From Martin Peřina <mperina@redhat.com>:
Martin Peřina has submitted this change and it was merged. Change subject: restapi: Create audit message for deprecated API usage ...................................................................... restapi: Create audit message for deprecated API usage Currently there is no mechanism to notify users that are using a deprecated version of the API. In order to address that this patch introduces a mechanism that will check the version of the API for each request, and will send a message to the audit log in case it is deprecated. The message will look like this: Client from address "192.168.122.38" is using version 3 of the API, which has been deprecated since version 4.0 of the engine, and will no longer be supported starting with version 4.2. Make sure to update that client to use a supported versions of the API and the SDKs, before upgrading to version 4.2 of the engine. This feature will be enabled by default for version 3 of the API, and will be configurably by the administrator using the following configuration setting: # # Comma separated list of versions of the API that are deprecated. Each # deprecated version is specified by three values, separated by colons. # The first value is the version of the API that is deprecated. The # second value is the version of the engine where that version of the # API was deprecated. The third value is the version of the engine where # that version of the API will be removed. For example, the following # text: # # 3:4.0:4.2 # # Means that version 3 of the API was deprecated in version 4.0 of the # engine and will be removed in version 4.2 of the engine. # # When the engine detects a request that is using a deprecated version # of the API it will send a message to the audit log explaining it. # ENGINE_API_DEPRECATED_VERSIONS="3:4.0:4.2" This setting is intended to allow disabling the feature. If the administrator wants to do so, she can just use an empty value: # cat >> /etc/ovirt-engine/engin.conf.d/99-mute-deprecation.conf <<. ENGINE_API_DEPRECATED_VERSIONS="" To avoid flooding the audit log when there are applications that send many requests using the deprecated version of the API the messages will be sent only once per day, for each different client IP address. As the message will be written to the audit log table, other applications, for example the setup tool, can use it to determine if there are applications that used recently a deprecated version of the API. For example, to check if a deprecated version of the API was used in the last 30 days: select count(*) from audit_log where log_type = 13000 and age(now(), log_time) < '30 days' Change-Id: I69cd6344fdb013869fef85518bd4b3ed36466b43 Bug-Url: https://bugzilla.redhat.com/1400996 Signed-off-by: Juan Hernandez <juan.hernandez@redhat.com> --- A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddDeprecatedApiEventCommand.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java A backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/AddDeprecatedApiEventParameters.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java M backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties A backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/DeprecatedVersionInfo.java M backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/LocalConfig.java M backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/invocation/VersionFilter.java M packaging/services/ovirt-engine/ovirt-engine.conf.in 9 files changed, 341 insertions(+), 6 deletions(-) Approvals: Martin Peřina: Looks good to me, approved Juan Hernandez: Verified Jenkins CI: Passed CI tests Moti Asayag: Looks good to me, but someone else must approve -- To view, visit https://gerrit.ovirt.org/67745 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I69cd6344fdb013869fef85518bd4b3ed36466b43 Gerrit-PatchSet: 8 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <juan.hernandez@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Juan Hernandez <juan.hernandez@redhat.com> Gerrit-Reviewer: Martin Peřina <mperina@redhat.com> Gerrit-Reviewer: Moti Asayag <masayag@redhat.com> Gerrit-Reviewer: Ori Liel <oliel@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourfali@redhat.com> Gerrit-Reviewer: gerrit-hooks <automation@ovirt.org>