From 67179bf58f35d54bee12e6e8eaf084e2f70ea6a2 Mon Sep 17 00:00:00 2001 From: Alex Hmelevsky Date: Mon, 27 Jan 2014 17:54:51 +0200 Subject: [PATCH] Improved logs for add/remove security group rules. Added more details - protocol and port information to AUDIT log messages on add/remove rule actions for security groups. Change-Id: Ib446a63976dade90c51c13f30367a3ee17a739ea Closes-Bug: #1154303 --- nova/compute/api.py | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/nova/compute/api.py b/nova/compute/api.py index 4e2897d801..65234b0a30 100644 --- a/nova/compute/api.py +++ b/nova/compute/api.py @@ -3797,19 +3797,30 @@ class SecurityGroupAPI(base.Base, security_group_base.SecurityGroupBase): msg = _("Quota exceeded, too many security group rules.") self.raise_over_quota(msg) - msg = _("Authorize security group ingress %s") - LOG.audit(msg, name, context=context) - - rules = [self.db.security_group_rule_create(context, v) for v in vals] + msg = _("Security group %(name)s added %(protocol)s ingress " + "(%(from_port)s:%(to_port)s)") + rules = [] + for v in vals: + rule = self.db.security_group_rule_create(context, v) + rules.append(rule) + LOG.audit(msg, {'name': name, + 'protocol': rule.protocol, + 'from_port': rule.from_port, + 'to_port': rule.to_port}) self.trigger_rules_refresh(context, id=id) return rules def remove_rules(self, context, security_group, rule_ids): - msg = _("Revoke security group ingress %s") - LOG.audit(msg, security_group['name'], context=context) - + msg = _("Security group %(name)s removed %(protocol)s ingress " + "(%(from_port)s:%(to_port)s)") for rule_id in rule_ids: + rule = self.get_rule(context, rule_id) + LOG.audit(msg, {'name': security_group['name'], + 'protocol': rule.protocol, + 'from_port': rule.from_port, + 'to_port': rule.to_port}) + self.db.security_group_rule_destroy(context, rule_id) # NOTE(vish): we removed some rules, so refresh