From Martin Peřina <mperina(a)redhat.com>:
Martin Peřina has submitted this change and it was merged.
Change subject: restapi: Create audit message for deprecated API usage
......................................................................
restapi: Create audit message for deprecated API usage
Currently there is no mechanism to notify users that are using a
deprecated version of the API. In order to address that this patch
introduces a mechanism that will check the version of the API for each
request, and will send a message to the audit log in case it is
deprecated. The message will look like this:
Client from address "192.168.122.38" is using version 3 of the
API, which has been deprecated since version 4.0 of the engine,
and will no longer be supported starting with version 4.2. Make
sure to update that client to use a supported versions of
the API and the SDKs, before upgrading to version 4.2 of
the engine.
This feature will be enabled by default for version 3 of the API, and
will be configurably by the administrator using the following
configuration setting:
#
# Comma separated list of versions of the API that are deprecated. Each
# deprecated version is specified by three values, separated by colons.
# The first value is the version of the API that is deprecated. The
# second value is the version of the engine where that version of the
# API was deprecated. The third value is the version of the engine where
# that version of the API will be removed. For example, the following
# text:
#
# 3:4.0:4.2
#
# Means that version 3 of the API was deprecated in version 4.0 of the
# engine and will be removed in version 4.2 of the engine.
#
# When the engine detects a request that is using a deprecated version
# of the API it will send a message to the audit log explaining it.
#
ENGINE_API_DEPRECATED_VERSIONS="3:4.0:4.2"
This setting is intended to allow disabling the feature. If the
administrator wants to do so, she can just use an empty value:
# cat >> /etc/ovirt-engine/engin.conf.d/99-mute-deprecation.conf <<.
ENGINE_API_DEPRECATED_VERSIONS=""
To avoid flooding the audit log when there are applications that send
many requests using the deprecated version of the API the messages will
be sent only once per day, for each different client IP address.
As the message will be written to the audit log table, other
applications, for example the setup tool, can use it to determine if
there are applications that used recently a deprecated version of the
API. For example, to check if a deprecated version of the API was used
in the last 30 days:
select
count(*)
from
audit_log
where
log_type = 13000 and
age(now(), log_time) < '30 days'
Change-Id: I69cd6344fdb013869fef85518bd4b3ed36466b43
Bug-Url:
https://bugzilla.redhat.com/1400996
Signed-off-by: Juan Hernandez <juan.hernandez(a)redhat.com>
---
A
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddDeprecatedApiEventCommand.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
A
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/AddDeprecatedApiEventParameters.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
M backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
A
backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/DeprecatedVersionInfo.java
M
backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/LocalConfig.java
M
backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/invocation/VersionFilter.java
M packaging/services/ovirt-engine/ovirt-engine.conf.in
9 files changed, 341 insertions(+), 6 deletions(-)
Approvals:
Martin Peřina: Looks good to me, approved
Juan Hernandez: Verified
Jenkins CI: Passed CI tests
Moti Asayag: Looks good to me, but someone else must approve
--
To view, visit
https://gerrit.ovirt.org/67745
To unsubscribe, visit
https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I69cd6344fdb013869fef85518bd4b3ed36466b43
Gerrit-PatchSet: 8
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <juan.hernandez(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Juan Hernandez <juan.hernandez(a)redhat.com>
Gerrit-Reviewer: Martin Peřina <mperina(a)redhat.com>
Gerrit-Reviewer: Moti Asayag <masayag(a)redhat.com>
Gerrit-Reviewer: Ori Liel <oliel(a)redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation(a)ovirt.org>