Implement OWASP security logging.

[blackboxsw]

Provide an initial spike for logging OWASP formatted events in cloud-init for discussion. Integration tests will be added upon agreement for security logging procedures.

Proposed Commit Message

    feat: add OSWAP security event logging for user creation and system restart
    
    Implement OWASP structured logs in /var/log/cloud-init-security.log.
    
    Add security-related operations performed by cloud-init on behalf
    of user-data or platform meta-data:
    - user creation
    - user password change
    - system restart
    - system shutdown
  
    Default security log file can be changed by setting an alternative value
    for security_log_file in /etc/cloud/cloud.cfg(.d/*.cfg).

Additional Context

A followup PR will provide USER update functionality due to groups: { admingrp: [root, sys]} because this will require a refactor of Distro.create_group for multiple distros

Test Steps

CLOUD_INIT_CLOUD_INIT_OS_IMAGE=resolute tox -e integration-tests -- tests/integration_tests/modules/test_combined.py::TestCombined::test_security_logs

## Merge type

- [ ] Squash merge using "Proposed Commit Message"
- [x] Rebase and merge unique commits. Requires commit messages per-commit each referencing the pull request number (#<PR_NUM>)

[blackboxsw]

cc: @dbungert

[holmanb]

Thanks for this @blackboxsw. First pass.

If the goal is for this to be cross-distro, then implementing this in the distro class doesn't seem optimal because distro methods are expected to be (and in this case are) overridden.

Also, is there a reason that the logger package cannot be used? Manually writing to files seems undesirable - I would have expected this to define a custom logger for this purpose.

Thank you for the type annotations. Besides just annotating the types, I'd like to see if we can also avoid unnecessary complexity - something that annotations can assist with. For example rather than checking an Optional parameter for trutheyness, we could instead avoid the possibility of None and pass a falsey value instead.

[holmanb]

This doesn't seem ideal. Was Python's builtin logger considered?

This complicates code in util and makes for a bunch of otherwise unnecessary logger file parameters.

[blackboxsw]

I've adapted this to use python logging and a new SECURITY level log with custom handler which writes to
/var/log/cloud-init-security.log

[holmanb]

Intermixing code of different different purposes like this will lead to difficulty maintaining and auditing the code. I would prefer if we could find a cleaner design.

[blackboxsw]

good point, let's go decorator route instead,

[holmanb]

Why the underscore? If no hyphen is allowed then I would prefer "canonical.cloudinit" over this.

[blackboxsw]

Adapted to prefer hyphenated like our product name.

[holmanb]

The changes in this file seem unnecessary.

[holmanb]

Why the log file parameters? This seems unnecessary.

[holmanb]

Optional parameters often complicate type annotations unnecessarily. Can we restructure this to be cleaner? Same comment repeated throughout this code.

[holmanb]

This comment seems unnecessary.

[holmanb]

This comment seems unnecessary.

[holmanb]

This conditional is unnecessary.

[github-actions]

Hello! Thank you for this proposed change to cloud-init. This pull request is now marked as stale as it has not seen any activity in 14 days. If no activity occurs within the next 7 days, this pull request will automatically close.

If you are waiting for code review and you are seeing this message, apologies! Please reply, tagging blackboxsw, and he will ensure that someone takes a look soon.

(If the pull request is closed and you would like to continue working on it, please do tag blackboxsw to reopen it.)

[blackboxsw]

I believe I have addressed all comments and this is ready for re-review.