diff --git a/application/forms/SettingsForm.php b/application/forms/SettingsForm.php index e9cbe16d..a8b7486d 100644 --- a/application/forms/SettingsForm.php +++ b/application/forms/SettingsForm.php @@ -60,6 +60,27 @@ class SettingsForm extends QuickForm $settings->getStoredValue('disable_all_jobs') ); + $this->addElement('select', 'enable_audit_log', array( + 'label' => $this->translate('Enable audit log'), + 'multiOptions' => $this->eventuallyConfiguredEnum( + 'enable_audit_log', + array( + 'n' => $this->translate('No'), + 'y' => $this->translate('Yes'), + ) + ), + 'description' => $this->translate( + 'All changes are tracked in the Director database. In addition' + . ' you might also want to send an audit log through the Icinga' + . " Web 2 logging mechanism. That way all changes would be" + . ' written to either Syslog or the configured log file' + ), + )); + + $this->getElement('disable_all_jobs')->setValue( + $settings->getStoredValue('disable_all_jobs') + ); + $this->addElement('select', 'config_format', array( 'label' => $this->translate('Configuration format'), 'multiOptions' => $this->eventuallyConfiguredEnum( diff --git a/library/Director/Objects/DirectorActivityLog.php b/library/Director/Objects/DirectorActivityLog.php index bad6718d..45454a03 100644 --- a/library/Director/Objects/DirectorActivityLog.php +++ b/library/Director/Objects/DirectorActivityLog.php @@ -7,6 +7,7 @@ use Icinga\Module\Director\Db; use Icinga\Module\Director\Util; use Icinga\Authentication\Auth; use Icinga\Application\Icinga; +use Icinga\Application\Logger; class DirectorActivityLog extends DbObject { @@ -30,7 +31,11 @@ class DirectorActivityLog extends DbObject ); /** + * @param $name + * * @codingStandardsIgnoreStart + * + * @return self */ protected function setObject_Name($name) { @@ -64,56 +69,76 @@ class DirectorActivityLog extends DbObject return static::load($db->fetchOne($query), $connection); } - public static function logCreation(DbObject $object, Db $db) + public static function logCreation(IcingaObject $object, Db $db) { + // TODO: extend this to support non-IcingaObjects and multikey objects + $name = $object->getObjectName(); + $type = $object->getTableName(); + $newProps = $object->toJson(null, true); $data = array( - 'object_name' => $object->object_name, + 'object_name' => $name, 'action_name' => 'create', 'author' => self::username(), - 'object_type' => $object->getTableName(), - 'new_properties' => $object->toJson(null, true), + 'object_type' => $type, + 'new_properties' => $newProps, 'change_time' => date('Y-m-d H:i:s'), // TODO -> postgres! 'parent_checksum' => $db->getLastActivityChecksum() ); $data['checksum'] = sha1(json_encode($data), true); $data['parent_checksum'] = Util::hex2binary($data['parent_checksum']); + if ($db->settings()->enable_audit_log === 'y') { + Logger::info('(director) %s[%s] has been created: %s', $type, $name, $newProps); + } return self::create($data)->store($db); } - public static function logModification(DbObject $object, Db $db) + public static function logModification(IcingaObject $object, Db $db) { + $name = $object->getObjectName(); + $type = $object->getTableName(); + $oldProps = json_encode($object->getPlainUnmodifiedObject()); + $newProps = $object->toJson(null, true); $data = array( - 'object_name' => $object->object_name, + 'object_name' => $name, 'action_name' => 'modify', 'author' => self::username(), - 'object_type' => $object->getTableName(), - 'old_properties' => json_encode($object->getPlainUnmodifiedObject()), - 'new_properties' => $object->toJson(null, true), + 'object_type' => $type, + 'old_properties' => $oldProps, + 'new_properties' => $newProps, 'change_time' => date('Y-m-d H:i:s'), // TODO -> postgres! 'parent_checksum' => $db->getLastActivityChecksum() ); $data['checksum'] = sha1(json_encode($data), true); $data['parent_checksum'] = Util::hex2binary($data['parent_checksum']); + if ($db->settings()->enable_audit_log === 'y') { + Logger::info('(director) %s[%s] has been modified from %s to %s', $type, $name, $oldProps, $newProps); + } return self::create($data)->store($db); } - public static function logRemoval(DbObject $object, Db $db) + public static function logRemoval(IcingaObject $object, Db $db) { - $plain = $object->getCachedUnmodifiedObject(); + $name = $object->getObjectName(); + $type = $object->getTableName(); + $oldProps = json_encode($object->getPlainUnmodifiedObject()); + $data = array( - 'object_name' => $plain->object_name, + 'object_name' => $name, 'action_name' => 'delete', 'author' => self::username(), - 'object_type' => $object->getTableName(), - 'old_properties' => json_encode($plain), + 'object_type' => $type, + 'old_properties' => $oldProps, 'change_time' => date('Y-m-d H:i:s'), // TODO -> postgres! 'parent_checksum' => $db->getLastActivityChecksum() ); $data['checksum'] = sha1(json_encode($data), true); $data['parent_checksum'] = Util::hex2binary($data['parent_checksum']); + if ($db->settings()->enable_audit_log === 'y') { + Logger::info('(director) %s[%s] has been removed: %s', $type, $name, $oldProps); + } return self::create($data)->store($db); } } diff --git a/library/Director/Settings.php b/library/Director/Settings.php index 788e827d..5fe19d54 100644 --- a/library/Director/Settings.php +++ b/library/Director/Settings.php @@ -17,6 +17,7 @@ class Settings 'override_services_varname' => '_override_servicevars', 'override_services_templatename' => 'host var overrides (Director)', 'disable_all_jobs' => 'n', // 'y' + 'enable_audit_log' => 'n', // 'experimental_features' => null, // 'allow' // 'master_zone' => null, );