Module: check_mk
Branch: master
Commit: 63cfd32c5669564109c8397ddd39c9f136be916c
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=63cfd32c566956…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Jun 4 08:39:38 2014 +0200
FIX LDAP: Improved slightly missleading logging of LDAP sync actions
In some situations a call to WATO issued by the user are causing LDAP syncs,
for example when a user starts the sync interactively or the cache lifetime
has exceeded. In the past, the name of the triggering user was logged
to the audit / pending log, which was a bit missleading. Now, the name
of the user is not logged anymore.
---
.werks/813 | 12 ++++++++++++
ChangeLog | 3 +++
web/htdocs/wato.py | 26 ++++++++++++++++----------
web/plugins/userdb/ldap.py | 8 +++++---
4 files changed, 36 insertions(+), 13 deletions(-)
diff --git a/.werks/813 b/.werks/813
new file mode 100644
index 0000000..3cb96eb
--- /dev/null
+++ b/.werks/813
@@ -0,0 +1,12 @@
+Title: LDAP: Improved slightly missleading logging of LDAP sync actions
+Level: 1
+Component: wato
+Version: 1.2.5i4
+Date: 1401863855
+Class: fix
+
+In some situations a call to WATO issued by the user are causing LDAP syncs,
+for example when a user starts the sync interactively or the cache lifetime
+has exceeded. In the past, the name of the triggering user was logged
+to the audit / pending log, which was a bit missleading. Now, the name
+of the user is not logged anymore.
diff --git a/ChangeLog b/ChangeLog
index abfe129..154f620 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@
Multisite:
* 0934 FIX: Logwatch messages with class unknown ( 'u' ) now displayed as
WARN...
+ WATO:
+ * 0813 FIX: LDAP: Improved slightly missleading logging of LDAP sync actions...
+
1.2.5i3:
Core & Setup:
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 4caca4d..97a8e1c 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -4970,13 +4970,13 @@ def mode_changelog(phase):
def foreign_changes():
changes = {}
for t, linkinfo, user, action, text in parse_audit_log("pending"):
- if user != config.user_id:
+ if user != '-' and user != config.user_id:
changes.setdefault(user, 0)
changes[user] += 1
return changes
-def log_entry(linkinfo, action, message, logfilename):
+def log_entry(linkinfo, action, message, logfilename, user_id = None):
if type(message) == unicode:
message = message.encode("utf-8")
message = message.strip()
@@ -4991,16 +4991,21 @@ def log_entry(linkinfo, action, message, logfilename):
else:
link = ":" + linkinfo
+ if user_id == None:
+ user_id = config.user_id
+ elif user_id == '':
+ user_id = '-'
+
log_file = log_dir + logfilename
make_nagios_directory(log_dir)
f = create_user_file(log_file, "ab")
- f.write("%d %s %s %s %s\n" % (int(time.time()), link, config.user_id,
action, message))
+ f.write("%d %s %s %s %s\n" % (int(time.time()), link, user_id, action,
message))
-def log_audit(linkinfo, what, message):
+def log_audit(linkinfo, what, message, user_id = None):
if config.wato_use_git:
g_git_messages.append(message)
- log_entry(linkinfo, what, message, "audit.log")
+ log_entry(linkinfo, what, message, "audit.log", user_id)
# status is one of:
# SYNC -> Only sync neccessary
@@ -5011,13 +5016,13 @@ def log_audit(linkinfo, what, message):
# LOCALRESTART-> Called after inventory. In distributed mode, affected
# sites have already been marked for restart. Do nothing here.
# In non-distributed mode mark for restart
-def log_pending(status, linkinfo, what, message):
- log_audit(linkinfo, what, message)
+def log_pending(status, linkinfo, what, message, user_id = None):
+ log_audit(linkinfo, what, message, user_id)
need_sidebar_reload()
if not is_distributed():
if status != SYNC:
- log_entry(linkinfo, what, message, "pending.log")
+ log_entry(linkinfo, what, message, "pending.log", user_id)
cmc_rush_ahead()
@@ -5025,7 +5030,7 @@ def log_pending(status, linkinfo, what, message):
# the site is really affected. This needs to be optimized
# in future.
else:
- log_entry(linkinfo, what, message, "pending.log")
+ log_entry(linkinfo, what, message, "pending.log", user_id)
for siteid, site in config.sites.items():
changes = {}
@@ -5255,12 +5260,13 @@ def render_audit_log(log, what, with_filename = False,
hilite_others=False):
even = "even"
for t, linkinfo, user, action, text in log:
even = even == "even" and "odd" or "even"
- hilite = hilite_others and config.user_id != user
+ hilite = hilite_others and user != '-' and config.user_id != user
htmlcode += '<tr class="data %s%d">' % (even, hilite and
2 or 0)
htmlcode += '<td class=nobreak>%s</td>' %
render_linkinfo(linkinfo)
htmlcode += '<td class=nobreak>%s</td>' % fmt_date(float(t))
htmlcode += '<td class=nobreak>%s</td>' % fmt_time(float(t))
htmlcode += '<td class=nobreak>'
+ user = user == '-' and ('<i>%s</i>' %
_('internal')) or user
if hilite:
htmlcode += '<img class=icon
src="images/icon_foreign_changes.png" title="%s">' \
% _("This change has been made by another user")
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 7a27705..3627c55 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -1014,7 +1014,8 @@ def ldap_sync(add_to_changelog, only_username):
for user_id, user in users.items():
if user.get('connector') == 'ldap' and user_id not in
ldap_users:
del users[user_id] # remove the user
- wato.log_pending(wato.SYNCRESTART, None, "edit-users", _("LDAP
Connector: Removed user %s" % user_id))
+ wato.log_pending(wato.SYNCRESTART, None, "edit-users",
+ _("LDAP Connector: Removed user %s" % user_id), user_id =
'')
for user_id, ldap_user in ldap_users.items():
if user_id in users:
@@ -1047,7 +1048,7 @@ def ldap_sync(add_to_changelog, only_username):
if mode_create:
wato.log_pending(wato.SYNCRESTART, None, "edit-users",
- _("LDAP Connector: Created user %s" % user_id))
+ _("LDAP Connector: Created user %s" % user_id),
user_id = '')
else:
details = []
if added:
@@ -1066,7 +1067,8 @@ def ldap_sync(add_to_changelog, only_username):
if details:
wato.log_pending(wato.SYNCRESTART, None, "edit-users",
- _("LDAP Connector: Modified user %s (%s)") % (user_id,
', '.join(details)))
+ _("LDAP Connector: Modified user %s (%s)") % (user_id,
', '.join(details)),
+ user_id = '')
duration = time.time() - start_time
ldap_log('SYNC FINISHED - Duration: %0.3f sec' % duration)