diff options
author | Gordon Chung <chungg@ca.ibm.com> | 2014-02-13 12:51:22 -0500 |
---|---|---|
committer | Gordon Chung <chungg@ca.ibm.com> | 2014-06-05 18:52:15 -0400 |
commit | c575e6d1df34c31d1c3733809e88af2f0b66a83b (patch) | |
tree | 424397c70b07ebcc7e3af5379d83bf78cf6c5ccd | |
parent | 6ac553173de8e01f0b4a8bb73c212c63fd8679a4 (diff) | |
download | pycadf-c575e6d1df34c31d1c3733809e88af2f0b66a83b.tar.gz |
add audit_maps for more OpenStack components
add audit_maps for:
- cinder
- glance
- neutron
Change-Id: If324c1296f852e57f3a376ccfc485ed1b3df75e3
Blueprint: audit-all-apis
-rw-r--r-- | etc/pycadf/cinder_api_audit_map.conf | 27 | ||||
-rw-r--r-- | etc/pycadf/glance_api_audit_map.conf | 16 | ||||
-rw-r--r-- | etc/pycadf/neutron_api_audit_map.conf | 31 | ||||
-rw-r--r-- | etc/pycadf/nova_api_audit_map.conf (renamed from etc/pycadf/api_audit_map.conf) | 11 | ||||
-rw-r--r-- | pycadf/audit/api.py | 9 | ||||
-rw-r--r-- | pycadf/tests/audit/test_api.py | 4 | ||||
-rw-r--r-- | pycadf/tests/middleware/test_audit.py | 34 | ||||
-rw-r--r-- | setup.cfg | 5 |
8 files changed, 106 insertions, 31 deletions
diff --git a/etc/pycadf/cinder_api_audit_map.conf b/etc/pycadf/cinder_api_audit_map.conf new file mode 100644 index 0000000..ce1d2c3 --- /dev/null +++ b/etc/pycadf/cinder_api_audit_map.conf @@ -0,0 +1,27 @@ +[DEFAULT] +# default target endpoint type +# should match the endpoint type defined in service catalog +target_endpoint_type = None + +# map urls ending with specific text to a unique action +[custom_actions] +associate = update/associate +disassociate = update/disassociate +disassociate_all = update/disassociate_all +associations = read/list/associations + +# possible end path of api requests +[path_keywords] +defaults = None +detail = None +limits = None +os-quota-specs = project +qos-specs = qos-spec +snapshots = snapshot +types = type +volumes = volume + +# map endpoint type defined in service catalog to CADF typeURI +[service_endpoints] +volume = service/storage/block +volumev2 = service/storage/block
\ No newline at end of file diff --git a/etc/pycadf/glance_api_audit_map.conf b/etc/pycadf/glance_api_audit_map.conf new file mode 100644 index 0000000..fc9e461 --- /dev/null +++ b/etc/pycadf/glance_api_audit_map.conf @@ -0,0 +1,16 @@ +[DEFAULT] +# default target endpoint type +# should match the endpoint type defined in service catalog +target_endpoint_type = None + +# possible end path of api requests +[path_keywords] +detail = None +file = None +images = image +members = member +tags = tag + +# map endpoint type defined in service catalog to CADF typeURI +[service_endpoints] +image = service/storage/image
\ No newline at end of file diff --git a/etc/pycadf/neutron_api_audit_map.conf b/etc/pycadf/neutron_api_audit_map.conf new file mode 100644 index 0000000..2705252 --- /dev/null +++ b/etc/pycadf/neutron_api_audit_map.conf @@ -0,0 +1,31 @@ +[DEFAULT] +# default target endpoint type +# should match the endpoint type defined in service catalog +target_endpoint_type = None + +[custom_actions] +add_router_interface = update/add +remove_router_interface = update/remove + +# possible end path of api requests +[path_keywords] +floatingips = ip +healthmonitors = healthmonitor +health_monitors = health_monitor +lb = None +members = member +metering-labels = label +metering-label-rules = rule +networks = network +pools = pool +ports = port +routers = router +quotas = quota +security-groups = security-group +security-group-rules = rule +subnets = subnet +vips = vip + +# map endpoint type defined in service catalog to CADF typeURI +[service_endpoints] +network = service/network
\ No newline at end of file diff --git a/etc/pycadf/api_audit_map.conf b/etc/pycadf/nova_api_audit_map.conf index a6cafb5..f9bda45 100644 --- a/etc/pycadf/api_audit_map.conf +++ b/etc/pycadf/nova_api_audit_map.conf @@ -50,7 +50,7 @@ os-keypairs = keypair os-migrations = None os-networks = network os-quota-sets = tenant -os-security-groups = security-group +os-security-groups = security_group os-security-group-rules = rule os-server-password = None os-services = None @@ -66,13 +66,6 @@ shutdown = None startup = None statistics = None - # map endpoint type defined in service catalog to CADF typeURI [service_endpoints] -identity = service/security -object-store = service/storage/object -volume = service/storage/block -image = service/storage/image -network = service/network -compute = service/compute -metering = service/bss/metering
\ No newline at end of file +compute = service/compute
\ No newline at end of file diff --git a/pycadf/audit/api.py b/pycadf/audit/api.py index cf23edb..d8c9402 100644 --- a/pycadf/audit/api.py +++ b/pycadf/audit/api.py @@ -124,6 +124,10 @@ class OpenStackAuditApi(object): map_file = cfg.CONF.find_file(CONF.audit.api_audit_map) self._MAP = _configure_audit_map(map_file) + @staticmethod + def _clean_path(value): + return value[:-5] if value.endswith('.json') else value + def _get_action(self, req): """Take a given Request, parse url path to calculate action type. @@ -140,7 +144,7 @@ class OpenStackAuditApi(object): """ path = req.path[:-1] if req.path.endswith('/') else req.path - url_ending = path[path.rfind('/') + 1:] + url_ending = self._clean_path(path[path.rfind('/') + 1:]) method = req.method if url_ending + '/' + method.lower() in self._MAP.custom_actions: @@ -167,7 +171,7 @@ class OpenStackAuditApi(object): action = taxonomy.ACTION_LIST else: action = taxonomy.ACTION_READ - elif method == 'PUT': + elif method == 'PUT' or method == 'PATCH': action = taxonomy.ACTION_UPDATE elif method == 'DELETE': action = taxonomy.ACTION_DELETE @@ -201,6 +205,7 @@ class OpenStackAuditApi(object): type_uri = '' prev_key = None for key in re.split('/', req.path): + key = self._clean_path(key) if key in self._MAP.path_kw: type_uri += '/' + key elif prev_key in self._MAP.path_kw: diff --git a/pycadf/tests/audit/test_api.py b/pycadf/tests/audit/test_api.py index 2947524..cce6dc3 100644 --- a/pycadf/tests/audit/test_api.py +++ b/pycadf/tests/audit/test_api.py @@ -45,7 +45,7 @@ class TestAuditApi(base.TestCase): def setUp(self): super(TestAuditApi, self).setUp() self.audit_api = api.OpenStackAuditApi( - 'etc/pycadf/api_audit_map.conf') + 'etc/pycadf/nova_api_audit_map.conf') def api_request(self, method, url): self.ENV_HEADERS['REQUEST_METHOD'] = method @@ -58,7 +58,7 @@ class TestAuditApi(base.TestCase): def test_get_list_with_cfg(self): cfg.CONF.set_override( 'api_audit_map', - self.path_get('etc/pycadf/api_audit_map.conf'), + self.path_get('etc/pycadf/nova_api_audit_map.conf'), group='audit') self.audit_api = api.OpenStackAuditApi() req = self.api_request('GET', diff --git a/pycadf/tests/middleware/test_audit.py b/pycadf/tests/middleware/test_audit.py index 86ac5fc..b9770be 100644 --- a/pycadf/tests/middleware/test_audit.py +++ b/pycadf/tests/middleware/test_audit.py @@ -58,13 +58,13 @@ class AuditMiddlewareTest(base.TestCase): def setUp(self): super(AuditMiddlewareTest, self).setUp() - self.map_file = 'etc/pycadf/api_audit_map.conf' + self.map_file = 'etc/pycadf/nova_api_audit_map.conf' def test_api_request(self): - middleware = audit.AuditMiddleware(FakeApp(), - audit_map_file= - 'etc/pycadf/api_audit_map.conf', - service_name='pycadf') + middleware = audit.AuditMiddleware( + FakeApp(), + audit_map_file='etc/pycadf/nova_api_audit_map.conf', + service_name='pycadf') self.ENV_HEADERS['REQUEST_METHOD'] = 'GET' req = webob.Request.blank('/foo/bar', environ=self.ENV_HEADERS) @@ -95,10 +95,10 @@ class AuditMiddlewareTest(base.TestCase): self.assertEqual(request['CADF_EVENT']['outcome'], 'success') def test_api_request_failure(self): - middleware = audit.AuditMiddleware(FakeFailingApp(), - audit_map_file= - 'etc/pycadf/api_audit_map.conf', - service_name='pycadf') + middleware = audit.AuditMiddleware( + FakeFailingApp(), + audit_map_file='etc/pycadf/nova_api_audit_map.conf', + service_name='pycadf') self.ENV_HEADERS['REQUEST_METHOD'] = 'GET' req = webob.Request.blank('/foo/bar', environ=self.ENV_HEADERS) @@ -137,10 +137,10 @@ class AuditMiddlewareTest(base.TestCase): raise Exception('error') self.stubs.Set(cadf_api.OpenStackAuditApi, 'append_audit_event', func_error) - middleware = audit.AuditMiddleware(FakeApp(), - audit_map_file= - 'etc/pycadf/api_audit_map.conf', - service_name='pycadf') + middleware = audit.AuditMiddleware( + FakeApp(), + audit_map_file='etc/pycadf/nova_api_audit_map.conf', + service_name='pycadf') req = webob.Request.blank('/foo/bar', environ={'REQUEST_METHOD': 'GET'}) middleware.process_request(req) @@ -150,10 +150,10 @@ class AuditMiddlewareTest(base.TestCase): raise Exception('error') self.stubs.Set(cadf_api.OpenStackAuditApi, 'mod_audit_event', func_error) - middleware = audit.AuditMiddleware(FakeApp(), - audit_map_file= - 'etc/pycadf/api_audit_map.conf', - service_name='pycadf') + middleware = audit.AuditMiddleware( + FakeApp(), + audit_map_file='etc/pycadf/nova_api_audit_map.conf', + service_name='pycadf') req = webob.Request.blank('/foo/bar', environ={'REQUEST_METHOD': 'GET'}) middleware.process_response(req, webob.response.Response()) @@ -22,7 +22,10 @@ packages = pycadf data_files = etc/pycadf = - etc/pycadf/api_audit_map.conf + etc/pycadf/cinder_api_audit_map.conf + etc/pycadf/glance_api_audit_map.conf + etc/pycadf/neutron_api_audit_map.conf + etc/pycadf/nova_api_audit_map.conf [global] setup-hooks = |