1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
|
#!/usr/bin/env ruby
# frozen_string_literal: true
#
# Generate an audit event type file in the correct location.
#
# Automatically stages the file and amends the previous commit if the `--amend`
# argument is used.
require 'optparse'
require 'yaml'
require 'fileutils'
require 'uri'
require 'readline'
require_relative '../config/bundler_setup'
require 'gitlab/utils/all'
require_relative '../lib/gitlab/audit/type/shared' unless defined?(::Gitlab::Audit::Type::Shared)
module AuditEventTypeHelpers
Abort = Class.new(StandardError)
Done = Class.new(StandardError)
def capture_stdout(cmd)
output = IO.popen(cmd, &:read)
fail_with "command failed: #{cmd.join(' ')}" unless $?.success?
output
end
def fail_with(message)
raise Abort, "\e[31merror\e[0m #{message}"
end
end
class AuditEventTypeOptionParser
extend AuditEventTypeHelpers
Options = Struct.new(
:name,
:description,
:feature_category,
:milestone,
:saved_to_database,
:streamed,
:ee,
:jh,
:amend,
:dry_run,
:force,
:introduced_by_issue,
:introduced_by_mr
)
class << self
def parse(argv)
options = Options.new
parser = OptionParser.new do |opts|
opts.banner = "Usage: #{__FILE__} [options] <audit-event-type>\n\n"
# Note: We do not provide a shorthand for this in order to match the `git
# commit` interface
opts.on('--amend', 'Amend the previous commit') do |value|
options.amend = value
end
opts.on('-f', '--force', 'Overwrite an existing entry') do |value|
options.force = value
end
opts.on('-d', '--description [string]', String,
'A human-readable description of how this event is triggered') do |value|
options.description = value
end
opts.on('-c', '--feature-category [string]', String,
"The feature category of this audit event. For example, compliance_management") do |value|
options.feature_category = value
end
opts.on('-M', '--milestone [string]', String,
'Milestone that introduced this audit event type. For example, 15.8') do |value|
options.milestone = value
end
opts.on('-s', '--[no-]saved-to-database',
"Indicate whether to persist events to database and JSON logs") do |value|
options.saved_to_database = value
end
opts.on('-t', '--[no-]streamed',
"Indicate that events should be streamed to external services (if configured)") do |value|
options.streamed = value
end
opts.on('-n', '--dry-run', "Don't actually write anything, just print") do |value|
options.dry_run = value
end
opts.on('-e', '--ee', 'Generate an audit event type entry for GitLab EE') do |value|
options.ee = value
end
opts.on('-j', '--jh', 'Generate an audit event type entry for GitLab JH') do |value|
options.jh = value
end
opts.on('-m', '--introduced-by-mr [string]', String,
'URL to GitLab merge request that added this type of audit event') do |value|
options.introduced_by_mr = value
end
opts.on('-i', '--introduced-by-issue [string]', String,
'URL to GitLab issue that added this type of audit event') do |value|
options.introduced_by_issue = value
end
opts.on('-h', '--help', 'Print help message') do
$stdout.puts opts
raise Done
end
end
parser.parse!(argv)
unless argv.one?
$stdout.puts parser.help
$stdout.puts
raise Abort, 'Name for the type of audit event is required'
end
options.name = argv.first.downcase.tr('-', '_')
options
end
def read_description
$stdout.puts
$stdout.puts ">> Specify a human-readable description of how this event is triggered:"
loop do
description = Readline.readline('?> ', false)&.strip
description = nil if description.empty?
return description unless description.nil?
warn "description is a required field."
end
end
def read_feature_category
$stdout.puts
$stdout.puts ">> Specify the feature category of this audit event, like `compliance_management`:"
loop do
feature_category = Readline.readline('?> ', false)&.strip
feature_category = nil if feature_category.empty?
return feature_category unless feature_category.nil?
warn "feature_category is a required field."
end
end
def read_saved_to_database
$stdout.puts
$stdout.puts ">> Specify whether to persist events to database and JSON logs [yes, no]:"
loop do
saved_to_database = Readline.readline('?> ', false)&.strip
saved_to_database = Gitlab::Utils.to_boolean(saved_to_database)
return saved_to_database unless saved_to_database.nil?
warn "saved_to_database is a required boolean field."
end
end
def read_streamed
$stdout.puts
$stdout.puts ">> Specify if events should be streamed to external services (if configured) [yes, no]:"
loop do
streamed = Readline.readline('?> ', false)&.strip
streamed = Gitlab::Utils.to_boolean(streamed)
return streamed unless streamed.nil?
warn "streamed is a required boolean field."
end
end
def read_introduced_by_mr
$stdout.puts
$stdout.puts ">> URL of GitLab merge request that adds this audit event type:"
loop do
introduced_by_mr = Readline.readline('?> ', false)&.strip
introduced_by_mr = nil if introduced_by_mr.empty?
return introduced_by_mr if introduced_by_mr.nil? || introduced_by_mr.start_with?('https://')
warn "URL needs to start with https://"
end
end
def read_introduced_by_issue
$stdout.puts ">> URL of GitLab issue or epic that outlines the requirements of this audit event type:"
loop do
created_url = Readline.readline('?> ', false)&.strip
created_url = nil if created_url.empty?
return created_url if !created_url.nil? && created_url.start_with?('https://')
warn "URL needs to start with https://"
end
end
def read_milestone
milestone = File.read('VERSION')
milestone.gsub(/^(\d+\.\d+).*$/, '\1').chomp
end
end
end
class AuditEventTypeCreator
include AuditEventTypeHelpers
attr_reader :options
def initialize(options)
@options = options
end
def execute
assert_feature_branch!
assert_name!
assert_existing_audit_event_type!
options.description ||= AuditEventTypeOptionParser.read_description
options.feature_category ||= AuditEventTypeOptionParser.read_feature_category
options.milestone ||= AuditEventTypeOptionParser.read_milestone
options.saved_to_database = AuditEventTypeOptionParser.read_saved_to_database if options.saved_to_database.nil?
options.streamed = AuditEventTypeOptionParser.read_streamed if options.streamed.nil?
options.introduced_by_mr ||= AuditEventTypeOptionParser.read_introduced_by_mr
options.introduced_by_issue ||= AuditEventTypeOptionParser.read_introduced_by_issue
$stdout.puts "\e[32mcreate\e[0m #{file_path}"
$stdout.puts contents
unless options.dry_run
write
amend_commit if options.amend
end
system("#{editor} '#{file_path}'") if editor
end
private
def contents
# Slice is used to ensure that YAML keys
# are always ordered in a predictable way
config_hash.slice(
*::Gitlab::Audit::Type::Shared::PARAMS.map(&:to_s)
).to_yaml
end
def config_hash
{
'name' => options.name,
'description' => options.description,
'feature_category' => options.feature_category,
'milestone' => options.milestone,
'saved_to_database' => options.saved_to_database,
'streamed' => options.streamed,
'introduced_by_mr' => options.introduced_by_mr,
'introduced_by_issue' => options.introduced_by_issue
}
end
def write
FileUtils.mkdir_p(File.dirname(file_path))
File.write(file_path, contents)
end
def editor
ENV['EDITOR']
end
def amend_commit
fail_with "git add failed" unless system(*%W[git add #{file_path}])
Kernel.exec(*%w[git commit --amend])
end
def assert_feature_branch!
return unless branch_name == 'master'
fail_with "Create a branch first!"
end
def assert_existing_audit_event_type!
existing_path = all_audit_event_type_names[options.name]
return unless existing_path
return if options.force
fail_with "#{existing_path} already exists! Use `--force` to overwrite."
end
def assert_name!
return if options.name =~ /\A[a-z0-9_-]+\Z/
fail_with "Provide a name for the audit event type that is [a-z0-9_-]"
end
def file_path
audit_event_types_paths.last.sub('*.yml', "#{options.name}.yml")
end
def all_audit_event_type_names
@all_audit_event_type_names ||=
audit_event_types_paths.flat_map do |glob_path|
Dir.glob(glob_path).map do |path|
[File.basename(path, '.yml'), path]
end
end.to_h
end
def audit_event_types_paths
paths = []
paths << File.join('config', 'audit_events', 'types', '*.yml')
paths << File.join('ee', 'config', 'audit_events', 'types', '*.yml') if ee?
paths << File.join('jh', 'config', 'audit_events', 'types', '*.yml') if jh?
paths
end
def ee?
options.ee
end
def jh?
options.jh
end
def branch_name
@branch_name ||= capture_stdout(%w[git symbolic-ref --short HEAD]).strip
end
end
if $PROGRAM_NAME == __FILE__
begin
options = AuditEventTypeOptionParser.parse(ARGV)
AuditEventTypeCreator.new(options).execute
rescue AuditEventTypeHelpers::Abort => ex
warn ex.message
exit 1
rescue AuditEventTypeHelpers::Done
exit
end
end
|
