linotp.lib.audit.SQLAudit module¶
This is the Audit Class, that writes Audits to SQL DB
uses a public/private key for signing the log entries
# create keypair: # openssl genrsa -out private.pem 2048 # extract the public key: # openssl rsa -in private.pem -pubout -out public.pem
- class linotp.lib.audit.SQLAudit.Audit¶
Bases:
AuditBaseAudit Implementation to the generic audit interface
This class provides audit capabilities mapped to an SQLAlchemy backend which has a separate database connection.
- getTotal(param, AND=True, display_error=True)¶
This method returns the total number of audit entries in the audit store
- initialize_log(param)¶
This method initialized the log state. The fact, that the log state was initialized, also needs to be logged. Therefor the same params are passed as i the log method.
- log(param)¶
This method is used to log the data. It splits information of multiple tokens (e.g from import) in multiple audit log entries
- log_entry(param)¶
This method is used to log the data. It should hash the data and do a hash chain and sign the data
- row2dict(audit_line)¶
convert an SQL audit db to a audit dict
- Parameters
audit_line – audit db row
- Returns
audit entry dict
- row2dictApiV2(audit_line)¶
convert an SQL audit db to a audit dict for /api/v2/auditlog
- Parameters
audit_line – audit db row
- Returns
audit entry dict
- searchQuery(param, AND=True, display_error=True, rp_dict=None)¶
This function is used to search audit events.
- param:
Search parameters can be passed.
- return:
a result object which has to be converted with iter() to an iterator
- set()¶
This function could be used to set certain things like the signing key. But maybe it should only be read from linotp.cfg?
- class linotp.lib.audit.SQLAudit.AuditTable(**kwargs)¶
Bases:
Model- action¶
- action_detail¶
- administrator¶
- clearance_level¶
- client¶
- convert_str(key, value)¶
Converts the validated column to string on insert and truncates the values if necessary
- id¶
- info¶
- linotp_server¶
- log_level¶
- realm¶
- serial¶
- signature¶
- success¶
- timestamp¶
- tokentype¶
- user¶
- validate_truncate(key, value, warn=False, error=False)¶
Silently truncates the validated column if value is exceeding column length. If called manually, can be used to log a warning or throw an exception on truncation.
- linotp.lib.audit.SQLAudit.getAsBytes(data)¶
Return the audit record in a bytes format that can be used for signing
- linotp.lib.audit.SQLAudit.getAsString(data)¶
We need to distinguish, if this is an entry after the adding the client entry or before. Otherwise the old signatures will break!
- linotp.lib.audit.SQLAudit.now() str¶
Returns an ISO datetime representation in UTC timezone with millisecond precision to fit in the AuditTable.timestamp column