openstack
/
deb-python-pycadf
Code Issues Proposed changes

Retire Packaging Deb project repos 

This commit is part of a series to retire the Packaging Deb
project. Step 2 is to remove all content from the project
repos, replacing it with a README notification where to find
ongoing work, and how to recover the repo if needed at some
future point (as in
https://docs.openstack.org/infra/manual/drivers.html#retiring-a-project).

Change-Id: I2115b74ea098def883f93eb007fa84afbfaffc1c
This commit is contained in:
Tony Breeds 2017-09-12 16:09:39 -06:00
parent fd2a777b03
commit 708697d960
78 changed files with 14 additions and 4815 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.gitignore vendored
View File

@ -1,16 +0,0 @@
AUTHORS
ChangeLog
*~
*.swp
*.pyc
*.log
.tox
.coverage
*.egg-info/
build/
doc/build/
doc/source/api
dist/
.testrepository/
.project
.pydevproject

4
.gitreview
View File

@ -1,4 +0,0 @@
[gerrit]
host=review.openstack.org
port=29418
project=openstack/pycadf.git

4
.testr.conf
View File

@ -1,4 +0,0 @@
[DEFAULT]
test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 OS_TEST_TIMEOUT=60 ${PYTHON:-python} -m subunit.run discover -t ./ . $LISTOPT $IDOPTION
test_id_option=--load-list $IDFILE
test_list_option=--list

15
CONTRIBUTING.rst
View File

@ -1,15 +0,0 @@
If you would like to contribute to the development of OpenStack,
you must follow the steps documented at:
https://docs.openstack.org/infra/manual/developers.html#development-workflow
Once those steps have been completed, changes to OpenStack should be submitted
for review via the Gerrit tool, following the workflow documented at:
https://docs.openstack.org/infra/manual/developers.html#development-workflow
Pull requests submitted through GitHub will be ignored.
Bugs should be filed on Launchpad, not GitHub:
https://bugs.launchpad.net/pycadf

204
LICENSE
View File

@ -1,204 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
--- License for python-keystoneclient versions prior to 2.1 ---
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of this project nor the names of its contributors may
be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

14
README Normal file
View File

@ -0,0 +1,14 @@
This project is no longer maintained.
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
For ongoing work on maintaining OpenStack packages in the Debian
distribution, please see the Debian OpenStack packaging team at
https://wiki.debian.org/OpenStack/.
For any further questions, please email
openstack-dev@lists.openstack.org or join #openstack-dev on
Freenode.

39
README.rst
View File

@ -1,39 +0,0 @@
========================
Team and repository tags
========================
.. image:: https://governance.openstack.org/badges/pycadf.svg
:target: https://governance.openstack.org/reference/tags/index.html
.. Change things from this point on
======
PyCADF
======
.. image:: https://img.shields.io/pypi/v/pycadf.svg
:target: https://pypi.python.org/pypi/pycadf/
:alt: Latest Version
.. image:: https://img.shields.io/pypi/dm/pycadf.svg
:target: https://pypi.python.org/pypi/pycadf/
:alt: Downloads
This library provides an auditing data model based on the `Cloud Auditing Data
Federation <http://www.dmtf.org/standards/cadf>`_ specification, primarily for
use by OpenStack. The goal is to establish strict expectations about what
auditors can expect from audit notifications.
* `PyPi`_ - package installation
* `Online Documentation`_
* `Launchpad project`_ - release management
* `Blueprints`_ - feature specifications
* `Bugs`_ - issue tracking
* `Source`_
.. _PyPi: https://pypi.python.org/pypi/pycadf
.. _Online Documentation: https://docs.openstack.org/developer/pycadf/
.. _Launchpad project: https://launchpad.net/pycadf
.. _Blueprints: https://blueprints.launchpad.net/pycadf
.. _Bugs: https://bugs.launchpad.net/pycadf
.. _Source: https://git.openstack.org/cgit/openstack/pycadf

182
doc/Makefile
View File

@ -1,182 +0,0 @@
# Makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
PAPER =
BUILDDIR = build
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " dirhtml to make HTML files named index.html in directories"
@echo " singlehtml to make a single large HTML file"
@echo " pickle to make pickle files"
@echo " json to make JSON files"
@echo " htmlhelp to make HTML files and a HTML help project"
@echo " qthelp to make HTML files and a qthelp project"
@echo " devhelp to make HTML files and a Devhelp project"
@echo " epub to make an epub"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " latexpdf to make LaTeX files and run them through pdflatex"
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
@echo " text to make text files"
@echo " man to make manual pages"
@echo " texinfo to make Texinfo files"
@echo " info to make Texinfo files and run them through makeinfo"
@echo " gettext to make PO message catalogs"
@echo " changes to make an overview of all changed/added/deprecated items"
@echo " xml to make Docutils-native XML files"
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
@echo " linkcheck to check all external links for integrity"
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
@echo " wadl to build a WADL file for api.openstack.org"
clean:
rm -rf $(BUILDDIR)/*
html: check-dependencies
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
.PHONY: check-dependencies
check-dependencies:
@python -c 'import sphinxcontrib.autohttp.flask' >/dev/null 2>&1 || (echo "ERROR: Missing Sphinx dependencies. Run: pip install sphinxcontrib-httpdomain" && exit 1)
wadl:
$(SPHINXBUILD) -b docbook $(ALLSPHINXOPTS) $(BUILDDIR)/wadl
@echo
@echo "Build finished. The WADL pages are in $(BUILDDIR)/wadl."
dirhtml:
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
singlehtml:
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
pickle:
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
json:
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
htmlhelp:
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
qthelp:
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/pyCADF.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/pyCADF.qhc"
devhelp:
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@echo "To view the help file:"
@echo "# mkdir -p $$HOME/.local/share/devhelp/pyCADF"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/pyCADF"
@echo "# devhelp"
epub:
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
latexpdf:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
latexpdfja:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through platex and dvipdfmx..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
man:
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
texinfo:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
info:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
gettext:
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
changes:
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
linkcheck:
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
doctest:
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."
xml:
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
@echo
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
pseudoxml:
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
@echo
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."

0
doc/ext/__init__.py
View File

41
doc/ext/apidoc.py
View File

@ -1,41 +0,0 @@
# Copyright 2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os.path as path
from sphinx import apidoc
# NOTE(gordc): pbr will run Sphinx multiple times when it generates
# documentation. Once for each builder. To run this extension we use the
# 'builder-inited' hook that fires at the beginning of a Sphinx build.
# We use ``run_already`` to make sure apidocs are only generated once
# even if Sphinx is run multiple times.
run_already = False
def run_apidoc(app):
global run_already
if run_already:
return
run_already = True
package_dir = path.abspath(path.join(app.srcdir, '..', '..', 'pycadf'))
source_dir = path.join(app.srcdir, 'api')
apidoc.main(['apidoc', package_dir, '-f',
'-H', 'pyCADF Modules',
'-o', source_dir])
def setup(app):
app.connect('builder-inited', run_apidoc)

46
doc/source/audit_maps.rst
View File

@ -1,46 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _audit_maps:
============
Audit maps
============
The pyCADF library maintains a set of audit mapping files for OpenStack
services. Currently, pyCADF supplies the following audit mapping files:
* `cinder_api_audit_map.conf`_
* `glance_api_audit_map.conf`_
* `neutron_api_audit_map.conf`_
* `nova_api_audit_map.conf`_
* `trove_api_audit_map.conf`_
* `heat_api_audit_map.conf`_
* `ironic_api_audit_map.conf`_
These files are hosted under the `etc/pycadf`_ directory of pyCADF. For more
information on how to use these mapping files, refer to the `Audit middleware`_
section of the `keystonemiddleware`_ project.
.. _Audit middleware: https://docs.openstack.org/keystonemiddleware/latest/audit.html
.. _keystonemiddleware: https://docs.openstack.org/keystonemiddleware/latest/
.. _`etc/pycadf`: https://github.com/openstack/pycadf/tree/master/etc/pycadf
.. _`cinder_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/cinder_api_audit_map.conf
.. _`glance_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/glance_api_audit_map.conf
.. _`neutron_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/neutron_api_audit_map.conf
.. _`nova_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/nova_api_audit_map.conf
.. _`trove_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/trove_api_audit_map.conf
.. _`heat_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/heat_api_audit_map.conf
.. _`ironic_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/ironic_api_audit_map.conf

270
doc/source/conf.py
View File

@ -1,270 +0,0 @@
#
# pyCADF documentation build configuration file, created by
# sphinx-quickstart on Sun Mar 16 22:32:24 2014.
#
# This file is execfile()d with the current directory set to its containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
import sys, os
# NOTE(gordc): path for Sphinx ext.apidoc
sys.path.insert(0, os.path.abspath('..'))
# This is required for ReadTheDocs.org, but isn't a bad idea anyway.
os.environ['DJANGO_SETTINGS_MODULE'] = 'openstack_dashboard.settings'
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#sys.path.insert(0, os.path.abspath('.'))
# -- General configuration -----------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
#needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = [
'sphinx.ext.autodoc',
#'sphinx.ext.intersphinx',
'sphinx.ext.todo',
'sphinx.ext.coverage',
'sphinx.ext.viewcode',
'openstackdocstheme',
'ext.apidoc'
]
# Add any paths that contain templates here, relative to this directory.
#templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
# The encoding of source files.
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = u'pyCADF'
copyright = u'2014, OpenStack Foundation'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '1.0'
# The full version, including alpha/beta/rc tags.
release = '1.0'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
#today = ''
# Else, today_fmt is used as the format for a strftime call.
#today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['_build']
# The reST default role (used for this markup: `text`) to use for all documents.
#default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
#add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
#add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
#show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
#modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
#keep_warnings = False
# -- Options for HTML output ---------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
#html_theme = 'default'
html_theme = 'openstackdocs'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
html_theme_options = {
"nosidebar": "false"
}
# Add any paths that contain custom themes here, relative to this directory.
#html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
#html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
#html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
#html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
#html_static_path = ['_static']
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
#html_last_updated_fmt = '%b %d, %Y'
html_last_updated_fmt = '%Y-%m-%d %H:%M'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
#html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
#html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
#html_additional_pages = {}
# If false, no module index is generated.
#html_domain_indices = True
# If false, no index is generated.
#html_use_index = True
# If true, the index is split into individual pages for each letter.
#html_split_index = False
# If true, links to the reST sources are added to the pages.
#html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
#html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
#html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
#html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
#html_file_suffix = None
# Output file base name for HTML help builder.
htmlhelp_basename = 'pyCADFdoc'
# -- Options for LaTeX output --------------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
#'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
#'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
#'preamble': '',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title, author, documentclass [howto/manual]).
latex_documents = [
('index', 'pyCADF.tex', u'pyCADF Documentation',
u'OpenStack Foundation', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
#latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#latex_use_parts = False
# If true, show page references after internal links.
#latex_show_pagerefs = False
# If true, show URL addresses after external links.
#latex_show_urls = False
# Documents to append as an appendix to all manuals.
#latex_appendices = []
# If false, no module index is generated.
#latex_domain_indices = True
# -- Options for manual page output --------------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
('index', 'pycadf', u'pyCADF Documentation',
[u'OpenStack Foundation'], 1)
]
# If true, show URL addresses after external links.
#man_show_urls = False
# -- Options for Texinfo output ------------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
('index', 'pyCADF', u'pyCADF Documentation',
u'OpenStack Foundation', 'pyCADF', 'One line description of project.',
'Miscellaneous'),
]
# Documents to append as an appendix to all manuals.
#texinfo_appendices = []
# If false, no module index is generated.
#texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
#texinfo_no_detailmenu = False
# -- Options for openstackdocstheme -------------------------------------------
repository_name = 'openstack/pycadf'
bug_project = 'pycadf'
bug_tag = ''

220
doc/source/event_concept.rst
View File

@ -1,220 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _event_concept:
=======
Events
=======
The principal goal of this specification is to ensure that similar auditable
events, such as a "logon" or "critical resource update" resolve to the same
data format with prescriptive data types, entities, and properties to
facilitate reporting, query, federation, and aggregation.
Defining Events
===============
The event model is intended to describe the interactions between resources
that compose a cloud service. Conceptually, the event is based upon the
perspective of a single RESOURCE called the OBSERVER that is responsible for
observing the Actual Event and creating the (initial) CADF Event Record.
.. figure:: ./images/observer_cadf.png
:width: 100%
:align: center
:alt: Figure 1: Observer perspective of an Event
At a minimum, an Event must include the following attributes to be
CADF-compliant: eventType, observer, initiator, target, action, and outcome.
CADF's event model is extensible so any additional attributes that may better
help describe the event can be added to the event model as an additional
attribute.
.. note::
In some cases, the OBSERVER, INITIATOR, and TARGET could reference the same
resource. The precise interpretation of these components, therefore, will
depend somewhat on the type of event being recorded, and the specific
activity and resources involved.
Use Case Examples
=================
1. Auditing access to a controlled resource
Scenario: A cloud provider has a software component that manages identity and
access control that we will call an "identity management service". This
service is required, by the provider's security policy, to log all user
activities including "logon" attempts against any servers within the
provider's infrastructure.
.. figure:: ./images/audit_event.png
:width: 100%
:align: center
:alt: Figure 2: Conceptually mapping values of an audit event
================= ========================== ==========================================================================================
Event Attribute Value Reason
================= ========================== ==========================================================================================
eventType activity OBSERVER is required to report any user security activity
observer.typeURI service/security/identity Value from the CADF Resource Taxonomy most closely describes an "Identity Manager Service"
initiator.typeURI data/security/account/user Value from the CADF Resource Taxonomy most closely describes a "user"
action authenticate/logon Value from the CADF Action Taxonomy most closely describes a user "logon" action.
target.typeURI service/compute/node Value from the CADF Resource Taxonomy most closely describes a target "server"
outcome success Any valid CADF Outcome Taxonomy value that describes result of action
measurement N/A A MEASUREMENT component is not required for "activity" type events.
REASON N/A A REASON component is not required for "activity" type events.
================= ========================== ==========================================================================================
Event serialisation (including some optional attributes for additional
details):
.. code-block:: javascript
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
"eventTime": "2014-02-27T19:29:30.855665+0000",
"target": {
"typeURI": "service/compute/node",
// optional Endpoints to describe compute node,
"addresses": [
{
"url": "http://9.26.26.250:8774/v2/e7e2bcc9c0df4f3eabcd412ae62503f6",
"name": "admin"
},
{
"url": "http://9.26.26.250:8774/v2/e7e2bcc9c0df4f3eabcd412ae62503f6",
"name": "private"
},
{
"url": "http://9.26.26.250:8774/v2/e7e2bcc9c0df4f3eabcd412ae62503f6",
"name": "public"
}
],
"id": "06747855d62547d4bfd707f75b8a1c54",
"name": "nova"
},
"observer": {
"id": "target" // shortform to show Observer Resource is the same as Target,
},
// tags use to query events on,
"tags": [
"correlation_id?value=56cdde6f-6b4e-48a4-94e6-defb40522fb2"
],
"eventType": "activity",
"initiator": {
"typeURI": "data/security/account/user",
"name": "admin",
// optional Credential to describe resource,
"credential": {
"token": "MIIQzgYJKoZIhvcNAQcCoIIQvzCCELsC xxxxxxxx zqvD9OPWZm7VQpYNK2EvrZi-mTvb5A==",
"identity_status": "Confirmed"
},
// optional Host to describe resource,
"host": {
"agent": "python-novaclient",
"address": "9.26.26.250"
},
"project_id": "e7e2bcc9c0df4f3eabcd412ae62503f6",
"id": "68a3f50705a54f799ce94380fc02ed8a"
},
// optional Reason for activity event,
"reason": {
"reasonCode": "200",
"reasonType": "HTTP"
},
// list of Resources which edited event,
"reporterchain": [
{
"reporterTime": "2014-02-27T19:29:31.043902+0000",
"role": "modifier",
"reporter": {
"id": "target"
}
}
],
"action": "authenticate/logon",
"outcome": "success",
"id": "0a196053-95de-48f8-9890-4527b25b5007",
// Event model is extensible so additional attributes may be added to describe model,
"requestPath": "/v2/e7e2bcc9c0df4f3eabcd412ae62503f6/os-certificates"
}
2. Periodic monitoring resource status
Scenario: A cloud provider has software monitoring agents(Ceilometer)
installed on every server(Nova) that it makes available as an IaaS resource
to its customers. These agents are required to provide periodic informational
status of each server's CPU utilisation along with metric data to their
operations management software by using the CADF Event Record format.
.. figure:: ./images/monitor_event.png
:width: 100%
:align: center
:alt: Figure 3: Conceptually mapping values of an monitor event
================= ====================== ==========================================================================================
Event Attribute Value Reason
================= ====================== ==========================================================================================
eventType monitor OBSERVER is required to monitor a server's CPU utilization
observer.typeURI service/oss/monitoring Value from the CADF Resource Taxonomy most closely describes a "software monitoring agent"
initiator.typeURI service/oss/monitoring OBSERVER is also the INITIATOR of this monitoring event
action monitor Value from the CADF Action Taxonomy
target.typeURI service/compute/cpu Value from the CADF Resource Taxonomy most closely describes a servers "cpu"
outcome success OBSERVER successfully obtained and reported a CPU utilization measurement
measurement 80% MEASUREMENT component is required and the observed value is 80% CPU utilisation
reason N/A REASON component is not required for "monitor" type events.
================= ====================== ==========================================================================================
Event serialisation:
.. code-block:: javascript
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
"eventTime": "2014-02-27T19:29:30.855665+0000",
"target": {
"typeURI": "service/compute/cpu",
"id": "06747855d62547d4bfd707f75b8a1c54",
"name": "instance"
},
"observer": {
"id": "initiator"
},
"eventType": "monitor",
"initiator": {
"typeURI": "service/oss/monitoring",
"name": "ceilometer-pollster",
"id": "68a3f50705a54f799ce94380fc02ed8a"
},
"measurement": [
{
"result": "80",
"metric": {
"metricId": "<metric_id>",
"unit": "%",
"name": "CPU utilisation metric"
}
}
],
"action": "monitor",
"outcome": "success",
"id": "0a196053-95de-48f8-9890-4527b25b5007"
}
.. note::
Additional use cases can be found in the Full CADF specification.

1
doc/source/history.rst
View File

@ -1 +0,0 @@
.. include:: ../../ChangeLog

BIN
doc/source/images/audit_event.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 36 KiB

BIN
doc/source/images/middleware.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 48 KiB

BIN
doc/source/images/monitor_event.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 98 KiB

BIN
doc/source/images/observer_cadf.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 32 KiB

84
doc/source/index.rst
View File

@ -1,84 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
===============================
PyCADF developer documentation
===============================
The `CADF (Cloud Audit Data Federation Working Group)`_ is working to develop
open standards for audit data which can be federated from cloud providers,
with the intent to elevate customer's trust in cloud hosted applications.
Specifications and profiles produced by the CADF will help protect the
investments of companies seeking to move their applications to cloud
deployment models and preserve their ability to audit operational processes,
regardless of their chosen cloud provider. The CADF develops specifications
for audit event data and interface models and a compatible interaction model
that will describe interactions between IT resources for cloud deployment models.
pyCADF is the python implementation of the CADF specification. This documentation
offers information on how CADF works and how to contribute to the project.
.. _CADF (Cloud Audit Data Federation Working Group): http://www.dmtf.org/standards/cadf
Getting Started
===============
.. toctree::
:maxdepth: 1
event_concept
specification/index
middleware
audit_maps
Contributing
============
pyCADF utilizes all of the usual OpenStack processes and requirements for
contributions. The code is hosted `on OpenStack's Git server`_. `Bug reports`_
and `blueprints`_ may be submitted to the :code:`pycadf` project on
`Launchpad`_. Code may be submitted to the :code:`openstack/pycadf` project
using `Gerrit`_.
.. _`on OpenStack's Git server`: https://git.openstack.org/cgit/openstack/pycadf/tree
.. _Launchpad: https://launchpad.net/pycadf
.. _Gerrit: https://docs.openstack.org/infra/manual/developers.html#development-workflow
.. _Bug reports: https://bugs.launchpad.net/pycadf/+bugs
.. _blueprints: https://blueprints.launchpad.net/pycadf
.. _PyPi: https://pypi.python.org/pypi/pycadf
.. _tarball: https://tarballs.openstack.org/pycadf
Code Documentation
==================
.. toctree::
:maxdepth: 1
api/modules
Release Notes
=============
.. toctree::
:maxdepth: 1
history
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`

26
doc/source/middleware.rst
View File

@ -1,26 +0,0 @@
..
Copyright 2014 IBM Corp
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _middleware:
=================
Audit middleware
=================
pyCADF's version of the audit middleware has been deprecated as of pyCADF
0.8.0. For continued support, the middleware is now maintained under the
Identity (Keystone) umbrella. Related documentation can be found here_.
.. _here: https://docs.openstack.org/keystonemiddleware/latest/audit.html

58
doc/source/specification/attachments.rst
View File

@ -1,58 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _attachments:
============
Attachments
============
An attachment is a container for data or "content" that may follow any
structure - from an atomic type to a complex hierarchy. However, it is
desirable for processing and interoperability that the type - or
structure - of the content be identified by a simple value. To this end the
attachment also contains a "content type", i.e., a URI that identifies the
kind of content.
Attachments are intended to be used for inclusion of domain-specific,
informative, or descriptive information.
=========== ========= ======== ======================================================================================
Property Type Required Description
=========== ========= ======== ======================================================================================
typeURI xs:anyURI Yes The URI that identifies the type of data contained in the "content" property.
content xs:any Yes A container that contains any type of data (as defined by the "contentType" property).
contentType xs:string Yes An optional name that can be used to provide an identifying name for the content.
=========== ========= ======== ======================================================================================
Serialisation
=============
.. code-block:: javascript
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
...,
"attachments": [
{
"content": "xs:any",
"contentType": "xs:anyURI"
},
{
"content": "xs:any",
"contentType": "xs:anyURI"
}
]
}

55
doc/source/specification/credentials.rst
View File

@ -1,55 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _credentials:
============
Credentials
============
This type provides a means to describe various credentials along with any
information about the authority that is responsible for maintaining them.
This is intended to be associated with a CADF Resource's identity and reflects
any authorizations or identity assertions the resource may use to gain access
to other resources.
========== ========= ======== ===================================================================================================
Property Type Required Description
========== ========= ======== ===================================================================================================
type xs:anyURI No Type of credential. (e.g., auth. token, identity token, etc.)
token xs:any Yes The primary opaque or non-opaque identity or security token (e.g., an opaque or obfuscated user ID)
authority xs:anyURI No The trusted authority (a service) that understands and can verify the credential.
assertions cadf:Map No Optional list of additional assertions or attributes that belong to the credential
========== ========= ======== ===================================================================================================
Serialisation
=============
.. code-block:: javascript
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
"action": "authenticate",
...,
"initiator": {
"id": "joe.user@example.com",
"typeURI": "data/security/account/user",
...,
"credential": {
"type": "https://mycloud.com/v2/token",
"token": "myuuid:1ef0-abdf-xxxx-xxxx"
}
}
}

53
doc/source/specification/endpoints.rst
View File

@ -1,53 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _endpoints:
==========
Endpoints
==========
The Endpoint type is used to provide information about a resource's location
on a network.
======== ========= ======== =================================================================================
Property Type Required Description
======== ========= ======== =================================================================================
url xs:anyURI Yes The network address of the endpoint; for IP-based addresses
name xs:string No An optional property to provide a logical name for the endpoint
port xs:string No An optional property to provide the port value separate from the address property
======== ========= ======== =================================================================================
Serialisation
=============
.. code-block:: javascript
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
...,
"target": {
"id": "myscheme://mydomain/resource/id/0001",
"name": "server_0001",
"addresses": [
{
"name": "public",
"url": "http://mydomain/mypath/server-0001/"
},
...
],
...
}
}

115
doc/source/specification/events.rst
View File

@ -1,115 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _events:
=======
Events
=======
The CADF Event Model applies semantics to the activities, resources,
information, and changes within a cloud provider's infrastructure and models
these using the concept of an event.
============= =================== ========= =============================================================================================================================================================
Property Type Required Description
============= =================== ========= =============================================================================================================================================================
id cadf:Identifier Yes The unique identifier of the CADF Event Record
typeURI cadf:Path Dependent Can be used to declare versioning of Events.
eventType xs:string Yes The classification of the type of event
eventTime cadf:Timestamp Yes The OBSERVER's best estimate as to the time the Actual Event occurred or began
action cadf:Path Yes This property represents the event's ACTION
outcome cadf:Path Yes A valid classification value from the CADF Outcome Taxonomy
initiator cadf:Resource Dependent The event's INITIATOR. Required if not initiatorId
initiatorId cadf:Identifier Dependent The event's INITIATOR resource by reference. Required if not initiator
target cadf:Resource Dependent The event's TARGET. Required if not targetId
targetId cadf:Identifier Dependent The event's TARGET by reference. Required if not target
observer cadf:Resource Dependent The event's OBSERVER. Required if not observerId
observerId cadf:Identifier Dependent The event's OBSERVER by reference. Required if not observer
reason cadf:Reason No Domain-specific reason code and policy data that provides an additional level of detail to the outcome value. Required if the eventType property is "control"
severity xs:string No Describes domain-relative severity assigned to the event by the OBSERVER. This property's value is non-normative
measurements cadf:Measurement[] Dependent Any measurement (values) associated with the event. Required if the eventType property is "monitor"
name xs:string No A descriptive name for the event
tags cadf:Tag[] No Array of Tags that MAY be used to further qualify or categorize the CADF Event Record
attachments cadf:Attachment[] No Array of extended or domain-specific information about the event or its context
reporterchain cadf:Reporterstep[] No Array of Reporterstep typed data that contains information about the sequenced handling of or change to the associated CADF Event Record by any REPORTER
============= =================== ========= =============================================================================================================================================================
Serialisation
=============
.. code-block:: javascript
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
"id": "a80dc5ee-be83-48ad-ad5e-6577f2217637",
"eventType": "activity",
"action": "read",
"outcome": "success",
"reason": {
"reasonCode": "200",
"reasonType": "HTTP"
},
"eventTime": "2014-01-17T23:23:38.109989+0000",
"initiator": {
"id": "95f12d248a234a969f456cd2c794f29a",
"typeURI": "service/security/account/user",
"name": "admin",
"project_id": "e55b158759854ea6a7852aa76632c6c1",
"credential": {
"token": "MIIQBgYJKoZIhvcNAQcCoIIP9z xxxxxx KoZIhvcIP9z=",
"identity_status": "Confirmed"
},
"host": {
"agent": "python-novaclient",
"address": "9.26.27.109"
}
},
"target": {
"id": "0f126160203748a5b4923f2eb6e3b7db",
"typeURI": "service/compute/servers",
"name": "nova",
"addresses": [
{
"url": "http://9.26.27.109:8774/v2/e55b158759854ea6a7852aa76632c6c1",
"name": "admin"
},
{
"url": "http://9.26.27.109:8774/v2/e55b158759854ea6a7852aa76632c6c1",
"name": "private"
},
{
"url": "http://9.26.27.109:8774/v2/e55b158759854ea6a7852aa76632c6c1",
"name": "public"
}
]
},
"observer": {
"id": "target"
},
"reporterchain": [
{
"reporterTime": "2014-01-17T23:23:38.154152+0000",
"role": "modifier",
"reporter": {
"id": "target"
}
}
],
"requestPath": "/v2/56600971-90f3-4370-807f-ab79339381a9/servers",
"tags": [
"correlation_id?value=bcac04dc-e0be-4110-862c-347088a7836a"
]
}

87
doc/source/specification/geolocations.rst
View File

@ -1,87 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _geolocations:
=============
Geolocations
=============
Geolocation information, which reveals a resource's physical location, is
obtained by using tracking technologies such as global positioning system
(GPS) devices, or IP geolocation by using databases that map IP addresses to
geographic locations. Geolocation information is widely used in
context-sensitive content delivery, enforcing location-based access
restrictions on services, and fraud detection and prevention.
Due to the intense concerns about security and privacy, countries and regions
introduced various legislation and regulation. To determine whether an event
is compliant sometimes depends on the geolocation of the event. Therefore, it
is crucial to report geolocation information unambiguously in an audit trail.
=========== ========= ======== ===============================================================================================================
Property Type Required Description
=========== ========= ======== ===============================================================================================================
id xs:anyURI No Optional identifier for a geolocation
latitude xs:string No The latitude of a geolocation
longitude xs:string No The longitude of a geolocation
elevation xs:double No The elevation of a geolocation in meters
accuracy xs:double No The accuracy of a geolocation in meters
city xs:string No The city of a geolocation
state xs:string No The state/province of a geolocation
regionICANN xs:string No A region (e.g., a country, a sovereign state, a dependent territory or a special area of geographical interest)
annotations cadf:Map No User-defined geolocation information (e.g., building name, room number)
=========== ========= ======== ===============================================================================================================
Usage Requirements
==================
1. Geolocation typed data SHALL contain at least one valid property and
associated value.
2. Geolocation typed data SHALL NOT be used to represent virtual or logical
locations (e.g. network zone).
3. For each geolocation data instance, the properties SHALL be consistent.
That is, all properties SHALL consistently represent the same geographic
location and SHALL NOT provide conflicting value data.
.. note::
`latitude`, `longitude` and `region` are all supplied as properties
describing the same geolocation, the `latitude` and `longitude` properties
coordinate values should resolve to the same geographic location as
described by the value of the `region` property.
4. ICANN's implementation plan states "Upper and lower case characters are
considered to be syntactically and semantically identical"; therefore,
the "regionICANN" property's values MAY be either upper or lower case.
Serialisation
=============
.. code-block:: javascript
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
...,
"target": {
...,
"geolocation": {
"latitude": "+372207.90",
"longitude": "-1220210.20",
"elevation": "10"
}
}
}

53
doc/source/specification/hosts.rst
View File

@ -1,53 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _hosts:
======
Hosts
======
Most resources that are referenced in an IT or cloud infrastructure are
conceptually "hosted on" or "hosted by" other resources. For example,
"applications" are hosted on "web servers" or "users" may be hosted on a
"network connected device" or a "terminal". In addition, networked resources
are "hosted" by some device attached to some network.
The host resource often provides context or location information for the
resource it is hosting at the time the Actual Event was observed and recorded
(e.g., an IP address, software agent, platform, etc.). Providing a means to
record host information with a CADF Event Record is valuable for audit purposes
because compliance policies and rules are often based on such information.
======== =============== ======== ==============================================
Property Type Required Description
======== =============== ======== ==============================================
id cadf:Identifier No The optional identifier of the host RESOURCE
address xs:anyURI No The optional address of the host RESOURCE
agent xs:string No The optional agent (name) of the host RESOURCE
platform xs:string No The optional platform of the host RESOURCE
======== =============== ======== ==============================================
Serialisation
=============
.. code-block:: javascript
{
"id": "myuuid:1234-5678-90abc-defg-0000",
"address": "10.0.2.15",
"agent": "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:18.0)",
"platform": "Linux version 3.5.0-23-generic (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #35~precise1-Ubuntu SMP Fri Jan 25 17:15:33 UTC 2013"
}

33
doc/source/specification/identifiers.rst
View File

@ -1,33 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _identifiers:
============
Identifiers
============
This specification defines an Identifier type that is based upon the Uniform
Resource Identifier Reference (URI) as specified in RFC3986. Any value that
represents a CADF Identifier type in this specification, its extensions, or
profiles SHALL adhere to the requirements listed in this section:
.. note::
CADF Identifier type values SHALL be created to be Universally Unique
Identifiers (UUIDs) so that when CADF data (e.g., CADF Event Records, Logs,
Reports, Resources, Metrics, etc.) are federated it will be uniquely
identifiable to the source (e.g., cloud provider, service, etc.) that
created them.

30
doc/source/specification/index.rst
View File

@ -1,30 +0,0 @@
==============
Specification
==============
The following is a high-level description of components in the CADF
specification. The basic component of the CADF specification are Events. The
full CADF specification document can be found here_. Additional details on the
CADF specification are accessible via the `DMTF CADF`_ page.
.. _here: http://dmtf.org/sites/default/files/standards/documents/DSP0262_1.0.0.pdf
.. _DMTF CADF: http://www.dmtf.org/standards/cadf
.. toctree::
:maxdepth: 1
events
attachments
credentials
endpoints
geolocations
hosts
identifiers
measurements
paths
reasons
reportersteps
resources
tags
timestamps
taxonomy

79
doc/source/specification/measurements.rst
View File

@ -1,79 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _measurements:
=============
Measurements
=============
A component that contains statistical or measurement information for TARGET
resources that are being monitored. The measurement should be based upon a
defined metric (a method of measurement).
============ =============== ========= =================================================================================================================
Property Type Required Description
============ =============== ========= =================================================================================================================
result xs:any Yes The quantitative or qualitative result of a measurement from applying the associated metric
metric cadf:Metric Dependent The property describes the metric used in generating the measurement result. Required if not metricId
metricId cadf:Identifier Dependent This property identifies a CADF Metric by reference and whose definition exists elsewhere. Required if not metric
calculatedBy cadf:Resource No An optional description of the resource that calculated the measurement
============ =============== ========= =================================================================================================================
Metrics
=======
The Metric data type describes the rules and processes for measuring some
activity or resource, resulting in the generation of some values (captured by
the Measurement type).
=========== =============== ======== ==================================================
Property Type Required Description
=========== =============== ======== ==================================================
metricId cadf:identifier Yes The identifier for the metric.
unit xs:string Yes The metrics unit (e.g., "ms", "Hz", "GB", etc.)
name xs:string No A descriptive name for metric
annotations cadf:map No User-defined metric information.
=========== =============== ======== ==================================================
Serialisation
=============
.. code-block:: javascript
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/log",
...,
"metrics": [
{
"metricId": "myuuid://metric.org/1234",
"unit": "GB",
"name": "Storage Capacity in Gigabytes"
}
],
...,
"events": [
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
...,
"measurements": [
{
"result": "10",
"metricId": "myuuid://metric.org/1234"
}
]
}
]
}

25
doc/source/specification/paths.rst
View File

@ -1,25 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _paths:
======
Paths
======
This clause describes how to represent values that are elements of hierarchies.
This construct is used for example when providing values from CADF Taxonomies
that classify components of the CADF Event Model within CADF Event Records as
path values.

49
doc/source/specification/reasons.rst
View File

@ -1,49 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _reasons:
========
Reasons
========
A component that contains a means to provide additional details and further
classify the top-level OUTCOME of the ACTION included in a CADF Event Record.
========== ========= ======== =====================================================================================================================
Property Type Required Description
========== ========= ======== =====================================================================================================================
reasonType xs:anyURI No The domain URI that defines the "reasonCode" property's value
reasonCode xs:string No An optional detailed result code as described by the domain identified in the "reasonType" property
policyType xs:anyURI No The domain URI that defines the "policyId" propertys value
policyId xs:string No An optional identifier that indicates which policy or algorithm was applied in order to achieve the described OUTCOME
========== ========= ======== =====================================================================================================================
Serialisation
=============
.. code-block:: javascript
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
...,
"reason": {
"reasonType": "http://www.iana.org/assignments/http-status-codes/http-status-codes.xml",
"reasonCode": "408",
"policyType": "http://schemas.xmlsoap.org/ws/2002/12/policy",
"policyId": "http://10.0.3.4/firewall-ruleset/rule0012"
},
...
}

59
doc/source/specification/reportersteps.rst
View File

@ -1,59 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _reportersteps:
==============
Reportersteps
==============
This type represents a step in the REPORTERCHAIN that captures information
about any notable REPORTER (in addition to the OBSERVER) that modified or
relayed the CADF Event Record and any details regarding any modification it
performed on the CADF Event Record it is contained within.
The Reporterstep data type should capture information about the resources that
have had a role in modifying, or relaying the CADF Event Record during its
lifecycle after having been created by the OBSERVER.
============ ================= ========= ==========================================================================================================================
Property Type Required Description
============ ================= ========= ==========================================================================================================================
role xs:string Yes The role the REPORTER performed on the CADF Event Record (e.g., an "observer", "modifier" or "relay" role)
reporter cadf:Resource Dependent This property defines the resource that acted as a REPORTER on a CADF Event Record. Required if not reporterId
reporterId cadf:Identifier Dependent This property identifies a resource that acted as a REPORTER on a CADF Event Record by reference. Required if not reporter
reporterTime cadf:Timestamp No The time a REPORTER adds its Reporterstep entry into the REPORTERCHAIN
attachments cadf:Attachment[] No An optional array of additional data containing information about the reporter or any action it performed
============ ================= ========= ==========================================================================================================================
Serialisation
=============
.. code-block:: javascript
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
...,
"reporterchain": [
{
"role": "modifier",
"reporterTime": "2012-03-22T13:00:00-04:00",
"reporter": {
"id": "myscheme://mydomain/resource/monitor/id/0002"
}
},
...
]
}

62
doc/source/specification/resources.rst
View File

@ -1,62 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _resources:
==========
Resources
==========
Resources in general can be used to describe traditional IT components
(e.g., servers, network devices, etc.), software components
(e.g., platforms, databases, applications, etc.), operational and business
data (e.g., accounts, users, etc.) and roles, which can be assigned to
persons, that describe the authority to access capabilities.
============= ================= ========= ===================================================================================================================================
Property Type Required Description
============= ================= ========= ===================================================================================================================================
id cadf:Identifier Yes The identifier for the resource
typeURI cadf:Path Yes The classification (i.e., type) of the resource using the CADF Resource Taxonomy
name xs:string No The optional local name for the resource (not necessarily unique)
domain xs:string No The optional name of the domain that qualifies the name of the resource
credential cadf:Credential No The optional security credentials associated with the resources identity
addresses cadf:Endpoint[] No The optional descriptive addresses (including URLs) of the resource
host cadf:Host No The optional information about the (network) host of the resource
geolocation cadf:Geolocation Dependent This optional property describes the geographic location of the resource using Geolocation data type. Required if not geolocationId
geolocationId cadf:Identifier Dependent This optional property identifies a CADF Geolocation by reference. Required if not geolocation
attachments cadf:Attachment[] No An optional array of extended or domain-specific information about the resource or its contex
============= ================= ========= ===================================================================================================================================
Serialisation
=============
.. code-block:: javascript
{
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
...,
"target": {
"id": "myscheme://mydomain/resource/id/0001",
"typeURI": "service/compute",
"name": "server_0001",
...,
"geolocation": {
"city": "Austin",
"state": "TX",
"regionICANN": "US"
}
}
}

29
doc/source/specification/tags.rst
View File

@ -1,29 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _tags:
=====
Tags
=====
A "tag" is a label that can be added to a CADF Event Record to qualify or
categorize an event.
Tags provide a powerful mechanism for adding domain-specific identifiers and
classifications to CADF Event Records that can be referenced by the CADF Query
Interface. This allows customers to construct custom reports or views on the
event data held by a provider for a specific domain of interest. A CADF Event
Record can have multiple tags that enable cross-domain analysis.

33
doc/source/specification/taxonomy.rst
View File

@ -1,33 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _taxonomy:
=========
Taxonomy
=========
The CADF Resource Taxonomy describes resources that are commonly used in cloud
and enterprise infrastructures. This list was developed based on surveys of
existing cloud architectures, deployments, and implementations. The Resource
Taxonomy, however, is fully intended to be extensible by profiles that may
define additional resource nodes as child nodes to the ones specified below.
When doing so, however, vendors and cloud providers should be aware that this
places an additional burden on the consumer to correctly comprehend the new
node type. Therefore, vendors and providers of CADF audit data should be
careful to provide classification values that extend the existing tree from the
most granular node that closely matches the functions of any newly-defined
resource types. This approach will provide consumers with a baseline
understanding of the function of the new resource type.

34
doc/source/specification/timestamps.rst
View File

@ -1,34 +0,0 @@
..
Copyright 2014 IBM Corp.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _timestamps:
===========
Timestamps
===========
The following example shows the required Lexical representation of the
Timestamp type used in this specification; all Timestamp typed values
SHALL be formatted accordingly:
::
yyyy '-' mm '-' dd 'T' hh ':' mm ':' ss ('.' s+)('+' | '-') hh ':' mm
.. note::
The UTC offset is always required (not optional) and the use of the
character 'Z' (or 'Zulu' time) as an abbreviation for UTC offset +00:00
or -00:00 is NOT permitted.

22
etc/pycadf/ceilometer_api_audit_map.conf
View File

@ -1,22 +0,0 @@
[DEFAULT]
# default target endpoint type
# should match the endpoint type defined in service catalog
target_endpoint_type = None
# possible end path of api requests
[path_keywords]
meters = meter_name
resources = resource_id
statistics = None
samples = sample_id
capabilities = None
alarms = alarm_id
history = None
state = None
event_types = event_type
traits = event_type
events = message_id
# map endpoint type defined in service catalog to CADF typeURI
[service_endpoints]
metering = service/metering

27
etc/pycadf/cinder_api_audit_map.conf
View File

@ -1,27 +0,0 @@
[DEFAULT]
# default target endpoint type
# should match the endpoint type defined in service catalog
target_endpoint_type = None
# map urls ending with specific text to a unique action
[custom_actions]
associate = update/associate
disassociate = update/disassociate
disassociate_all = update/disassociate_all
associations = read/list/associations
# possible end path of api requests
[path_keywords]
defaults = None
detail = None
limits = None
os-quota-specs = project
qos-specs = qos-spec
snapshots = snapshot
types = type
volumes = volume
# map endpoint type defined in service catalog to CADF typeURI
[service_endpoints]
volume = service/storage/block
volumev2 = service/storage/block

16
etc/pycadf/glance_api_audit_map.conf
View File

@ -1,16 +0,0 @@
[DEFAULT]
# default target endpoint type
# should match the endpoint type defined in service catalog
target_endpoint_type = None
# possible end path of api requests
[path_keywords]
detail = None
file = None
images = image
members = member
tags = tag
# map endpoint type defined in service catalog to CADF typeURI
[service_endpoints]
image = service/storage/image

32
etc/pycadf/heat_api_audit_map.conf
View File

@ -1,32 +0,0 @@
[DEFAULT]
# default target endpoint type
# should match the endpoint type defined in service catalog
target_endpoint_type = None
# possible end path of api requests
[path_keywords]
stacks = stack
resources = resource
preview = None
detail = None
abandon = None
snapshots = snapshot
restore = None
outputs = output
metadata = server
signal = None
events = event
template = None
template_versions = template_version
functions = None
validate = None
resource_types = resource_type
build_info = None
actions = None
software_configs = software_config
software_deployments = software_deployment
services = None
# map endpoint type defined in service catalog to CADF typeURI
[service_endpoints]
orchestration = service/orchestration

25
etc/pycadf/ironic_api_audit_map.conf
View File

@ -1,25 +0,0 @@
[DEFAULT]
# default target endpoint type
# should match the endpoint type defined in service catalog
target_endpoint_type = None
# possible end path of api requests
[path_keywords]
nodes = node
drivers = driver
chassis = chassis
ports = port
states = state
power = None
provision = None
maintenance = None
validate = None
boot_device = None
supported = None
console = None
vendor_passthrus = vendor_passthru
# map endpoint type defined in service catalog to CADF typeURI
[service_endpoints]
baremetal = service/compute/baremetal

31
etc/pycadf/neutron_api_audit_map.conf
View File

@ -1,31 +0,0 @@
[DEFAULT]
# default target endpoint type
# should match the endpoint type defined in service catalog
target_endpoint_type = None
[custom_actions]
add_router_interface = update/add
remove_router_interface = update/remove
# possible end path of api requests
[path_keywords]
floatingips = ip
healthmonitors = healthmonitor
health_monitors = health_monitor
lb = None
members = member
metering-labels = label
metering-label-rules = rule
networks = network
pools = pool
ports = port
routers = router
quotas = quota
security-groups = security-group
security-group-rules = rule
subnets = subnet
vips = vip
# map endpoint type defined in service catalog to CADF typeURI
[service_endpoints]
network = service/network

72
etc/pycadf/nova_api_audit_map.conf
View File

@ -1,72 +0,0 @@
[DEFAULT]
# default target endpoint type
# should match the endpoint type defined in service catalog
target_endpoint_type = None
[custom_actions]
enable = enable
disable = disable
delete = delete
startup = start/startup
shutdown = stop/shutdown
reboot = start/reboot
os-migrations/get = read
os-server-password/post = update
# possible end path of api requests
[path_keywords]
add = None
action = None
enable = None
disable = None
configure-project = None
defaults = None
delete = None
detail = None
diagnostics = None
entries = entry
extensions = alias
flavors = flavor
images = image
ips = label
limits = None
metadata = key
os-agents = os-agent
os-aggregates = os-aggregate
os-availability-zone = None
os-certificates = None
os-cloudpipe = None
os-fixed-ips = ip
os-extra_specs = key
os-flavor-access = None
os-floating-ip-dns = domain
os-floating-ips-bulk = host
os-floating-ip-pools = None
os-floating-ips = floating-ip
os-hosts = host
os-hypervisors = hypervisor
os-instance-actions = instance-action
os-keypairs = keypair
os-migrations = None
os-networks = network
os-quota-sets = tenant
os-security-groups = security_group
os-security-group-rules = rule
os-server-password = None
os-services = None
os-simple-tenant-usage = tenant
os-virtual-interfaces = None
os-volume_attachments = attachment
os-volumes_boot = None
os-volumes = volume
os-volume-types = volume-type
os-snapshots = snapshot
reboot = None
servers = server
shutdown = None
startup = None
statistics = None
# map endpoint type defined in service catalog to CADF typeURI
[service_endpoints]
compute = service/compute

23
etc/pycadf/trove_api_audit_map.conf
View File

@ -1,23 +0,0 @@
[DEFAULT]
# default target endpoint type
# should match the endpoint type defined in service catalog
target_endpoint_type = None
# possible end path of api requests
[path_keywords]
instances=instance
configuration=None
root=None
action=None
databases=database
users=user
flavors=flavor
backups=backup
configurations=configuration
versions=version
datastores=datastore
parameters=parameter
# map endpoint type defined in service catalog to CADF typeURI
[service_endpoints]
database=service/database

0
pycadf/__init__.py
View File

68
pycadf/attachment.py
View File

@ -1,68 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
from pycadf import cadftype
ATTACHMENT_KEYNAME_TYPEURI = "typeURI"
ATTACHMENT_KEYNAME_CONTENT = "content"
ATTACHMENT_KEYNAME_NAME = "name"
ATTACHMENT_KEYNAMES = [ATTACHMENT_KEYNAME_TYPEURI,
ATTACHMENT_KEYNAME_CONTENT,
ATTACHMENT_KEYNAME_NAME]
class Attachment(cadftype.CADFAbstractType):
# TODO(mrutkows): OpenStack / Ceilometer may want to define
# the set of approved attachment types in order to
# limit and validate them.
typeURI = cadftype.ValidatorDescriptor(ATTACHMENT_KEYNAME_TYPEURI,
lambda x: isinstance(
x, six.string_types))
content = cadftype.ValidatorDescriptor(ATTACHMENT_KEYNAME_CONTENT)
name = cadftype.ValidatorDescriptor(ATTACHMENT_KEYNAME_NAME,
lambda x: isinstance(x,
six.string_types))
def __init__(self, typeURI=None, content=None, name=None):
"""Create Attachment data type
:param typeURI: uri that identifies type of data in content
:param content: container that contains any type of data
:param contentType: name used to identify content.
"""
# Attachment.typeURI
if typeURI is not None:
setattr(self, ATTACHMENT_KEYNAME_TYPEURI, typeURI)
# Attachment.content
if content is not None:
setattr(self, ATTACHMENT_KEYNAME_CONTENT, content)
# Attachment.name
if name is not None:
setattr(self, ATTACHMENT_KEYNAME_NAME, name)
# self validate cadf:Attachment type against schema
def is_valid(self):
"""Validation to ensure Attachment required attributes are set.
"""
return (
self._isset(ATTACHMENT_KEYNAME_TYPEURI) and
self._isset(ATTACHMENT_KEYNAME_NAME) and
self._isset(ATTACHMENT_KEYNAME_CONTENT)
)

218
pycadf/cadftaxonomy.py
View File

@ -1,218 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
from pycadf import cadftype
TYPE_URI_ACTION = cadftype.CADF_VERSION_1_0_0 + 'action'
UNKNOWN = 'unknown'
# Commonly used (valid) Event.action values from Nova
ACTION_CREATE = 'create'
ACTION_READ = 'read'
ACTION_UPDATE = 'update'
ACTION_DELETE = 'delete'
# Other CADF actions
ACTION_AUTHENTICATE = 'authenticate'
ACTION_EVALUATE = 'evaluate'
# OpenStack specific, Profile or change CADF spec. to add this action
ACTION_LIST = 'read/list'
# TODO(mrutkows): Make global using WSGI mechanism
ACTION_TAXONOMY = frozenset([
'backup',
'capture',
ACTION_CREATE,
'configure',
ACTION_READ,
ACTION_LIST,
ACTION_UPDATE,
ACTION_DELETE,
'monitor',
'start',
'stop',
'deploy',
'undeploy',
'enable',
'disable',
'send',
'receive',
ACTION_AUTHENTICATE,
'authenticate/login',
'revoke',
'renew',
'restore',
ACTION_EVALUATE,
'allow',
'deny',
'notify',
UNKNOWN
])
# TODO(mrutkows): validate absolute URIs as well
def is_valid_action(value):
for type in ACTION_TAXONOMY:
if value.startswith(type):
return True
return False
TYPE_URI_OUTCOME = cadftype.CADF_VERSION_1_0_0 + 'outcome'
# Valid Event.outcome values
OUTCOME_SUCCESS = 'success'
OUTCOME_FAILURE = 'failure'
OUTCOME_PENDING = 'pending'
# TODO(mrutkows): Make global using WSGI mechanism
OUTCOME_TAXONOMY = frozenset([
OUTCOME_SUCCESS,
OUTCOME_FAILURE,
OUTCOME_PENDING,
UNKNOWN
])
# TODO(mrutkows): validate absolute URIs as well
def is_valid_outcome(value):
return value in OUTCOME_TAXONOMY
SERVICE_SECURITY = 'service/security'
SERVICE_KEYMGR = 'service/security/keymanager'
ACCOUNT_USER = 'service/security/account/user'
CADF_AUDIT_FILTER = 'service/security/audit/filter'
SECURITY_ACCOUNT = 'data/security/account'
SECURITY_CREDENTIAL = 'data/security/credential'
SECURITY_DOMAIN = 'data/security/domain'
SECURITY_ENDPOINT = 'data/security/endpoint'
SECURITY_GROUP = 'data/security/group'
SECURITY_IDENTITY = 'data/security/identity'
SECURITY_KEY = 'data/security/key'
SECURITY_LICENCE = 'data/security/license'
SECURITY_POLICY = 'data/security/policy'
SECURITY_PROFILE = 'data/security/profile'
SECURITY_PROJECT = 'data/security/project'
SECURITY_REGION = 'data/security/region'
SECURITY_ROLE = 'data/security/role'
SECURITY_SERVICE = 'data/security/service'
SECURITY_TRUST = 'data/security/trust'
SECURITY_ACCOUNT_USER = 'data/security/account/user'
KEYMGR_SECRET = 'data/security/keymanager/secret'
KEYMGR_CONTAINER = 'data/security/keymanager/container'
KEYMGR_ORDER = 'data/security/keymanager/order'
KEYMGR_OTHERS = 'data/security/keymanager'
# TODO(mrutkows): Make global using WSGI mechanism
RESOURCE_TAXONOMY = frozenset([
'storage',
'storage/node',
'storage/volume',
'storage/memory',
'storage/container',
'storage/directory',
'storage/database',
'storage/queue',
'compute',
'compute/node',
'compute/cpu',
'compute/machine',
'compute/process',
'compute/thread',
'network',
'network/node',
'network/node/host',
'network/connection',
'network/domain',
'network/cluster',
'service',
'service/oss',
'service/bss',
'service/bss/metering',
'service/composition',
'service/compute',
'service/database',
SERVICE_SECURITY,
SERVICE_KEYMGR,
'service/security/account',
ACCOUNT_USER,
CADF_AUDIT_FILTER,
'service/storage',
'service/storage/block',
'service/storage/image',
'service/storage/object',
'service/network',
'data',
'data/message',
'data/workload',
'data/workload/app',
'data/workload/service',
'data/workload/task',
'data/workload/job',
'data/file',
'data/file/catalog',
'data/file/log',
'data/template',
'data/package',
'data/image',
'data/module',
'data/config',
'data/directory',
'data/database',
'data/security',
SECURITY_ACCOUNT,
SECURITY_CREDENTIAL,
SECURITY_DOMAIN,
SECURITY_ENDPOINT,
SECURITY_GROUP,
SECURITY_IDENTITY,
SECURITY_KEY,
SECURITY_LICENCE,
SECURITY_POLICY,
SECURITY_PROFILE,
SECURITY_PROJECT,
SECURITY_REGION,
SECURITY_ROLE,
SECURITY_SERVICE,
SECURITY_TRUST,
SECURITY_ACCOUNT_USER,
'data/security/account/user/privilege',
'data/database/alias',
'data/database/catalog',
'data/database/constraints',
'data/database/index',
'data/database/instance',
'data/database/key',
'data/database/routine',
'data/database/schema',
'data/database/sequence',
'data/database/table',
'data/database/trigger',
'data/database/view',
KEYMGR_CONTAINER,
KEYMGR_ORDER,
KEYMGR_SECRET,
KEYMGR_OTHERS,
UNKNOWN
])
# TODO(mrutkows): validate absolute URIs as well
def is_valid_resource(value):
for type in RESOURCE_TAXONOMY:
if value.startswith(type):
return True
return False

100
pycadf/cadftype.py
View File

@ -1,100 +0,0 @@
# Copyright (c) 2013 IBM Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import abc
from oslo_serialization import jsonutils
import six
CADF_SCHEMA_1_0_0 = 'cadf:'
CADF_VERSION_1_0_0 = 'http://schemas.dmtf.org/cloud/audit/1.0/'
# Valid cadf:Event record "types"
EVENTTYPE_ACTIVITY = 'activity'
EVENTTYPE_MONITOR = 'monitor'
EVENTTYPE_CONTROL = 'control'
VALID_EVENTTYPES = frozenset([
EVENTTYPE_ACTIVITY,
EVENTTYPE_MONITOR,
EVENTTYPE_CONTROL
])
def is_valid_eventType(value):
return value in VALID_EVENTTYPES
# valid cadf:Event record "Reporter" roles
REPORTER_ROLE_OBSERVER = 'observer'
REPORTER_ROLE_MODIFIER = 'modifier'
REPORTER_ROLE_RELAY = 'relay'
VALID_REPORTER_ROLES = frozenset([
REPORTER_ROLE_OBSERVER,
REPORTER_ROLE_MODIFIER,
REPORTER_ROLE_RELAY
])
def is_valid_reporter_role(value):
return value in VALID_REPORTER_ROLES
class ValidatorDescriptor(object):
def __init__(self, name, func=None):
self.name = name
self.func = func
def __set__(self, instance, value):
if value is not None:
if self.func is not None:
if self.func(value):
instance.__dict__[self.name] = value
else:
raise ValueError('%s failed validation: %s' %
(self.name, self.func))
else:
instance.__dict__[self.name] = value
else:
raise ValueError('%s must not be None.' % self.name)
@six.add_metaclass(abc.ABCMeta)
class CADFAbstractType(object):
"""The abstract base class for all CADF (complex) data types (classes)."""
@abc.abstractmethod
def is_valid(self, value):
pass
def as_dict(self):
"""Return dict representation of Event."""
return jsonutils.to_primitive(self, convert_instances=True)
def _isset(self, attr):
"""Check to see if attribute is defined."""
try:
if isinstance(getattr(self, attr), ValidatorDescriptor):
return False
return True
except AttributeError:
return False
# TODO(mrutkows): Eventually, we want to use the OrderedDict (introduced
# in Python 2.7) type for all CADF classes to store attributes in a
# canonical form. Currently, OpenStack/Jenkins requires 2.6 compatibility
# The reason is that we want to be able to support signing all or parts
# of the event record and need to guarantee order.
# def to_ordered_dict(self, value):
# pass

99
pycadf/credential.py
View File

@ -1,99 +0,0 @@
# Copyright (c) 2013 IBM Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
from pycadf import cadftype
from pycadf import utils
TYPE_URI_CRED = cadftype.CADF_VERSION_1_0_0 + 'credential'
CRED_KEYNAME_TYPE = "type"
CRED_KEYNAME_TOKEN = "token"
CRED_KEYNAMES = [CRED_KEYNAME_TYPE,
CRED_KEYNAME_TOKEN]
FED_CRED_KEYNAME_IDENTITY_PROVIDER = "identity_provider"
FED_CRED_KEYNAME_USER = "user"
FED_CRED_KEYNAME_GROUPS = "groups"
FED_CRED_KEYNAMES = CRED_KEYNAMES + [FED_CRED_KEYNAME_IDENTITY_PROVIDER,
FED_CRED_KEYNAME_USER,
FED_CRED_KEYNAME_GROUPS]
class Credential(cadftype.CADFAbstractType):
type = cadftype.ValidatorDescriptor(
CRED_KEYNAME_TYPE,
lambda x: isinstance(x, six.string_types))
token = cadftype.ValidatorDescriptor(
CRED_KEYNAME_TOKEN,
lambda x: isinstance(x, six.string_types))
def __init__(self, token, type=None):
"""Create Credential data type
:param token: identity or security token
:param type: type of credential (ie. identity token)
"""
# Credential.token
setattr(self, CRED_KEYNAME_TOKEN, utils.mask_value(token))
# Credential.type
if type is not None:
setattr(self, CRED_KEYNAME_TYPE, type)
# TODO(mrutkows): validate this cadf:Credential type against schema
def is_valid(self):
"""Validation to ensure Credential required attributes are set."""
# TODO(mrutkows): validate specific attribute type/format
return self._isset(CRED_KEYNAME_TOKEN)
class FederatedCredential(Credential):
identity_provider = cadftype.ValidatorDescriptor(
FED_CRED_KEYNAME_IDENTITY_PROVIDER,
lambda x: isinstance(x, six.string_types))
user = cadftype.ValidatorDescriptor(
FED_CRED_KEYNAME_USER,
lambda x: isinstance(x, six.string_types))
groups = cadftype.ValidatorDescriptor(
FED_CRED_KEYNAME_GROUPS,
lambda x: isinstance(x, list))
def __init__(self, token, type, identity_provider, user, groups):
super(FederatedCredential, self).__init__(
token=token,
type=type)
# FederatedCredential.identity_provider
setattr(self, FED_CRED_KEYNAME_IDENTITY_PROVIDER, identity_provider)
# FederatedCredential.user
setattr(self, FED_CRED_KEYNAME_USER, user)
# FederatedCredential.groups
setattr(self, FED_CRED_KEYNAME_GROUPS, groups)
def is_valid(self):
"""Validation to ensure Credential required attributes are set."""
return (
super(FederatedCredential, self).is_valid()
and self._isset(CRED_KEYNAME_TYPE)
and self._isset(FED_CRED_KEYNAME_IDENTITY_PROVIDER)
and self._isset(FED_CRED_KEYNAME_USER)
and self._isset(FED_CRED_KEYNAME_GROUPS))

60
pycadf/endpoint.py
View File

@ -1,60 +0,0 @@
# Copyright (c) 2013 IBM Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
from pycadf import cadftype
TYPE_URI_ENDPOINT = cadftype.CADF_VERSION_1_0_0 + 'endpoint'
ENDPOINT_KEYNAME_URL = "url"
ENDPOINT_KEYNAME_NAME = "name"
ENDPOINT_KEYNAME_PORT = "port"
ENDPOINT_KEYNAMES = [ENDPOINT_KEYNAME_URL,
ENDPOINT_KEYNAME_NAME,
ENDPOINT_KEYNAME_PORT]
class Endpoint(cadftype.CADFAbstractType):
url = cadftype.ValidatorDescriptor(
ENDPOINT_KEYNAME_URL, lambda x: isinstance(x, six.string_types))
name = cadftype.ValidatorDescriptor(
ENDPOINT_KEYNAME_NAME, lambda x: isinstance(x, six.string_types))
port = cadftype.ValidatorDescriptor(
ENDPOINT_KEYNAME_PORT, lambda x: isinstance(x, six.string_types))
def __init__(self, url, name=None, port=None):
"""Create Endpoint data type
:param url: address of endpoint
:param name: name of endpoint
:param port: port of endpoint
"""
# ENDPOINT.url
setattr(self, ENDPOINT_KEYNAME_URL, url)
# ENDPOINT.name
if name is not None:
setattr(self, ENDPOINT_KEYNAME_NAME, name)
# ENDPOINT.port
if port is not None:
setattr(self, ENDPOINT_KEYNAME_PORT, port)
# TODO(mrutkows): validate this cadf:ENDPOINT type against schema
def is_valid(self):
"""Validation to ensure Endpoint required attributes are set.
"""
return self._isset(ENDPOINT_KEYNAME_URL)

286
pycadf/event.py
View File

@ -1,286 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
from pycadf import attachment
from pycadf import cadftaxonomy
from pycadf import cadftype
from pycadf import identifier
from pycadf import measurement
from pycadf import reason
from pycadf import reporterstep
from pycadf import resource
from pycadf import tag
from pycadf import timestamp
TYPE_URI_EVENT = cadftype.CADF_VERSION_1_0_0 + 'event'
# Event.eventType
EVENT_KEYNAME_TYPEURI = "typeURI"
EVENT_KEYNAME_EVENTTYPE = "eventType"
EVENT_KEYNAME_ID = "id"
EVENT_KEYNAME_EVENTTIME = "eventTime"
EVENT_KEYNAME_INITIATOR = "initiator"
EVENT_KEYNAME_INITIATORID = "initiatorId"
EVENT_KEYNAME_ACTION = "action"
EVENT_KEYNAME_TARGET = "target"
EVENT_KEYNAME_TARGETID = "targetId"
EVENT_KEYNAME_OUTCOME = "outcome"
EVENT_KEYNAME_REASON = "reason"
EVENT_KEYNAME_SEVERITY = "severity"
EVENT_KEYNAME_NAME = "name"
EVENT_KEYNAME_MEASUREMENTS = "measurements"
EVENT_KEYNAME_TAGS = "tags"
EVENT_KEYNAME_ATTACHMENTS = "attachments"
EVENT_KEYNAME_OBSERVER = "observer"
EVENT_KEYNAME_OBSERVERID = "observerId"
EVENT_KEYNAME_REPORTERCHAIN = "reporterchain"
EVENT_KEYNAMES = [EVENT_KEYNAME_TYPEURI,
EVENT_KEYNAME_EVENTTYPE,
EVENT_KEYNAME_ID,
EVENT_KEYNAME_EVENTTIME,
EVENT_KEYNAME_INITIATOR,
EVENT_KEYNAME_INITIATORID,
EVENT_KEYNAME_ACTION,
EVENT_KEYNAME_TARGET,
EVENT_KEYNAME_TARGETID,
EVENT_KEYNAME_OUTCOME,
EVENT_KEYNAME_REASON,
EVENT_KEYNAME_SEVERITY,
EVENT_KEYNAME_NAME,
EVENT_KEYNAME_MEASUREMENTS,
EVENT_KEYNAME_TAGS,
EVENT_KEYNAME_ATTACHMENTS,
EVENT_KEYNAME_OBSERVER,
EVENT_KEYNAME_OBSERVERID,
EVENT_KEYNAME_REPORTERCHAIN]
class Event(cadftype.CADFAbstractType):
eventType = cadftype.ValidatorDescriptor(
EVENT_KEYNAME_EVENTTYPE, lambda x: cadftype.is_valid_eventType(x))
id = cadftype.ValidatorDescriptor(EVENT_KEYNAME_ID,
lambda x: identifier.is_valid(x))
eventTime = cadftype.ValidatorDescriptor(EVENT_KEYNAME_EVENTTIME,
lambda x: timestamp.is_valid(x))
initiator = cadftype.ValidatorDescriptor(
EVENT_KEYNAME_INITIATOR,
(lambda x: isinstance(x, resource.Resource) and x.is_valid()
and x.id != 'initiator'))
initiatorId = cadftype.ValidatorDescriptor(
EVENT_KEYNAME_INITIATORID, lambda x: identifier.is_valid(x))
action = cadftype.ValidatorDescriptor(
EVENT_KEYNAME_ACTION, lambda x: cadftaxonomy.is_valid_action(x))
target = cadftype.ValidatorDescriptor(
EVENT_KEYNAME_TARGET,
(lambda x: isinstance(x, resource.Resource) and x.is_valid()
and x.id != 'target'))
targetId = cadftype.ValidatorDescriptor(
EVENT_KEYNAME_TARGETID, lambda x: identifier.is_valid(x))
outcome = cadftype.ValidatorDescriptor(
EVENT_KEYNAME_OUTCOME, lambda x: cadftaxonomy.is_valid_outcome(x))
reason = cadftype.ValidatorDescriptor(
EVENT_KEYNAME_REASON,
lambda x: isinstance(x, reason.Reason) and x.is_valid())
name = cadftype.ValidatorDescriptor(EVENT_KEYNAME_NAME,
lambda x: isinstance(
x, six.string_types))
severity = cadftype.ValidatorDescriptor(EVENT_KEYNAME_SEVERITY,
lambda x: isinstance(
x, six.string_types))
observer = cadftype.ValidatorDescriptor(
EVENT_KEYNAME_OBSERVER,
(lambda x: isinstance(x, resource.Resource) and x.is_valid()))
observerId = cadftype.ValidatorDescriptor(
EVENT_KEYNAME_OBSERVERID, lambda x: identifier.is_valid(x))
def __init__(self, eventType=cadftype.EVENTTYPE_ACTIVITY,
id=None, eventTime=None,
action=cadftaxonomy.UNKNOWN, outcome=cadftaxonomy.UNKNOWN,
initiator=None, initiatorId=None, target=None, targetId=None,
severity=None, reason=None, observer=None, observerId=None,
name=None):
"""Create an Event
:param eventType: eventType of Event. Defaults to 'activity' type
:param id: id of event. will generate uuid if None
:param eventTime: time of event. will take current utc if None
:param action: event's action (see Action taxonomy)
:param outcome: Event's outcome (see Outcome taxonomy)
:param initiator: Event's Initiator Resource
:param initiatorId: Event's Initiator Resource id
:param target: Event's Target Resource
:param targetId: Event's Target Resource id
:param severity: domain-relative severity of Event
:param reason: domain-specific Reason type
:param observer: Event's Observer Resource
:param observerId: Event's Observer Resource id
:param name: descriptive name for the event
"""
# Establish typeURI for the CADF Event data type
# TODO(mrutkows): support extended typeURIs for Event subtypes
setattr(self, EVENT_KEYNAME_TYPEURI, TYPE_URI_EVENT)
# Event.eventType (Mandatory)
setattr(self, EVENT_KEYNAME_EVENTTYPE, eventType)
# Event.id (Mandatory)
setattr(self, EVENT_KEYNAME_ID, id or identifier.generate_uuid())
# Event.eventTime (Mandatory)
setattr(self, EVENT_KEYNAME_EVENTTIME,
eventTime or timestamp.get_utc_now())
# Event.action (Mandatory)
setattr(self, EVENT_KEYNAME_ACTION, action)
# Event.outcome (Mandatory)
setattr(self, EVENT_KEYNAME_OUTCOME, outcome)
# Event.observer (Mandatory if no observerId)
if observer is not None:
setattr(self, EVENT_KEYNAME_OBSERVER, observer)
# Event.observerId (Dependent)
if observerId is not None:
setattr(self, EVENT_KEYNAME_OBSERVERID, observerId)
# Event.initiator (Mandatory if no initiatorId)
if initiator is not None:
setattr(self, EVENT_KEYNAME_INITIATOR, initiator)
# Event.initiatorId (Dependent)
if initiatorId is not None:
setattr(self, EVENT_KEYNAME_INITIATORID, initiatorId)
# Event.target (Mandatory if no targetId)
if target is not None:
setattr(self, EVENT_KEYNAME_TARGET, target)
# Event.targetId (Dependent)
if targetId is not None:
setattr(self, EVENT_KEYNAME_TARGETID, targetId)
# Event.name (Optional)
if name is not None:
setattr(self, EVENT_KEYNAME_NAME, name)
# Event.severity (Optional)
if severity is not None:
setattr(self, EVENT_KEYNAME_SEVERITY, severity)
# Event.reason (Optional)
if reason is not None:
setattr(self, EVENT_KEYNAME_REASON, reason)
# Event.reporterchain
def add_reporterstep(self, step):
"""Add a Reporterstep
:param step: Reporterstep to be added to reporterchain
"""
if step is not None and isinstance(step, reporterstep.Reporterstep):
if step.is_valid():
# Create the list of Reportersteps if needed
if not hasattr(self, EVENT_KEYNAME_REPORTERCHAIN):
setattr(self, EVENT_KEYNAME_REPORTERCHAIN, list())
reporterchain = getattr(self,
EVENT_KEYNAME_REPORTERCHAIN)
reporterchain.append(step)
else:
raise ValueError('Invalid reporterstep')
else:
raise ValueError('Invalid reporterstep. '
'Value must be a Reporterstep')
# Event.measurements
def add_measurement(self, measure_val):
"""Add a measurement value
:param measure_val: Measurement data type to be added to Event
"""
if (measure_val is not None
and isinstance(measure_val, measurement.Measurement)):
if measure_val.is_valid():
# Create the list of event.Measurements if needed
if not hasattr(self, EVENT_KEYNAME_MEASUREMENTS):
setattr(self, EVENT_KEYNAME_MEASUREMENTS, list())
measurements = getattr(self, EVENT_KEYNAME_MEASUREMENTS)
measurements.append(measure_val)
else:
raise ValueError('Invalid measurement')
else:
raise ValueError('Invalid measurement. '
'Value must be a Measurement')
# Event.tags
def add_tag(self, tag_val):
"""Add Tag to Event
:param tag_val: Tag to add to event
"""
if tag.is_valid(tag_val):
if not hasattr(self, EVENT_KEYNAME_TAGS):
setattr(self, EVENT_KEYNAME_TAGS, list())
getattr(self, EVENT_KEYNAME_TAGS).append(tag_val)
else:
raise ValueError('Invalid tag')
# Event.attachments
def add_attachment(self, attachment_val):
"""Add Attachment to Event
:param attachment_val: Attachment to add to Event
"""
if (attachment_val is not None
and isinstance(attachment_val, attachment.Attachment)):
if attachment_val.is_valid():
# Create the list of Attachments if needed
if not hasattr(self, EVENT_KEYNAME_ATTACHMENTS):
setattr(self, EVENT_KEYNAME_ATTACHMENTS, list())
attachments = getattr(self, EVENT_KEYNAME_ATTACHMENTS)
attachments.append(attachment_val)
else:
raise ValueError('Invalid attachment')
else:
raise ValueError('Invalid attachment. '
'Value must be an Attachment')
# self validate cadf:Event record against schema
def is_valid(self):
"""Validation to ensure Event required attributes are set.
"""
# TODO(mrutkows): Eventually, make sure all attributes are
# from either the CADF spec. (or profiles thereof)
# TODO(mrutkows): validate all child attributes that are CADF types
return (
self._isset(EVENT_KEYNAME_TYPEURI) and
self._isset(EVENT_KEYNAME_EVENTTYPE) and
self._isset(EVENT_KEYNAME_ID) and
self._isset(EVENT_KEYNAME_EVENTTIME) and
self._isset(EVENT_KEYNAME_ACTION) and
self._isset(EVENT_KEYNAME_OUTCOME) and
(self._isset(EVENT_KEYNAME_INITIATOR) ^
self._isset(EVENT_KEYNAME_INITIATORID)) and
(self._isset(EVENT_KEYNAME_TARGET) ^
self._isset(EVENT_KEYNAME_TARGETID)) and
(self._isset(EVENT_KEYNAME_OBSERVER) ^
self._isset(EVENT_KEYNAME_OBSERVERID))
)

58
pycadf/eventfactory.py
View File

@ -1,58 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
from pycadf import cadftype
from pycadf import event
ERROR_UNKNOWN_EVENTTYPE = 'Unknown CADF EventType requested on factory method'
class EventFactory(object):
"""Factory class to create different required attributes for
the following CADF event types:
'activity': for tracking any interesting system activities for audit
'monitor': Events that carry Metrics and Measurements and support
standards such as NIST
'control': For audit events that are based upon (security) policies
and reflect some policy decision.
"""
def new_event(self, eventType=cadftype.EVENTTYPE_ACTIVITY, **kwargs):
"""Create new event
:param eventType: eventType of event. Defaults to 'activity'
"""
# for now, construct a base ('activity') event as the default
event_val = event.Event(**kwargs)
if not cadftype.is_valid_eventType(eventType):
raise ValueError(ERROR_UNKNOWN_EVENTTYPE)
event_val.eventType = eventType
# TODO(mrutkows): CADF is only being used for basic
# 'activity' auditing (on APIs). An IF-ELIF will
# become more meaningful as we add support for other
# event types.
# elif eventType == cadftype.EVENTTYPE_MONITOR:
# # TODO(mrutkows): If we add support for standard (NIST)
# # monitoring messages, we will would have a "monitor"
# # subclass of the CADF Event type and create it here
# event_val.set_eventType(cadftype.EVENTTYPE_MONITOR)
# elif eventType == cadftype.EVENTTYPE_CONTROL:
# # TODO(mrutkows): If we add support for standard (NIST)
# # monitoring messages, we will would have a "control"
# # subclass of the CADF Event type and create it here
# event_val.set_eventType(cadftype.EVENTTYPE_CONTROL)
return event_val

130
pycadf/geolocation.py
View File

@ -1,130 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
from pycadf import cadftype
from pycadf import identifier
# Geolocation types can appear outside a cadf:Event record context, in these
# cases a typeURI may be used to identify the cadf:Geolocation data type.
TYPE_URI_GEOLOCATION = cadftype.CADF_VERSION_1_0_0 + 'geolocation'
GEO_KEYNAME_ID = "id"
GEO_KEYNAME_LATITUDE = "latitude"
GEO_KEYNAME_LONGITUDE = "longitude"
GEO_KEYNAME_ELEVATION = "elevation"
GEO_KEYNAME_ACCURACY = "accuracy"
GEO_KEYNAME_CITY = "city"
GEO_KEYNAME_STATE = "state"
GEO_KEYNAME_REGIONICANN = "regionICANN"
# GEO_KEYNAME_ANNOTATIONS = "annotations"
GEO_KEYNAMES = [GEO_KEYNAME_ID,
GEO_KEYNAME_LATITUDE,
GEO_KEYNAME_LONGITUDE,
GEO_KEYNAME_ELEVATION,
GEO_KEYNAME_ACCURACY,
GEO_KEYNAME_CITY,
GEO_KEYNAME_STATE,
GEO_KEYNAME_REGIONICANN
# GEO_KEYNAME_ANNOTATIONS
]
class Geolocation(cadftype.CADFAbstractType):
id = cadftype.ValidatorDescriptor(GEO_KEYNAME_ID,
lambda x: identifier.is_valid(x))
# TODO(mrutkows): we may want to do more validation to make
# sure numeric range represented by string is valid
latitude = cadftype.ValidatorDescriptor(GEO_KEYNAME_LATITUDE,
lambda x: isinstance(
x, six.string_types))
longitude = cadftype.ValidatorDescriptor(GEO_KEYNAME_LONGITUDE,
lambda x: isinstance(
x, six.string_types))
elevation = cadftype.ValidatorDescriptor(GEO_KEYNAME_ELEVATION,
lambda x: isinstance(
x, six.string_types))
accuracy = cadftype.ValidatorDescriptor(GEO_KEYNAME_ACCURACY,
lambda x: isinstance(
x, six.string_types))
city = cadftype.ValidatorDescriptor(GEO_KEYNAME_CITY,
lambda x: isinstance(
x, six.string_types))
state = cadftype.ValidatorDescriptor(GEO_KEYNAME_STATE,
lambda x: isinstance(
x, six.string_types))
regionICANN = cadftype.ValidatorDescriptor(
GEO_KEYNAME_REGIONICANN,
lambda x: isinstance(x, six.string_types))
def __init__(self, id=None, latitude=None, longitude=None,
elevation=None, accuracy=None, city=None, state=None,
regionICANN=None):
"""Create Geolocation data type
:param id: id of geolocation
:param latitude: latitude of geolocation
:param longitude: longitude of geolocation
:param elevation: elevation of geolocation in meters
:param accuracy: accuracy of geolocation in meters
:param city: city of geolocation
:param state: state/province of geolocation
:param regionICANN: region of geolocation (ie. country)
"""
# Geolocation.id
if id is not None:
setattr(self, GEO_KEYNAME_ID, id)
# Geolocation.latitude
if latitude is not None:
setattr(self, GEO_KEYNAME_LATITUDE, latitude)
# Geolocation.longitude
if longitude is not None:
setattr(self, GEO_KEYNAME_LONGITUDE, longitude)
# Geolocation.elevation
if elevation is not None:
setattr(self, GEO_KEYNAME_ELEVATION, elevation)
# Geolocation.accuracy
if accuracy is not None:
setattr(self, GEO_KEYNAME_ACCURACY, accuracy)
# Geolocation.city
if city is not None:
setattr(self, GEO_KEYNAME_CITY, city)
# Geolocation.state
if state is not None:
setattr(self, GEO_KEYNAME_STATE, state)
# Geolocation.regionICANN
if regionICANN is not None:
setattr(self, GEO_KEYNAME_REGIONICANN, regionICANN)
# TODO(mrutkows): add mechanism for annotations, OpenStack may choose
# not to support this "extension mechanism" and is not required (and not
# critical in many audit contexts)
def set_annotations(self, value):
raise NotImplementedError()
# setattr(self, GEO_KEYNAME_ANNOTATIONS, value)
# self validate cadf:Geolocation type
def is_valid(self):
return True

0
pycadf/helper/__init__.py
View File

40
pycadf/helper/api.py
View File

@ -1,40 +0,0 @@
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
from pycadf import cadftaxonomy
def convert_req_action(method, details=None):
"""Maps standard HTTP methods to equivalent CADF action
:param method: HTTP request method
:param details: Extra details to append to action.
"""
mapping = {'get': cadftaxonomy.ACTION_READ,
'head': cadftaxonomy.ACTION_READ,
'post': cadftaxonomy.ACTION_CREATE,
'put': cadftaxonomy.ACTION_UPDATE,
'delete': cadftaxonomy.ACTION_DELETE,
'patch': cadftaxonomy.ACTION_UPDATE,
'options': cadftaxonomy.ACTION_READ,
'trace': 'capture'}
action = None
if isinstance(method, six.string_types):
action = mapping.get(method.lower())
if action and isinstance(details, six.string_types):
action += '/%s' % details
return action or cadftaxonomy.UNKNOWN

71
pycadf/host.py
View File

@ -1,71 +0,0 @@
# Copyright (c) 2013 IBM Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
from pycadf import cadftype
from pycadf import identifier
TYPE_URI_HOST = cadftype.CADF_VERSION_1_0_0 + 'host'
HOST_KEYNAME_ID = "id"
HOST_KEYNAME_ADDR = "address"
HOST_KEYNAME_AGENT = "agent"
HOST_KEYNAME_PLATFORM = "platform"
HOST_KEYNAMES = [HOST_KEYNAME_ID,
HOST_KEYNAME_ADDR,
HOST_KEYNAME_AGENT,
HOST_KEYNAME_PLATFORM]
class Host(cadftype.CADFAbstractType):
id = cadftype.ValidatorDescriptor(
HOST_KEYNAME_ID, lambda x: identifier.is_valid(x))
address = cadftype.ValidatorDescriptor(
HOST_KEYNAME_ADDR, lambda x: isinstance(x, six.string_types))
agent = cadftype.ValidatorDescriptor(
HOST_KEYNAME_AGENT, lambda x: isinstance(x, six.string_types))
platform = cadftype.ValidatorDescriptor(
HOST_KEYNAME_PLATFORM, lambda x: isinstance(x, six.string_types))
def __init__(self, id=None, address=None, agent=None,
platform=None):
"""Create Host data type
:param id: id of Host
:param address: optional Address of Host
:param agent: agent (name) of Host
:param platform: platform of Host
"""
# Host.id
if id is not None:
setattr(self, HOST_KEYNAME_ID, id)
# Host.address
if address is not None:
setattr(self, HOST_KEYNAME_ADDR, address)
# Host.agent
if agent is not None:
setattr(self, HOST_KEYNAME_AGENT, agent)
# Host.platform
if platform is not None:
setattr(self, HOST_KEYNAME_PLATFORM, platform)
# TODO(mrutkows): validate this cadf:Host type against schema
def is_valid(self):
"""Validation to ensure Host required attributes are set.
"""
return True

81
pycadf/identifier.py
View File

@ -1,81 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import hashlib
import re
import uuid
import warnings
from debtcollector import removals
from oslo_config import cfg
import six
CONF = cfg.CONF
opts = [
cfg.StrOpt('namespace',
default='openstack',
help='namespace prefix for generated id'),
]
CONF.register_opts(opts, group='audit')
AUDIT_NS = None
if CONF.audit.namespace:
md5_hash = hashlib.md5(CONF.audit.namespace.encode('utf-8'))
AUDIT_NS = uuid.UUID(md5_hash.hexdigest())
VALID_EXCEPTIONS = ['default', 'initiator', 'observer', 'target']
def generate_uuid():
"""Generate a CADF identifier."""
if AUDIT_NS:
return str(uuid.uuid5(AUDIT_NS, str(uuid.uuid4())))
return str(uuid.uuid4())
@removals.remove
def norm_ns(str_id):
"""Apply a namespace to the identifier."""
prefix = CONF.audit.namespace + ':' if CONF.audit.namespace else ''
return prefix + str_id
def _check_valid_uuid(value):
"""Checks a value for one or multiple valid uuids joined together."""
if not value:
raise ValueError
value = re.sub('[{}-]|urn:uuid:', '', value)
for val in [value[i:i + 32] for i in range(0, len(value), 32)]:
uuid.UUID(val)
def is_valid(value):
"""Validation to ensure Identifier is correct.
If the Identifier value is a string type but not a valid UUID string,
warn against interoperability issues and return True. This relaxes
the requirement of having strict UUID checking.
"""
if value in VALID_EXCEPTIONS:
return True
try:
_check_valid_uuid(value)
except (ValueError, TypeError):
if not isinstance(value, six.string_types) or not value:
return False
warnings.warn(('Invalid uuid: %s. To ensure interoperability, '
'identifiers should be a valid uuid.' % (value)))
return True

73
pycadf/measurement.py
View File

@ -1,73 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
from pycadf import cadftype
from pycadf import identifier
from pycadf import metric
from pycadf import resource
MEASUREMENT_KEYNAME_RESULT = "result"
MEASUREMENT_KEYNAME_METRIC = "metric"
MEASUREMENT_KEYNAME_METRICID = "metricId"
MEASUREMENT_KEYNAME_CALCBY = "calculatedBy"
MEASUREMENT_KEYNAMES = [MEASUREMENT_KEYNAME_RESULT,
MEASUREMENT_KEYNAME_METRICID,
MEASUREMENT_KEYNAME_METRIC,
MEASUREMENT_KEYNAME_CALCBY]
class Measurement(cadftype.CADFAbstractType):
result = cadftype.ValidatorDescriptor(MEASUREMENT_KEYNAME_RESULT)
metric = cadftype.ValidatorDescriptor(
MEASUREMENT_KEYNAME_METRIC, lambda x: isinstance(x, metric.Metric))
metricId = cadftype.ValidatorDescriptor(MEASUREMENT_KEYNAME_METRICID,
lambda x: identifier.is_valid(x))
calculatedBy = cadftype.ValidatorDescriptor(
MEASUREMENT_KEYNAME_CALCBY,
(lambda x: isinstance(x, resource.Resource) and x.is_valid()))
def __init__(self, result=None, metric=None, metricId=None,
calculatedBy=None):
"""Create Measurement data type
:param result: value of measurement
:param metric: Metric data type of current measurement
:param metricId: id of Metric data type of current measurement
:param calculatedBy: Resource that calculated measurement
"""
# Measurement.result
if result is not None:
setattr(self, MEASUREMENT_KEYNAME_RESULT, result)
# Measurement.metricId
if metricId is not None:
setattr(self, MEASUREMENT_KEYNAME_METRICID, metricId)
# Measurement.metric
if metric is not None:
setattr(self, MEASUREMENT_KEYNAME_METRIC, metric)
# Measurement.calculaedBy
if calculatedBy is not None:
setattr(self, MEASUREMENT_KEYNAME_CALCBY, calculatedBy)
# self validate this cadf:Measurement type against schema
def is_valid(self):
"""Validation to ensure Measurement required attributes are set.
"""
return (self._isset(MEASUREMENT_KEYNAME_RESULT) and
(self._isset(MEASUREMENT_KEYNAME_METRIC) ^
self._isset(MEASUREMENT_KEYNAME_METRICID)))

81
pycadf/metric.py
View File

@ -1,81 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
from pycadf import cadftype
from pycadf import identifier
# Metric types can appear outside a cadf:Event record context, in these cases
# a typeURI may be used to identify the cadf:Metric data type.
TYPE_URI_METRIC = cadftype.CADF_VERSION_1_0_0 + 'metric'
METRIC_KEYNAME_METRICID = "metricId"
METRIC_KEYNAME_UNIT = "unit"
METRIC_KEYNAME_NAME = "name"
# METRIC_KEYNAME_ANNOTATIONS = "annotations"
METRIC_KEYNAMES = [METRIC_KEYNAME_METRICID,
METRIC_KEYNAME_UNIT,
METRIC_KEYNAME_NAME
# METRIC_KEYNAME_ANNOTATIONS
]
class Metric(cadftype.CADFAbstractType):
metricId = cadftype.ValidatorDescriptor(METRIC_KEYNAME_METRICID,
lambda x: identifier.is_valid(x))
unit = cadftype.ValidatorDescriptor(METRIC_KEYNAME_UNIT,
lambda x: isinstance(x,
six.string_types))
name = cadftype.ValidatorDescriptor(METRIC_KEYNAME_NAME,
lambda x: isinstance(x,
six.string_types))
def __init__(self, metricId=None, unit=None, name=None):
"""Create metric data type
:param metricId: id of metric. uuid generated if not provided
:param unit: unit of metric
:param name: name of metric
"""
# Metric.id
setattr(self, METRIC_KEYNAME_METRICID,
metricId or identifier.generate_uuid())
# Metric.unit
if unit is not None:
setattr(self, METRIC_KEYNAME_UNIT, unit)
# Metric.name
if name is not None:
setattr(self, METRIC_KEYNAME_NAME, name)
# TODO(mrutkows): add mechanism for annotations, OpenStack may choose
# not to support this "extension mechanism" and is not required (and not
# critical in many audit contexts)
def set_annotations(self, value):
raise NotImplementedError()
# setattr(self, METRIC_KEYNAME_ANNOTATIONS, value)
# self validate cadf:Metric type against schema
def is_valid(self):
"""Validation to ensure Metric required attributes are set.
"""
# Existence test, id, and unit attributes must both exist
return (
self._isset(METRIC_KEYNAME_METRICID) and
self._isset(METRIC_KEYNAME_UNIT)
)

36
pycadf/path.py
View File

@ -1,36 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
from pycadf import cadftype
class Path(cadftype.CADFAbstractType):
def set_path_absolute(self):
# TODO(mrutkows): validate absolute path format, else Type error
raise NotImplementedError()
def set_path_relative(self):
# TODO(mrutkows); validate relative path format, else Type error
raise NotImplementedError()
# TODO(mrutkows): validate any cadf:Path (type) record against CADF schema
@staticmethod
def is_valid(value):
if not isinstance(value, six.string_types):
raise TypeError
return True

81
pycadf/reason.py
View File

@ -1,81 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
from pycadf import cadftype
TYPE_URI_REASON = cadftype.CADF_VERSION_1_0_0 + 'reason'
REASON_KEYNAME_REASONTYPE = "reasonType"
REASON_KEYNAME_REASONCODE = "reasonCode"
REASON_KEYNAME_POLICYTYPE = "policyType"
REASON_KEYNAME_POLICYID = "policyId"
REASON_KEYNAMES = [REASON_KEYNAME_REASONTYPE,
REASON_KEYNAME_REASONCODE,
REASON_KEYNAME_POLICYTYPE,
REASON_KEYNAME_POLICYID]
class Reason(cadftype.CADFAbstractType):
reasonType = cadftype.ValidatorDescriptor(
REASON_KEYNAME_REASONTYPE,
lambda x: isinstance(x, six.string_types))
reasonCode = cadftype.ValidatorDescriptor(
REASON_KEYNAME_REASONCODE,
lambda x: isinstance(x, six.string_types))
policyType = cadftype.ValidatorDescriptor(
REASON_KEYNAME_POLICYTYPE,
lambda x: isinstance(x, six.string_types))
policyId = cadftype.ValidatorDescriptor(
REASON_KEYNAME_POLICYID,
lambda x: isinstance(x, six.string_types))
def __init__(self, reasonType=None, reasonCode=None, policyType=None,
policyId=None):
"""Create Reason data type
:param reasonType: domain URI which describes reasonCode
:param reasonCode: detailed result code
:param policyType: domain URI which describes policyId
:param policyId: id of policy applied that describes outcome
"""
# Reason.reasonType
if reasonType is not None:
setattr(self, REASON_KEYNAME_REASONTYPE, reasonType)
# Reason.reasonCode
if reasonCode is not None:
setattr(self, REASON_KEYNAME_REASONCODE, reasonCode)
# Reason.policyType
if policyType is not None:
setattr(self, REASON_KEYNAME_POLICYTYPE, policyType)
# Reason.policyId
if policyId is not None:
setattr(self, REASON_KEYNAME_POLICYID, policyId)
# TODO(mrutkows): validate this cadf:Reason type against schema
def is_valid(self):
"""Validation to ensure Reason required attributes are set.
"""
# MUST have at least one valid pairing of reason+code or policy+id
return ((self._isset(REASON_KEYNAME_REASONTYPE) and
self._isset(REASON_KEYNAME_REASONCODE)) or
(self._isset(REASON_KEYNAME_POLICYTYPE) and
self._isset(REASON_KEYNAME_POLICYID)))

79
pycadf/reporterstep.py
View File

@ -1,79 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
from pycadf import cadftype
from pycadf import identifier
from pycadf import resource
from pycadf import timestamp
REPORTERSTEP_KEYNAME_ROLE = "role"
REPORTERSTEP_KEYNAME_REPORTER = "reporter"
REPORTERSTEP_KEYNAME_REPORTERID = "reporterId"
REPORTERSTEP_KEYNAME_REPORTERTIME = "reporterTime"
# REPORTERSTEP_KEYNAME_ATTACHMENTS = "attachments"
REPORTERSTEP_KEYNAMES = [REPORTERSTEP_KEYNAME_ROLE,
REPORTERSTEP_KEYNAME_REPORTER,
REPORTERSTEP_KEYNAME_REPORTERID,
REPORTERSTEP_KEYNAME_REPORTERTIME,
# REPORTERSTEP_KEYNAME_ATTACHMENTS
]
class Reporterstep(cadftype.CADFAbstractType):
role = cadftype.ValidatorDescriptor(
REPORTERSTEP_KEYNAME_ROLE,
lambda x: cadftype.is_valid_reporter_role(x))
reporter = cadftype.ValidatorDescriptor(
REPORTERSTEP_KEYNAME_REPORTER,
(lambda x: isinstance(x, resource.Resource) and x.is_valid()))
reporterId = cadftype.ValidatorDescriptor(
REPORTERSTEP_KEYNAME_REPORTERID, lambda x: identifier.is_valid(x))
reporterTime = cadftype.ValidatorDescriptor(
REPORTERSTEP_KEYNAME_REPORTERTIME, lambda x: timestamp.is_valid(x))
def __init__(self, role=cadftype.REPORTER_ROLE_MODIFIER,
reporterTime=None, reporter=None, reporterId=None):
"""Create ReporterStep data type
:param role: optional role of Reporterstep. Defaults to 'modifier'
:param reporterTime: utc time of Reporterstep.
:param reporter: CADF Resource of reporter
:param reporterId: id of CADF resource for reporter
"""
# Reporterstep.role
setattr(self, REPORTERSTEP_KEYNAME_ROLE, role)
# Reporterstep.reportTime
if reporterTime is not None:
setattr(self, REPORTERSTEP_KEYNAME_REPORTERTIME, reporterTime)
# Reporterstep.reporter
if reporter is not None:
setattr(self, REPORTERSTEP_KEYNAME_REPORTER, reporter)
# Reporterstep.reporterId
if reporterId is not None:
setattr(self, REPORTERSTEP_KEYNAME_REPORTERID, reporterId)
# self validate this cadf:Reporterstep type against schema
def is_valid(self):
"""Validation to ensure Reporterstep required attributes are set.
"""
return (
self._isset(REPORTERSTEP_KEYNAME_ROLE) and
(self._isset(REPORTERSTEP_KEYNAME_REPORTER) ^
self._isset(REPORTERSTEP_KEYNAME_REPORTERID))
)

183
pycadf/resource.py
View File

@ -1,183 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
from pycadf import attachment
from pycadf import cadftaxonomy
from pycadf import cadftype
from pycadf import credential
from pycadf import endpoint
from pycadf import geolocation
from pycadf import host
from pycadf import identifier
TYPE_URI_RESOURCE = cadftype.CADF_VERSION_1_0_0 + 'resource'
RESOURCE_KEYNAME_TYPEURI = "typeURI"
RESOURCE_KEYNAME_ID = "id"
RESOURCE_KEYNAME_NAME = "name"
RESOURCE_KEYNAME_DOMAIN = "domain"
RESOURCE_KEYNAME_CRED = "credential"
RESOURCE_KEYNAME_REF = "ref"
RESOURCE_KEYNAME_GEO = "geolocation"
RESOURCE_KEYNAME_GEOID = "geolocationId"
RESOURCE_KEYNAME_HOST = "host"
RESOURCE_KEYNAME_ADDRS = "addresses"
RESOURCE_KEYNAME_ATTACHMENTS = "attachments"
RESOURCE_KEYNAMES = [RESOURCE_KEYNAME_TYPEURI,
RESOURCE_KEYNAME_ID,
RESOURCE_KEYNAME_NAME,
RESOURCE_KEYNAME_DOMAIN,
RESOURCE_KEYNAME_CRED,
RESOURCE_KEYNAME_REF,
RESOURCE_KEYNAME_GEO,
RESOURCE_KEYNAME_GEOID,
RESOURCE_KEYNAME_HOST,
RESOURCE_KEYNAME_ADDRS,
RESOURCE_KEYNAME_ATTACHMENTS]
class Resource(cadftype.CADFAbstractType):
typeURI = cadftype.ValidatorDescriptor(
RESOURCE_KEYNAME_TYPEURI, lambda x: cadftaxonomy.is_valid_resource(x))
id = cadftype.ValidatorDescriptor(RESOURCE_KEYNAME_ID,
lambda x: identifier.is_valid(x))
name = cadftype.ValidatorDescriptor(RESOURCE_KEYNAME_NAME,
lambda x: isinstance(x,
six.string_types))
domain = cadftype.ValidatorDescriptor(RESOURCE_KEYNAME_DOMAIN,
lambda x: isinstance(
x, six.string_types))
credential = cadftype.ValidatorDescriptor(
RESOURCE_KEYNAME_CRED, (lambda x: isinstance(x, credential.Credential)
and x.is_valid()))
host = cadftype.ValidatorDescriptor(
RESOURCE_KEYNAME_HOST, lambda x: isinstance(x, host.Host))
# TODO(mrutkows): validate the "ref" attribute is indeed a URI (format),
# If it is a URL, we do not need to validate it is accessible/working,
# for audit purposes this could have been a valid URL at some point
# in the past or a URL that is only valid within some domain (e.g. a
# private cloud)
ref = cadftype.ValidatorDescriptor(RESOURCE_KEYNAME_REF,
lambda x: isinstance(x,
six.string_types))
geolocation = cadftype.ValidatorDescriptor(
RESOURCE_KEYNAME_GEO,
lambda x: isinstance(x, geolocation.Geolocation))
geolocationId = cadftype.ValidatorDescriptor(
RESOURCE_KEYNAME_GEOID, lambda x: identifier.is_valid(x))
def __init__(self, id=None, typeURI=cadftaxonomy.UNKNOWN, name=None,
ref=None, domain=None, credential=None, host=None,
geolocation=None, geolocationId=None):
"""Resource data type
:param id: id of resource
:param typeURI: typeURI of resource, defaults to 'unknown' if not set
:param name: name of resource
:param domain: domain to qualify name of resource
:param credential: optional security Credential data type
:param host: optional Host data type information relating to resource
:param geolocation: optional CADF Geolocation of resource
:param geolocationId: optional id of CADF Geolocation for resource
"""
# Resource.id
setattr(self, RESOURCE_KEYNAME_ID, id or identifier.generate_uuid())
# Resource.typeURI
if (getattr(self, RESOURCE_KEYNAME_ID) != "target" and
getattr(self, RESOURCE_KEYNAME_ID) != "initiator"):
setattr(self, RESOURCE_KEYNAME_TYPEURI, typeURI)
# Resource.name
if name is not None:
setattr(self, RESOURCE_KEYNAME_NAME, name)
# Resource.ref
if ref is not None:
setattr(self, RESOURCE_KEYNAME_REF, ref)
# Resource.domain
if domain is not None:
setattr(self, RESOURCE_KEYNAME_DOMAIN, domain)
# Resource.credential
if credential is not None:
setattr(self, RESOURCE_KEYNAME_CRED, credential)
# Resource.host
if host is not None:
setattr(self, RESOURCE_KEYNAME_HOST, host)
# Resource.geolocation
if geolocation is not None:
setattr(self, RESOURCE_KEYNAME_GEO, geolocation)
# Resource.geolocationId
if geolocationId:
setattr(self, RESOURCE_KEYNAME_GEOID, geolocationId)
# Resource.address
def add_address(self, addr):
"""Add CADF endpoints to Resource
:param addr: CADF Endpoint to add to Resource
"""
if (addr is not None and isinstance(addr, endpoint.Endpoint)):
if addr.is_valid():
# Create the list of Endpoints if needed
if not hasattr(self, RESOURCE_KEYNAME_ADDRS):
setattr(self, RESOURCE_KEYNAME_ADDRS, list())
addrs = getattr(self, RESOURCE_KEYNAME_ADDRS)
addrs.append(addr)
else:
raise ValueError('Invalid endpoint')
else:
raise ValueError('Invalid endpoint. Value must be an Endpoint')
# Resource.attachments
def add_attachment(self, attach_val):
"""Add CADF attachment to Resource
:param attach_val: CADF Attachment to add to Resource
"""
if (attach_val is not None
and isinstance(attach_val, attachment.Attachment)):
if attach_val.is_valid():
# Create the list of Attachments if needed
if not hasattr(self, RESOURCE_KEYNAME_ATTACHMENTS):
setattr(self, RESOURCE_KEYNAME_ATTACHMENTS, list())
attachments = getattr(self, RESOURCE_KEYNAME_ATTACHMENTS)
attachments.append(attach_val)
else:
raise ValueError('Invalid attachment')
else:
raise ValueError('Invalid attachment. Value must be an Attachment')
# self validate this cadf:Resource type against schema
def is_valid(self):
"""Validation to ensure Resource required attributes are set
"""
return (self._isset(RESOURCE_KEYNAME_ID) and
(self._isset(RESOURCE_KEYNAME_TYPEURI) or
((getattr(self, RESOURCE_KEYNAME_ID) == "target" or
getattr(self, RESOURCE_KEYNAME_ID) == "initiator") and
len(vars(self).keys()) == 1)))
# TODO(mrutkows): validate the Resource's attribute types

37
pycadf/tag.py
View File

@ -1,37 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
def generate_name_value_tag(name, value):
"""Generate a CADF tag in the format name?value=<value>
:param name: name of tag
:param valuue: optional value tag
"""
if name is None or value is None:
raise ValueError('Invalid name and/or value. Values cannot be None')
tag = name + "?value=" + value
return tag
# TODO(mrutkows): validate any Tag's name?value= format
def is_valid(value):
"""Validation check to ensure proper Tag format
"""
if not isinstance(value, six.string_types):
raise TypeError
return True

0
pycadf/tests/__init__.py
View File

51
pycadf/tests/base.py
View File

@ -1,51 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
"""Test base classes."""
import os.path
import fixtures
from oslo_config import cfg
from oslotest import moxstubout
import testtools
class TestCase(testtools.TestCase):
def setUp(self):
super(TestCase, self).setUp()
self.tempdir = self.useFixture(fixtures.TempDir())
moxfixture = self.useFixture(moxstubout.MoxStubout())
self.mox = moxfixture.mox
self.stubs = moxfixture.stubs
cfg.CONF([], project='pycadf')
def path_get(self, project_file=None):
root = os.path.abspath(os.path.join(os.path.dirname(__file__),
'..',
'..',
)
)
if project_file:
return os.path.join(root, project_file)
else:
return root
def temp_config_file_path(self, name='api_audit_map.conf'):
return os.path.join(self.tempdir.path, name)
def tearDown(self):
cfg.CONF.reset()
super(TestCase, self).tearDown()

0
pycadf/tests/helper/__init__.py
View File

44
pycadf/tests/helper/test_api.py
View File

@ -1,44 +0,0 @@
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
from pycadf import cadftaxonomy
from pycadf.helper import api
from pycadf.tests import base
class TestApiHelper(base.TestCase):
def test_convert_req_action(self):
self.assertEqual(cadftaxonomy.ACTION_READ,
api.convert_req_action('get'))
self.assertEqual(cadftaxonomy.ACTION_CREATE,
api.convert_req_action('POST'))
self.assertEqual(cadftaxonomy.ACTION_DELETE,
api.convert_req_action('deLetE'))
def test_convert_req_action_invalid(self):
self.assertEqual(cadftaxonomy.UNKNOWN, api.convert_req_action(124))
self.assertEqual(cadftaxonomy.UNKNOWN, api.convert_req_action('blah'))
def test_convert_req_action_with_details(self):
detail = 'compute/instance'
self.assertEqual(cadftaxonomy.ACTION_READ + '/%s' % detail,
api.convert_req_action('GET', detail))
self.assertEqual(cadftaxonomy.ACTION_DELETE + '/%s' % detail,
api.convert_req_action('DELETE', detail))
def test_convert_req_action_with_details_invalid(self):
detail = 123
self.assertEqual(cadftaxonomy.ACTION_READ,
api.convert_req_action('GET', detail))
self.assertEqual(cadftaxonomy.ACTION_DELETE,
api.convert_req_action('DELETE', detail))

392
pycadf/tests/test_cadf_spec.py
View File

@ -1,392 +0,0 @@
# Copyright 2013 OpenStack LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import time
import uuid
import mock
from pycadf import attachment
from pycadf import cadftype
from pycadf import credential
from pycadf import endpoint
from pycadf import event
from pycadf import geolocation
from pycadf import host
from pycadf import identifier
from pycadf import measurement
from pycadf import metric
from pycadf import reason
from pycadf import reporterstep
from pycadf import resource
from pycadf import tag
from pycadf.tests import base
from pycadf import timestamp
class TestCADFSpec(base.TestCase):
@mock.patch('pycadf.identifier.warnings.warn')
def test_identifier_generated_uuid(self, warning_mock):
# generated uuid
self.assertTrue(identifier.is_valid(identifier.generate_uuid()))
self.assertFalse(warning_mock.called)
@mock.patch('pycadf.identifier.warnings.warn')
def test_identifier_empty_string_is_invalid(self, warning_mock):
# empty string
self.assertFalse(identifier.is_valid(''))
self.assertFalse(warning_mock.called)
@mock.patch('pycadf.identifier.warnings.warn')
def test_identifier_any_string_is_invalid(self, warning_mock):
# any string
self.assertTrue(identifier.is_valid('blah'))
self.assertTrue(warning_mock.called)
@mock.patch('pycadf.identifier.warnings.warn')
def test_identifier_joined_uuids_are_valid(self, warning_mock):
# multiple uuids joined together
long_128_uuids = [
('3adce28e67e44544a5a9d5f1ab54f578a86d310aac3a465e9d'
'd2693a78b45c0e42dce28e67e44544a5a9d5f1ab54f578a86d'
'310aac3a465e9dd2693a78b45c0e'),
('{3adce28e67e44544a5a9d5f1ab54f578a86d310aac3a465e9d'
'd2693a78b45c0e42dce28e67e44544a5a9d5f1ab54f578a86d'
'310aac3a465e9dd2693a78b45c0e}'),
('{12345678-1234-5678-1234-567812345678'
'12345678-1234-5678-1234-567812345678'
'12345678-1234-5678-1234-567812345678'
'12345678-1234-5678-1234-567812345678}'),
('urn:uuid:3adce28e67e44544a5a9d5f1ab54f578a86d310aac3a465e9d'
'd2693a78b45c0e42dce28e67e44544a5a9d5f1ab54f578a86d'
'310aac3a465e9dd2693a78b45c0e')]
for value in long_128_uuids:
self.assertTrue(identifier.is_valid(value))
self.assertFalse(warning_mock.called)
@mock.patch('pycadf.identifier.warnings.warn')
def test_identifier_long_nonjoined_uuid_is_invalid(self, warning_mock):
# long uuid not of size % 32
char_42_id = '3adce28e67e44544a5a9d5f1ab54f578a86d310aac'
self.assertTrue(identifier.is_valid(char_42_id))
self.assertTrue(warning_mock.called)
@mock.patch('pycadf.identifier.warnings.warn')
def test_identifier_specific_exceptions_are_valid(self, warning_mock):
# uuid exceptions
for value in identifier.VALID_EXCEPTIONS:
self.assertTrue(identifier.is_valid(value))
self.assertFalse(warning_mock.called)
@mock.patch('pycadf.identifier.warnings.warn')
def test_identifier_valid_id_extra_chars_is_valid(self, warning_mock):
# valid uuid with additional characters according to:
# https://docs.python.org/2/library/uuid.html
valid_ids = [
'{1234567890abcdef1234567890abcdef}',
'{12345678-1234-5678-1234-567812345678}',
'urn:uuid:12345678-1234-5678-1234-567812345678']
for value in valid_ids:
self.assertTrue(identifier.is_valid(value))
self.assertFalse(warning_mock.called)
def test_endpoint(self):
endp = endpoint.Endpoint(url='http://192.168.0.1',
name='endpoint name',
port='8080')
self.assertEqual(True, endp.is_valid())
dict_endp = endp.as_dict()
for key in endpoint.ENDPOINT_KEYNAMES:
self.assertIn(key, dict_endp)
def test_host(self):
h = host.Host(id=identifier.generate_uuid(),
address='192.168.0.1',
agent='client',
platform='AIX')
self.assertEqual(True, h.is_valid())
dict_host = h.as_dict()
for key in host.HOST_KEYNAMES:
self.assertIn(key, dict_host)
def test_credential(self):
cred = credential.Credential(type='auth token',
token=identifier.generate_uuid())
self.assertEqual(True, cred.is_valid())
dict_cred = cred.as_dict()
for key in credential.CRED_KEYNAMES:
self.assertIn(key, dict_cred)
def test_federated_credential(self):
cred = credential.FederatedCredential(
token=identifier.generate_uuid(),
type='http://docs.oasis-open.org/security/saml/v2.0',
identity_provider=identifier.generate_uuid(),
user=identifier.generate_uuid(),
groups=[
identifier.generate_uuid(),
identifier.generate_uuid(),
identifier.generate_uuid()])
self.assertEqual(True, cred.is_valid())
dict_cred = cred.as_dict()
for key in credential.FED_CRED_KEYNAMES:
self.assertIn(key, dict_cred)
def test_geolocation(self):
geo = geolocation.Geolocation(id=identifier.generate_uuid(),
latitude='43.6481 N',
longitude='79.4042 W',
elevation='0',
accuracy='1',
city='toronto',
state='ontario',
regionICANN='ca')
self.assertEqual(True, geo.is_valid())
dict_geo = geo.as_dict()
for key in geolocation.GEO_KEYNAMES:
self.assertIn(key, dict_geo)
def test_metric(self):
metric_val = metric.Metric(metricId=identifier.generate_uuid(),
unit='b',
name='bytes')
self.assertEqual(True, metric_val.is_valid())
dict_metric_val = metric_val.as_dict()
for key in metric.METRIC_KEYNAMES:
self.assertIn(key, dict_metric_val)
def test_measurement(self):
measure_val = measurement.Measurement(
result='100',
metric=metric.Metric(),
metricId=identifier.generate_uuid(),
calculatedBy=resource.Resource(typeURI='storage'))
self.assertEqual(False, measure_val.is_valid())
dict_measure_val = measure_val.as_dict()
for key in measurement.MEASUREMENT_KEYNAMES:
self.assertIn(key, dict_measure_val)
measure_val = measurement.Measurement(
result='100',
metric=metric.Metric(),
calculatedBy=resource.Resource(typeURI='storage'))
self.assertEqual(True, measure_val.is_valid())
measure_val = measurement.Measurement(
result='100',
metricId=identifier.generate_uuid(),
calculatedBy=resource.Resource(typeURI='storage'))
self.assertEqual(True, measure_val.is_valid())
def test_reason(self):
reason_val = reason.Reason(reasonType='HTTP',
reasonCode='200',
policyType='poltype',
policyId=identifier.generate_uuid())
self.assertEqual(True, reason_val.is_valid())
dict_reason_val = reason_val.as_dict()
for key in reason.REASON_KEYNAMES:
self.assertIn(key, dict_reason_val)
def test_reporterstep(self):
step = reporterstep.Reporterstep(
role='modifier',
reporter=resource.Resource(typeURI='storage'),
reporterId=identifier.generate_uuid(),
reporterTime=timestamp.get_utc_now())
self.assertEqual(False, step.is_valid())
dict_step = step.as_dict()
for key in reporterstep.REPORTERSTEP_KEYNAMES:
self.assertIn(key, dict_step)
step = reporterstep.Reporterstep(
role='modifier',
reporter=resource.Resource(typeURI='storage'),
reporterTime=timestamp.get_utc_now())
self.assertEqual(True, step.is_valid())
step = reporterstep.Reporterstep(
role='modifier',
reporterId=identifier.generate_uuid(),
reporterTime=timestamp.get_utc_now())
self.assertEqual(True, step.is_valid())
def test_attachment(self):
attach = attachment.Attachment(typeURI='attachURI',
content='content',
name='attachment_name')
self.assertEqual(True, attach.is_valid())
dict_attach = attach.as_dict()
for key in attachment.ATTACHMENT_KEYNAMES:
self.assertIn(key, dict_attach)
def test_resource(self):
res = resource.Resource(typeURI='storage',
name='res_name',
domain='res_domain',
ref='res_ref',
credential=credential.Credential(
token=identifier.generate_uuid()),
host=host.Host(address='192.168.0.1'),
geolocation=geolocation.Geolocation(),
geolocationId=identifier.generate_uuid())
res.add_attachment(attachment.Attachment(typeURI='attachURI',
content='content',
name='attachment_name'))
res.add_address(endpoint.Endpoint(url='http://192.168.0.1'))
self.assertEqual(True, res.is_valid())
dict_res = res.as_dict()
for key in resource.RESOURCE_KEYNAMES:
self.assertIn(key, dict_res)
def test_resource_shortform(self):
res = resource.Resource(id='target')
self.assertEqual(True, res.is_valid())
res.add_attachment(attachment.Attachment(typeURI='attachURI',
content='content',
name='attachment_name'))
self.assertEqual(False, res.is_valid())
def test_event(self):
ev = event.Event(eventType='activity',
id=identifier.generate_uuid(),
eventTime=timestamp.get_utc_now(),
initiator=resource.Resource(typeURI='storage'),
initiatorId=identifier.generate_uuid(),
action='read',
target=resource.Resource(typeURI='storage'),
targetId=identifier.generate_uuid(),
observer=resource.Resource(id='target'),
observerId=identifier.generate_uuid(),
outcome='success',
reason=reason.Reason(reasonType='HTTP',
reasonCode='200'),
severity='high',
name='descriptive name')
ev.add_measurement(
measurement.Measurement(result='100',
metricId=identifier.generate_uuid())),
ev.add_tag(tag.generate_name_value_tag('name', 'val'))
ev.add_attachment(attachment.Attachment(typeURI='attachURI',
content='content',
name='attachment_name'))
ev.observer = resource.Resource(typeURI='service/security')
ev.add_reporterstep(reporterstep.Reporterstep(
role='observer',
reporter=resource.Resource(typeURI='service/security')))
ev.add_reporterstep(reporterstep.Reporterstep(
reporterId=identifier.generate_uuid()))
self.assertEqual(False, ev.is_valid())
dict_ev = ev.as_dict()
for key in event.EVENT_KEYNAMES:
self.assertIn(key, dict_ev)
ev = event.Event(eventType='activity',
id=identifier.generate_uuid(),
eventTime=timestamp.get_utc_now(),
initiator=resource.Resource(typeURI='storage'),
action='read',
target=resource.Resource(typeURI='storage'),
observer=resource.Resource(id='target'),
outcome='success')
self.assertEqual(True, ev.is_valid())
ev = event.Event(eventType='activity',
id=identifier.generate_uuid(),
eventTime=timestamp.get_utc_now(),
initiatorId=identifier.generate_uuid(),
action='read',
targetId=identifier.generate_uuid(),
observerId=identifier.generate_uuid(),
outcome='success')
self.assertEqual(True, ev.is_valid())
ev = event.Event(eventType='activity',
id=identifier.generate_uuid(),
eventTime=timestamp.get_utc_now(),
initiator=resource.Resource(typeURI='storage'),
action='read',
targetId=identifier.generate_uuid(),
observer=resource.Resource(id='target'),
outcome='success')
self.assertEqual(True, ev.is_valid())
def test_event_unique(self):
ev = event.Event(eventType='activity',
initiator=resource.Resource(typeURI='storage'),
action='read',
target=resource.Resource(typeURI='storage'),
observer=resource.Resource(id='target'),
outcome='success')
time.sleep(1)
ev2 = event.Event(eventType='activity',
initiator=resource.Resource(typeURI='storage'),
action='read',
target=resource.Resource(typeURI='storage'),
observer=resource.Resource(id='target'),
outcome='success')
self.assertNotEqual(ev.id, ev2.id)
self.assertNotEqual(ev.eventTime, ev2.eventTime)
def test_event_resource_shortform_not_self(self):
self.assertRaises(ValueError,
lambda: event.Event(
eventType='activity',
initiator=resource.Resource(typeURI='storage'),
action='read',
target=resource.Resource(id='target'),
observer=resource.Resource(id='target'),
outcome='success'))
self.assertRaises(ValueError,
lambda: event.Event(
eventType='activity',
initiator=resource.Resource(id='initiator'),
action='read',
target=resource.Resource(typeURI='storage'),
observer=resource.Resource(id='target'),
outcome='success'))
def _create_none_validator_descriptor(self):
class Owner(object):
x = cadftype.ValidatorDescriptor(uuid.uuid4().hex)
owner = Owner()
owner.x = None
def test_invalid_value_descriptor(self):
"""Test setting a ValidatorDescriptor to None results in ValueError"""
self.assertRaises(ValueError, self._create_none_validator_descriptor)
def test_cadfabstracttype_attribute_error(self):
"""Test an invalid CADFAbstractType attribute is set returns False"""
h = host.Host(id=identifier.generate_uuid(),
address='192.168.0.1',
agent='client',
platform='AIX')
self.assertEqual(False, h._isset(uuid.uuid4().hex))

38
pycadf/tests/test_utils.py
View File

@ -1,38 +0,0 @@
# Copyright 2013 OpenStack LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import uuid
from pycadf.tests import base
from pycadf import utils
class TestUtils(base.TestCase):
def test_mask_value(self):
value = str(uuid.uuid4())
m_percent = 0.125
obfuscate = utils.mask_value(value, m_percent)
visible = int(round(len(value) * m_percent))
self.assertEqual(value[:visible], obfuscate[:visible])
self.assertNotEqual(value[:visible + 1], obfuscate[:visible + 1])
self.assertEqual(value[-visible:], obfuscate[-visible:])
self.assertNotEqual(value[-visible - 1:], obfuscate[-visible - 1:])
def test_mask_value_nonstring(self):
value = 12
# If a non-string parameter is given to mask_value(), the non-string
# parameter is returned unmodified.
obfuscate = utils.mask_value(value)
self.assertEqual(value, obfuscate)

45
pycadf/timestamp.py
View File

@ -1,45 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import datetime
import pytz
import six
TIME_FORMAT = "%Y-%m-%dT%H:%M:%S.%f%z"
def get_utc_now(timezone=None):
"""Return the current UTC time.
:param timezone: an optional timezone param to offset time to.
"""
utc_datetime = pytz.utc.localize(datetime.datetime.utcnow())
if timezone is not None:
try:
utc_datetime = utc_datetime.astimezone(pytz.timezone(timezone))
except Exception:
utc_datetime.strftime(TIME_FORMAT)
return utc_datetime.strftime(TIME_FORMAT)
# TODO(mrutkows): validate any cadf:Timestamp (type) record against
# CADF schema
def is_valid(value):
"""Validation to ensure timestamp is a string.
"""
if not isinstance(value, six.string_types):
raise ValueError('Timestamp should be a String')
return True

28
pycadf/utils.py
View File

@ -1,28 +0,0 @@
# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import six
def mask_value(value, s_percent=0.125):
"""Obfuscate a given string to show only a percentage of leading
and trailing characters.
:param s_percent: The percentage (in decimal) of characters to replace
"""
if isinstance(value, six.string_types):
visible = (32 if int(round(len(value) * s_percent)) > 32
else int(round(len(value) * s_percent)))
return value[:visible] + " xxxxxxxx " + value[-visible:]
return value

8
requirements.txt
View File

@ -1,8 +0,0 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
oslo.config>=3.22.0 # Apache-2.0
oslo.serialization>=1.10.0 # Apache-2.0
pytz>=2013.6 # MIT
six>=1.9.0 # MIT
debtcollector>=1.2.0 # Apache-2.0

50
setup.cfg
View File

@ -1,50 +0,0 @@
[metadata]
name = pycadf
author = OpenStack
author-email = openstack-dev@lists.openstack.org
summary = CADF Library
description-file =
README.rst
home-page = https://docs.openstack.org/pycadf/latest/
classifier =
Development Status :: 3 - Alpha
Environment :: OpenStack
Intended Audience :: Developers
Intended Audience :: Information Technology
License :: OSI Approved :: Apache Software License
Operating System :: OS Independent
Programming Language :: Python
Programming Language :: Python :: 2
Programming Language :: Python :: 2.7
Programming Language :: Python :: 3
Programming Language :: Python :: 3.5
[files]
packages =
pycadf
data_files =
etc/pycadf =
etc/pycadf/cinder_api_audit_map.conf
etc/pycadf/glance_api_audit_map.conf
etc/pycadf/neutron_api_audit_map.conf
etc/pycadf/nova_api_audit_map.conf
etc/pycadf/trove_api_audit_map.conf
etc/pycadf/ceilometer_api_audit_map.conf
[global]
setup-hooks =
pbr.hooks.setup_hook
[build_sphinx]
source-dir = doc/source
build-dir = doc/build
all_files = 1
warning-is-error = 1
[upload_sphinx]
upload-dir = doc/build/html
[pbr]
warnerrors = True
#autodoc_tree_index_modules = True
#autodoc_tree_root = ./pycadf

29
setup.py
View File

@ -1,29 +0,0 @@
# Copyright (c) 2013 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT
import setuptools
# In python < 2.7.4, a lazy loading of package `pbr` will break
# setuptools if some other modules registered functions in `atexit`.
# solution from: http://bugs.python.org/issue15881#msg170215
try:
import multiprocessing # noqa
except ImportError:
pass
setuptools.setup(
setup_requires=['pbr>=2.0.0'],
pbr=True)

17
test-requirements.txt
View File

@ -1,17 +0,0 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
# Hacking already pins down pep8, pyflakes and flake8
hacking<0.11,>=0.10.0
flake8-docstrings==0.2.1.post1 # MIT
coverage!=4.4,>=4.0 # Apache-2.0
fixtures>=3.0.0 # Apache-2.0/BSD
oslotest>=1.10.0 # Apache-2.0
python-subunit>=0.0.18 # Apache-2.0/BSD
testrepository>=0.0.18 # Apache-2.0/BSD
testtools>=1.4.0 # MIT
# this is required for the docs build jobs
openstackdocstheme>=1.11.0 # Apache-2.0
sphinx>=1.6.2 # BSD

30
tools/tox_install.sh
View File

@ -1,30 +0,0 @@
#!/usr/bin/env bash
# Client constraint file contains this client version pin that is in conflict
# with installing the client from source. We should remove the version pin in
# the constraints file before applying it for from-source installation.
CONSTRAINTS_FILE="$1"
shift 1
set -e
# NOTE(tonyb): Place this in the tox enviroment's log dir so it will get
# published to logs.openstack.org for easy debugging.
localfile="$VIRTUAL_ENV/log/upper-constraints.txt"
if [[ "$CONSTRAINTS_FILE" != http* ]]; then
CONSTRAINTS_FILE="file://$CONSTRAINTS_FILE"
fi
# NOTE(tonyb): need to add curl to bindep.txt if the project supports bindep
curl "$CONSTRAINTS_FILE" --insecure --progress-bar --output "$localfile"
pip install -c"$localfile" openstack-requirements
# This is the main purpose of the script: Allow local installation of
# the current repo. It is listed in constraints file and thus any
# install will be constrained and we need to unconstrain it.
edit-constraints "$localfile" -- "$CLIENT_NAME"
pip install -c"$localfile" -U "$@"
exit $?

48
tox.ini
View File

@ -1,48 +0,0 @@
[tox]
minversion = 2.0
envlist = py35,py27,pep8
[testenv]
setenv =
VIRTUAL_ENV={envdir}
BRANCH_NAME=master
CLIENT_NAME=pycadf
install_command = {toxinidir}/tools/tox_install.sh {env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
deps = -r{toxinidir}/test-requirements.txt
commands = python setup.py testr --slowest --testr-args='{posargs}'
[testenv:pep8]
commands = flake8
[testenv:docs]
commands = python setup.py build_sphinx
[testenv:cover]
commands = python setup.py testr --coverage
[testenv:venv]
commands = {posargs}
[testenv:debug]
commands = oslo_debug_helper {posargs}
[flake8]
show-source = True
# H405: Multi line docstrings should start with a one line summary followed by
# an empty line.
# D100: Missing docstring in public module
# D101: Missing docstring in public class
# D102: Missing docstring in public method
# D103: Missing docstring in public function
# D104: Missing docstring in public package
# D105: Missing docstring in magic method
# D200: One-line docstring should fit on one line with quotes
# D202: No blank lines allowed after function docstring
# D203: 1 blank required before class docstring
# D204: 1 blank line required after class docstring
# D205: 1 blank line required between summary line and description
# D208: Docstring is over-indented
# D400: First line should end with a period
# D401: First line should be in imperative mood
ignore = H405,D100,D101,D102,D103,D104,D105,D200,D202,D203,D204,D205,D208,D400,D401
exclude = .tox,dist,doc,*.egg,build