Hello Ravi Nori,
I'd like you to do a code review. Please visit
http://gerrit.ovirt.org/36833
to review the following change.
Change subject: aaa: fix audit/acct/log messages without profile/authn names
......................................................................
aaa: fix audit/acct/log messages without profile/authn names
some logging/audit records are issued without correct user or without
full user name, this makes it difficult to perform problem
determination.
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1180707
Change-Id: I7776f9f5b93aca96c84fb5a7672e10dded186d05
Signed-off-by: Ravi Nori <[email protected]>
Signed-off-by: Alon Bar-Lev <[email protected]>
---
M
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AcctUtils.java
M
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfile.java
M
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsEventListener.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginAdminUserCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LogoutBySessionCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LogoutUserCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SessionDataContainer.java
M
backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
M
backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogableBase.java
M
backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogableBaseTest.java
M
backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Acct.java
14 files changed, 104 insertions(+), 48 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/33/36833/1
diff --git
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AcctUtils.java
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AcctUtils.java
index eddc19e..f37d1f5 100644
---
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AcctUtils.java
+++
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AcctUtils.java
@@ -34,6 +34,7 @@
public static void reportRecords(
int reportReason,
+ String authzName,
String user,
ExtMap authRecord,
ExtMap principalRecord,
@@ -44,8 +45,11 @@
input.put(Acct.InvokeKeys.REASON, reportReason);
input.put(Acct.InvokeKeys.PRINCIPAL_RECORD,
new ExtMap().mput(
- Acct.PrincipalRecord.AUTH_RECORD,
- authRecord
+ Acct.PrincipalRecord.AUTHZ_NAME,
+ authzName
+ ).mput(
+ Acct.PrincipalRecord.AUTH_RECORD,
+ authRecord
).mput(
Acct.PrincipalRecord.PRINCIPAL_RECORD,
principalRecord
diff --git
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfile.java
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfile.java
index 6abac58..c85906c 100644
---
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfile.java
+++
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthenticationProfile.java
@@ -67,6 +67,10 @@
return mapper;
}
+ public String getAuthzName() {
+ return authz.getContext().<String>get(Base.ContextKeys.INSTANCE_NAME);
+ }
+
public int getNegotiationPriority() {
return negotiationPriority;
}
diff --git
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java
index 20dbfbe..d74b139 100644
---
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java
+++
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/filters/BasicAuthenticationFilter.java
@@ -157,6 +157,7 @@
}
AcctUtils.reportRecords(
Acct.ReportReason.PRINCIPAL_LOGIN_FAILED,
+ userProfile.profile.getAuthzName(),
userProfile.userName,
null,
null,
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java
index 2535b57..85cf613 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CommandBase.java
@@ -185,6 +185,7 @@
if (user != null) {
setCurrentUser(user);
}
+
setUserName(SessionDataContainer.getInstance().getUserName(cmdContext.getEngineContext().getSessionId()));
ExecutionContext executionContext = cmdContext.getExecutionContext();
if (executionContext.getJob() != null) {
setJobId(executionContext.getJob().getId());
@@ -769,7 +770,8 @@
&& canDoAction()
&& internalValidateAndSetQuota();
if (!returnValue &&
getReturnValue().getCanDoActionMessages().size() > 0) {
- log.warnFormat("CanDoAction of action {0} failed.
Reasons:{1}", getActionType(),
+ log.warnFormat("CanDoAction of action '{0}' failed for
user {1}. Reasons: {2}",
+ getActionType(), getUserName(),
StringUtils.join(getReturnValue().getCanDoActionMessages(), ','));
}
} finally {
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsEventListener.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsEventListener.java
index 925129e..92f23bf 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsEventListener.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsEventListener.java
@@ -339,11 +339,7 @@
final VmDynamic vmDynamic =
DbFacade.getInstance().getVmDynamicDao().get(vmId);
final AuditLogableBase event = new AuditLogableBase();
event.setVmId(vmId);
- String username = vmDynamic.getConsoleCurrentUserName();
- if(username!= null && username.contains("@")){
- username = username.substring(0, username.indexOf("@"));
- }
- event.setUserName(username);
+ event.setUserName(vmDynamic.getConsoleCurrentUserName());
// in case of empty clientIp we clear the logged in user.
// (this happened when user close the console to spice/vnc)
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginAdminUserCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginAdminUserCommand.java
index 2f9e399..1164c6d 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginAdminUserCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginAdminUserCommand.java
@@ -12,18 +12,15 @@
@Override
protected boolean canDoAction() {
- boolean autheticated = isUserCanBeAuthenticated();
+ boolean autheticated = super.canDoAction();
// only admin users can use LoginAdmin command
if (autheticated) {
autheticated = getCurrentUser().isAdmin();
-
if (!autheticated) {
addCanDoActionMessage(VdcBllMessages.USER_NOT_AUTHORIZED_TO_PERFORM_ACTION);
+ logAutheticationFailure();
}
- }
- if (! autheticated) {
- logAutheticationFailure();
}
return autheticated;
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java
index 896e5b4..b9350f5 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java
@@ -106,6 +106,19 @@
}
@Override
protected boolean canDoAction() {
+ String user = getParameters().getLoginName();
+ if (StringUtils.isEmpty(user)) {
+ ExtMap authRecord = (ExtMap) getParameters().getAuthRecord();
+ if (authRecord != null) {
+ user = authRecord.get(AuthRecord.PRINCIPAL);
+ }
+ }
+ String profile = getParameters().getProfileName();
+ if (StringUtils.isEmpty(profile)) {
+ profile = "N/A";
+ }
+ setUserName(String.format("%s@%s", user, profile));
+
boolean result = isUserCanBeAuthenticated();
if (! result) {
logAutheticationFailure();
@@ -123,9 +136,8 @@
}
SessionDataContainer.getInstance().setUser(engineSessionId,
getCurrentUser());
SessionDataContainer.getInstance().refresh(engineSessionId);
- SessionDataContainer.getInstance().setAuthn(engineSessionId,
profile.getAuthn());
+ SessionDataContainer.getInstance().setProfile(engineSessionId,
profile);
SessionDataContainer.getInstance().setAuthRecord(engineSessionId,
authRecord);
- SessionDataContainer.getInstance().setPrincipal(engineSessionId,
authRecord.<String>get(Authn.AuthRecord.PRINCIPAL));
SessionDataContainer.getInstance().setPrincipalRecord(engineSessionId,
principalRecord);
// Add the user password to the session, as it will be needed later
@@ -227,6 +239,12 @@
return false;
}
+ /*
+ * set principal based on what we
+ * have so far
+ */
+ setUserName(String.format("%s@%s",
authRecord.get(Authn.AuthRecord.PRINCIPAL), profile.getName()));
+
ExtensionProxy mapper = profile.getMapper();
if (mapper != null) {
authRecord = mapper.invoke(
@@ -256,6 +274,7 @@
addCanDoActionMessage(VdcBllMessages.USER_MUST_EXIST_IN_DIRECTORY);
AcctUtils.reportRecords(
Acct.ReportReason.PRINCIPAL_NOT_FOUND,
+ profile.getAuthzName(),
loginName,
authRecord,
null,
@@ -290,6 +309,7 @@
true)) {
AcctUtils.reportRecords(
Acct.ReportReason.PRINCIPAL_LOGIN_NO_PERMISSION,
+ profile.getAuthzName(),
dbUser.getLoginName(),
authRecord,
principalRecord,
@@ -310,6 +330,7 @@
setCurrentUser(dbUser);
AcctUtils.reportRecords(
reportReason,
+ profile.getAuthzName(),
dbUser.getLoginName(),
authRecord,
principalRecord,
@@ -353,7 +374,7 @@
protected void logAutheticationFailure() {
AuditLogableBase logable = new AuditLogableBase();
- logable.setUserName(getParameters().getLoginName());
+ logable.setUserName(getUserName());
AuditLogDirector.log(logable, AuditLogType.USER_VDC_LOGIN_FAILED);
}
@@ -390,6 +411,14 @@
password
));
+ /*
+ * set principal based on what we
+ * have so far
+ */
+ if (outputMap.get(Authn.InvokeKeys.PRINCIPAL) != null) {
+ setUserName(String.format("%s@%s",
outputMap.get(Authn.InvokeKeys.PRINCIPAL), profile.getName()));
+ }
+
int authResult = outputMap.<Integer>get(Authn.InvokeKeys.RESULT);
if (authResult != Authn.AuthResult.SUCCESS) {
log.infoFormat(
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LogoutBySessionCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LogoutBySessionCommand.java
index e4d9042..4139c28 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LogoutBySessionCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LogoutBySessionCommand.java
@@ -26,10 +26,9 @@
@Override
protected void executeCommand() {
- setReturnValue(Backend.getInstance().logoff(
- new LogoutUserParameters(user.getId()
- )
- ));
+ LogoutUserParameters params = new LogoutUserParameters(user.getId());
+ params.setSessionId(getParameters().getSessionId());
+ setReturnValue(Backend.getInstance().logoff(params));
}
@Override
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LogoutUserCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LogoutUserCommand.java
index 669ffd6..f0fe1b1 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LogoutUserCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LogoutUserCommand.java
@@ -6,13 +6,13 @@
import org.ovirt.engine.api.extensions.Base;
import org.ovirt.engine.api.extensions.ExtMap;
import org.ovirt.engine.api.extensions.aaa.Authn;
+import org.ovirt.engine.core.aaa.AuthenticationProfile;
import org.ovirt.engine.core.bll.CommandBase;
import org.ovirt.engine.core.bll.utils.PermissionSubject;
import org.ovirt.engine.core.common.AuditLogType;
import org.ovirt.engine.core.common.action.LogoutUserParameters;
import org.ovirt.engine.core.common.businessentities.aaa.DbUser;
import org.ovirt.engine.core.dal.dbbroker.DbFacade;
-import org.ovirt.engine.core.extensions.mgr.ExtensionProxy;
public class LogoutUserCommand<T extends LogoutUserParameters> extends
CommandBase<T> {
public LogoutUserCommand(T parameters) {
@@ -30,21 +30,22 @@
@Override
protected void executeCommand() {
- ExtensionProxy authn =
SessionDataContainer.getInstance().getAuthn(getParameters().getSessionId());
-
- if (authn != null) {
- if ((authn.getContext().<Long> get(Authn.ContextKeys.CAPABILITIES)
& Authn.Capabilities.LOGOUT) != 0) {
- authn.invoke(new ExtMap().mput(
+ AuthenticationProfile profile =
SessionDataContainer.getInstance().getProfile(getParameters().getSessionId());
+ if (profile == null) {
+ setSucceeded(false);
+ } else {
+ if ((profile.getAuthn().getContext().<Long>
get(Authn.ContextKeys.CAPABILITIES) & Authn.Capabilities.LOGOUT) != 0) {
+ profile.getAuthn().invoke(new ExtMap().mput(
Base.InvokeKeys.COMMAND,
Authn.InvokeCommands.LOGOUT
).mput(
Authn.InvokeKeys.PRINCIPAL,
-
SessionDataContainer.getInstance().getPrincipal(getParameters().getSessionId())
+
SessionDataContainer.getInstance().getPrincipalName(getParameters().getSessionId())
));
}
SessionDataContainer.getInstance().removeSessionOnLogout(getParameters().getSessionId());
+ setSucceeded(true);
}
- setSucceeded(true);
}
@Override
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SessionDataContainer.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SessionDataContainer.java
index 7ea494d..e9bcf63 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SessionDataContainer.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SessionDataContainer.java
@@ -8,12 +8,14 @@
import org.apache.commons.lang.time.DateUtils;
import org.ovirt.engine.api.extensions.ExtMap;
+import org.ovirt.engine.api.extensions.Base;
import org.ovirt.engine.api.extensions.aaa.Acct;
+import org.ovirt.engine.api.extensions.aaa.Authn;
import org.ovirt.engine.core.aaa.AcctUtils;
+import org.ovirt.engine.core.aaa.AuthenticationProfile;
import org.ovirt.engine.core.common.businessentities.aaa.DbUser;
import org.ovirt.engine.core.common.config.Config;
import org.ovirt.engine.core.common.config.ConfigValues;
-import org.ovirt.engine.core.extensions.mgr.ExtensionProxy;
import org.ovirt.engine.core.utils.timer.OnTimerMethodAnnotation;
public class SessionDataContainer {
@@ -28,7 +30,7 @@
private static final String USER_PARAMETER_NAME = "user";
private static final String PASSWORD_PARAMETER_NAME = "password";
private static final String AUTHN_PARAMETER_NAME = "authn";
- private static final String PRINCIPAL_PARAMETER_NAME = "principal";
+ private static final String PROFILE_PARAMETER_NAME = "profile";
private static final String HARD_LIMIT_PARAMETER_NAME = "hard_limit";
private static final String SOFT_LIMIT_PARAMETER_NAME = "soft_limit";
@@ -96,7 +98,7 @@
* - id of current session
*/
public final void removeSessionOnLogout(String sessionId) {
- removeSessionImpl(sessionId, Acct.ReportReason.PRINCIPAL_LOGOUT,
"Prinicial %1$s has performed logout", getPrincipalName(sessionId));
+ removeSessionImpl(sessionId, Acct.ReportReason.PRINCIPAL_LOGOUT,
"Prinicial %1$s has performed logout", getUserName(sessionId));
}
/**
@@ -112,7 +114,7 @@
Date hardLimit = (Date) sessionMap.get(HARD_LIMIT_PARAMETER_NAME);
Date softLimit = (Date) sessionMap.get(SOFT_LIMIT_PARAMETER_NAME);
if ((hardLimit != null && hardLimit.before(now)) || (softLimit !=
null && softLimit.before(now))) {
- removeSessionImpl(entry.getKey(),
Acct.ReportReason.PRINCIPAL_SESSION_EXPIRED, "Session has expired for principal
%1$s", getPrincipal(entry.getKey()));
+ removeSessionImpl(entry.getKey(),
Acct.ReportReason.PRINCIPAL_SESSION_EXPIRED, "Session has expired for principal
%1$s", getUserName(entry.getKey()));
}
}
}
@@ -169,20 +171,28 @@
refresh(getSessionInfo(sessionId));
}
- public ExtensionProxy getAuthn(String sessionId) {
- return (ExtensionProxy) getData(sessionId, AUTHN_PARAMETER_NAME,
false);
+ public void setProfile(String sessionId, AuthenticationProfile profile) {
+ setData(sessionId, PROFILE_PARAMETER_NAME, profile);
}
- public void setAuthn(String sessionId, ExtensionProxy authn) {
- setData(sessionId, AUTHN_PARAMETER_NAME, authn);
+ public AuthenticationProfile getProfile(String sessionId) {
+ return (AuthenticationProfile) getData(sessionId,
PROFILE_PARAMETER_NAME, false);
}
- public void setPrincipal(String sessionId, String principal) {
- setData(sessionId, PRINCIPAL_PARAMETER_NAME, principal);
+ public String getPrincipalName(String sessionId) {
+ String principal = null;
+ ExtMap authRecord = getAuthRecord(sessionId);
+ if (authRecord != null) {
+ principal = authRecord.<String>get(Authn.AuthRecord.PRINCIPAL);
+ }
+ return principal;
}
- public String getPrincipal(String sessionId) {
- return getPrincipalName(sessionId);
+ public String getUserName(String sessionId) {
+ return String.format(
+ "%s@%s",
+ getPrincipalName(sessionId),
+ getProfile(sessionId) != null ?
getProfile(sessionId).getName() : "N/A");
}
public void setAuthRecord(String engineSessionId, ExtMap authRecord) {
@@ -214,7 +224,16 @@
}
private void removeSessionImpl(String sessionId, int reason, String
message, Object... msgArgs) {
+ /*
+ * So we won't need to add profile to tests
+ */
+ String authzName = null;
+ if (getProfile(sessionId) != null) {
+ authzName =
getProfile(sessionId).getAuthz().getContext().<String>get(Base.ContextKeys.INSTANCE_NAME);
+ }
+
AcctUtils.reportRecords(reason,
+ authzName,
getPrincipalName(sessionId),
(ExtMap) getData(sessionId, AUTH_RECORD_PARAMETER_NAME, false),
(ExtMap) getData(sessionId, PRINCIPAL_RECORD_PARAMETER_NAME,
false),
@@ -222,9 +241,5 @@
msgArgs
);
sessionInfoMap.remove(sessionId);
- }
-
- private String getPrincipalName(String sessionId) {
- return (String) getData(sessionId, PRINCIPAL_PARAMETER_NAME, false);
}
}
diff --git
a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
index b579e87..7a22903 100644
---
a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
+++
b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogDirector.java
@@ -124,7 +124,7 @@
severity,
resolvedMessage,
auditLogable.getUserId(),
- auditLogable.getUserId() != null ?
getDbFacadeInstance().getDbUserDao().get(auditLogable.getUserId()).getLoginName()
: null,
+ auditLogable.getUserName(),
auditLogable.getVmIdRef(),
auditLogable.getVmIdRef() != null ?
getDbFacadeInstance().getVmDao().get(auditLogable.getVmIdRef()).getName() :
null,
auditLogable.getVdsIdRef(),
diff --git
a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogableBase.java
b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogableBase.java
index da45e68..099b849 100644
---
a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogableBase.java
+++
b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogableBase.java
@@ -143,7 +143,7 @@
public String getUserName() {
if (StringUtils.isEmpty(mUserName) && getCurrentUser() != null) {
- mUserName = getCurrentUser().getLoginName();
+ mUserName = String.format("%s[%s]",
getCurrentUser().getLoginName(), getCurrentUser().getDomain());
}
return mUserName;
}
diff --git
a/backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogableBaseTest.java
b/backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogableBaseTest.java
index dbb4673..2cdd1b9 100644
---
a/backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogableBaseTest.java
+++
b/backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dal/dbbroker/auditloghandling/AuditLogableBaseTest.java
@@ -35,6 +35,7 @@
protected static final Guid GUID2 = new
Guid("11111111-1111-1111-1111-111111111112");
protected static final Guid GUID3 = new
Guid("11111111-1111-1111-1111-111111111113");
protected static final String NAME = "testName";
+ protected static final String DOMAIN = "testDomain";
@Test
public void nGuidCtor() {
@@ -149,9 +150,10 @@
final AuditLogableBase b = new AuditLogableBase();
final DbUser u = new DbUser();
u.setLoginName(NAME);
+ u.setDomain(DOMAIN);
b.setCurrentUser(u);
final String un = b.getUserName();
- assertEquals(NAME, un);
+ assertEquals(String.format("%s[%s]", NAME, DOMAIN), un);
}
@Test
diff --git
a/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Acct.java
b/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Acct.java
index 46efd3b..4da7f1b 100644
---
a/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Acct.java
+++
b/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Acct.java
@@ -15,8 +15,10 @@
* Invoke keys.
*/
public static class InvokeKeys {
+ /** Authz name. */
+ public static final ExtKey AUTHZ_NAME = new
ExtKey("AAA_ACCT_AUTHZ_NAME", String.class,
"27aea820-60c7-4390-9953-1f2a254e314b");
/** Principal name. */
- public static final ExtKey PRINCIPAL_NAME = new
ExtKey("AAA_ACCT_PRINCIPAL_NAME", String.class,
"c34f7381-5c15-4666-b8b5-39cca36eca78");
+ public static final ExtKey PRINCIPAL_NAME = new
ExtKey("AAA_ACCT_PRINCIPAL_NAME", String.class,
"3dfc4089-d2ec-40ec-89a5-71188ab89a4c");
/** Principal id.*/
public static final ExtKey PRINCIPAL_ID = new
ExtKey("AAA_ACCT_PRINCIPAL_ID", String.class,
"c34f7381-5c15-4666-b8b5-39cca36eca78");
/** Message. */
@@ -145,6 +147,10 @@
*/
public static final ExtKey USER = new
ExtKey("AAA_ACCT_PRINCIPAL_RECORD_USER", String.class,
"3e1a1639-0812-4bf6-9c86-d1435ed5d569");
/**
+ * Authz name.
+ */
+ public static final ExtKey AUTHZ_NAME = new
ExtKey("AAA_ACCT_AUTHZ_NAME", String.class,
"019133aa-4425-48b7-bfd6-7fff160dab70");
+ /**
* Principal.
* Optional.
*/
--
To view, visit http://gerrit.ovirt.org/36833
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7776f9f5b93aca96c84fb5a7672e10dded186d05
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Ravi Nori <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
