Add commands for AuditLogging

[jtymel]

No description provided.

[Ladicek]

Should it really be public?

[Ladicek]

I like this, mostly. The command names are too generic -- I started to comment about that, but I'd have to add a comment to all commands :-) The names must be more specific. Ideally, all would contain the phrase AuditLog. If you feel like that, adding an AuditLogging class (similar to existing Logging) would be nice.

Good job on test coverage :-)

[Ladicek]

Also, I'm not very familiar with audit logging. How does it work? That would explain the structure of the commands. So for audit logging, you first configure a formatter (do we have/need commands for that?), then a handler (which refers to a formatter) and finally a logger (which refers to a handler)? I guess that some javadocs for the commands would help. And if you add the AuditLogging entrypoint, that class's javadoc could quickly explain the overall architecture (similarly to how I explained it in this comment, if it's correct).

[jtymel]

Thank you very much for the first review :)
I would say that the most important part of AuditLog is File-handler/Syslog-handler. It defines what, where and how will be logged.
These two handlers must refer the formatter they are using. We're fine with using the default json-formatter at the moment, therefore there is no command for creating/removing formatters right now. I can add them in next iteration of this PR if you would like to have these in library.
The final step of AuditLog settings is to refer the syslog/file handler to which will be auditable events (e.g. (un)deploy, change in configuration, server start/stop, ...) sent to within <logger><handlers> tag.

There is always only one logger node. It contains two crucial pieces of information:

• whether is AuditLogging enabled
• which syslog/file handlers are used as a destination of AuditLogging

The default configuration then looks following:

<audit-log>
    <formatters>
        <json-formatter name="json-formatter"/>
    </formatters>
    <handlers>
        <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
    </handlers>
    <logger log-boot="true" log-read-only="false" enabled="false">
        <handlers>
            <handler name="file"/>
        </handlers>
    </logger>
</audit-log>

I'll create an entrypoint class with javadoc in next commit.

Thanks once again for the review.

[Ladicek]

Aha. If there's always exactly one logger, why do we have commands AddLogger and RemoveLogger? Should we instead have Change[Audit]Logger?

[jtymel]

Oh, I'm terribly sorry. I definitely should have written at most one logger instead of exactly one. In that case it makes IMHO sense to keep both commands.

[Ladicek]

OK, what happens if I try to AddLogger twice in a row?

EDIT: I mean, clearly audit loggers are different from other resources for which we have the Add/Remove pairs, so I wonder how should we represent that difference in the API.

[jtymel]

It will fail with CommandFailedException (Duplicate resource)

[Ladicek]

I wonder if it would make sense to keep Remove[Audit]Logger but replace Add[Audit]Logger with ConfigureAuditLogger that would change the existing one or add it if missing.

That would not be very future-proof, though, in case the ability to add more audit loggers will be added some time in the future...

In the end, I think I agree that we should probably keep Add[Audit]Logger and Remove[Audit]Logger and add a note to the Add[Audit]Logger javadoc that currently, there can only be one audit logger, so you most likely want to use replaceExisting.

[Ladicek]

Indentation :-)

[Ladicek]

Also appears on other places in this class.

The // --- comment is my personal habit, I don't require anyone to use it.

[Ladicek]

Generally, all public non-abstract classes of commands and their builders should be final (unless there's a good reason not to).

Otherwise looks good. I'll have to have a look at the API in my IDE, but I feel like there are no blockers now.

Oh and BTW, if you push new commits, I don't get a notification. Please always add a comment when you want me to have a look. Just saying "PTAL" is enough.

[jtymel]

Ok, final modifiers added/removed and AbstractAuditLogSyslogReliableProtocolCommand removed as well.
Could you please take a look on it?
I'm still thinking about the apply methods in AddAuditLogTcpSyslogHandler, AddAuditLogTlsSyslogHandler and AddAuditLogUdpSyslogHandler. There are common parts that are the same in each class. Do you have any idea how to avoid repeating such code? The only thing that comes to my mind is some util class(/method)..

[Ladicek]

OK, I do see some similarities in the apply methods of those classes, but there are also differences and I don't think that it would add much value to try to extract the common parts out. Feel free to try creating an util class, you'll see for yourself if it makes sense or not.

Another option that comes to mind -- would it make sense to merge those 3 classes into one?

[jtymel]

I don't think so. IMO UDP is quite different in comparison to TLS. This would bring necessity to properly document each builder method in style this parameter can be used only with TCP and UDP and user could be easily confused.
I'll give it a try to create some util class. However, I'm quite sceptical about the result (whether would be reasonable).

[Ladicek]

The comment belongs to the replaceExisting method.

[Ladicek]

Yea, totally agree -- we should have ChangeAuditLogger that will contain this. If you agree, feel free to implement that fully :-)

[Ladicek]

You could also have a single constructor that would take AbstractBuilder and set all these common fields. It would be called at the beginning of these 3 constructors, saving a bit of code.

[jtymel]

I must have changed constructors to current state because otherwise I was getting: variable XYZ might already have been assigned or variable XYZ might not have been assigned respectively. I'm not sure about the code cleanliness though. Any ideas are welcome ;-)

[Ladicek]

Ah, true, the fun with definite assignment rules :-( I think 3 different constructors, each for one builder, are better, even with slight code duplication.

[Ladicek]

Once you address the last comments, could you please squash? I'd like to do a final round of review, and it's easier like that for me :-) I don't expect any big findings, this seems very good now.

[jtymel]

PTAK

[Ladicek]

Should the @After cleanup methods use ChangeAuditLogger? I'd expect that using AddAuditLogger would be relatively rare.

[jtymel]

Ok, I rewrote one occurrence of AddAuditLogged to ChangeAuditLogger.

Much more importantly: I also added an option for removing handlers that IMHO might be useful. What do you think?

[Ladicek]

Set<String> intersection = new HashSet<String>(addHandlers);
intersection.retainAll(removeHandlers);
if (!intersection.isEmpty()) { ... }

[Ladicek]

There's also Sets.intersection in Guava, but that requires to create two sets instead of one, so I'd prefer to use what I wrote above.

[Ladicek]

Aye, I thought that ChangeAuditLogger.handlers is a list of all handlers that will be there. If it wasn't, then the current split into addHandlers and removeHandlers makes sense. +1 for that.

[Ladicek]

The change from AddAuditLogger to ChangeAuditLogger should be done everywhere :-) There are still 2 @After cleanup methods that use AddAuditLogger.

[jtymel]

Damn, I didn't notice usage of AddAuditLogger in ChangeAuditLoggerOnlineTest -> fixed.
However, the second usage in RemoveAuditLoggerOnlineTest makes sense. The test removes logger, therefore the logger should be added back afterwards.

[Ladicek]

Ah, right you are! If you have no other plans, please squash.

[jtymel]

squashed

[Ladicek]

Please rebase. This should be the last time, promise :-)

[jtymel]

aaand rebased :-)

[Ladicek]

Please remind me again -- what's RemoveAuditLogHandler good for?

EDIT: it seems to be covered by ChangeAuditLogger.removeHandlers, no?

[Ladicek]

The AddAuditLogSyslogHandler.groovy script is unused, no?

[Ladicek]

Otherwise this is good to merge.

[jtymel]

Thank you, RemoveAuditLogHandler is absolutely redundant and I removed it (as well as corresponding test and groovy script)
AddAuditLogSyslogHandler.groovy is used in AddAuditLogSyslogHandler.java :-) Anyway, I get your point, AddAuditLogTcpSyslogHandler.groovy, AddAuditLogTlsSyslogHandler.groovy andAddAuditLogUdpSyslogHandler.groovy are totally useless too -> also removed, thanks again!

Squashed once more

[Ladicek]

Ah, I thought that the UDP/TCP/TLS variants are used and the generic variant is unused. The opposite variant is actually better, I like 3 removed files :-) Thanks, LGTM now.

[Ladicek]

Merged, thanks for all the work :-) I know it's been a long time, but rest assured that there were PRs that took even longer to merge :-)

[jtymel]

Thank you.
So I can be quite disappointed that I didn't even brake the record, can't I? :-)

[Ladicek]

If you feel like breaking the record, please submit a PR that touches 100 or 200 files :-)