Write a basic SSH pull log for Git

Summary: Ref T11766. When users run `git pull` or similar, log the operation in the pull log.

Test Plan: Performed SSH pulls, got a log in the database. Today, this event log is purely diagnostic and has no UI.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11766

Differential Revision: https://secure.phabricator.com/D16738

src/applications/diffusion/ssh/DiffusionGitUploadPackSSHWorkflow.php

@@ -19,8 +19,9 @@ final class DiffusionGitUploadPackSSHWorkflow extends DiffusionGitSSHWorkflow {
     $device = AlmanacKeys::getLiveDevice();
 
     $skip_sync = $this->shouldSkipReadSynchronization();
+    $is_proxy = $this->shouldProxy();
 
-    if ($this->shouldProxy()) {
+    if ($is_proxy) {
       $command = $this->getProxyCommand();
 
       if ($device) {
@@ -48,6 +49,8 @@ final class DiffusionGitUploadPackSSHWorkflow extends DiffusionGitSSHWorkflow {
     }
     $command = PhabricatorDaemon::sudoCommandAsDaemonUser($command);
 
+    $pull_event = $this->newPullEvent();
+
     $future = id(new ExecFuture('%C', $command))
       ->setEnv($this->getEnvironment());
 
@@ -56,6 +59,26 @@ final class DiffusionGitUploadPackSSHWorkflow extends DiffusionGitSSHWorkflow {
       ->setCommandChannelFromExecFuture($future)
       ->execute();
 
+    if ($err) {
+      $pull_event
+        ->setResultType('error')
+        ->setResultCode($err);
+    } else {
+      $pull_event
+        ->setResultType('pull')
+        ->setResultCode(0);
+    }
+
+    // TODO: Currently, when proxying, we do not write a log on the proxy.
+    // Perhaps we should write a "proxy log". This is not very useful for
+    // statistics or auditing, but could be useful for diagnostics. Marking
+    // the proxy logs as proxied (and recording devicePHID on all logs) would
+    // make differentiating between these use cases easier.
+
+    if (!$is_proxy) {
+      $pull_event->save();
+    }
+
     if (!$err) {
       $this->waitForGitClient();
     }

src/applications/diffusion/ssh/DiffusionSSHWorkflow.php

@@ -30,10 +30,8 @@ abstract class DiffusionSSHWorkflow extends PhabricatorSSHWorkflow {
       DiffusionCommitHookEngine::ENV_REMOTE_PROTOCOL => 'ssh',
     );
 
-    $ssh_client = getenv('SSH_CLIENT');
-    if ($ssh_client) {
-      // This has the format "<ip> <remote-port> <local-port>". Grab the IP.
-      $remote_address = head(explode(' ', $ssh_client));
+    $remote_address = $this->getSSHRemoteAddress();
+    if ($remote_address !== null) {
       $env[DiffusionCommitHookEngine::ENV_REMOTE_ADDRESS] = $remote_address;
     }
 
@@ -259,5 +257,17 @@ abstract class DiffusionSSHWorkflow extends PhabricatorSSHWorkflow {
     return false;
   }
 
+  protected function newPullEvent() {
+    $viewer = $this->getViewer();
+    $repository = $this->getRepository();
+    $remote_address = $this->getSSHRemoteAddress();
+
+    return id(new PhabricatorRepositoryPullEvent())
+      ->setEpoch(PhabricatorTime::getNow())
+      ->setRemoteAddress($remote_address)
+      ->setRemoteProtocol('ssh')
+      ->setPullerPHID($viewer->getPHID())
+      ->setRepositoryPHID($repository->getPHID());
+  }
 
 }

src/infrastructure/ssh/PhabricatorSSHWorkflow.php

@@ -83,4 +83,19 @@ abstract class PhabricatorSSHWorkflow extends PhabricatorManagementWorkflow {
     return $this->originalArguments;
   }
 
+  public function getSSHRemoteAddress() {
+    $ssh_client = getenv('SSH_CLIENT');
+    if (!strlen($ssh_client)) {
+      return null;
+    }
+
+    // TODO: When commands are proxied, the original remote address should
+    // also be proxied.
+
+    // This has the format "<ip> <remote-port> <local-port>". Grab the IP.
+    $remote_address = head(explode(' ', $ssh_client));
+
+    return $remote_address;
+  }
+
 }