Added pki-server <subsystem>-audit-file-find CLI.

A new pki-server <subsystem>-audit-file-find CLI has been added
to list audit log files on the server.

Change-Id: I88e827d45cfb83cf34052146e2ec678f4cd2345f

7 files changed, 133 insertions, 0 deletions

diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py
index 503227470..112dcbff3 100644
--- a/base/server/python/pki/server/__init__.py
+++ b/base/server/python/pki/server/__init__.py
@@ -389,6 +389,20 @@ class PKISubsystem(object):
 
         pki.util.customize_file(input_file, output_file, params)
 
+    def get_audit_log_files(self):
+
+        current_file_path = self.config['log.instance.SignedAudit.fileName']
+        (log_dir, current_file) = os.path.split(current_file_path)
+
+        # sort log files based on timestamp
+        files = [f for f in os.listdir(log_dir) if f != current_file]
+        files.sort()
+
+        # put the current log file at the end
+        files.append(current_file)
+
+        return files
+
     def __repr__(self):
         return str(self.instance) + '/' + self.name
 
diff --git a/base/server/python/pki/server/cli/audit.py b/base/server/python/pki/server/cli/audit.py
new file mode 100644
index 000000000..3bb9d5f0f
--- /dev/null
+++ b/base/server/python/pki/server/cli/audit.py
@@ -0,0 +1,109 @@
+# Authors:
+#     Endi S. Dewata <edewata@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2017 Red Hat, Inc.
+# All rights reserved.
+#
+
+from __future__ import absolute_import
+from __future__ import print_function
+import getopt
+import sys
+
+import pki.cli
+
+
+class AuditCLI(pki.cli.CLI):
+
+    def __init__(self, parent):
+        super(AuditCLI, self).__init__(
+            'audit', 'Audit management commands')
+
+        self.parent = parent
+        self.add_module(AuditFileFindCLI(self))
+
+
+class AuditFileFindCLI(pki.cli.CLI):
+
+    def __init__(self, parent):
+        super(AuditFileFindCLI, self).__init__(
+            'file-find', 'Find audit log files')
+
+        self.parent = parent
+
+    def print_help(self):
+        print('Usage: pki-server %s-audit-file-find [OPTIONS]' % self.parent.parent.name)
+        print()
+        print('  -i, --instance <instance ID>       Instance ID (default: pki-tomcat).')
+        print('      --help                         Show help message.')
+        print()
+
+    def execute(self, args):
+
+        try:
+            opts, _ = getopt.gnu_getopt(args, 'i:v', [
+                'instance=',
+                'verbose', 'help'])
+
+        except getopt.GetoptError as e:
+            print('ERROR: ' + str(e))
+            self.print_help()
+            sys.exit(1)
+
+        instance_name = 'pki-tomcat'
+
+        for o, a in opts:
+            if o in ('-i', '--instance'):
+                instance_name = a
+
+            elif o in ('-v', '--verbose'):
+                self.set_verbose(True)
+
+            elif o == '--help':
+                self.print_help()
+                sys.exit()
+
+            else:
+                print('ERROR: unknown option ' + o)
+                self.print_help()
+                sys.exit(1)
+
+        instance = pki.server.PKIInstance(instance_name)
+        if not instance.is_valid():
+            print('ERROR: Invalid instance %s.' % instance_name)
+            sys.exit(1)
+
+        instance.load()
+
+        subsystem_name = self.parent.parent.name
+        subsystem = instance.get_subsystem(subsystem_name)
+        if not subsystem:
+            print('ERROR: No %s subsystem in instance %s.'
+                  % (subsystem_name.upper(), instance_name))
+            sys.exit(1)
+
+        log_files = subsystem.get_audit_log_files()
+
+        self.print_message('%s entries matched' % len(log_files))
+
+        first = True
+        for filename in log_files:
+            if first:
+                first = False
+            else:
+                print()
+
+            print('  File name: %s' % filename)
diff --git a/base/server/python/pki/server/cli/ca.py b/base/server/python/pki/server/cli/ca.py
index 1d1c00f0f..550e5110a 100644
--- a/base/server/python/pki/server/cli/ca.py
+++ b/base/server/python/pki/server/cli/ca.py
@@ -28,6 +28,7 @@ import sys
 import tempfile
 
 import pki.cli
+import pki.server.cli.audit
 
 
 class CACLI(pki.cli.CLI):
@@ -38,6 +39,7 @@ class CACLI(pki.cli.CLI):
 
         self.add_module(CACertCLI())
         self.add_module(CACloneCLI())
+        self.add_module(pki.server.cli.audit.AuditCLI(self))
 
 
 class CACertCLI(pki.cli.CLI):
diff --git a/base/server/python/pki/server/cli/kra.py b/base/server/python/pki/server/cli/kra.py
index 5558d6a00..372401465 100644
--- a/base/server/python/pki/server/cli/kra.py
+++ b/base/server/python/pki/server/cli/kra.py
@@ -32,6 +32,7 @@ import tempfile
 import time
 
 import pki.cli
+import pki.server.cli.audit
 
 
 KRA_VLVS = ['allKeys', 'kraAll',
@@ -51,6 +52,7 @@ class KRACLI(pki.cli.CLI):
 
         self.add_module(KRACloneCLI())
         self.add_module(KRADBCLI())
+        self.add_module(pki.server.cli.audit.AuditCLI(self))
 
 
 class KRACloneCLI(pki.cli.CLI):
diff --git a/base/server/python/pki/server/cli/ocsp.py b/base/server/python/pki/server/cli/ocsp.py
index 246f5932d..3e9b6aa64 100644
--- a/base/server/python/pki/server/cli/ocsp.py
+++ b/base/server/python/pki/server/cli/ocsp.py
@@ -28,6 +28,7 @@ import sys
 import tempfile
 
 import pki.cli
+import pki.server.cli.audit
 
 
 class OCSPCLI(pki.cli.CLI):
@@ -37,6 +38,7 @@ class OCSPCLI(pki.cli.CLI):
             'ocsp', 'OCSP management commands')
 
         self.add_module(OCSPCloneCLI())
+        self.add_module(pki.server.cli.audit.AuditCLI(self))
 
 
 class OCSPCloneCLI(pki.cli.CLI):
diff --git a/base/server/python/pki/server/cli/tks.py b/base/server/python/pki/server/cli/tks.py
index 2c4157a03..0e6a998f7 100644
--- a/base/server/python/pki/server/cli/tks.py
+++ b/base/server/python/pki/server/cli/tks.py
@@ -28,6 +28,7 @@ import sys
 import tempfile
 
 import pki.cli
+import pki.server.cli.audit
 
 
 class TKSCLI(pki.cli.CLI):
@@ -37,6 +38,7 @@ class TKSCLI(pki.cli.CLI):
             'tks', 'TKS management commands')
 
         self.add_module(TKSCloneCLI())
+        self.add_module(pki.server.cli.audit.AuditCLI(self))
 
 
 class TKSCloneCLI(pki.cli.CLI):
diff --git a/base/server/python/pki/server/cli/tps.py b/base/server/python/pki/server/cli/tps.py
index 1f71b8ece..03df8de96 100644
--- a/base/server/python/pki/server/cli/tps.py
+++ b/base/server/python/pki/server/cli/tps.py
@@ -32,6 +32,7 @@ import tempfile
 import time
 
 import pki.cli
+import pki.server.cli.audit
 
 
 TPS_VLV_PATH = '/usr/share/pki/tps/conf/vlv.ldif'
@@ -46,6 +47,7 @@ class TPSCLI(pki.cli.CLI):
 
         self.add_module(TPSCloneCLI())
         self.add_module(TPSDBCLI())
+        self.add_module(pki.server.cli.audit.AuditCLI(self))
 
 
 class TPSCloneCLI(pki.cli.CLI):