Added support for Datasets and auditing tag writes

- Added support for reading Datasets from Ignition
- Added audit profile to token settings to log tag writes
- Fixed bug with false or 0 value when writing to a single tag

Author: iatraviscox

IgnitionNodeRED-build/pom.xml

@@ -47,7 +47,7 @@
                     <moduleId>org.imdc.nodered.IgnitionNodeRED</moduleId>
                     <moduleName>${module-name}</moduleName>
                     <moduleDescription>${module-description}</moduleDescription>
-                    <moduleVersion>1.5.13.${timestamp}</moduleVersion>
+                    <moduleVersion>1.5.14.${timestamp}</moduleVersion>
                     <requiredIgnitionVersion>${ignition-platform-version}</requiredIgnitionVersion>
                     <requiredFrameworkVersion>8</requiredFrameworkVersion>
                     <licenseFile>license.html</licenseFile>

IgnitionNodeRED-gateway/src/main/java/org/imdc/nodered/NodeREDAPITokens.java

@@ -1,5 +1,6 @@
 package org.imdc.nodered;
 
+import com.inductiveautomation.ignition.gateway.audit.AuditProfileRecord;
 import com.inductiveautomation.ignition.gateway.localdb.persistence.*;
 import com.inductiveautomation.ignition.gateway.web.components.editors.PasswordEditorSource;
 import org.apache.commons.lang3.StringUtils;
@@ -37,6 +38,11 @@ public void onValidate(SFieldMeta field, SRecordInstance instance) throws SExcep
         }
     });
     public static final EncodedStringField Secret = new EncodedStringField(META, "Secret", SFieldFlags.SMANDATORY);
+
+    public static final LongField AuditProfileId = new LongField(META, "AuditProfileId");
+    public static final ReferenceField<AuditProfileRecord> AuditProfile =
+            new ReferenceField<AuditProfileRecord>(META, AuditProfileRecord.META, "AuditProfile", AuditProfileId);
+
     public static final BooleanField Enabled = new BooleanField(META, "Enabled").setDefault(true);
 
     static {
@@ -47,6 +53,8 @@ public void onValidate(SFieldMeta field, SRecordInstance instance) throws SExcep
         Secret.getFormMeta().setFieldNameKey("NodeRED.Secret.Name");
         Secret.getFormMeta().setFieldDescriptionKey("NodeRED.Secret.Desc");
         Secret.getFormMeta().setEditorSource(PasswordEditorSource.getSharedInstance());
+        AuditProfile.getFormMeta().setFieldNameKey("NodeRED.AuditProfile.Name");
+        AuditProfile.getFormMeta().setFieldDescriptionKey("NodeRED.AuditProfile.Desc");
         Enabled.getFormMeta().setFieldNameKey("NodeRED.Enabled.Name");
         Enabled.getFormMeta().setFieldDescriptionKey("NodeRED.Enabled.Desc");
     }
@@ -59,4 +67,24 @@ public RecordMeta<?> getMeta() {
     public Long getId() {
         return getLong(Id);
     }
+
+    public Boolean isEnabled() {
+        return getBoolean(Enabled);
+    }
+
+    public String getName() {
+        return getString(Name);
+    }
+
+    public String getAPIToken() {
+        return getString(APIToken);
+    }
+
+    public String getSecret() {
+        return getString(NodeREDAPITokens.Secret);
+    }
+
+    public Long getAuditProfileId() {
+        return getLong(AuditProfileId);
+    }
 }

IgnitionNodeRED-gateway/src/main/java/org/imdc/nodered/servlet/APITokenValidation.java

@@ -1,16 +1,20 @@
 package org.imdc.nodered.servlet;
 
+import com.inductiveautomation.ignition.gateway.audit.AuditProfileRecord;
 import com.inductiveautomation.ignition.gateway.model.GatewayContext;
 import org.imdc.nodered.NodeREDAPITokens;
 import simpleorm.dataset.SQuery;
 
 public class APITokenValidation {
     private boolean success;
-    private String errorMessage;
+    private String errorMessage, tokenName, token, auditProfileName;
 
-    public APITokenValidation(boolean success, String errorMessage) {
+    public APITokenValidation(boolean success, String errorMessage, String tokenName, String token, String auditProfileName) {
         this.success = success;
         this.errorMessage = errorMessage;
+        this.tokenName = tokenName;
+        this.token = token;
+        this.auditProfileName = auditProfileName;
     }
 
     public boolean isSuccess() {
@@ -29,6 +33,22 @@ public void setErrorMessage(String errorMessage) {
         this.errorMessage = errorMessage;
     }
 
+    public String getTokenName() {
+        return tokenName;
+    }
+
+    public String getToken() {
+        return token;
+    }
+
+    public String getAuditProfileName() {
+        return auditProfileName;
+    }
+
+    public boolean isAuditProfileDefined() {
+        return auditProfileName != null;
+    }
+
     public static APITokenValidation validateToken(GatewayContext context, String apiToken, String secret) {
         boolean success = true;
         String errorMessage = null;
@@ -40,15 +60,25 @@ public static APITokenValidation validateToken(GatewayContext context, String ap
             success = false;
             errorMessage = "Invalid API token and secret";
         } else {
-            if (!r.getBoolean(NodeREDAPITokens.Enabled)) {
+            if (!r.isEnabled()) {
                 success = false;
                 errorMessage = "API token and secret is disabled";
-            } else if (!r.getString(NodeREDAPITokens.Secret).equals(secret)) {
+            } else if (!r.getSecret().equals(secret)) {
                 success = false;
                 errorMessage = "Invalid API token and secret";
             }
         }
 
-        return new APITokenValidation(success, errorMessage);
+        String auditProfileName = null;
+        if (r.getAuditProfileId() != null) {
+            SQuery<AuditProfileRecord> auditQuery = new SQuery<>(AuditProfileRecord.META);
+            auditQuery.eq(AuditProfileRecord.Id, r.getAuditProfileId());
+            AuditProfileRecord auditRecord = context.getPersistenceInterface().queryOne(auditQuery);
+            if (auditRecord != null) {
+                auditProfileName = auditRecord.getName();
+            }
+        }
+
+        return new APITokenValidation(success, errorMessage, r.getName(), r.getAPIToken(), auditProfileName);
     }
 }

IgnitionNodeRED-gateway/src/main/java/org/imdc/nodered/servlet/NodeREDServlet.java

@@ -1,12 +1,19 @@
 package org.imdc.nodered.servlet;
 
+import com.inductiveautomation.ignition.common.Dataset;
+import com.inductiveautomation.ignition.common.TypeUtilities;
 import com.inductiveautomation.ignition.common.browsing.BrowseFilter;
 import com.inductiveautomation.ignition.common.browsing.Results;
 import com.inductiveautomation.ignition.common.model.values.QualifiedValue;
 import com.inductiveautomation.ignition.common.model.values.QualityCode;
+import com.inductiveautomation.ignition.common.script.builtin.DatasetUtilities;
 import com.inductiveautomation.ignition.common.tags.browsing.NodeDescription;
 import com.inductiveautomation.ignition.common.tags.model.TagPath;
 import com.inductiveautomation.ignition.common.tags.paths.parser.TagPathParser;
+import com.inductiveautomation.ignition.common.util.AuditStatus;
+import com.inductiveautomation.ignition.gateway.audit.AuditContext;
+import com.inductiveautomation.ignition.gateway.audit.AuditProfile;
+import com.inductiveautomation.ignition.gateway.audit.AuditRecord;
 import com.inductiveautomation.ignition.gateway.model.GatewayContext;
 import org.json.JSONArray;
 import org.json.JSONException;
@@ -21,10 +28,7 @@
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
+import java.util.*;
 import java.util.concurrent.ExecutionException;
 
 public class NodeREDServlet extends HttpServlet {
@@ -69,6 +73,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws S
         String contentType = req.getContentType();
         JSONObject input = null;
         JSONObject ret = new JSONObject();
+        String ipAddress = req.getRemoteAddr();
 
         if ("application/json".equals(contentType)) {
             String jsonString = reqToJSON(req);
@@ -157,7 +162,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws S
                                 if (values.size() != tagPaths.size()) {
                                     errorMessage = "Number of tag paths (" + tagPaths.size() + ") does not match values (" + values.size() + ")";
                                 } else {
-                                    tagWrite(context, tagPaths, values, result);
+                                    tagWrite(context, tagPaths, values, result, ipAddress, validation);
                                 }
                             }
                         }
@@ -203,7 +208,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws S
     public static void setTagValue(List<TagPath> tagPaths, List<QualifiedValue> tagValues, JSONObject result) throws JSONException {
         if (tagPaths.size() == 1) {
             result.put("tagPath", tagPaths.get(0).toStringFull());
-            result.put("value", tagValues.get(0).getValue());
+            result.put("value", checkObject(tagValues.get(0).getValue()));
             setQuality(result, tagValues.get(0).getQuality());
             result.put("timestamp", DF.format(tagValues.get(0).getTimestamp()));
         } else {
@@ -213,7 +218,7 @@ public static void setTagValue(List<TagPath> tagPaths, List<QualifiedValue> tagV
                 QualifiedValue tagValue = tagValues.get(i);
                 JSONObject tagObject = new JSONObject();
                 tagObject.put("tagPath", tagPath.toStringFull());
-                tagObject.put("value", tagValue.getValue());
+                tagObject.put("value", checkObject(tagValue.getValue()));
                 setQuality(tagObject, tagValue.getQuality());
                 tagObject.put("timestamp", DF.format(tagValue.getTimestamp()));
                 resultValues.put(tagObject);
@@ -222,6 +227,14 @@ public static void setTagValue(List<TagPath> tagPaths, List<QualifiedValue> tagV
         }
     }
 
+    public static Object checkObject(Object value) {
+        if (value instanceof Dataset) {
+            return DatasetUtilities.toJSONObject((Dataset) value);
+        }
+
+        return value;
+    }
+
     public static void setQuality(JSONObject result, QualityCode qual) throws JSONException {
         JSONObject quality = new JSONObject();
         quality.put("name", qual.getName());
@@ -273,29 +286,48 @@ private void tagRead(GatewayContext context, final List<TagPath> tagPaths, JSONO
         setTagValue(tagPaths, tagValues, result);
     }
 
-    private void tagWrite(GatewayContext context, final List<TagPath> tagPaths, final List<Object> writeValues, JSONObject result) throws JSONException, ExecutionException, InterruptedException {
+    private void tagWrite(GatewayContext context, final List<TagPath> tagPaths, final List<Object> writeValues, JSONObject result, String ipAddress, APITokenValidation validation) throws JSONException, ExecutionException, InterruptedException {
         List<QualityCode> writeResult = context.getTagManager().writeAsync(tagPaths, writeValues).get();
+
         if (tagPaths.size() == 1) {
             TagPath tagPath = tagPaths.get(0);
             QualityCode quality = writeResult.get(0);
+            Object value = writeValues.get(0);
             result.put("tagPath", tagPath.toStringFull());
-            result.put("value", writeValues.get(0));
+            result.put("value", value);
             setQuality(result, quality);
+            audit(context, ipAddress, validation, tagPath, value, quality);
         } else {
             JSONArray resultValues = new JSONArray();
             for (int i = 0; i < tagPaths.size(); i++) {
                 JSONObject tagObject = new JSONObject();
                 TagPath tagPath = tagPaths.get(i);
                 QualityCode quality = writeResult.get(i);
+                Object value = writeValues.get(i);
                 tagObject.put("tagPath", tagPath.toStringFull());
-                tagObject.put("value", writeValues.get(i));
+                tagObject.put("value", value);
                 setQuality(tagObject, quality);
                 resultValues.put(tagObject);
+                audit(context, ipAddress, validation, tagPath, value, quality);
             }
             result.put("values", resultValues);
         }
     }
 
+    private void audit(GatewayContext context, String ipAddress, APITokenValidation validation, TagPath tagPath, Object writeValue, QualityCode writeResult) {
+        if (validation.isAuditProfileDefined()) {
+            try {
+                AuditProfile auditProfile = context.getAuditManager().getProfile(validation.getAuditProfileName());
+                AuditContext auditContext = context.getAuditManager().getAuditContext().orElseGet(AuditContext.UNKNOWN);
+                String qualifiedPath = auditContext.getPath().extend("NodeRED", validation.getTokenName()).toString();
+                AuditRecord auditRecord = auditContext.toRecordBuilder().setAction("tag write").setActionTarget(tagPath.toStringFull()).setActionValue(TypeUtilities.toString(writeValue)).setTimestamp(new Date()).setActor(validation.getToken()).setActorHost(ipAddress).setOriginatingSystem(qualifiedPath).setStatusCode(writeResult.isGood() ? AuditStatus.GOOD.getRawValue() : AuditStatus.BAD.getRawValue()).build();
+                auditProfile.audit(auditRecord);
+            } catch (Throwable t) {
+                logger.error("Error with audit: " + validation.getAuditProfileName(), t);
+            }
+        }
+    }
+
     private String reqToJSON(HttpServletRequest req) throws IOException {
         StringBuilder sb = new StringBuilder();
         String line;

IgnitionNodeRED-gateway/src/main/resources/org/imdc/nodered/NodeRED.properties

@@ -10,5 +10,7 @@ APIToken.Name=API Token
 APIToken.Desc=16 character alphanumeric API token
 Secret.Name=Secret
 Secret.Desc=The secret (password) paired with the API token
+AuditProfile.Name=Audit Profile
+AuditProfile.Desc=The name of the audit profile that tag write actions will log to.
 Enabled.Name=Enabled
 Enabled.Desc=Whether or not the pair is enabled for Node-RED

node-red-contrib-ignition/node-handlers.js

@@ -95,7 +95,7 @@ var IgnitionNodesImpl = (function () {
 			var tagValues = [];
 
 			if(!values){
-				var tagValue = msg.payload.tagValue ? msg.payload.tagValue : this.config.tagValue;
+				var tagValue = !(typeof msg.payload.tagValue === 'undefined' || msg.payload.tagValue === null) ? msg.payload.tagValue : this.config.tagValue;
 
 				if(typeof tagValue === 'undefined' || tagValue === null){
 					errorHandling.HandleResponse(RED, this.node, this.config, msg, result, 2, "Invalid tag value", "No tag value supplied");

node-red-contrib-ignition/package.json

@@ -1,6 +1,6 @@
 {
   "name": "node-red-contrib-ignition-nodes",
-  "version": "1.5.13",
+  "version": "1.5.14",
   "description": "Adds support for reading, writing, and browsing tags in Ignition",
   "dependencies": {
 	  "ws": "^7.5.3",