Description of problem: This RFE requests a number of modifications to CloudForms auditing. This will enrich the CloudForms evm.log and audit.log for system administrators and provide additional contextual information. Create a group -------------- CloudForms logs the following to evm.log when a group is created, with the literal value 'new_value': [----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(OpsRbac.rbac_edit_save_or_add) userid: [test-user] - [testGroup1] Record added ( description:[] to [new_value], role:[] to [new_value], group_tenant:[] to [new_value]) Request that the literal 'new_value' is modified to reflect the new group's details. Create a role ------------- CloudForms logs the following to evm.log when a role is created, with the literal value 'new_value': [----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(OpsRbac.rbac_edit_save_or_add) userid: [test-user] - [testRole1] Record added ( name:[] to [new_value]) Request that the literal 'new_value' is modified to reflect the name of the new role. Delete a policy --------------- CloudForms logs the following when a policy is deleted from the VMDB: [----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(CiProcessing.process_element_destroy) userid: [test-user] - [0e9e8c56-ffab-11e6-8359-001a4aa0a7d6] Record deleted Request that the audit line is amended to include the following: - Name of the policy Delete a policy profile ----------------------- CloudForms logs the following when a policy profile is deleted from the VMDB: [----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(CiProcessing.process_element_destroy) userid: [test-user] - [0e9e8c56-ffab-11e6-8359-001a4aa0a7d6] Record deleted Request that the audit line is amended to include the following: - Name of the policy profile Remove a VM from the VMDB ------------------------- Presently CloudForms logs the following when a VM is removed from the VMDB: [----] I, [2017-03-03T13:26:34.193211 #1404.120d644] INFO -- : MIQ(MiqQueue.put ) Message id: [1000000000001] id: [], Zone: [TestZone], Role: [], Server: [], Ident: [generic], Target id: [], Instance id: [], Task id: [], Command: [Vm.invoke_tasks], Timeout: [600], Priority: [100], State: [ready], Deliver on: [], Data: [], Args: [{:ids => [10000000007], :task => "destroy", userid: "test-user"}] Request an audit message similar to the following is generated, as all data about the VM will be lost: [----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(VmOps.destroy) userid: [test-user] - [VM-name, VM-id, VM-ems-ref] Record destroyed Remove an image from the VMDB: ------------------------------ Presently CloudForms logs the following when an image is removed from the VMDB: [----] I, [2017-03-03T13:26:34.193211 #1404.120d644] INFO -- : MIQ(MiqQueue.put ) Message id: [1000000000001] id: [], Zone: [TestZone], Role: [], Server: [], Ident: [generic], Target id: [], Instance id: [], Task id: [], Command: [Vm.invoke_tasks], Timeout: [600], Priority: [100], State: [ready], Deliver on: [], Data: [], Args: [{:ids => [10000000007], :task => "destroy", userid: "test-user"}] Request an audit message similar to the following is generated, as all data about the image will be lost: [----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(ImageOps.destroy) userid: [test-user] - [image-name, image-id, image-ems-ref] Record destroyed Include user IP and hostname in audit events ------------------------------- For all CFME audit events, request that the user's IP address is included in addition to the username. eg; [----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(OpsRbac.rbac_edit_save_or_add) userid: [test-user] userip: [10.10.1.4] user-hostname: [test-user.example.com] - [testRole1] Record added ( name:[] to [new_value]) Version-Release number of selected component (if applicable): 5.7.0.17 How reproducible: NA Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
https://github.com/ManageIQ/manageiq-ui-classic/pull/4017
https://github.com/ManageIQ/manageiq/pull/17504
After discussed with Joe and Rich, we decided to split this REF into two. I'll create a new BZ for the last request of adding user IP and hostname to audit log. We need to decide how and where we will collect these information. It may need a lot of work. Current one will only focus on other requests.
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/083ce04639ee7b1def9b5dcee554850b29ddcc93 commit 083ce04639ee7b1def9b5dcee554850b29ddcc93 Author: hsong-rh <hsong> AuthorDate: Thu May 31 14:11:44 2018 -0400 Commit: hsong-rh <hsong> CommitDate: Thu May 31 14:11:44 2018 -0400 Fix to show vm/image related info in audit log when deleting vm/image https://bugzilla.redhat.com/show_bug.cgi?id=1434762 app/models/audit_event.rb | 4 +- app/models/mixins/process_tasks_mixin.rb | 2 + 2 files changed, 5 insertions(+), 1 deletion(-)
New commit detected on ManageIQ/manageiq-ui-classic/master: https://github.com/ManageIQ/manageiq-ui-classic/commit/1ef0b9d74e2779e2e693da8d60d50bf7f2d5731e commit 1ef0b9d74e2779e2e693da8d60d50bf7f2d5731e Author: hsong-rh <hsong> AuthorDate: Thu May 31 11:52:05 2018 -0400 Commit: hsong-rh <hsong> CommitDate: Thu May 31 11:52:05 2018 -0400 Fix to show meaningful policy name when add/edit/delete it in audit.log https://bugzilla.redhat.com/show_bug.cgi?id=1434762 app/controllers/application_controller/ci_processing.rb | 1 + app/controllers/miq_policy_controller.rb | 2 + 2 files changed, 3 insertions(+)
Verified on 5.10.0.8.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:0212