add audit_maps for more OpenStack components

add audit_maps for:
- cinder
- glance
- neutron

Change-Id: If324c1296f852e57f3a376ccfc485ed1b3df75e3
Blueprint: audit-all-apis

8 files changed, 106 insertions, 31 deletions

diff --git a/etc/pycadf/cinder_api_audit_map.conf b/etc/pycadf/cinder_api_audit_map.conf
new file mode 100644
index 0000000..ce1d2c3
--- /dev/null
+++ b/etc/pycadf/cinder_api_audit_map.conf
@@ -0,0 +1,27 @@
+[DEFAULT]
+# default target endpoint type
+# should match the endpoint type defined in service catalog
+target_endpoint_type = None
+
+# map urls ending with specific text to a unique action
+[custom_actions]
+associate = update/associate
+disassociate = update/disassociate
+disassociate_all = update/disassociate_all
+associations = read/list/associations
+
+# possible end path of api requests
+[path_keywords]
+defaults = None
+detail = None
+limits = None
+os-quota-specs = project
+qos-specs = qos-spec
+snapshots = snapshot
+types = type
+volumes = volume
+
+# map endpoint type defined in service catalog to CADF typeURI
+[service_endpoints]
+volume = service/storage/block
+volumev2 = service/storage/block
\ No newline at end of file
diff --git a/etc/pycadf/glance_api_audit_map.conf b/etc/pycadf/glance_api_audit_map.conf
new file mode 100644
index 0000000..fc9e461
--- /dev/null
+++ b/etc/pycadf/glance_api_audit_map.conf
@@ -0,0 +1,16 @@
+[DEFAULT]
+# default target endpoint type
+# should match the endpoint type defined in service catalog
+target_endpoint_type = None
+
+# possible end path of api requests
+[path_keywords]
+detail = None
+file = None
+images = image
+members = member
+tags = tag
+
+# map endpoint type defined in service catalog to CADF typeURI
+[service_endpoints]
+image = service/storage/image
\ No newline at end of file
diff --git a/etc/pycadf/neutron_api_audit_map.conf b/etc/pycadf/neutron_api_audit_map.conf
new file mode 100644
index 0000000..2705252
--- /dev/null
+++ b/etc/pycadf/neutron_api_audit_map.conf
@@ -0,0 +1,31 @@
+[DEFAULT]
+# default target endpoint type
+# should match the endpoint type defined in service catalog
+target_endpoint_type = None
+
+​[custom_actions]
+add_router_interface = update/add
+remove_router_interface = update/remove
+
+# possible end path of api requests
+[path_keywords]
+floatingips = ip
+healthmonitors = healthmonitor
+health_monitors = health_monitor
+lb = None​
+members = member
+metering-labels = label
+metering-label-rules = rule
+networks = network
+pools = pool
+ports = port
+routers = router
+quotas = quota
+security-groups = security-group
+security-group-rules = rule
+subnets = subnet
+vips = vip
+
+# map endpoint type defined in service catalog to CADF typeURI
+[service_endpoints]
+network = service/network
\ No newline at end of file
diff --git a/etc/pycadf/api_audit_map.conf b/etc/pycadf/nova_api_audit_map.conf
index a6cafb5..f9bda45 100644
--- a/etc/pycadf/api_audit_map.conf
+++ b/etc/pycadf/nova_api_audit_map.conf
@@ -50,7 +50,7 @@ os-keypairs = keypair
 os-migrations = None
 os-networks = network
 os-quota-sets = tenant
-os-security-groups = security-group
+os-security-groups = security_group
 os-security-group-rules = rule
 os-server-password = None
 os-services = None
@@ -66,13 +66,6 @@ shutdown = None
 startup = None
 statistics = None
 
-
 # map endpoint type defined in service catalog to CADF typeURI
 [service_endpoints]
-identity = service/security
-object-store = service/storage/object
-volume = service/storage/block
-image = service/storage/image
-network = service/network
-compute = service/compute
-metering = service/bss/metering
\ No newline at end of file
+compute = service/compute
\ No newline at end of file
diff --git a/pycadf/audit/api.py b/pycadf/audit/api.py
index cf23edb..d8c9402 100644
--- a/pycadf/audit/api.py
+++ b/pycadf/audit/api.py
@@ -124,6 +124,10 @@ class OpenStackAuditApi(object):
                 map_file = cfg.CONF.find_file(CONF.audit.api_audit_map)
         self._MAP = _configure_audit_map(map_file)
 
+    @staticmethod
+    def _clean_path(value):
+        return value[:-5] if value.endswith('.json') else value
+
     def _get_action(self, req):
         """Take a given Request, parse url path to calculate action type.
 
@@ -140,7 +144,7 @@ class OpenStackAuditApi(object):
 
         """
         path = req.path[:-1] if req.path.endswith('/') else req.path
-        url_ending = path[path.rfind('/') + 1:]
+        url_ending = self._clean_path(path[path.rfind('/') + 1:])
         method = req.method
 
         if url_ending + '/' + method.lower() in self._MAP.custom_actions:
@@ -167,7 +171,7 @@ class OpenStackAuditApi(object):
                 action = taxonomy.ACTION_LIST
             else:
                 action = taxonomy.ACTION_READ
-        elif method == 'PUT':
+        elif method == 'PUT' or method == 'PATCH':
             action = taxonomy.ACTION_UPDATE
         elif method == 'DELETE':
             action = taxonomy.ACTION_DELETE
@@ -201,6 +205,7 @@ class OpenStackAuditApi(object):
         type_uri = ''
         prev_key = None
         for key in re.split('/', req.path):
+            key = self._clean_path(key)
             if key in self._MAP.path_kw:
                 type_uri += '/' + key
             elif prev_key in self._MAP.path_kw:
diff --git a/pycadf/tests/audit/test_api.py b/pycadf/tests/audit/test_api.py
index 2947524..cce6dc3 100644
--- a/pycadf/tests/audit/test_api.py
+++ b/pycadf/tests/audit/test_api.py
@@ -45,7 +45,7 @@ class TestAuditApi(base.TestCase):
     def setUp(self):
         super(TestAuditApi, self).setUp()
         self.audit_api = api.OpenStackAuditApi(
-            'etc/pycadf/api_audit_map.conf')
+            'etc/pycadf/nova_api_audit_map.conf')
 
     def api_request(self, method, url):
         self.ENV_HEADERS['REQUEST_METHOD'] = method
@@ -58,7 +58,7 @@ class TestAuditApi(base.TestCase):
     def test_get_list_with_cfg(self):
         cfg.CONF.set_override(
             'api_audit_map',
-            self.path_get('etc/pycadf/api_audit_map.conf'),
+            self.path_get('etc/pycadf/nova_api_audit_map.conf'),
             group='audit')
         self.audit_api = api.OpenStackAuditApi()
         req = self.api_request('GET',
diff --git a/pycadf/tests/middleware/test_audit.py b/pycadf/tests/middleware/test_audit.py
index 86ac5fc..b9770be 100644
--- a/pycadf/tests/middleware/test_audit.py
+++ b/pycadf/tests/middleware/test_audit.py
@@ -58,13 +58,13 @@ class AuditMiddlewareTest(base.TestCase):
 
     def setUp(self):
         super(AuditMiddlewareTest, self).setUp()
-        self.map_file = 'etc/pycadf/api_audit_map.conf'
+        self.map_file = 'etc/pycadf/nova_api_audit_map.conf'
 
     def test_api_request(self):
-        middleware = audit.AuditMiddleware(FakeApp(),
-                                           audit_map_file=
-                                           'etc/pycadf/api_audit_map.conf',
-                                           service_name='pycadf')
+        middleware = audit.AuditMiddleware(
+            FakeApp(),
+            audit_map_file='etc/pycadf/nova_api_audit_map.conf',
+            service_name='pycadf')
         self.ENV_HEADERS['REQUEST_METHOD'] = 'GET'
         req = webob.Request.blank('/foo/bar',
                                   environ=self.ENV_HEADERS)
@@ -95,10 +95,10 @@ class AuditMiddlewareTest(base.TestCase):
             self.assertEqual(request['CADF_EVENT']['outcome'], 'success')
 
     def test_api_request_failure(self):
-        middleware = audit.AuditMiddleware(FakeFailingApp(),
-                                           audit_map_file=
-                                           'etc/pycadf/api_audit_map.conf',
-                                           service_name='pycadf')
+        middleware = audit.AuditMiddleware(
+            FakeFailingApp(),
+            audit_map_file='etc/pycadf/nova_api_audit_map.conf',
+            service_name='pycadf')
         self.ENV_HEADERS['REQUEST_METHOD'] = 'GET'
         req = webob.Request.blank('/foo/bar',
                                   environ=self.ENV_HEADERS)
@@ -137,10 +137,10 @@ class AuditMiddlewareTest(base.TestCase):
             raise Exception('error')
         self.stubs.Set(cadf_api.OpenStackAuditApi, 'append_audit_event',
                        func_error)
-        middleware = audit.AuditMiddleware(FakeApp(),
-                                           audit_map_file=
-                                           'etc/pycadf/api_audit_map.conf',
-                                           service_name='pycadf')
+        middleware = audit.AuditMiddleware(
+            FakeApp(),
+            audit_map_file='etc/pycadf/nova_api_audit_map.conf',
+            service_name='pycadf')
         req = webob.Request.blank('/foo/bar',
                                   environ={'REQUEST_METHOD': 'GET'})
         middleware.process_request(req)
@@ -150,10 +150,10 @@ class AuditMiddlewareTest(base.TestCase):
             raise Exception('error')
         self.stubs.Set(cadf_api.OpenStackAuditApi, 'mod_audit_event',
                        func_error)
-        middleware = audit.AuditMiddleware(FakeApp(),
-                                           audit_map_file=
-                                           'etc/pycadf/api_audit_map.conf',
-                                           service_name='pycadf')
+        middleware = audit.AuditMiddleware(
+            FakeApp(),
+            audit_map_file='etc/pycadf/nova_api_audit_map.conf',
+            service_name='pycadf')
         req = webob.Request.blank('/foo/bar',
                                   environ={'REQUEST_METHOD': 'GET'})
         middleware.process_response(req, webob.response.Response())
diff --git a/setup.cfg b/setup.cfg
index 9229369..f1a82b7 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -22,7 +22,10 @@ packages =
     pycadf
 data_files =
     etc/pycadf =
-        etc/pycadf/api_audit_map.conf
+        etc/pycadf/cinder_api_audit_map.conf
+        etc/pycadf/glance_api_audit_map.conf
+        etc/pycadf/neutron_api_audit_map.conf
+        etc/pycadf/nova_api_audit_map.conf
 
 [global]
 setup-hooks =