screwdriver-api 4.1.297 → 5.0.1

package/bin/server

@@ -44,6 +44,9 @@ ecosystem.api = httpdConfig.uri;
 
 const release = config.get('release');
 
+// Logging config
+const log = config.get('log');
+
 // Notification config
 const notificationConfig = config.get('notifications');
 
@@ -116,8 +119,7 @@ const bookend = new Bookend(
         'screwdriver-coverage-bookend': coverage,
         'screwdriver-cache-bookend': cache
     },
-    bookends.setup || [], // plugins required for the setup- steps
-    bookends.teardown || [] // plugins required for the teardown-steps
+    bookends
 );
 
 // Setup Pipeline Factory for Executor
@@ -262,6 +264,7 @@ datastore.setup(datastoreConfig.ddlSyncEnabled).then(() =>
             scm
         },
         release,
+        log,
         validator: {
             externalJoin: true,
             notificationsValidationErr

package/config/custom-environment-variables.yaml

@@ -360,14 +360,21 @@ webhooks:
   maxBytes: WEBHOOK_MAX_BYTES
 
 bookends:
-  # List of module names, or objects { name, config } for instantiation to use in sd-setup
-  setup:
-    __name: BOOKENDS_SETUP
-    __format: json
-  # List of module names, or objects { name, config } for instantiation to use in sd-teardown
-  teardown:
-    __name: BOOKENDS_TEARDOWN
-    __format: json
+  # Object keyed by cluster name with value setup/teardown bookend.
+  # Value of setup/teardown is list of module names, or objects { name, config } for instantiation to use in sd-setup/sd-teardown.
+  # Example:
+  # {
+  #   "default": {
+  #       "setup": ["scm", "screwdriver-cache-bookend", "foo"],
+  #       "teardown": ["screwdriver-artifact-bookend", "screwdriver-cache-bookend"]
+  #   },
+  #   "clusterA": {
+  #       "setup": ["scm", "screwdriver-cache-bookend", "foo", "bar"],
+  #       "teardown": ["screwdriver-cache-bookend", {"name": "baz", "config": {}, "alias": "qux"}]
+  #   }
+  # }
+  __name: BOOKENDS
+  __format: json
 
 notifications:
   __name: NOTIFICATIONS
@@ -461,6 +468,16 @@ release:
   __name: RELEASE_ENVIRONMENT_VARIABLES
   __format: json
 
+# Logging preferences
+log:
+  audit:
+    # set true to enable audit logs for all API calls
+    enabled: LOG_AUDIT_ENABLED
+    # add target scope tokens(pipeline, build, temporal, admin, guest, user)
+    scope:
+      __name: LOG_AUDIT_SCOPE
+      __format: json
+
 build:
   environment:
     __name: CLUSTER_ENVIRONMENT_VARIABLES

package/config/default.yaml

@@ -286,12 +286,13 @@ unzipArtifacts:
 
 bookends:
   # Plugins for build setup
-  setup:
-    - scm
-    - screwdriver-cache-bookend
-  teardown:
-    - screwdriver-artifact-bookend
-    - screwdriver-cache-bookend
+  default:
+    setup:
+      - scm
+      - screwdriver-cache-bookend
+    teardown:
+      - screwdriver-artifact-bookend
+      - screwdriver-cache-bookend
 
 notifications:
   options:
@@ -338,6 +339,13 @@ release:
     headerName: release
     headerValue: stable
 
+# Logging preferences
+log:
+  audit:
+    # set true to enable audit logs for all API calls
+    enabled: false
+    # add target scope tokens(pipeline, build, temporal, admin, guest, user)
+    scope: []
 
 # default cluster environment variables to inject into builds
 build:

package/lib/server.js

@@ -160,6 +160,34 @@ module.exports = async config => {
         // Write prettier errors
         server.ext('onPreResponse', prettyPrintErrors);
 
+        // Audit log
+        if (config.log && config.log.audit.enabled) {
+            server.ext('onCredentials', (request, h) => {
+                const { username, scope, pipelineId } = request.auth.credentials;
+                const validScope = config.log.audit.scope.filter(s => scope.includes(s));
+
+                if (Array.isArray(validScope) && validScope.length > 0) {
+                    let context;
+
+                    if (validScope.includes('admin')) {
+                        context = `Admin ${username}`;
+                    } else if (validScope.includes('user')) {
+                        context = `User ${username}`;
+                    } else if (validScope.includes('build') || validScope.includes('temporal')) {
+                        context = `Build ${username}`;
+                    } else if (validScope.includes('pipeline')) {
+                        context = `Pipeline ${pipelineId}`;
+                    } else {
+                        context = `Guest ${username}`;
+                    }
+
+                    logger.info(`[Login] ${context} ${request.method} ${request.path}`);
+                }
+
+                return h.continue;
+            });
+        }
+
         // Register events for notifications plugin
         server.event(['build_status', 'job_status']);
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "screwdriver-api",
-  "version": "4.1.297",
+  "version": "5.0.1",
   "description": "API server for the Screwdriver.cd service",
   "main": "index.js",
   "scripts": {
@@ -83,13 +83,13 @@
     "badge-maker": "^3.3.1",
     "config": "^1.31.0",
     "date-fns": "^1.30.1",
-    "dayjs": "^1.11.4",
+    "dayjs": "^1.11.6",
     "hapi-auth-bearer-token": "^8.0.0",
     "hapi-auth-jwt2": "^10.2.0",
     "hapi-rate-limit": "^5.0.1",
     "hapi-swagger": "^14.5.5",
     "ioredis": "^5.2.3",
-    "joi": "^17.4.2",
+    "joi": "^17.7.0",
     "js-yaml": "^3.14.1",
     "jsonwebtoken": "^8.5.1",
     "license-checker": "^17.0.0",
@@ -98,14 +98,14 @@
     "node-env-file": "^0.1.8",
     "prom-client": "^12.0.0",
     "redlock": "^4.1.0",
-    "screwdriver-artifact-bookend": "^1.2.0",
-    "screwdriver-build-bookend": "^2.4.0",
-    "screwdriver-cache-bookend": "^2.0.2",
+    "screwdriver-artifact-bookend": "^1.4.0",
+    "screwdriver-build-bookend": "^3.0.0",
+    "screwdriver-cache-bookend": "^2.1.0",
     "screwdriver-command-validator": "^2.1.0",
-    "screwdriver-config-parser": "^7.6.0",
-    "screwdriver-coverage-bookend": "^1.0.3",
-    "screwdriver-coverage-sonar": "^3.4.0",
-    "screwdriver-data-schema": "^21.28.1",
+    "screwdriver-config-parser": "^7.6.1",
+    "screwdriver-coverage-bookend": "^1.1.0",
+    "screwdriver-coverage-sonar": "^3.4.1",
+    "screwdriver-data-schema": "^21.28.4",
     "screwdriver-datastore-sequelize": "^7.2.7",
     "screwdriver-executor-base": "^8.4.0",
     "screwdriver-executor-docker": "^5.0.1",
@@ -114,18 +114,18 @@
     "screwdriver-executor-queue": "^3.1.2",
     "screwdriver-executor-router": "^2.3.0",
     "screwdriver-logger": "^1.1.0",
-    "screwdriver-models": "^28.18.1",
+    "screwdriver-models": "^28.20.0",
     "screwdriver-notifications-email": "^2.3.1",
     "screwdriver-notifications-slack": "^3.3.0",
     "screwdriver-request": "^1.0.3",
     "screwdriver-scm-base": "^7.3.0",
     "screwdriver-scm-bitbucket": "^4.5.1",
-    "screwdriver-scm-github": "^11.10.0",
+    "screwdriver-scm-github": "^11.10.3",
     "screwdriver-scm-gitlab": "^2.10.0",
     "screwdriver-scm-router": "^6.3.0",
     "screwdriver-template-validator": "^5.2.0",
     "screwdriver-workflow-parser": "^3.2.1",
-    "sqlite3": "^5.0.11",
+    "sqlite3": "^5.1.2",
     "stream": "0.0.2",
     "tinytim": "^0.1.1",
     "uuid": "^8.3.2",

package/plugins/logging.js

@@ -25,7 +25,12 @@ const loggingPlugin = {
                             args: [{ error: '*', log: '*', response: '*', request: '*' }]
                         },
                         {
-                            module: '@hapi/good-console'
+                            module: '@hapi/good-console',
+                            args: [
+                                {
+                                    color: false
+                                }
+                            ]
                         },
                         suppressAPITokens,
                         'stdout'