diff options
| -rw-r--r-- | doc/source/middleware.rst | 2 | ||||
| -rw-r--r-- | pycadf/audit/api.py | 6 | ||||
| -rw-r--r-- | pycadf/helper/__init__.py | 0 | ||||
| -rw-r--r-- | pycadf/helper/api.py | 40 | ||||
| -rw-r--r-- | pycadf/tests/audit/test_api.py | 34 | ||||
| -rw-r--r-- | pycadf/tests/helper/__init__.py | 0 | ||||
| -rw-r--r-- | pycadf/tests/helper/test_api.py | 44 | ||||
| -rw-r--r-- | test-requirements.txt | 2 |
8 files changed, 125 insertions, 3 deletions
diff --git a/doc/source/middleware.rst b/doc/source/middleware.rst index 920279a..22d7410 100644 --- a/doc/source/middleware.rst +++ b/doc/source/middleware.rst @@ -72,7 +72,7 @@ example using Nova's WSGI pipeline:: keystone = faultwrap sizelimit authtoken keystonecontext ratelimit audit osapi_compute_app_v2 keystone_nolimit = faultwrap sizelimit authtoken keystonecontext audit osapi_compute_app_v2 -.. _oslo.messaging: http://www.dmtf.org/standards/cadf +.. _oslo.messaging: https://github.com/openstack/oslo.messaging .. _old notification system: https://github.com/openstack/oslo-incubator .. _middleware code base: https://github.com/openstack/oslo-incubator/tree/master/openstack/common/middleware diff --git a/pycadf/audit/api.py b/pycadf/audit/api.py index 42c2911..6d70ed2 100644 --- a/pycadf/audit/api.py +++ b/pycadf/audit/api.py @@ -180,12 +180,16 @@ class OpenStackAuditApi(object): return action def _get_service_info(self, endp): + # NOTE(stevemar): The catalog returned by X-Service-Catalog + # does not include IDs for endpoints, use the service name + # as a backup. + endpoint_id = endp['endpoints'][0].get('id', endp['name']) service = self.Service( type=self._MAP.service_endpoints.get( endp['type'], taxonomy.UNKNOWN), name=endp['name'], - id=identifier.norm_ns(endp['endpoints'][0]['id']), + id=identifier.norm_ns(endpoint_id), admin_endp=endpoint.Endpoint( name='admin', url=endp['endpoints'][0]['adminURL']), diff --git a/pycadf/helper/__init__.py b/pycadf/helper/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/pycadf/helper/__init__.py diff --git a/pycadf/helper/api.py b/pycadf/helper/api.py new file mode 100644 index 0000000..c9656ae --- /dev/null +++ b/pycadf/helper/api.py @@ -0,0 +1,40 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +import six + +from pycadf import cadftaxonomy + + +def convert_req_action(method, details=None): + """Maps standard HTTP methods to equivalent CADF action + + :param method: HTTP request method + :param details: Extra details to append to action. + """ + + mapping = {'get': cadftaxonomy.ACTION_READ, + 'head': cadftaxonomy.ACTION_READ, + 'post': cadftaxonomy.ACTION_CREATE, + 'put': cadftaxonomy.ACTION_UPDATE, + 'delete': cadftaxonomy.ACTION_DELETE, + 'patch': cadftaxonomy.ACTION_UPDATE, + 'options': cadftaxonomy.ACTION_READ, + 'trace': 'capture'} + + action = None + if isinstance(method, six.string_types): + action = mapping.get(method.lower()) + if action and isinstance(details, six.string_types): + action += '/%s' % details + return action or cadftaxonomy.UNKNOWN diff --git a/pycadf/tests/audit/test_api.py b/pycadf/tests/audit/test_api.py index 1b9e30f..96dcb0b 100644 --- a/pycadf/tests/audit/test_api.py +++ b/pycadf/tests/audit/test_api.py @@ -40,6 +40,23 @@ class TestAuditApi(base.TestCase): 'HTTP_X_PROJECT_ID': 'tenant_id', 'HTTP_X_IDENTITY_STATUS': 'Confirmed'} + ENV_HEADERS_NO_ID = {'HTTP_X_SERVICE_CATALOG': + '''[{"endpoints_links": [], + "endpoints": [{"adminURL": + "http://admin_host:8774", + "region": "RegionOne", + "publicURL": + "http://public_host:8775", + "internalURL": + "http://internal_host:8776"}], + "type": "compute", + "name": "nova"}]''', + 'HTTP_X_USER_ID': 'user_id', + 'HTTP_X_USER_NAME': 'user_name', + 'HTTP_X_AUTH_TOKEN': 'token', + 'HTTP_X_PROJECT_ID': 'tenant_id', + 'HTTP_X_IDENTITY_STATUS': 'Confirmed'} + def setUp(self): super(TestAuditApi, self).setUp() self.audit_api = api.OpenStackAuditApi( @@ -53,6 +70,14 @@ class TestAuditApi(base.TestCase): self.assertIn('CADF_EVENT_CORRELATION_ID', req.environ) return req + def api_request_missing_id(self, method, url): + self.ENV_HEADERS_NO_ID['REQUEST_METHOD'] = method + req = webob.Request.blank(url, environ=self.ENV_HEADERS_NO_ID, + remote_addr='192.168.0.1') + self.audit_api.append_audit_event(req) + self.assertIn('CADF_EVENT_CORRELATION_ID', req.environ) + return req + def test_get_list_with_cfg(self): cfg.CONF.set_override( 'api_audit_map', @@ -121,6 +146,15 @@ class TestAuditApi(base.TestCase): self.assertEqual(payload['target']['id'], 'unknown') self.assertEqual(payload['target']['typeURI'], 'unknown') + def test_templated_catalog(self): + url = 'http://admin_host:8774/v2/' + str(uuid.uuid4()) + '/servers' + req = self.api_request_missing_id('GET', url) + payload = req.environ['CADF_EVENT'] + self.assertEqual(payload['target']['id'], 'openstack:nova') + self.assertEqual(payload['target']['name'], 'nova') + self.assertEqual(payload['target']['typeURI'], + 'service/compute/servers') + def test_get_unknown_endpoint_default_set(self): tmpfile = self.temp_config_file_path() with open(tmpfile, "w") as f: diff --git a/pycadf/tests/helper/__init__.py b/pycadf/tests/helper/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/pycadf/tests/helper/__init__.py diff --git a/pycadf/tests/helper/test_api.py b/pycadf/tests/helper/test_api.py new file mode 100644 index 0000000..16466ce --- /dev/null +++ b/pycadf/tests/helper/test_api.py @@ -0,0 +1,44 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +from pycadf import cadftaxonomy +from pycadf.helper import api +from pycadf.tests import base + + +class TestApiHelper(base.TestCase): + def test_convert_req_action(self): + self.assertEqual(cadftaxonomy.ACTION_READ, + api.convert_req_action('get')) + self.assertEqual(cadftaxonomy.ACTION_CREATE, + api.convert_req_action('POST')) + self.assertEqual(cadftaxonomy.ACTION_DELETE, + api.convert_req_action('deLetE')) + + def test_convert_req_action_invalid(self): + self.assertEqual(cadftaxonomy.UNKNOWN, api.convert_req_action(124)) + self.assertEqual(cadftaxonomy.UNKNOWN, api.convert_req_action('blah')) + + def test_convert_req_action_with_details(self): + detail = 'compute/instance' + self.assertEqual(cadftaxonomy.ACTION_READ + '/%s' % detail, + api.convert_req_action('GET', detail)) + self.assertEqual(cadftaxonomy.ACTION_DELETE + '/%s' % detail, + api.convert_req_action('DELETE', detail)) + + def test_convert_req_action_with_details_invalid(self): + detail = 123 + self.assertEqual(cadftaxonomy.ACTION_READ, + api.convert_req_action('GET', detail)) + self.assertEqual(cadftaxonomy.ACTION_DELETE, + api.convert_req_action('DELETE', detail)) diff --git a/test-requirements.txt b/test-requirements.txt index b512f0f..f68f957 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8,7 +8,7 @@ coverage>=3.6 discover fixtures>=0.3.14 mock>=1.0 -oslo.messaging>=1.4.0,!=1.5.0 +oslo.messaging>=1.6.0 # Apache-2.0 oslotest>=1.2.0 # Apache-2.0 python-subunit>=0.0.18 testrepository>=0.0.18 |