ServerConfigServlet.java b/src/main/java/com/googlesource/gerrit/plugins/serverconfig/ServerConfigServlet.java
index 9c6ad1a..07f081d 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/serverconfig/ServerConfigServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/serverconfig/ServerConfigServlet.java
@@ -14,13 +14,25 @@
package com.googlesource.gerrit.plugins.serverconfig;
+import com.google.common.collect.LinkedHashMultimap;
+import com.google.common.collect.Multimap;
import com.google.common.io.ByteStreams;
+import com.google.gerrit.audit.AuditEvent;
+import com.google.gerrit.audit.AuditService;
+import com.google.gerrit.extensions.annotations.PluginName;
+import com.google.gerrit.httpd.WebSession;
+import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.SitePaths;
+import com.google.gerrit.server.util.TimeUtil;
import com.google.inject.Inject;
+import com.google.inject.Provider;
import com.google.inject.Singleton;
+import org.eclipse.jgit.diff.RawText;
+
import java.io.File;
import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -37,12 +49,25 @@
private final File site_path;
private final File etc_dir;
private final File static_dir;
+ private final String gerrit_config_path;
+ private final AuditService auditService;
+ private final Provider<WebSession> webSession;
+ private final String pluginName;
@Inject
- ServerConfigServlet(SitePaths sitePaths) {
+ ServerConfigServlet(SitePaths sitePaths, Provider<WebSession> webSession,
+ AuditService auditService, @PluginName String pluginName) {
+ this.webSession = webSession;
+ this.auditService = auditService;
+ this.pluginName = pluginName;
this.site_path = sitePaths.site_path;
this.etc_dir = sitePaths.etc_dir;
this.static_dir = sitePaths.static_dir;
+ try {
+ this.gerrit_config_path = sitePaths.gerrit_config.getCanonicalPath();
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
}
@Override
@@ -62,7 +87,51 @@
res.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
- writeFile(req, res);
+ if (isGerritConfig(req)) {
+ writeFileAndFireAuditEvent(req, res);
+ } else {
+ writeFile(req, res);
+ }
+ }
+
+ private void writeFileAndFireAuditEvent(HttpServletRequest req, HttpServletResponse res)
+ throws IOException {
+ File oldFile = configFile(req);
+ File dir = oldFile.getParentFile();
+ File newFile = File.createTempFile(oldFile.getName(), ".new", dir);
+ streamRequestToFile(req, newFile);
+
+ String diff = diff(oldFile, newFile);
+ audit("about to change config file", oldFile.getPath(), diff);
+
+ newFile.renameTo(oldFile);
+ audit("changed config file", oldFile.getPath(), diff);
+
+ res.setStatus(HttpServletResponse.SC_NO_CONTENT);
+ }
+
+ private static String diff(File oldFile, File newFile) throws IOException {
+ RawText oldContext = new RawText(oldFile);
+ RawText newContext = new RawText(newFile);
+ UnifiedDiffer differ = new UnifiedDiffer();
+ return differ.diff(oldContext, newContext);
+ }
+
+ private void audit(String what, String path, String diff) {
+ String sessionId = webSession.get().getSessionId();
+ CurrentUser who = webSession.get().getCurrentUser();
+ long when = TimeUtil.nowMs();
+ Multimap<String, Object> params = LinkedHashMultimap.create();
+ params.put("plugin", pluginName);
+ params.put("class", ServerConfigServlet.class);
+ params.put("diff", diff);
+ params.put("file", path);
+ auditService.dispatch(new AuditEvent(sessionId, who, what, when, params, null));
+ }
+
+ private boolean isGerritConfig(HttpServletRequest req) throws IOException {
+ File f = configFile(req);
+ return gerrit_config_path.equals(f.getCanonicalPath());
}
private boolean isValidFile(HttpServletRequest req) throws IOException {
@@ -109,8 +178,13 @@
private void writeFile(HttpServletRequest req, HttpServletResponse res)
throws IOException {
res.setStatus(HttpServletResponse.SC_NO_CONTENT);
+ streamRequestToFile(req, configFile(req));
+ }
+
+ private void streamRequestToFile(HttpServletRequest req, File file)
+ throws IOException, FileNotFoundException {
InputStream in = req.getInputStream();
- OutputStream out = new FileOutputStream(configFile(req));
+ OutputStream out = new FileOutputStream(file);
try {
ByteStreams.copy(in, out);
} finally {
diff --git a/src/main/java/com/googlesource/gerrit/plugins/serverconfig/UnifiedDiffer.java b/src/main/java/com/googlesource/gerrit/plugins/serverconfig/UnifiedDiffer.java
new file mode 100644
index 0000000..96e363a
--- /dev/null
+++ b/src/main/java/com/googlesource/gerrit/plugins/serverconfig/UnifiedDiffer.java
@@ -0,0 +1,43 @@
+// Copyright (C) 2014 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.serverconfig;
+
+import org.eclipse.jgit.diff.DiffAlgorithm;
+import org.eclipse.jgit.diff.DiffFormatter;
+import org.eclipse.jgit.diff.EditList;
+import org.eclipse.jgit.diff.MyersDiff;
+import org.eclipse.jgit.diff.RawText;
+import org.eclipse.jgit.diff.RawTextComparator;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+public class UnifiedDiffer {
+
+ static final String CHARSET_NAME = "UTF-8";
+
+ public String diff(RawText v0, RawText v1) throws IOException {
+ DiffAlgorithm algorithm = MyersDiff.INSTANCE;
+
+ EditList editList = algorithm.diff(RawTextComparator.DEFAULT, v0, v1);
+
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ DiffFormatter formatter = new DiffFormatter(os);
+ formatter.format(editList, v0, v1);
+
+ return os.toString(CHARSET_NAME);
+ }
+
+}
diff --git a/src/test/java/com/googlesource/gerrit/plugins/serverconfig/UnifiedDifferTest.java b/src/test/java/com/googlesource/gerrit/plugins/serverconfig/UnifiedDifferTest.java
new file mode 100644
index 0000000..c81e156
--- /dev/null
+++ b/src/test/java/com/googlesource/gerrit/plugins/serverconfig/UnifiedDifferTest.java
@@ -0,0 +1,63 @@
+// Copyright (C) 2014 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.serverconfig;
+
+import static org.junit.Assert.*;
+
+import org.eclipse.jgit.diff.RawText;
+import org.junit.Test;
+
+import java.io.UnsupportedEncodingException;
+
+public class UnifiedDifferTest {
+
+ @Test
+ public void testUnchange() throws Exception {
+ UnifiedDiffer classUnderTest = new UnifiedDiffer();
+ String diff = classUnderTest.diff(t("key = old\n"), t("key = old\n"));
+ assertEquals("", diff);
+ }
+
+ @Test
+ public void testChangeValue() throws Exception {
+ UnifiedDiffer classUnderTest = new UnifiedDiffer();
+ String diff = classUnderTest.diff(t("key = old\n"), t("key = new\n"));
+ assertEquals("@@ -1 +1 @@\n" + "-key = old\n" + "+key = new\n", diff);
+ }
+
+ @Test
+ public void testAddedValue() throws Exception {
+ UnifiedDiffer classUnderTest = new UnifiedDiffer();
+ String diff =
+ classUnderTest.diff(t("key1 = old\n"), t("key1 = old\n"
+ + "key2 = new\n"));
+ assertEquals("@@ -1 +1,2 @@\n" + " key1 = old\n" + "+key2 = new\n", diff);
+ }
+
+ @Test
+ public void testDeletedValue() throws Exception {
+ UnifiedDiffer classUnderTest = new UnifiedDiffer();
+ String diff =
+ classUnderTest.diff(t("key1 = old1\n" + "key1 = old2\n"),
+ t("key1 = old1\n"));
+ assertEquals("@@ -1,2 +1 @@\n" + " key1 = old1\n" + "-key1 = old2\n", diff);
+ }
+
+ private static RawText t(String text) throws UnsupportedEncodingException {
+ return new RawText(text.toString().getBytes(UnifiedDiffer.CHARSET_NAME));
+ }
+
+
+}