soar_auditing_provider 2.0.0 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/soar_auditing_provider/auditing_provider.rb +50 -21
- data/lib/soar_auditing_provider/nfr_match_error.rb +4 -0
- data/lib/soar_auditing_provider/version.rb +1 -1
- data/sanity/Gemfile +3 -1
- data/sanity/sanity_testing_production_config.rb +81 -0
- data/soar_auditing_provider.gemspec +1 -1
- metadata +13 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 51aeace65e2c7f7dc23b59e86945e6cfc38661ea
|
4
|
+
data.tar.gz: 3bcb28702ec81a06d14be9df2d3bc744ff5627bc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e65d77b5f0cd4be88846748551d9742743eb52ef31f500b4c8364daf764e4603edaf8ba2fc612029cfa8565fafbc0e9a5c82396e38edec5c2df9695fb1a7b5a9
|
7
|
+
data.tar.gz: 9f3b52451cce445c0dbb1697c4d79d61a53ec3e97fdd81aa81d7cc8ab48a4ddc8d9ecbe8f141031a079e950bcd77e7cbe489b45b5fc1da134a31194e3dd4a785
|
data/.gitignore
CHANGED
@@ -1,23 +1,13 @@
|
|
1
|
-
require 'soar_auditing_provider_api'
|
2
1
|
require 'soar_auditing_format'
|
2
|
+
require 'soar_json_auditing_format'
|
3
3
|
require 'soar_configured_factory'
|
4
4
|
require 'soar_flow'
|
5
5
|
require 'time'
|
6
6
|
require 'securerandom'
|
7
7
|
|
8
8
|
module SoarAuditingProvider
|
9
|
-
class AuditingProvider
|
10
|
-
|
11
|
-
|
12
|
-
#Aliases for bypassing overridden methods when accessing underlying super class api
|
13
|
-
alias :super_debug :debug
|
14
|
-
alias :super_info :info
|
15
|
-
alias :super_warn :warn
|
16
|
-
alias :super_error :error
|
17
|
-
alias :super_fatal :fatal
|
18
|
-
|
19
|
-
public
|
20
|
-
|
9
|
+
class AuditingProvider
|
10
|
+
DEFAULT_NFRS = {} unless defined? DEFAULT_NFRS; DEFAULT_NFRS.freeze
|
21
11
|
DEFAULT_FLOW_ID_GENERATOR = -> { SoarFlow::ID::generate_flow_id } unless defined?(DEFAULT_FLOW_ID_GENERATOR)
|
22
12
|
DEFAULT_LEVEL = :info unless defined?(DEFAULT_LEVEL)
|
23
13
|
DEFAULT_QUEUE_WORKER_CONFIG = {
|
@@ -33,7 +23,11 @@ module SoarAuditingProvider
|
|
33
23
|
|
34
24
|
def initialize(configuration)
|
35
25
|
@configuration = configuration
|
36
|
-
|
26
|
+
|
27
|
+
@auditors = create_auditors(configuration)
|
28
|
+
raise ArgumentError.new("Invalid auditors provided") if not @auditors.is_a?(Hash)
|
29
|
+
raise ArgumentError.new("No auditors provided") if @auditors.nil? or @auditors.empty?
|
30
|
+
|
37
31
|
select_auditor(configuration['default_nfrs'])
|
38
32
|
@flow_id_generator = @configuration["flow_id_generator"] || DEFAULT_FLOW_ID_GENERATOR
|
39
33
|
create_auditing_worker
|
@@ -100,12 +94,39 @@ module SoarAuditingProvider
|
|
100
94
|
send(level,exception_message,flow_id)
|
101
95
|
end
|
102
96
|
|
97
|
+
def select(nfrs = DEFAULT)
|
98
|
+
if nfrs.nil? or nfrs.empty?
|
99
|
+
auditor_selected = @auditors.keys.first
|
100
|
+
else
|
101
|
+
auditor_selected = nil
|
102
|
+
@auditors.each do |auditor, configuration|
|
103
|
+
auditor_nfrs = configuration['nfrs']
|
104
|
+
nfrs_matched = true
|
105
|
+
nfrs.each do |nfr, value|
|
106
|
+
nfrs_matched = false if not auditor_nfrs[nfr] or (auditor_nfrs[nfr] != value)
|
107
|
+
end
|
108
|
+
if nfrs_matched
|
109
|
+
auditor_selected = auditor
|
110
|
+
break
|
111
|
+
end
|
112
|
+
end
|
113
|
+
raise NFRMatchError.new("Could not match NFRs to an auditor") if auditor_selected.nil?
|
114
|
+
end
|
115
|
+
configuration = @auditors[auditor_selected]
|
116
|
+
@auditor = auditor_selected
|
117
|
+
return @auditor, configuration
|
118
|
+
end
|
119
|
+
|
103
120
|
private
|
104
121
|
|
105
122
|
def prepend_caller_information(data)
|
106
123
|
if 'true' == @configuration['add_caller_source_location']
|
107
|
-
|
108
|
-
|
124
|
+
if data is_a?(Hash)
|
125
|
+
data['caller_source_location'] = "#{caller_locations(2,1)[0]}"
|
126
|
+
else
|
127
|
+
caller_key_value_pair = SoarAuditingFormatter::Formatter.optional_field_format("caller_source_location","#{caller_locations(2,1)[0]}")
|
128
|
+
data = "#{caller_key_value_pair} #{data}"
|
129
|
+
end
|
109
130
|
end
|
110
131
|
data
|
111
132
|
end
|
@@ -134,7 +155,7 @@ module SoarAuditingProvider
|
|
134
155
|
if @worker
|
135
156
|
enqueue(level, data)
|
136
157
|
else
|
137
|
-
|
158
|
+
auditor_caller(level, data)
|
138
159
|
end
|
139
160
|
end
|
140
161
|
|
@@ -151,22 +172,26 @@ module SoarAuditingProvider
|
|
151
172
|
end
|
152
173
|
|
153
174
|
def format(level, data, flow_identifier)
|
154
|
-
|
175
|
+
if "json" == output_format
|
176
|
+
SoarJsonAuditingFormatter::Formatter.format(level,@service_identifier,flow_identifier,Time.now.utc.iso8601(3),data)
|
177
|
+
else
|
178
|
+
SoarAuditingFormatter::Formatter.format(level,@service_identifier,flow_identifier,Time.now.utc.iso8601(3),data)
|
179
|
+
end
|
155
180
|
end
|
156
181
|
|
157
182
|
def create_auditing_worker
|
158
183
|
if !direct_auditor_call?
|
159
184
|
config = @configuration['queue_worker'] || DEFAULT_QUEUE_WORKER_CONFIG
|
160
185
|
@worker = AuditingWorker.instance
|
161
|
-
@worker.configure(queue_worker_configuration: config, auditor_audit_method: method(:
|
186
|
+
@worker.configure(queue_worker_configuration: config, auditor_audit_method: method(:auditor_caller))
|
162
187
|
@worker.start
|
163
188
|
else
|
164
189
|
@worker = nil
|
165
190
|
end
|
166
191
|
end
|
167
192
|
|
168
|
-
def
|
169
|
-
send(
|
193
|
+
def auditor_caller(level, data)
|
194
|
+
@auditor.send(level,data)
|
170
195
|
end
|
171
196
|
|
172
197
|
def create_auditors(configuration)
|
@@ -195,6 +220,10 @@ module SoarAuditingProvider
|
|
195
220
|
(configuration['direct_auditor_call'].nil? and @auditor.prefer_direct_call?)
|
196
221
|
end
|
197
222
|
|
223
|
+
def output_format
|
224
|
+
@configuration['output_format'] || 'string'
|
225
|
+
end
|
226
|
+
|
198
227
|
def initialize_metrics
|
199
228
|
@startup_timestamp = Time.now.utc.iso8601(3)
|
200
229
|
@enqueued_audit_events = 0
|
data/sanity/Gemfile
CHANGED
@@ -1,5 +1,7 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
3
|
gem 'soar_auditing_provider', :path => "../"
|
4
|
-
gem "log4r_auditor", "~> 1.
|
4
|
+
gem "log4r_auditor", "~> 1.1.0"
|
5
|
+
gem "logstash_auditor", "~> 1.1.0"
|
5
6
|
gem "soar_flow", "~> 0.1.1"
|
7
|
+
gem 'configuration_service-provider-vault', '~> 3.3', '>= 3.3.1'
|
@@ -0,0 +1,81 @@
|
|
1
|
+
require 'soar_auditing_provider'
|
2
|
+
require 'log4r_auditor'
|
3
|
+
require 'logstash_auditor'
|
4
|
+
require 'soar_flow'
|
5
|
+
require 'configuration_service'
|
6
|
+
|
7
|
+
class Main
|
8
|
+
|
9
|
+
def get_config_from_config_service
|
10
|
+
#where to get the token
|
11
|
+
#https://configuration-service.auto-h.net/#authorize
|
12
|
+
|
13
|
+
#docs where this code comes from
|
14
|
+
#http://www.rubydoc.info/gems/configuration_service-provider-vault
|
15
|
+
require 'bundler'
|
16
|
+
Bundler.require(:default)
|
17
|
+
ENV['CFGSRV_IDENTIFIER']="auditing_for_production"
|
18
|
+
ENV['CFGSRV_TOKEN']="43f8f6f5-6f9c-87fb-e71e-0cea7fe58c07" #TODO fill this in
|
19
|
+
ENV['CFGSRV_PROVIDER']="vault"
|
20
|
+
ENV['CFGSRV_PROVIDER_ADDRESS']="https://vault.auto-h.net"
|
21
|
+
config_service = ConfigurationService::Factory.create_client
|
22
|
+
config = config_service.request_configuration
|
23
|
+
config.data
|
24
|
+
end
|
25
|
+
|
26
|
+
def test_sanity
|
27
|
+
|
28
|
+
config = get_config_from_config_service
|
29
|
+
|
30
|
+
#OVERRIDE TO JSON if required
|
31
|
+
#config['output_format'] = 'json'
|
32
|
+
|
33
|
+
#OVERRIDE TO LOCAL ELK STACK if required
|
34
|
+
config['auditors']['logstash']["host_url"] = "https://logstash-staging1.jnb1.host-h.net:8080"
|
35
|
+
#config['auditors']['logstash']["certificate"] = File.read("../../logstash_auditor/spec/support/certificates/selfsigned/selfsigned_registered.cert.pem")
|
36
|
+
#config['auditors']['logstash']["private_key"] = File.read( "../../logstash_auditor/spec/support/certificates/selfsigned/selfsigned_registered.private.nopass.pem")
|
37
|
+
|
38
|
+
$stderr.puts config
|
39
|
+
|
40
|
+
#config = load_yaml_file('production_config.yml')
|
41
|
+
|
42
|
+
#create and configure auditing instance
|
43
|
+
myauditing = SoarAuditingProvider::AuditingProvider.new( config )
|
44
|
+
myauditing.startup_flow_id = SoarFlow::ID::generate_flow_id
|
45
|
+
myauditing.service_identifier = 'my-test-service.com'
|
46
|
+
|
47
|
+
#associate a set of auditing entries with a flow by generating a flow identifiers
|
48
|
+
flow_id = SoarFlow::ID::generate_flow_id
|
49
|
+
|
50
|
+
#generate audit events
|
51
|
+
some_debug_object = 123
|
52
|
+
|
53
|
+
debug_hash = { "info" => "bla" }
|
54
|
+
|
55
|
+
myauditing.info(debug_hash,flow_id)
|
56
|
+
|
57
|
+
|
58
|
+
# myauditing.debug(some_debug_object,flow_id)
|
59
|
+
# dropped = 95
|
60
|
+
# myauditing.warn("Statistics show that dropped packets have increased to #{dropped}%",flow_id)
|
61
|
+
# myauditing.error("Could not resend some dropped packets. They have been lost. All is still OK, I could compensate",flow_id)
|
62
|
+
# myauditing.fatal("Unable to perform action, too many dropped packets. Functional degradation.",flow_id)
|
63
|
+
# myauditing << 'Rack::CommonLogger requires this'
|
64
|
+
|
65
|
+
sleep 3
|
66
|
+
end
|
67
|
+
|
68
|
+
def load_yaml_file(file_name)
|
69
|
+
require 'yaml'
|
70
|
+
if File.exist?(file_name)
|
71
|
+
YAML.load_file(file_name)
|
72
|
+
else
|
73
|
+
{}
|
74
|
+
end
|
75
|
+
rescue IOError, SystemCallError, Psych::Exception => ex
|
76
|
+
raise LoadError.new("Failed to load yaml file #{file_name} : #{ex}")
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
main = Main.new
|
81
|
+
main.test_sanity
|
@@ -25,9 +25,9 @@ Gem::Specification.new do |spec|
|
|
25
25
|
spec.add_development_dependency 'log4r_auditor', '~> 1.1'
|
26
26
|
spec.add_development_dependency 'soar_xt', '~> 0.0.3'
|
27
27
|
|
28
|
-
spec.add_dependency 'soar_auditing_provider_api', '~> 0.9.0'
|
29
28
|
spec.add_dependency 'soar_auditor_api', '~> 1.0'
|
30
29
|
spec.add_dependency 'soar_auditing_format', '~> 0.0.5'
|
30
|
+
spec.add_dependency 'soar_json_auditing_format', '~> 0.0.2'
|
31
31
|
spec.add_dependency 'soar_flow', '~> 0.1.1'
|
32
32
|
spec.add_dependency 'soar_thread_worker', '~> 0.2.0'
|
33
33
|
spec.add_dependency 'soar_configured_factory', '~> 0.1.0'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: soar_auditing_provider
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 3.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ernst van Graan
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date: 2017-
|
12
|
+
date: 2017-05-11 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -96,47 +96,47 @@ dependencies:
|
|
96
96
|
- !ruby/object:Gem::Version
|
97
97
|
version: 0.0.3
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
|
-
name:
|
99
|
+
name: soar_auditor_api
|
100
100
|
requirement: !ruby/object:Gem::Requirement
|
101
101
|
requirements:
|
102
102
|
- - "~>"
|
103
103
|
- !ruby/object:Gem::Version
|
104
|
-
version:
|
104
|
+
version: '1.0'
|
105
105
|
type: :runtime
|
106
106
|
prerelease: false
|
107
107
|
version_requirements: !ruby/object:Gem::Requirement
|
108
108
|
requirements:
|
109
109
|
- - "~>"
|
110
110
|
- !ruby/object:Gem::Version
|
111
|
-
version:
|
111
|
+
version: '1.0'
|
112
112
|
- !ruby/object:Gem::Dependency
|
113
|
-
name:
|
113
|
+
name: soar_auditing_format
|
114
114
|
requirement: !ruby/object:Gem::Requirement
|
115
115
|
requirements:
|
116
116
|
- - "~>"
|
117
117
|
- !ruby/object:Gem::Version
|
118
|
-
version:
|
118
|
+
version: 0.0.5
|
119
119
|
type: :runtime
|
120
120
|
prerelease: false
|
121
121
|
version_requirements: !ruby/object:Gem::Requirement
|
122
122
|
requirements:
|
123
123
|
- - "~>"
|
124
124
|
- !ruby/object:Gem::Version
|
125
|
-
version:
|
125
|
+
version: 0.0.5
|
126
126
|
- !ruby/object:Gem::Dependency
|
127
|
-
name:
|
127
|
+
name: soar_json_auditing_format
|
128
128
|
requirement: !ruby/object:Gem::Requirement
|
129
129
|
requirements:
|
130
130
|
- - "~>"
|
131
131
|
- !ruby/object:Gem::Version
|
132
|
-
version: 0.0.
|
132
|
+
version: 0.0.2
|
133
133
|
type: :runtime
|
134
134
|
prerelease: false
|
135
135
|
version_requirements: !ruby/object:Gem::Requirement
|
136
136
|
requirements:
|
137
137
|
- - "~>"
|
138
138
|
- !ruby/object:Gem::Version
|
139
|
-
version: 0.0.
|
139
|
+
version: 0.0.2
|
140
140
|
- !ruby/object:Gem::Dependency
|
141
141
|
name: soar_flow
|
142
142
|
requirement: !ruby/object:Gem::Requirement
|
@@ -204,6 +204,7 @@ files:
|
|
204
204
|
- lib/soar_auditing_provider/auditing_overflow_error.rb
|
205
205
|
- lib/soar_auditing_provider/auditing_provider.rb
|
206
206
|
- lib/soar_auditing_provider/auditing_worker.rb
|
207
|
+
- lib/soar_auditing_provider/nfr_match_error.rb
|
207
208
|
- lib/soar_auditing_provider/version.rb
|
208
209
|
- sanity/.gitignore
|
209
210
|
- sanity/.ruby-gemset
|
@@ -211,6 +212,7 @@ files:
|
|
211
212
|
- sanity/Gemfile
|
212
213
|
- sanity/sanity.rb
|
213
214
|
- sanity/sanity_benchmark.rb
|
215
|
+
- sanity/sanity_testing_production_config.rb
|
214
216
|
- soar_auditing_provider.gemspec
|
215
217
|
homepage:
|
216
218
|
licenses:
|
@@ -237,4 +239,3 @@ signing_key:
|
|
237
239
|
specification_version: 4
|
238
240
|
summary: SOAR architecture auditing provider
|
239
241
|
test_files: []
|
240
|
-
has_rdoc:
|