Retire Packaging Deb project repos
This commit is part of a series to retire the Packaging Deb project. Step 2 is to remove all content from the project repos, replacing it with a README notification where to find ongoing work, and how to recover the repo if needed at some future point (as in https://docs.openstack.org/infra/manual/drivers.html#retiring-a-project). Change-Id: I2115b74ea098def883f93eb007fa84afbfaffc1c
This commit is contained in:
parent
fd2a777b03
commit
708697d960
|
@ -1,16 +0,0 @@
|
|||
AUTHORS
|
||||
ChangeLog
|
||||
*~
|
||||
*.swp
|
||||
*.pyc
|
||||
*.log
|
||||
.tox
|
||||
.coverage
|
||||
*.egg-info/
|
||||
build/
|
||||
doc/build/
|
||||
doc/source/api
|
||||
dist/
|
||||
.testrepository/
|
||||
.project
|
||||
.pydevproject
|
|
@ -1,4 +0,0 @@
|
|||
[gerrit]
|
||||
host=review.openstack.org
|
||||
port=29418
|
||||
project=openstack/pycadf.git
|
|
@ -1,4 +0,0 @@
|
|||
[DEFAULT]
|
||||
test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 OS_TEST_TIMEOUT=60 ${PYTHON:-python} -m subunit.run discover -t ./ . $LISTOPT $IDOPTION
|
||||
test_id_option=--load-list $IDFILE
|
||||
test_list_option=--list
|
|
@ -1,15 +0,0 @@
|
|||
If you would like to contribute to the development of OpenStack,
|
||||
you must follow the steps documented at:
|
||||
|
||||
https://docs.openstack.org/infra/manual/developers.html#development-workflow
|
||||
|
||||
Once those steps have been completed, changes to OpenStack should be submitted
|
||||
for review via the Gerrit tool, following the workflow documented at:
|
||||
|
||||
https://docs.openstack.org/infra/manual/developers.html#development-workflow
|
||||
|
||||
Pull requests submitted through GitHub will be ignored.
|
||||
|
||||
Bugs should be filed on Launchpad, not GitHub:
|
||||
|
||||
https://bugs.launchpad.net/pycadf
|
204
LICENSE
204
LICENSE
|
@ -1,204 +0,0 @@
|
|||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
--- License for python-keystoneclient versions prior to 2.1 ---
|
||||
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
|
||||
3. Neither the name of this project nor the names of its contributors may
|
||||
be used to endorse or promote products derived from this software without
|
||||
specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
||||
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
@ -0,0 +1,14 @@
|
|||
This project is no longer maintained.
|
||||
|
||||
The contents of this repository are still available in the Git
|
||||
source code management system. To see the contents of this
|
||||
repository before it reached its end of life, please check out the
|
||||
previous commit with "git checkout HEAD^1".
|
||||
|
||||
For ongoing work on maintaining OpenStack packages in the Debian
|
||||
distribution, please see the Debian OpenStack packaging team at
|
||||
https://wiki.debian.org/OpenStack/.
|
||||
|
||||
For any further questions, please email
|
||||
openstack-dev@lists.openstack.org or join #openstack-dev on
|
||||
Freenode.
|
39
README.rst
39
README.rst
|
@ -1,39 +0,0 @@
|
|||
========================
|
||||
Team and repository tags
|
||||
========================
|
||||
|
||||
.. image:: https://governance.openstack.org/badges/pycadf.svg
|
||||
:target: https://governance.openstack.org/reference/tags/index.html
|
||||
|
||||
.. Change things from this point on
|
||||
|
||||
======
|
||||
PyCADF
|
||||
======
|
||||
|
||||
.. image:: https://img.shields.io/pypi/v/pycadf.svg
|
||||
:target: https://pypi.python.org/pypi/pycadf/
|
||||
:alt: Latest Version
|
||||
|
||||
.. image:: https://img.shields.io/pypi/dm/pycadf.svg
|
||||
:target: https://pypi.python.org/pypi/pycadf/
|
||||
:alt: Downloads
|
||||
|
||||
This library provides an auditing data model based on the `Cloud Auditing Data
|
||||
Federation <http://www.dmtf.org/standards/cadf>`_ specification, primarily for
|
||||
use by OpenStack. The goal is to establish strict expectations about what
|
||||
auditors can expect from audit notifications.
|
||||
|
||||
* `PyPi`_ - package installation
|
||||
* `Online Documentation`_
|
||||
* `Launchpad project`_ - release management
|
||||
* `Blueprints`_ - feature specifications
|
||||
* `Bugs`_ - issue tracking
|
||||
* `Source`_
|
||||
|
||||
.. _PyPi: https://pypi.python.org/pypi/pycadf
|
||||
.. _Online Documentation: https://docs.openstack.org/developer/pycadf/
|
||||
.. _Launchpad project: https://launchpad.net/pycadf
|
||||
.. _Blueprints: https://blueprints.launchpad.net/pycadf
|
||||
.. _Bugs: https://bugs.launchpad.net/pycadf
|
||||
.. _Source: https://git.openstack.org/cgit/openstack/pycadf
|
182
doc/Makefile
182
doc/Makefile
|
@ -1,182 +0,0 @@
|
|||
# Makefile for Sphinx documentation
|
||||
#
|
||||
|
||||
# You can set these variables from the command line.
|
||||
SPHINXOPTS =
|
||||
SPHINXBUILD = sphinx-build
|
||||
PAPER =
|
||||
BUILDDIR = build
|
||||
|
||||
# Internal variables.
|
||||
PAPEROPT_a4 = -D latex_paper_size=a4
|
||||
PAPEROPT_letter = -D latex_paper_size=letter
|
||||
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
|
||||
# the i18n builder cannot share the environment and doctrees with the others
|
||||
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
|
||||
|
||||
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
|
||||
|
||||
help:
|
||||
@echo "Please use \`make <target>' where <target> is one of"
|
||||
@echo " html to make standalone HTML files"
|
||||
@echo " dirhtml to make HTML files named index.html in directories"
|
||||
@echo " singlehtml to make a single large HTML file"
|
||||
@echo " pickle to make pickle files"
|
||||
@echo " json to make JSON files"
|
||||
@echo " htmlhelp to make HTML files and a HTML help project"
|
||||
@echo " qthelp to make HTML files and a qthelp project"
|
||||
@echo " devhelp to make HTML files and a Devhelp project"
|
||||
@echo " epub to make an epub"
|
||||
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
|
||||
@echo " latexpdf to make LaTeX files and run them through pdflatex"
|
||||
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
|
||||
@echo " text to make text files"
|
||||
@echo " man to make manual pages"
|
||||
@echo " texinfo to make Texinfo files"
|
||||
@echo " info to make Texinfo files and run them through makeinfo"
|
||||
@echo " gettext to make PO message catalogs"
|
||||
@echo " changes to make an overview of all changed/added/deprecated items"
|
||||
@echo " xml to make Docutils-native XML files"
|
||||
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
|
||||
@echo " linkcheck to check all external links for integrity"
|
||||
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
|
||||
@echo " wadl to build a WADL file for api.openstack.org"
|
||||
|
||||
clean:
|
||||
rm -rf $(BUILDDIR)/*
|
||||
|
||||
html: check-dependencies
|
||||
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
|
||||
|
||||
.PHONY: check-dependencies
|
||||
check-dependencies:
|
||||
@python -c 'import sphinxcontrib.autohttp.flask' >/dev/null 2>&1 || (echo "ERROR: Missing Sphinx dependencies. Run: pip install sphinxcontrib-httpdomain" && exit 1)
|
||||
|
||||
wadl:
|
||||
$(SPHINXBUILD) -b docbook $(ALLSPHINXOPTS) $(BUILDDIR)/wadl
|
||||
@echo
|
||||
@echo "Build finished. The WADL pages are in $(BUILDDIR)/wadl."
|
||||
|
||||
dirhtml:
|
||||
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
|
||||
|
||||
singlehtml:
|
||||
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
|
||||
@echo
|
||||
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
|
||||
|
||||
pickle:
|
||||
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
|
||||
@echo
|
||||
@echo "Build finished; now you can process the pickle files."
|
||||
|
||||
json:
|
||||
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
|
||||
@echo
|
||||
@echo "Build finished; now you can process the JSON files."
|
||||
|
||||
htmlhelp:
|
||||
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run HTML Help Workshop with the" \
|
||||
".hhp project file in $(BUILDDIR)/htmlhelp."
|
||||
|
||||
qthelp:
|
||||
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
|
||||
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
|
||||
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/pyCADF.qhcp"
|
||||
@echo "To view the help file:"
|
||||
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/pyCADF.qhc"
|
||||
|
||||
devhelp:
|
||||
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
|
||||
@echo
|
||||
@echo "Build finished."
|
||||
@echo "To view the help file:"
|
||||
@echo "# mkdir -p $$HOME/.local/share/devhelp/pyCADF"
|
||||
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/pyCADF"
|
||||
@echo "# devhelp"
|
||||
|
||||
epub:
|
||||
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
|
||||
@echo
|
||||
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
|
||||
|
||||
latex:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo
|
||||
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
|
||||
@echo "Run \`make' in that directory to run these through (pdf)latex" \
|
||||
"(use \`make latexpdf' here to do that automatically)."
|
||||
|
||||
latexpdf:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo "Running LaTeX files through pdflatex..."
|
||||
$(MAKE) -C $(BUILDDIR)/latex all-pdf
|
||||
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
||||
|
||||
latexpdfja:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo "Running LaTeX files through platex and dvipdfmx..."
|
||||
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
|
||||
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
||||
|
||||
text:
|
||||
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
|
||||
@echo
|
||||
@echo "Build finished. The text files are in $(BUILDDIR)/text."
|
||||
|
||||
man:
|
||||
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
|
||||
@echo
|
||||
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
|
||||
|
||||
texinfo:
|
||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||
@echo
|
||||
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
|
||||
@echo "Run \`make' in that directory to run these through makeinfo" \
|
||||
"(use \`make info' here to do that automatically)."
|
||||
|
||||
info:
|
||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||
@echo "Running Texinfo files through makeinfo..."
|
||||
make -C $(BUILDDIR)/texinfo info
|
||||
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
|
||||
|
||||
gettext:
|
||||
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
|
||||
@echo
|
||||
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
|
||||
|
||||
changes:
|
||||
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
|
||||
@echo
|
||||
@echo "The overview file is in $(BUILDDIR)/changes."
|
||||
|
||||
linkcheck:
|
||||
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
|
||||
@echo
|
||||
@echo "Link check complete; look for any errors in the above output " \
|
||||
"or in $(BUILDDIR)/linkcheck/output.txt."
|
||||
|
||||
doctest:
|
||||
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
|
||||
@echo "Testing of doctests in the sources finished, look at the " \
|
||||
"results in $(BUILDDIR)/doctest/output.txt."
|
||||
|
||||
xml:
|
||||
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
|
||||
@echo
|
||||
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
|
||||
|
||||
pseudoxml:
|
||||
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
|
||||
@echo
|
||||
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
|
|
@ -1,41 +0,0 @@
|
|||
# Copyright 2013 OpenStack Foundation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
import os.path as path
|
||||
|
||||
from sphinx import apidoc
|
||||
|
||||
|
||||
# NOTE(gordc): pbr will run Sphinx multiple times when it generates
|
||||
# documentation. Once for each builder. To run this extension we use the
|
||||
# 'builder-inited' hook that fires at the beginning of a Sphinx build.
|
||||
# We use ``run_already`` to make sure apidocs are only generated once
|
||||
# even if Sphinx is run multiple times.
|
||||
run_already = False
|
||||
|
||||
|
||||
def run_apidoc(app):
|
||||
global run_already
|
||||
if run_already:
|
||||
return
|
||||
run_already = True
|
||||
|
||||
package_dir = path.abspath(path.join(app.srcdir, '..', '..', 'pycadf'))
|
||||
source_dir = path.join(app.srcdir, 'api')
|
||||
apidoc.main(['apidoc', package_dir, '-f',
|
||||
'-H', 'pyCADF Modules',
|
||||
'-o', source_dir])
|
||||
|
||||
|
||||
def setup(app):
|
||||
app.connect('builder-inited', run_apidoc)
|
|
@ -1,46 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _audit_maps:
|
||||
|
||||
============
|
||||
Audit maps
|
||||
============
|
||||
|
||||
The pyCADF library maintains a set of audit mapping files for OpenStack
|
||||
services. Currently, pyCADF supplies the following audit mapping files:
|
||||
|
||||
* `cinder_api_audit_map.conf`_
|
||||
* `glance_api_audit_map.conf`_
|
||||
* `neutron_api_audit_map.conf`_
|
||||
* `nova_api_audit_map.conf`_
|
||||
* `trove_api_audit_map.conf`_
|
||||
* `heat_api_audit_map.conf`_
|
||||
* `ironic_api_audit_map.conf`_
|
||||
|
||||
These files are hosted under the `etc/pycadf`_ directory of pyCADF. For more
|
||||
information on how to use these mapping files, refer to the `Audit middleware`_
|
||||
section of the `keystonemiddleware`_ project.
|
||||
|
||||
.. _Audit middleware: https://docs.openstack.org/keystonemiddleware/latest/audit.html
|
||||
.. _keystonemiddleware: https://docs.openstack.org/keystonemiddleware/latest/
|
||||
.. _`etc/pycadf`: https://github.com/openstack/pycadf/tree/master/etc/pycadf
|
||||
.. _`cinder_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/cinder_api_audit_map.conf
|
||||
.. _`glance_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/glance_api_audit_map.conf
|
||||
.. _`neutron_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/neutron_api_audit_map.conf
|
||||
.. _`nova_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/nova_api_audit_map.conf
|
||||
.. _`trove_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/trove_api_audit_map.conf
|
||||
.. _`heat_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/heat_api_audit_map.conf
|
||||
.. _`ironic_api_audit_map.conf`: https://github.com/openstack/pycadf/blob/master/etc/pycadf/ironic_api_audit_map.conf
|
|
@ -1,270 +0,0 @@
|
|||
#
|
||||
# pyCADF documentation build configuration file, created by
|
||||
# sphinx-quickstart on Sun Mar 16 22:32:24 2014.
|
||||
#
|
||||
# This file is execfile()d with the current directory set to its containing dir.
|
||||
#
|
||||
# Note that not all possible configuration values are present in this
|
||||
# autogenerated file.
|
||||
#
|
||||
# All configuration values have a default; values that are commented out
|
||||
# serve to show the default.
|
||||
|
||||
import sys, os
|
||||
|
||||
# NOTE(gordc): path for Sphinx ext.apidoc
|
||||
sys.path.insert(0, os.path.abspath('..'))
|
||||
|
||||
# This is required for ReadTheDocs.org, but isn't a bad idea anyway.
|
||||
os.environ['DJANGO_SETTINGS_MODULE'] = 'openstack_dashboard.settings'
|
||||
|
||||
# If extensions (or modules to document with autodoc) are in another directory,
|
||||
# add these directories to sys.path here. If the directory is relative to the
|
||||
# documentation root, use os.path.abspath to make it absolute, like shown here.
|
||||
#sys.path.insert(0, os.path.abspath('.'))
|
||||
|
||||
# -- General configuration -----------------------------------------------------
|
||||
|
||||
# If your documentation needs a minimal Sphinx version, state it here.
|
||||
#needs_sphinx = '1.0'
|
||||
|
||||
# Add any Sphinx extension module names here, as strings. They can be extensions
|
||||
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
|
||||
extensions = [
|
||||
'sphinx.ext.autodoc',
|
||||
#'sphinx.ext.intersphinx',
|
||||
'sphinx.ext.todo',
|
||||
'sphinx.ext.coverage',
|
||||
'sphinx.ext.viewcode',
|
||||
'openstackdocstheme',
|
||||
'ext.apidoc'
|
||||
]
|
||||
|
||||
# Add any paths that contain templates here, relative to this directory.
|
||||
#templates_path = ['_templates']
|
||||
|
||||
# The suffix of source filenames.
|
||||
source_suffix = '.rst'
|
||||
|
||||
# The encoding of source files.
|
||||
#source_encoding = 'utf-8-sig'
|
||||
|
||||
# The master toctree document.
|
||||
master_doc = 'index'
|
||||
|
||||
# General information about the project.
|
||||
project = u'pyCADF'
|
||||
copyright = u'2014, OpenStack Foundation'
|
||||
|
||||
# The version info for the project you're documenting, acts as replacement for
|
||||
# |version| and |release|, also used in various other places throughout the
|
||||
# built documents.
|
||||
#
|
||||
# The short X.Y version.
|
||||
version = '1.0'
|
||||
# The full version, including alpha/beta/rc tags.
|
||||
release = '1.0'
|
||||
|
||||
# The language for content autogenerated by Sphinx. Refer to documentation
|
||||
# for a list of supported languages.
|
||||
#language = None
|
||||
|
||||
# There are two options for replacing |today|: either, you set today to some
|
||||
# non-false value, then it is used:
|
||||
#today = ''
|
||||
# Else, today_fmt is used as the format for a strftime call.
|
||||
#today_fmt = '%B %d, %Y'
|
||||
|
||||
# List of patterns, relative to source directory, that match files and
|
||||
# directories to ignore when looking for source files.
|
||||
exclude_patterns = ['_build']
|
||||
|
||||
# The reST default role (used for this markup: `text`) to use for all documents.
|
||||
#default_role = None
|
||||
|
||||
# If true, '()' will be appended to :func: etc. cross-reference text.
|
||||
#add_function_parentheses = True
|
||||
|
||||
# If true, the current module name will be prepended to all description
|
||||
# unit titles (such as .. function::).
|
||||
#add_module_names = True
|
||||
|
||||
# If true, sectionauthor and moduleauthor directives will be shown in the
|
||||
# output. They are ignored by default.
|
||||
#show_authors = False
|
||||
|
||||
# The name of the Pygments (syntax highlighting) style to use.
|
||||
pygments_style = 'sphinx'
|
||||
|
||||
# A list of ignored prefixes for module index sorting.
|
||||
#modindex_common_prefix = []
|
||||
|
||||
# If true, keep warnings as "system message" paragraphs in the built documents.
|
||||
#keep_warnings = False
|
||||
|
||||
|
||||
# -- Options for HTML output ---------------------------------------------------
|
||||
|
||||
# The theme to use for HTML and HTML Help pages. See the documentation for
|
||||
# a list of builtin themes.
|
||||
#html_theme = 'default'
|
||||
html_theme = 'openstackdocs'
|
||||
|
||||
# Theme options are theme-specific and customize the look and feel of a theme
|
||||
# further. For a list of options available for each theme, see the
|
||||
# documentation.
|
||||
html_theme_options = {
|
||||
"nosidebar": "false"
|
||||
}
|
||||
|
||||
# Add any paths that contain custom themes here, relative to this directory.
|
||||
#html_theme_path = []
|
||||
|
||||
# The name for this set of Sphinx documents. If None, it defaults to
|
||||
# "<project> v<release> documentation".
|
||||
#html_title = None
|
||||
|
||||
# A shorter title for the navigation bar. Default is the same as html_title.
|
||||
#html_short_title = None
|
||||
|
||||
# The name of an image file (relative to this directory) to place at the top
|
||||
# of the sidebar.
|
||||
#html_logo = None
|
||||
|
||||
# The name of an image file (within the static path) to use as favicon of the
|
||||
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
|
||||
# pixels large.
|
||||
#html_favicon = None
|
||||
|
||||
# Add any paths that contain custom static files (such as style sheets) here,
|
||||
# relative to this directory. They are copied after the builtin static files,
|
||||
# so a file named "default.css" will overwrite the builtin "default.css".
|
||||
#html_static_path = ['_static']
|
||||
|
||||
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
|
||||
# using the given strftime format.
|
||||
#html_last_updated_fmt = '%b %d, %Y'
|
||||
html_last_updated_fmt = '%Y-%m-%d %H:%M'
|
||||
|
||||
# If true, SmartyPants will be used to convert quotes and dashes to
|
||||
# typographically correct entities.
|
||||
#html_use_smartypants = True
|
||||
|
||||
# Custom sidebar templates, maps document names to template names.
|
||||
#html_sidebars = {}
|
||||
|
||||
# Additional templates that should be rendered to pages, maps page names to
|
||||
# template names.
|
||||
#html_additional_pages = {}
|
||||
|
||||
# If false, no module index is generated.
|
||||
#html_domain_indices = True
|
||||
|
||||
# If false, no index is generated.
|
||||
#html_use_index = True
|
||||
|
||||
# If true, the index is split into individual pages for each letter.
|
||||
#html_split_index = False
|
||||
|
||||
# If true, links to the reST sources are added to the pages.
|
||||
#html_show_sourcelink = True
|
||||
|
||||
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
|
||||
#html_show_sphinx = True
|
||||
|
||||
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
|
||||
#html_show_copyright = True
|
||||
|
||||
# If true, an OpenSearch description file will be output, and all pages will
|
||||
# contain a <link> tag referring to it. The value of this option must be the
|
||||
# base URL from which the finished HTML is served.
|
||||
#html_use_opensearch = ''
|
||||
|
||||
# This is the file name suffix for HTML files (e.g. ".xhtml").
|
||||
#html_file_suffix = None
|
||||
|
||||
# Output file base name for HTML help builder.
|
||||
htmlhelp_basename = 'pyCADFdoc'
|
||||
|
||||
|
||||
# -- Options for LaTeX output --------------------------------------------------
|
||||
|
||||
latex_elements = {
|
||||
# The paper size ('letterpaper' or 'a4paper').
|
||||
#'papersize': 'letterpaper',
|
||||
|
||||
# The font size ('10pt', '11pt' or '12pt').
|
||||
#'pointsize': '10pt',
|
||||
|
||||
# Additional stuff for the LaTeX preamble.
|
||||
#'preamble': '',
|
||||
}
|
||||
|
||||
# Grouping the document tree into LaTeX files. List of tuples
|
||||
# (source start file, target name, title, author, documentclass [howto/manual]).
|
||||
latex_documents = [
|
||||
('index', 'pyCADF.tex', u'pyCADF Documentation',
|
||||
u'OpenStack Foundation', 'manual'),
|
||||
]
|
||||
|
||||
# The name of an image file (relative to this directory) to place at the top of
|
||||
# the title page.
|
||||
#latex_logo = None
|
||||
|
||||
# For "manual" documents, if this is true, then toplevel headings are parts,
|
||||
# not chapters.
|
||||
#latex_use_parts = False
|
||||
|
||||
# If true, show page references after internal links.
|
||||
#latex_show_pagerefs = False
|
||||
|
||||
# If true, show URL addresses after external links.
|
||||
#latex_show_urls = False
|
||||
|
||||
# Documents to append as an appendix to all manuals.
|
||||
#latex_appendices = []
|
||||
|
||||
# If false, no module index is generated.
|
||||
#latex_domain_indices = True
|
||||
|
||||
|
||||
# -- Options for manual page output --------------------------------------------
|
||||
|
||||
# One entry per manual page. List of tuples
|
||||
# (source start file, name, description, authors, manual section).
|
||||
man_pages = [
|
||||
('index', 'pycadf', u'pyCADF Documentation',
|
||||
[u'OpenStack Foundation'], 1)
|
||||
]
|
||||
|
||||
# If true, show URL addresses after external links.
|
||||
#man_show_urls = False
|
||||
|
||||
|
||||
# -- Options for Texinfo output ------------------------------------------------
|
||||
|
||||
# Grouping the document tree into Texinfo files. List of tuples
|
||||
# (source start file, target name, title, author,
|
||||
# dir menu entry, description, category)
|
||||
texinfo_documents = [
|
||||
('index', 'pyCADF', u'pyCADF Documentation',
|
||||
u'OpenStack Foundation', 'pyCADF', 'One line description of project.',
|
||||
'Miscellaneous'),
|
||||
]
|
||||
|
||||
# Documents to append as an appendix to all manuals.
|
||||
#texinfo_appendices = []
|
||||
|
||||
# If false, no module index is generated.
|
||||
#texinfo_domain_indices = True
|
||||
|
||||
# How to display URL addresses: 'footnote', 'no', or 'inline'.
|
||||
#texinfo_show_urls = 'footnote'
|
||||
|
||||
# If true, do not generate a @detailmenu in the "Top" node's menu.
|
||||
#texinfo_no_detailmenu = False
|
||||
|
||||
# -- Options for openstackdocstheme -------------------------------------------
|
||||
repository_name = 'openstack/pycadf'
|
||||
bug_project = 'pycadf'
|
||||
bug_tag = ''
|
|
@ -1,220 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _event_concept:
|
||||
|
||||
=======
|
||||
Events
|
||||
=======
|
||||
|
||||
The principal goal of this specification is to ensure that similar auditable
|
||||
events, such as a "logon" or "critical resource update" resolve to the same
|
||||
data format with prescriptive data types, entities, and properties to
|
||||
facilitate reporting, query, federation, and aggregation.
|
||||
|
||||
Defining Events
|
||||
===============
|
||||
|
||||
The event model is intended to describe the interactions between resources
|
||||
that compose a cloud service. Conceptually, the event is based upon the
|
||||
perspective of a single RESOURCE called the OBSERVER that is responsible for
|
||||
observing the Actual Event and creating the (initial) CADF Event Record.
|
||||
|
||||
.. figure:: ./images/observer_cadf.png
|
||||
:width: 100%
|
||||
:align: center
|
||||
:alt: Figure 1: Observer perspective of an Event
|
||||
|
||||
At a minimum, an Event must include the following attributes to be
|
||||
CADF-compliant: eventType, observer, initiator, target, action, and outcome.
|
||||
CADF's event model is extensible so any additional attributes that may better
|
||||
help describe the event can be added to the event model as an additional
|
||||
attribute.
|
||||
|
||||
.. note::
|
||||
|
||||
In some cases, the OBSERVER, INITIATOR, and TARGET could reference the same
|
||||
resource. The precise interpretation of these components, therefore, will
|
||||
depend somewhat on the type of event being recorded, and the specific
|
||||
activity and resources involved.
|
||||
|
||||
Use Case Examples
|
||||
=================
|
||||
|
||||
1. Auditing access to a controlled resource
|
||||
|
||||
Scenario: A cloud provider has a software component that manages identity and
|
||||
access control that we will call an "identity management service". This
|
||||
service is required, by the provider's security policy, to log all user
|
||||
activities including "logon" attempts against any servers within the
|
||||
provider's infrastructure.
|
||||
|
||||
.. figure:: ./images/audit_event.png
|
||||
:width: 100%
|
||||
:align: center
|
||||
:alt: Figure 2: Conceptually mapping values of an audit event
|
||||
|
||||
================= ========================== ==========================================================================================
|
||||
Event Attribute Value Reason
|
||||
================= ========================== ==========================================================================================
|
||||
eventType activity OBSERVER is required to report any user security activity
|
||||
observer.typeURI service/security/identity Value from the CADF Resource Taxonomy most closely describes an "Identity Manager Service"
|
||||
initiator.typeURI data/security/account/user Value from the CADF Resource Taxonomy most closely describes a "user"
|
||||
action authenticate/logon Value from the CADF Action Taxonomy most closely describes a user "logon" action.
|
||||
target.typeURI service/compute/node Value from the CADF Resource Taxonomy most closely describes a target "server"
|
||||
outcome success Any valid CADF Outcome Taxonomy value that describes result of action
|
||||
measurement N/A A MEASUREMENT component is not required for "activity" type events.
|
||||
REASON N/A A REASON component is not required for "activity" type events.
|
||||
================= ========================== ==========================================================================================
|
||||
|
||||
Event serialisation (including some optional attributes for additional
|
||||
details):
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
|
||||
"eventTime": "2014-02-27T19:29:30.855665+0000",
|
||||
"target": {
|
||||
"typeURI": "service/compute/node",
|
||||
// optional Endpoints to describe compute node,
|
||||
"addresses": [
|
||||
{
|
||||
"url": "http://9.26.26.250:8774/v2/e7e2bcc9c0df4f3eabcd412ae62503f6",
|
||||
"name": "admin"
|
||||
},
|
||||
{
|
||||
"url": "http://9.26.26.250:8774/v2/e7e2bcc9c0df4f3eabcd412ae62503f6",
|
||||
"name": "private"
|
||||
},
|
||||
{
|
||||
"url": "http://9.26.26.250:8774/v2/e7e2bcc9c0df4f3eabcd412ae62503f6",
|
||||
"name": "public"
|
||||
}
|
||||
],
|
||||
"id": "06747855d62547d4bfd707f75b8a1c54",
|
||||
"name": "nova"
|
||||
},
|
||||
"observer": {
|
||||
"id": "target" // shortform to show Observer Resource is the same as Target,
|
||||
},
|
||||
// tags use to query events on,
|
||||
"tags": [
|
||||
"correlation_id?value=56cdde6f-6b4e-48a4-94e6-defb40522fb2"
|
||||
],
|
||||
"eventType": "activity",
|
||||
"initiator": {
|
||||
"typeURI": "data/security/account/user",
|
||||
"name": "admin",
|
||||
// optional Credential to describe resource,
|
||||
"credential": {
|
||||
"token": "MIIQzgYJKoZIhvcNAQcCoIIQvzCCELsC xxxxxxxx zqvD9OPWZm7VQpYNK2EvrZi-mTvb5A==",
|
||||
"identity_status": "Confirmed"
|
||||
},
|
||||
// optional Host to describe resource,
|
||||
"host": {
|
||||
"agent": "python-novaclient",
|
||||
"address": "9.26.26.250"
|
||||
},
|
||||
"project_id": "e7e2bcc9c0df4f3eabcd412ae62503f6",
|
||||
"id": "68a3f50705a54f799ce94380fc02ed8a"
|
||||
},
|
||||
// optional Reason for activity event,
|
||||
"reason": {
|
||||
"reasonCode": "200",
|
||||
"reasonType": "HTTP"
|
||||
},
|
||||
// list of Resources which edited event,
|
||||
"reporterchain": [
|
||||
{
|
||||
"reporterTime": "2014-02-27T19:29:31.043902+0000",
|
||||
"role": "modifier",
|
||||
"reporter": {
|
||||
"id": "target"
|
||||
}
|
||||
}
|
||||
],
|
||||
"action": "authenticate/logon",
|
||||
"outcome": "success",
|
||||
"id": "0a196053-95de-48f8-9890-4527b25b5007",
|
||||
// Event model is extensible so additional attributes may be added to describe model,
|
||||
"requestPath": "/v2/e7e2bcc9c0df4f3eabcd412ae62503f6/os-certificates"
|
||||
}
|
||||
|
||||
2. Periodic monitoring resource status
|
||||
|
||||
Scenario: A cloud provider has software monitoring agents(Ceilometer)
|
||||
installed on every server(Nova) that it makes available as an IaaS resource
|
||||
to its customers. These agents are required to provide periodic informational
|
||||
status of each server's CPU utilisation along with metric data to their
|
||||
operations management software by using the CADF Event Record format.
|
||||
|
||||
.. figure:: ./images/monitor_event.png
|
||||
:width: 100%
|
||||
:align: center
|
||||
:alt: Figure 3: Conceptually mapping values of an monitor event
|
||||
|
||||
================= ====================== ==========================================================================================
|
||||
Event Attribute Value Reason
|
||||
================= ====================== ==========================================================================================
|
||||
eventType monitor OBSERVER is required to monitor a server's CPU utilization
|
||||
observer.typeURI service/oss/monitoring Value from the CADF Resource Taxonomy most closely describes a "software monitoring agent"
|
||||
initiator.typeURI service/oss/monitoring OBSERVER is also the INITIATOR of this monitoring event
|
||||
action monitor Value from the CADF Action Taxonomy
|
||||
target.typeURI service/compute/cpu Value from the CADF Resource Taxonomy most closely describes a server’s "cpu"
|
||||
outcome success OBSERVER successfully obtained and reported a CPU utilization measurement
|
||||
measurement 80% MEASUREMENT component is required and the observed value is 80% CPU utilisation
|
||||
reason N/A REASON component is not required for "monitor" type events.
|
||||
================= ====================== ==========================================================================================
|
||||
|
||||
Event serialisation:
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
|
||||
"eventTime": "2014-02-27T19:29:30.855665+0000",
|
||||
"target": {
|
||||
"typeURI": "service/compute/cpu",
|
||||
"id": "06747855d62547d4bfd707f75b8a1c54",
|
||||
"name": "instance"
|
||||
},
|
||||
"observer": {
|
||||
"id": "initiator"
|
||||
},
|
||||
"eventType": "monitor",
|
||||
"initiator": {
|
||||
"typeURI": "service/oss/monitoring",
|
||||
"name": "ceilometer-pollster",
|
||||
"id": "68a3f50705a54f799ce94380fc02ed8a"
|
||||
},
|
||||
"measurement": [
|
||||
{
|
||||
"result": "80",
|
||||
"metric": {
|
||||
"metricId": "<metric_id>",
|
||||
"unit": "%",
|
||||
"name": "CPU utilisation metric"
|
||||
}
|
||||
}
|
||||
],
|
||||
"action": "monitor",
|
||||
"outcome": "success",
|
||||
"id": "0a196053-95de-48f8-9890-4527b25b5007"
|
||||
}
|
||||
|
||||
.. note::
|
||||
|
||||
Additional use cases can be found in the Full CADF specification.
|
|
@ -1 +0,0 @@
|
|||
.. include:: ../../ChangeLog
|
Binary file not shown.
Before Width: | Height: | Size: 36 KiB |
Binary file not shown.
Before Width: | Height: | Size: 48 KiB |
Binary file not shown.
Before Width: | Height: | Size: 98 KiB |
Binary file not shown.
Before Width: | Height: | Size: 32 KiB |
|
@ -1,84 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
===============================
|
||||
PyCADF developer documentation
|
||||
===============================
|
||||
|
||||
The `CADF (Cloud Audit Data Federation Working Group)`_ is working to develop
|
||||
open standards for audit data which can be federated from cloud providers,
|
||||
with the intent to elevate customer's trust in cloud hosted applications.
|
||||
|
||||
Specifications and profiles produced by the CADF will help protect the
|
||||
investments of companies seeking to move their applications to cloud
|
||||
deployment models and preserve their ability to audit operational processes,
|
||||
regardless of their chosen cloud provider. The CADF develops specifications
|
||||
for audit event data and interface models and a compatible interaction model
|
||||
that will describe interactions between IT resources for cloud deployment models.
|
||||
|
||||
pyCADF is the python implementation of the CADF specification. This documentation
|
||||
offers information on how CADF works and how to contribute to the project.
|
||||
|
||||
.. _CADF (Cloud Audit Data Federation Working Group): http://www.dmtf.org/standards/cadf
|
||||
|
||||
Getting Started
|
||||
===============
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
event_concept
|
||||
specification/index
|
||||
middleware
|
||||
audit_maps
|
||||
|
||||
Contributing
|
||||
============
|
||||
|
||||
pyCADF utilizes all of the usual OpenStack processes and requirements for
|
||||
contributions. The code is hosted `on OpenStack's Git server`_. `Bug reports`_
|
||||
and `blueprints`_ may be submitted to the :code:`pycadf` project on
|
||||
`Launchpad`_. Code may be submitted to the :code:`openstack/pycadf` project
|
||||
using `Gerrit`_.
|
||||
|
||||
.. _`on OpenStack's Git server`: https://git.openstack.org/cgit/openstack/pycadf/tree
|
||||
.. _Launchpad: https://launchpad.net/pycadf
|
||||
.. _Gerrit: https://docs.openstack.org/infra/manual/developers.html#development-workflow
|
||||
.. _Bug reports: https://bugs.launchpad.net/pycadf/+bugs
|
||||
.. _blueprints: https://blueprints.launchpad.net/pycadf
|
||||
.. _PyPi: https://pypi.python.org/pypi/pycadf
|
||||
.. _tarball: https://tarballs.openstack.org/pycadf
|
||||
|
||||
Code Documentation
|
||||
==================
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
api/modules
|
||||
|
||||
Release Notes
|
||||
=============
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
history
|
||||
|
||||
Indices and tables
|
||||
==================
|
||||
|
||||
* :ref:`genindex`
|
||||
* :ref:`modindex`
|
||||
* :ref:`search`
|
|
@ -1,26 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _middleware:
|
||||
|
||||
=================
|
||||
Audit middleware
|
||||
=================
|
||||
|
||||
pyCADF's version of the audit middleware has been deprecated as of pyCADF
|
||||
0.8.0. For continued support, the middleware is now maintained under the
|
||||
Identity (Keystone) umbrella. Related documentation can be found here_.
|
||||
|
||||
.. _here: https://docs.openstack.org/keystonemiddleware/latest/audit.html
|
|
@ -1,58 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _attachments:
|
||||
|
||||
============
|
||||
Attachments
|
||||
============
|
||||
|
||||
An attachment is a container for data or "content" that may follow any
|
||||
structure - from an atomic type to a complex hierarchy. However, it is
|
||||
desirable for processing and interoperability that the type - or
|
||||
structure - of the content be identified by a simple value. To this end the
|
||||
attachment also contains a "content type", i.e., a URI that identifies the
|
||||
kind of content.
|
||||
|
||||
Attachments are intended to be used for inclusion of domain-specific,
|
||||
informative, or descriptive information.
|
||||
|
||||
=========== ========= ======== ======================================================================================
|
||||
Property Type Required Description
|
||||
=========== ========= ======== ======================================================================================
|
||||
typeURI xs:anyURI Yes The URI that identifies the type of data contained in the "content" property.
|
||||
content xs:any Yes A container that contains any type of data (as defined by the "contentType" property).
|
||||
contentType xs:string Yes An optional name that can be used to provide an identifying name for the content.
|
||||
=========== ========= ======== ======================================================================================
|
||||
|
||||
Serialisation
|
||||
=============
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
|
||||
...,
|
||||
"attachments": [
|
||||
{
|
||||
"content": "xs:any",
|
||||
"contentType": "xs:anyURI"
|
||||
},
|
||||
{
|
||||
"content": "xs:any",
|
||||
"contentType": "xs:anyURI"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,55 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _credentials:
|
||||
|
||||
============
|
||||
Credentials
|
||||
============
|
||||
|
||||
This type provides a means to describe various credentials along with any
|
||||
information about the authority that is responsible for maintaining them.
|
||||
This is intended to be associated with a CADF Resource's identity and reflects
|
||||
any authorizations or identity assertions the resource may use to gain access
|
||||
to other resources.
|
||||
|
||||
========== ========= ======== ===================================================================================================
|
||||
Property Type Required Description
|
||||
========== ========= ======== ===================================================================================================
|
||||
type xs:anyURI No Type of credential. (e.g., auth. token, identity token, etc.)
|
||||
token xs:any Yes The primary opaque or non-opaque identity or security token (e.g., an opaque or obfuscated user ID)
|
||||
authority xs:anyURI No The trusted authority (a service) that understands and can verify the credential.
|
||||
assertions cadf:Map No Optional list of additional assertions or attributes that belong to the credential
|
||||
========== ========= ======== ===================================================================================================
|
||||
|
||||
Serialisation
|
||||
=============
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
|
||||
"action": "authenticate",
|
||||
...,
|
||||
"initiator": {
|
||||
"id": "joe.user@example.com",
|
||||
"typeURI": "data/security/account/user",
|
||||
...,
|
||||
"credential": {
|
||||
"type": "https://mycloud.com/v2/token",
|
||||
"token": "myuuid:1ef0-abdf-xxxx-xxxx"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,53 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _endpoints:
|
||||
|
||||
==========
|
||||
Endpoints
|
||||
==========
|
||||
|
||||
The Endpoint type is used to provide information about a resource's location
|
||||
on a network.
|
||||
|
||||
======== ========= ======== =================================================================================
|
||||
Property Type Required Description
|
||||
======== ========= ======== =================================================================================
|
||||
url xs:anyURI Yes The network address of the endpoint; for IP-based addresses
|
||||
name xs:string No An optional property to provide a logical name for the endpoint
|
||||
port xs:string No An optional property to provide the port value separate from the address property
|
||||
======== ========= ======== =================================================================================
|
||||
|
||||
Serialisation
|
||||
=============
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
|
||||
...,
|
||||
"target": {
|
||||
"id": "myscheme://mydomain/resource/id/0001",
|
||||
"name": "server_0001",
|
||||
"addresses": [
|
||||
{
|
||||
"name": "public",
|
||||
"url": "http://mydomain/mypath/server-0001/"
|
||||
},
|
||||
...
|
||||
],
|
||||
...
|
||||
}
|
||||
}
|
|
@ -1,115 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _events:
|
||||
|
||||
=======
|
||||
Events
|
||||
=======
|
||||
|
||||
The CADF Event Model applies semantics to the activities, resources,
|
||||
information, and changes within a cloud provider's infrastructure and models
|
||||
these using the concept of an event.
|
||||
|
||||
============= =================== ========= =============================================================================================================================================================
|
||||
Property Type Required Description
|
||||
============= =================== ========= =============================================================================================================================================================
|
||||
id cadf:Identifier Yes The unique identifier of the CADF Event Record
|
||||
typeURI cadf:Path Dependent Can be used to declare versioning of Events.
|
||||
eventType xs:string Yes The classification of the type of event
|
||||
eventTime cadf:Timestamp Yes The OBSERVER's best estimate as to the time the Actual Event occurred or began
|
||||
action cadf:Path Yes This property represents the event's ACTION
|
||||
outcome cadf:Path Yes A valid classification value from the CADF Outcome Taxonomy
|
||||
initiator cadf:Resource Dependent The event's INITIATOR. Required if not initiatorId
|
||||
initiatorId cadf:Identifier Dependent The event's INITIATOR resource by reference. Required if not initiator
|
||||
target cadf:Resource Dependent The event's TARGET. Required if not targetId
|
||||
targetId cadf:Identifier Dependent The event's TARGET by reference. Required if not target
|
||||
observer cadf:Resource Dependent The event's OBSERVER. Required if not observerId
|
||||
observerId cadf:Identifier Dependent The event's OBSERVER by reference. Required if not observer
|
||||
reason cadf:Reason No Domain-specific reason code and policy data that provides an additional level of detail to the outcome value. Required if the eventType property is "control"
|
||||
severity xs:string No Describes domain-relative severity assigned to the event by the OBSERVER. This property's value is non-normative
|
||||
measurements cadf:Measurement[] Dependent Any measurement (values) associated with the event. Required if the eventType property is "monitor"
|
||||
name xs:string No A descriptive name for the event
|
||||
tags cadf:Tag[] No Array of Tags that MAY be used to further qualify or categorize the CADF Event Record
|
||||
attachments cadf:Attachment[] No Array of extended or domain-specific information about the event or its context
|
||||
reporterchain cadf:Reporterstep[] No Array of Reporterstep typed data that contains information about the sequenced handling of or change to the associated CADF Event Record by any REPORTER
|
||||
============= =================== ========= =============================================================================================================================================================
|
||||
|
||||
Serialisation
|
||||
=============
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
|
||||
"id": "a80dc5ee-be83-48ad-ad5e-6577f2217637",
|
||||
"eventType": "activity",
|
||||
"action": "read",
|
||||
"outcome": "success",
|
||||
"reason": {
|
||||
"reasonCode": "200",
|
||||
"reasonType": "HTTP"
|
||||
},
|
||||
"eventTime": "2014-01-17T23:23:38.109989+0000",
|
||||
"initiator": {
|
||||
"id": "95f12d248a234a969f456cd2c794f29a",
|
||||
"typeURI": "service/security/account/user",
|
||||
"name": "admin",
|
||||
"project_id": "e55b158759854ea6a7852aa76632c6c1",
|
||||
"credential": {
|
||||
"token": "MIIQBgYJKoZIhvcNAQcCoIIP9z xxxxxx KoZIhvcIP9z=",
|
||||
"identity_status": "Confirmed"
|
||||
},
|
||||
"host": {
|
||||
"agent": "python-novaclient",
|
||||
"address": "9.26.27.109"
|
||||
}
|
||||
},
|
||||
"target": {
|
||||
"id": "0f126160203748a5b4923f2eb6e3b7db",
|
||||
"typeURI": "service/compute/servers",
|
||||
"name": "nova",
|
||||
"addresses": [
|
||||
{
|
||||
"url": "http://9.26.27.109:8774/v2/e55b158759854ea6a7852aa76632c6c1",
|
||||
"name": "admin"
|
||||
},
|
||||
{
|
||||
"url": "http://9.26.27.109:8774/v2/e55b158759854ea6a7852aa76632c6c1",
|
||||
"name": "private"
|
||||
},
|
||||
{
|
||||
"url": "http://9.26.27.109:8774/v2/e55b158759854ea6a7852aa76632c6c1",
|
||||
"name": "public"
|
||||
}
|
||||
]
|
||||
},
|
||||
"observer": {
|
||||
"id": "target"
|
||||
},
|
||||
"reporterchain": [
|
||||
{
|
||||
"reporterTime": "2014-01-17T23:23:38.154152+0000",
|
||||
"role": "modifier",
|
||||
"reporter": {
|
||||
"id": "target"
|
||||
}
|
||||
}
|
||||
],
|
||||
"requestPath": "/v2/56600971-90f3-4370-807f-ab79339381a9/servers",
|
||||
"tags": [
|
||||
"correlation_id?value=bcac04dc-e0be-4110-862c-347088a7836a"
|
||||
]
|
||||
}
|
|
@ -1,87 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _geolocations:
|
||||
|
||||
=============
|
||||
Geolocations
|
||||
=============
|
||||
|
||||
Geolocation information, which reveals a resource's physical location, is
|
||||
obtained by using tracking technologies such as global positioning system
|
||||
(GPS) devices, or IP geolocation by using databases that map IP addresses to
|
||||
geographic locations. Geolocation information is widely used in
|
||||
context-sensitive content delivery, enforcing location-based access
|
||||
restrictions on services, and fraud detection and prevention.
|
||||
|
||||
Due to the intense concerns about security and privacy, countries and regions
|
||||
introduced various legislation and regulation. To determine whether an event
|
||||
is compliant sometimes depends on the geolocation of the event. Therefore, it
|
||||
is crucial to report geolocation information unambiguously in an audit trail.
|
||||
|
||||
=========== ========= ======== ===============================================================================================================
|
||||
Property Type Required Description
|
||||
=========== ========= ======== ===============================================================================================================
|
||||
id xs:anyURI No Optional identifier for a geolocation
|
||||
latitude xs:string No The latitude of a geolocation
|
||||
longitude xs:string No The longitude of a geolocation
|
||||
elevation xs:double No The elevation of a geolocation in meters
|
||||
accuracy xs:double No The accuracy of a geolocation in meters
|
||||
city xs:string No The city of a geolocation
|
||||
state xs:string No The state/province of a geolocation
|
||||
regionICANN xs:string No A region (e.g., a country, a sovereign state, a dependent territory or a special area of geographical interest)
|
||||
annotations cadf:Map No User-defined geolocation information (e.g., building name, room number)
|
||||
=========== ========= ======== ===============================================================================================================
|
||||
|
||||
Usage Requirements
|
||||
==================
|
||||
1. Geolocation typed data SHALL contain at least one valid property and
|
||||
associated value.
|
||||
|
||||
2. Geolocation typed data SHALL NOT be used to represent virtual or logical
|
||||
locations (e.g. network zone).
|
||||
|
||||
3. For each geolocation data instance, the properties SHALL be consistent.
|
||||
That is, all properties SHALL consistently represent the same geographic
|
||||
location and SHALL NOT provide conflicting value data.
|
||||
|
||||
.. note::
|
||||
|
||||
`latitude`, `longitude` and `region` are all supplied as properties
|
||||
describing the same geolocation, the `latitude` and `longitude` properties
|
||||
coordinate values should resolve to the same geographic location as
|
||||
described by the value of the `region` property.
|
||||
|
||||
4. ICANN's implementation plan states "Upper and lower case characters are
|
||||
considered to be syntactically and semantically identical"; therefore,
|
||||
the "regionICANN" property's values MAY be either upper or lower case.
|
||||
|
||||
Serialisation
|
||||
=============
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
|
||||
...,
|
||||
"target": {
|
||||
...,
|
||||
"geolocation": {
|
||||
"latitude": "+372207.90",
|
||||
"longitude": "-1220210.20",
|
||||
"elevation": "10"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,53 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _hosts:
|
||||
|
||||
======
|
||||
Hosts
|
||||
======
|
||||
|
||||
Most resources that are referenced in an IT or cloud infrastructure are
|
||||
conceptually "hosted on" or "hosted by" other resources. For example,
|
||||
"applications" are hosted on "web servers" or "users" may be hosted on a
|
||||
"network connected device" or a "terminal". In addition, networked resources
|
||||
are "hosted" by some device attached to some network.
|
||||
|
||||
The host resource often provides context or location information for the
|
||||
resource it is hosting at the time the Actual Event was observed and recorded
|
||||
(e.g., an IP address, software agent, platform, etc.). Providing a means to
|
||||
record host information with a CADF Event Record is valuable for audit purposes
|
||||
because compliance policies and rules are often based on such information.
|
||||
|
||||
======== =============== ======== ==============================================
|
||||
Property Type Required Description
|
||||
======== =============== ======== ==============================================
|
||||
id cadf:Identifier No The optional identifier of the host RESOURCE
|
||||
address xs:anyURI No The optional address of the host RESOURCE
|
||||
agent xs:string No The optional agent (name) of the host RESOURCE
|
||||
platform xs:string No The optional platform of the host RESOURCE
|
||||
======== =============== ======== ==============================================
|
||||
|
||||
Serialisation
|
||||
=============
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"id": "myuuid:1234-5678-90abc-defg-0000",
|
||||
"address": "10.0.2.15",
|
||||
"agent": "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:18.0)",
|
||||
"platform": "Linux version 3.5.0-23-generic (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #35~precise1-Ubuntu SMP Fri Jan 25 17:15:33 UTC 2013"
|
||||
}
|
|
@ -1,33 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _identifiers:
|
||||
|
||||
============
|
||||
Identifiers
|
||||
============
|
||||
|
||||
This specification defines an Identifier type that is based upon the Uniform
|
||||
Resource Identifier Reference (URI) as specified in RFC3986. Any value that
|
||||
represents a CADF Identifier type in this specification, its extensions, or
|
||||
profiles SHALL adhere to the requirements listed in this section:
|
||||
|
||||
.. note::
|
||||
|
||||
CADF Identifier type values SHALL be created to be Universally Unique
|
||||
Identifiers (UUIDs) so that when CADF data (e.g., CADF Event Records, Logs,
|
||||
Reports, Resources, Metrics, etc.) are federated it will be uniquely
|
||||
identifiable to the source (e.g., cloud provider, service, etc.) that
|
||||
created them.
|
|
@ -1,30 +0,0 @@
|
|||
==============
|
||||
Specification
|
||||
==============
|
||||
|
||||
The following is a high-level description of components in the CADF
|
||||
specification. The basic component of the CADF specification are Events. The
|
||||
full CADF specification document can be found here_. Additional details on the
|
||||
CADF specification are accessible via the `DMTF CADF`_ page.
|
||||
|
||||
.. _here: http://dmtf.org/sites/default/files/standards/documents/DSP0262_1.0.0.pdf
|
||||
.. _DMTF CADF: http://www.dmtf.org/standards/cadf
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
events
|
||||
attachments
|
||||
credentials
|
||||
endpoints
|
||||
geolocations
|
||||
hosts
|
||||
identifiers
|
||||
measurements
|
||||
paths
|
||||
reasons
|
||||
reportersteps
|
||||
resources
|
||||
tags
|
||||
timestamps
|
||||
taxonomy
|
|
@ -1,79 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _measurements:
|
||||
|
||||
=============
|
||||
Measurements
|
||||
=============
|
||||
|
||||
A component that contains statistical or measurement information for TARGET
|
||||
resources that are being monitored. The measurement should be based upon a
|
||||
defined metric (a method of measurement).
|
||||
|
||||
============ =============== ========= =================================================================================================================
|
||||
Property Type Required Description
|
||||
============ =============== ========= =================================================================================================================
|
||||
result xs:any Yes The quantitative or qualitative result of a measurement from applying the associated metric
|
||||
metric cadf:Metric Dependent The property describes the metric used in generating the measurement result. Required if not metricId
|
||||
metricId cadf:Identifier Dependent This property identifies a CADF Metric by reference and whose definition exists elsewhere. Required if not metric
|
||||
calculatedBy cadf:Resource No An optional description of the resource that calculated the measurement
|
||||
============ =============== ========= =================================================================================================================
|
||||
|
||||
Metrics
|
||||
=======
|
||||
|
||||
The Metric data type describes the rules and processes for measuring some
|
||||
activity or resource, resulting in the generation of some values (captured by
|
||||
the Measurement type).
|
||||
|
||||
=========== =============== ======== ==================================================
|
||||
Property Type Required Description
|
||||
=========== =============== ======== ==================================================
|
||||
metricId cadf:identifier Yes The identifier for the metric.
|
||||
unit xs:string Yes The metrics unit (e.g., "ms", "Hz", "GB", etc.)
|
||||
name xs:string No A descriptive name for metric
|
||||
annotations cadf:map No User-defined metric information.
|
||||
=========== =============== ======== ==================================================
|
||||
|
||||
Serialisation
|
||||
=============
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/log",
|
||||
...,
|
||||
"metrics": [
|
||||
{
|
||||
"metricId": "myuuid://metric.org/1234",
|
||||
"unit": "GB",
|
||||
"name": "Storage Capacity in Gigabytes"
|
||||
}
|
||||
],
|
||||
...,
|
||||
"events": [
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
|
||||
...,
|
||||
"measurements": [
|
||||
{
|
||||
"result": "10",
|
||||
"metricId": "myuuid://metric.org/1234"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,25 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _paths:
|
||||
|
||||
======
|
||||
Paths
|
||||
======
|
||||
|
||||
This clause describes how to represent values that are elements of hierarchies.
|
||||
This construct is used for example when providing values from CADF Taxonomies
|
||||
that classify components of the CADF Event Model within CADF Event Records as
|
||||
path values.
|
|
@ -1,49 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _reasons:
|
||||
|
||||
========
|
||||
Reasons
|
||||
========
|
||||
|
||||
A component that contains a means to provide additional details and further
|
||||
classify the top-level OUTCOME of the ACTION included in a CADF Event Record.
|
||||
|
||||
========== ========= ======== =====================================================================================================================
|
||||
Property Type Required Description
|
||||
========== ========= ======== =====================================================================================================================
|
||||
reasonType xs:anyURI No The domain URI that defines the "reasonCode" property's value
|
||||
reasonCode xs:string No An optional detailed result code as described by the domain identified in the "reasonType" property
|
||||
policyType xs:anyURI No The domain URI that defines the "policyId" property’s value
|
||||
policyId xs:string No An optional identifier that indicates which policy or algorithm was applied in order to achieve the described OUTCOME
|
||||
========== ========= ======== =====================================================================================================================
|
||||
|
||||
Serialisation
|
||||
=============
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
|
||||
...,
|
||||
"reason": {
|
||||
"reasonType": "http://www.iana.org/assignments/http-status-codes/http-status-codes.xml",
|
||||
"reasonCode": "408",
|
||||
"policyType": "http://schemas.xmlsoap.org/ws/2002/12/policy",
|
||||
"policyId": "http://10.0.3.4/firewall-ruleset/rule0012"
|
||||
},
|
||||
...
|
||||
}
|
|
@ -1,59 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _reportersteps:
|
||||
|
||||
==============
|
||||
Reportersteps
|
||||
==============
|
||||
|
||||
This type represents a step in the REPORTERCHAIN that captures information
|
||||
about any notable REPORTER (in addition to the OBSERVER) that modified or
|
||||
relayed the CADF Event Record and any details regarding any modification it
|
||||
performed on the CADF Event Record it is contained within.
|
||||
|
||||
The Reporterstep data type should capture information about the resources that
|
||||
have had a role in modifying, or relaying the CADF Event Record during its
|
||||
lifecycle after having been created by the OBSERVER.
|
||||
|
||||
============ ================= ========= ==========================================================================================================================
|
||||
Property Type Required Description
|
||||
============ ================= ========= ==========================================================================================================================
|
||||
role xs:string Yes The role the REPORTER performed on the CADF Event Record (e.g., an "observer", "modifier" or "relay" role)
|
||||
reporter cadf:Resource Dependent This property defines the resource that acted as a REPORTER on a CADF Event Record. Required if not reporterId
|
||||
reporterId cadf:Identifier Dependent This property identifies a resource that acted as a REPORTER on a CADF Event Record by reference. Required if not reporter
|
||||
reporterTime cadf:Timestamp No The time a REPORTER adds its Reporterstep entry into the REPORTERCHAIN
|
||||
attachments cadf:Attachment[] No An optional array of additional data containing information about the reporter or any action it performed
|
||||
============ ================= ========= ==========================================================================================================================
|
||||
|
||||
Serialisation
|
||||
=============
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
|
||||
...,
|
||||
"reporterchain": [
|
||||
{
|
||||
"role": "modifier",
|
||||
"reporterTime": "2012-03-22T13:00:00-04:00",
|
||||
"reporter": {
|
||||
"id": "myscheme://mydomain/resource/monitor/id/0002"
|
||||
}
|
||||
},
|
||||
...
|
||||
]
|
||||
}
|
|
@ -1,62 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _resources:
|
||||
|
||||
==========
|
||||
Resources
|
||||
==========
|
||||
|
||||
Resources in general can be used to describe traditional IT components
|
||||
(e.g., servers, network devices, etc.), software components
|
||||
(e.g., platforms, databases, applications, etc.), operational and business
|
||||
data (e.g., accounts, users, etc.) and roles, which can be assigned to
|
||||
persons, that describe the authority to access capabilities.
|
||||
|
||||
============= ================= ========= ===================================================================================================================================
|
||||
Property Type Required Description
|
||||
============= ================= ========= ===================================================================================================================================
|
||||
id cadf:Identifier Yes The identifier for the resource
|
||||
typeURI cadf:Path Yes The classification (i.e., type) of the resource using the CADF Resource Taxonomy
|
||||
name xs:string No The optional local name for the resource (not necessarily unique)
|
||||
domain xs:string No The optional name of the domain that qualifies the name of the resource
|
||||
credential cadf:Credential No The optional security credentials associated with the resource’s identity
|
||||
addresses cadf:Endpoint[] No The optional descriptive addresses (including URLs) of the resource
|
||||
host cadf:Host No The optional information about the (network) host of the resource
|
||||
geolocation cadf:Geolocation Dependent This optional property describes the geographic location of the resource using Geolocation data type. Required if not geolocationId
|
||||
geolocationId cadf:Identifier Dependent This optional property identifies a CADF Geolocation by reference. Required if not geolocation
|
||||
attachments cadf:Attachment[] No An optional array of extended or domain-specific information about the resource or its contex
|
||||
============= ================= ========= ===================================================================================================================================
|
||||
|
||||
Serialisation
|
||||
=============
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
{
|
||||
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
|
||||
...,
|
||||
"target": {
|
||||
"id": "myscheme://mydomain/resource/id/0001",
|
||||
"typeURI": "service/compute",
|
||||
"name": "server_0001",
|
||||
...,
|
||||
"geolocation": {
|
||||
"city": "Austin",
|
||||
"state": "TX",
|
||||
"regionICANN": "US"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _tags:
|
||||
|
||||
=====
|
||||
Tags
|
||||
=====
|
||||
|
||||
A "tag" is a label that can be added to a CADF Event Record to qualify or
|
||||
categorize an event.
|
||||
|
||||
Tags provide a powerful mechanism for adding domain-specific identifiers and
|
||||
classifications to CADF Event Records that can be referenced by the CADF Query
|
||||
Interface. This allows customers to construct custom reports or views on the
|
||||
event data held by a provider for a specific domain of interest. A CADF Event
|
||||
Record can have multiple tags that enable cross-domain analysis.
|
|
@ -1,33 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _taxonomy:
|
||||
|
||||
=========
|
||||
Taxonomy
|
||||
=========
|
||||
|
||||
The CADF Resource Taxonomy describes resources that are commonly used in cloud
|
||||
and enterprise infrastructures. This list was developed based on surveys of
|
||||
existing cloud architectures, deployments, and implementations. The Resource
|
||||
Taxonomy, however, is fully intended to be extensible by profiles that may
|
||||
define additional resource nodes as child nodes to the ones specified below.
|
||||
When doing so, however, vendors and cloud providers should be aware that this
|
||||
places an additional burden on the consumer to correctly comprehend the new
|
||||
node type. Therefore, vendors and providers of CADF audit data should be
|
||||
careful to provide classification values that extend the existing tree from the
|
||||
most granular node that closely matches the functions of any newly-defined
|
||||
resource types. This approach will provide consumers with a baseline
|
||||
understanding of the function of the new resource type.
|
|
@ -1,34 +0,0 @@
|
|||
..
|
||||
Copyright 2014 IBM Corp.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
.. _timestamps:
|
||||
|
||||
===========
|
||||
Timestamps
|
||||
===========
|
||||
|
||||
The following example shows the required Lexical representation of the
|
||||
Timestamp type used in this specification; all Timestamp typed values
|
||||
SHALL be formatted accordingly:
|
||||
|
||||
::
|
||||
|
||||
yyyy '-' mm '-' dd 'T' hh ':' mm ':' ss ('.' s+)('+' | '-') hh ':' mm
|
||||
|
||||
.. note::
|
||||
|
||||
The UTC offset is always required (not optional) and the use of the
|
||||
character 'Z' (or 'Zulu' time) as an abbreviation for UTC offset +00:00
|
||||
or -00:00 is NOT permitted.
|
|
@ -1,22 +0,0 @@
|
|||
[DEFAULT]
|
||||
# default target endpoint type
|
||||
# should match the endpoint type defined in service catalog
|
||||
target_endpoint_type = None
|
||||
|
||||
# possible end path of api requests
|
||||
[path_keywords]
|
||||
meters = meter_name
|
||||
resources = resource_id
|
||||
statistics = None
|
||||
samples = sample_id
|
||||
capabilities = None
|
||||
alarms = alarm_id
|
||||
history = None
|
||||
state = None
|
||||
event_types = event_type
|
||||
traits = event_type
|
||||
events = message_id
|
||||
|
||||
# map endpoint type defined in service catalog to CADF typeURI
|
||||
[service_endpoints]
|
||||
metering = service/metering
|
|
@ -1,27 +0,0 @@
|
|||
[DEFAULT]
|
||||
# default target endpoint type
|
||||
# should match the endpoint type defined in service catalog
|
||||
target_endpoint_type = None
|
||||
|
||||
# map urls ending with specific text to a unique action
|
||||
[custom_actions]
|
||||
associate = update/associate
|
||||
disassociate = update/disassociate
|
||||
disassociate_all = update/disassociate_all
|
||||
associations = read/list/associations
|
||||
|
||||
# possible end path of api requests
|
||||
[path_keywords]
|
||||
defaults = None
|
||||
detail = None
|
||||
limits = None
|
||||
os-quota-specs = project
|
||||
qos-specs = qos-spec
|
||||
snapshots = snapshot
|
||||
types = type
|
||||
volumes = volume
|
||||
|
||||
# map endpoint type defined in service catalog to CADF typeURI
|
||||
[service_endpoints]
|
||||
volume = service/storage/block
|
||||
volumev2 = service/storage/block
|
|
@ -1,16 +0,0 @@
|
|||
[DEFAULT]
|
||||
# default target endpoint type
|
||||
# should match the endpoint type defined in service catalog
|
||||
target_endpoint_type = None
|
||||
|
||||
# possible end path of api requests
|
||||
[path_keywords]
|
||||
detail = None
|
||||
file = None
|
||||
images = image
|
||||
members = member
|
||||
tags = tag
|
||||
|
||||
# map endpoint type defined in service catalog to CADF typeURI
|
||||
[service_endpoints]
|
||||
image = service/storage/image
|
|
@ -1,32 +0,0 @@
|
|||
[DEFAULT]
|
||||
# default target endpoint type
|
||||
# should match the endpoint type defined in service catalog
|
||||
target_endpoint_type = None
|
||||
|
||||
# possible end path of api requests
|
||||
[path_keywords]
|
||||
stacks = stack
|
||||
resources = resource
|
||||
preview = None
|
||||
detail = None
|
||||
abandon = None
|
||||
snapshots = snapshot
|
||||
restore = None
|
||||
outputs = output
|
||||
metadata = server
|
||||
signal = None
|
||||
events = event
|
||||
template = None
|
||||
template_versions = template_version
|
||||
functions = None
|
||||
validate = None
|
||||
resource_types = resource_type
|
||||
build_info = None
|
||||
actions = None
|
||||
software_configs = software_config
|
||||
software_deployments = software_deployment
|
||||
services = None
|
||||
|
||||
# map endpoint type defined in service catalog to CADF typeURI
|
||||
[service_endpoints]
|
||||
orchestration = service/orchestration
|
|
@ -1,25 +0,0 @@
|
|||
[DEFAULT]
|
||||
# default target endpoint type
|
||||
# should match the endpoint type defined in service catalog
|
||||
target_endpoint_type = None
|
||||
|
||||
# possible end path of api requests
|
||||
[path_keywords]
|
||||
nodes = node
|
||||
drivers = driver
|
||||
chassis = chassis
|
||||
ports = port
|
||||
states = state
|
||||
power = None
|
||||
provision = None
|
||||
maintenance = None
|
||||
validate = None
|
||||
boot_device = None
|
||||
supported = None
|
||||
console = None
|
||||
vendor_passthrus = vendor_passthru
|
||||
|
||||
|
||||
# map endpoint type defined in service catalog to CADF typeURI
|
||||
[service_endpoints]
|
||||
baremetal = service/compute/baremetal
|
|
@ -1,31 +0,0 @@
|
|||
[DEFAULT]
|
||||
# default target endpoint type
|
||||
# should match the endpoint type defined in service catalog
|
||||
target_endpoint_type = None
|
||||
|
||||
[custom_actions]
|
||||
add_router_interface = update/add
|
||||
remove_router_interface = update/remove
|
||||
|
||||
# possible end path of api requests
|
||||
[path_keywords]
|
||||
floatingips = ip
|
||||
healthmonitors = healthmonitor
|
||||
health_monitors = health_monitor
|
||||
lb = None
|
||||
members = member
|
||||
metering-labels = label
|
||||
metering-label-rules = rule
|
||||
networks = network
|
||||
pools = pool
|
||||
ports = port
|
||||
routers = router
|
||||
quotas = quota
|
||||
security-groups = security-group
|
||||
security-group-rules = rule
|
||||
subnets = subnet
|
||||
vips = vip
|
||||
|
||||
# map endpoint type defined in service catalog to CADF typeURI
|
||||
[service_endpoints]
|
||||
network = service/network
|
|
@ -1,72 +0,0 @@
|
|||
[DEFAULT]
|
||||
# default target endpoint type
|
||||
# should match the endpoint type defined in service catalog
|
||||
target_endpoint_type = None
|
||||
|
||||
[custom_actions]
|
||||
enable = enable
|
||||
disable = disable
|
||||
delete = delete
|
||||
startup = start/startup
|
||||
shutdown = stop/shutdown
|
||||
reboot = start/reboot
|
||||
os-migrations/get = read
|
||||
os-server-password/post = update
|
||||
|
||||
# possible end path of api requests
|
||||
[path_keywords]
|
||||
add = None
|
||||
action = None
|
||||
enable = None
|
||||
disable = None
|
||||
configure-project = None
|
||||
defaults = None
|
||||
delete = None
|
||||
detail = None
|
||||
diagnostics = None
|
||||
entries = entry
|
||||
extensions = alias
|
||||
flavors = flavor
|
||||
images = image
|
||||
ips = label
|
||||
limits = None
|
||||
metadata = key
|
||||
os-agents = os-agent
|
||||
os-aggregates = os-aggregate
|
||||
os-availability-zone = None
|
||||
os-certificates = None
|
||||
os-cloudpipe = None
|
||||
os-fixed-ips = ip
|
||||
os-extra_specs = key
|
||||
os-flavor-access = None
|
||||
os-floating-ip-dns = domain
|
||||
os-floating-ips-bulk = host
|
||||
os-floating-ip-pools = None
|
||||
os-floating-ips = floating-ip
|
||||
os-hosts = host
|
||||
os-hypervisors = hypervisor
|
||||
os-instance-actions = instance-action
|
||||
os-keypairs = keypair
|
||||
os-migrations = None
|
||||
os-networks = network
|
||||
os-quota-sets = tenant
|
||||
os-security-groups = security_group
|
||||
os-security-group-rules = rule
|
||||
os-server-password = None
|
||||
os-services = None
|
||||
os-simple-tenant-usage = tenant
|
||||
os-virtual-interfaces = None
|
||||
os-volume_attachments = attachment
|
||||
os-volumes_boot = None
|
||||
os-volumes = volume
|
||||
os-volume-types = volume-type
|
||||
os-snapshots = snapshot
|
||||
reboot = None
|
||||
servers = server
|
||||
shutdown = None
|
||||
startup = None
|
||||
statistics = None
|
||||
|
||||
# map endpoint type defined in service catalog to CADF typeURI
|
||||
[service_endpoints]
|
||||
compute = service/compute
|
|
@ -1,23 +0,0 @@
|
|||
[DEFAULT]
|
||||
# default target endpoint type
|
||||
# should match the endpoint type defined in service catalog
|
||||
target_endpoint_type = None
|
||||
|
||||
# possible end path of api requests
|
||||
[path_keywords]
|
||||
instances=instance
|
||||
configuration=None
|
||||
root=None
|
||||
action=None
|
||||
databases=database
|
||||
users=user
|
||||
flavors=flavor
|
||||
backups=backup
|
||||
configurations=configuration
|
||||
versions=version
|
||||
datastores=datastore
|
||||
parameters=parameter
|
||||
|
||||
# map endpoint type defined in service catalog to CADF typeURI
|
||||
[service_endpoints]
|
||||
database=service/database
|
|
@ -1,68 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
from pycadf import cadftype
|
||||
|
||||
ATTACHMENT_KEYNAME_TYPEURI = "typeURI"
|
||||
ATTACHMENT_KEYNAME_CONTENT = "content"
|
||||
ATTACHMENT_KEYNAME_NAME = "name"
|
||||
|
||||
ATTACHMENT_KEYNAMES = [ATTACHMENT_KEYNAME_TYPEURI,
|
||||
ATTACHMENT_KEYNAME_CONTENT,
|
||||
ATTACHMENT_KEYNAME_NAME]
|
||||
|
||||
|
||||
class Attachment(cadftype.CADFAbstractType):
|
||||
|
||||
# TODO(mrutkows): OpenStack / Ceilometer may want to define
|
||||
# the set of approved attachment types in order to
|
||||
# limit and validate them.
|
||||
typeURI = cadftype.ValidatorDescriptor(ATTACHMENT_KEYNAME_TYPEURI,
|
||||
lambda x: isinstance(
|
||||
x, six.string_types))
|
||||
content = cadftype.ValidatorDescriptor(ATTACHMENT_KEYNAME_CONTENT)
|
||||
name = cadftype.ValidatorDescriptor(ATTACHMENT_KEYNAME_NAME,
|
||||
lambda x: isinstance(x,
|
||||
six.string_types))
|
||||
|
||||
def __init__(self, typeURI=None, content=None, name=None):
|
||||
"""Create Attachment data type
|
||||
|
||||
:param typeURI: uri that identifies type of data in content
|
||||
:param content: container that contains any type of data
|
||||
:param contentType: name used to identify content.
|
||||
"""
|
||||
# Attachment.typeURI
|
||||
if typeURI is not None:
|
||||
setattr(self, ATTACHMENT_KEYNAME_TYPEURI, typeURI)
|
||||
|
||||
# Attachment.content
|
||||
if content is not None:
|
||||
setattr(self, ATTACHMENT_KEYNAME_CONTENT, content)
|
||||
|
||||
# Attachment.name
|
||||
if name is not None:
|
||||
setattr(self, ATTACHMENT_KEYNAME_NAME, name)
|
||||
|
||||
# self validate cadf:Attachment type against schema
|
||||
def is_valid(self):
|
||||
"""Validation to ensure Attachment required attributes are set.
|
||||
"""
|
||||
return (
|
||||
self._isset(ATTACHMENT_KEYNAME_TYPEURI) and
|
||||
self._isset(ATTACHMENT_KEYNAME_NAME) and
|
||||
self._isset(ATTACHMENT_KEYNAME_CONTENT)
|
||||
)
|
|
@ -1,218 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
from pycadf import cadftype
|
||||
|
||||
TYPE_URI_ACTION = cadftype.CADF_VERSION_1_0_0 + 'action'
|
||||
|
||||
UNKNOWN = 'unknown'
|
||||
|
||||
# Commonly used (valid) Event.action values from Nova
|
||||
ACTION_CREATE = 'create'
|
||||
ACTION_READ = 'read'
|
||||
ACTION_UPDATE = 'update'
|
||||
ACTION_DELETE = 'delete'
|
||||
# Other CADF actions
|
||||
ACTION_AUTHENTICATE = 'authenticate'
|
||||
ACTION_EVALUATE = 'evaluate'
|
||||
# OpenStack specific, Profile or change CADF spec. to add this action
|
||||
ACTION_LIST = 'read/list'
|
||||
|
||||
# TODO(mrutkows): Make global using WSGI mechanism
|
||||
ACTION_TAXONOMY = frozenset([
|
||||
'backup',
|
||||
'capture',
|
||||
ACTION_CREATE,
|
||||
'configure',
|
||||
ACTION_READ,
|
||||
ACTION_LIST,
|
||||
ACTION_UPDATE,
|
||||
ACTION_DELETE,
|
||||
'monitor',
|
||||
'start',
|
||||
'stop',
|
||||
'deploy',
|
||||
'undeploy',
|
||||
'enable',
|
||||
'disable',
|
||||
'send',
|
||||
'receive',
|
||||
ACTION_AUTHENTICATE,
|
||||
'authenticate/login',
|
||||
'revoke',
|
||||
'renew',
|
||||
'restore',
|
||||
ACTION_EVALUATE,
|
||||
'allow',
|
||||
'deny',
|
||||
'notify',
|
||||
UNKNOWN
|
||||
])
|
||||
|
||||
|
||||
# TODO(mrutkows): validate absolute URIs as well
|
||||
def is_valid_action(value):
|
||||
for type in ACTION_TAXONOMY:
|
||||
if value.startswith(type):
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
TYPE_URI_OUTCOME = cadftype.CADF_VERSION_1_0_0 + 'outcome'
|
||||
|
||||
# Valid Event.outcome values
|
||||
OUTCOME_SUCCESS = 'success'
|
||||
OUTCOME_FAILURE = 'failure'
|
||||
OUTCOME_PENDING = 'pending'
|
||||
|
||||
# TODO(mrutkows): Make global using WSGI mechanism
|
||||
OUTCOME_TAXONOMY = frozenset([
|
||||
OUTCOME_SUCCESS,
|
||||
OUTCOME_FAILURE,
|
||||
OUTCOME_PENDING,
|
||||
UNKNOWN
|
||||
])
|
||||
|
||||
|
||||
# TODO(mrutkows): validate absolute URIs as well
|
||||
def is_valid_outcome(value):
|
||||
return value in OUTCOME_TAXONOMY
|
||||
|
||||
SERVICE_SECURITY = 'service/security'
|
||||
SERVICE_KEYMGR = 'service/security/keymanager'
|
||||
ACCOUNT_USER = 'service/security/account/user'
|
||||
CADF_AUDIT_FILTER = 'service/security/audit/filter'
|
||||
|
||||
SECURITY_ACCOUNT = 'data/security/account'
|
||||
SECURITY_CREDENTIAL = 'data/security/credential'
|
||||
SECURITY_DOMAIN = 'data/security/domain'
|
||||
SECURITY_ENDPOINT = 'data/security/endpoint'
|
||||
SECURITY_GROUP = 'data/security/group'
|
||||
SECURITY_IDENTITY = 'data/security/identity'
|
||||
SECURITY_KEY = 'data/security/key'
|
||||
SECURITY_LICENCE = 'data/security/license'
|
||||
SECURITY_POLICY = 'data/security/policy'
|
||||
SECURITY_PROFILE = 'data/security/profile'
|
||||
SECURITY_PROJECT = 'data/security/project'
|
||||
SECURITY_REGION = 'data/security/region'
|
||||
SECURITY_ROLE = 'data/security/role'
|
||||
SECURITY_SERVICE = 'data/security/service'
|
||||
SECURITY_TRUST = 'data/security/trust'
|
||||
SECURITY_ACCOUNT_USER = 'data/security/account/user'
|
||||
KEYMGR_SECRET = 'data/security/keymanager/secret'
|
||||
KEYMGR_CONTAINER = 'data/security/keymanager/container'
|
||||
KEYMGR_ORDER = 'data/security/keymanager/order'
|
||||
KEYMGR_OTHERS = 'data/security/keymanager'
|
||||
|
||||
|
||||
# TODO(mrutkows): Make global using WSGI mechanism
|
||||
RESOURCE_TAXONOMY = frozenset([
|
||||
'storage',
|
||||
'storage/node',
|
||||
'storage/volume',
|
||||
'storage/memory',
|
||||
'storage/container',
|
||||
'storage/directory',
|
||||
'storage/database',
|
||||
'storage/queue',
|
||||
'compute',
|
||||
'compute/node',
|
||||
'compute/cpu',
|
||||
'compute/machine',
|
||||
'compute/process',
|
||||
'compute/thread',
|
||||
'network',
|
||||
'network/node',
|
||||
'network/node/host',
|
||||
'network/connection',
|
||||
'network/domain',
|
||||
'network/cluster',
|
||||
'service',
|
||||
'service/oss',
|
||||
'service/bss',
|
||||
'service/bss/metering',
|
||||
'service/composition',
|
||||
'service/compute',
|
||||
'service/database',
|
||||
SERVICE_SECURITY,
|
||||
SERVICE_KEYMGR,
|
||||
'service/security/account',
|
||||
ACCOUNT_USER,
|
||||
CADF_AUDIT_FILTER,
|
||||
'service/storage',
|
||||
'service/storage/block',
|
||||
'service/storage/image',
|
||||
'service/storage/object',
|
||||
'service/network',
|
||||
'data',
|
||||
'data/message',
|
||||
'data/workload',
|
||||
'data/workload/app',
|
||||
'data/workload/service',
|
||||
'data/workload/task',
|
||||
'data/workload/job',
|
||||
'data/file',
|
||||
'data/file/catalog',
|
||||
'data/file/log',
|
||||
'data/template',
|
||||
'data/package',
|
||||
'data/image',
|
||||
'data/module',
|
||||
'data/config',
|
||||
'data/directory',
|
||||
'data/database',
|
||||
'data/security',
|
||||
SECURITY_ACCOUNT,
|
||||
SECURITY_CREDENTIAL,
|
||||
SECURITY_DOMAIN,
|
||||
SECURITY_ENDPOINT,
|
||||
SECURITY_GROUP,
|
||||
SECURITY_IDENTITY,
|
||||
SECURITY_KEY,
|
||||
SECURITY_LICENCE,
|
||||
SECURITY_POLICY,
|
||||
SECURITY_PROFILE,
|
||||
SECURITY_PROJECT,
|
||||
SECURITY_REGION,
|
||||
SECURITY_ROLE,
|
||||
SECURITY_SERVICE,
|
||||
SECURITY_TRUST,
|
||||
SECURITY_ACCOUNT_USER,
|
||||
'data/security/account/user/privilege',
|
||||
'data/database/alias',
|
||||
'data/database/catalog',
|
||||
'data/database/constraints',
|
||||
'data/database/index',
|
||||
'data/database/instance',
|
||||
'data/database/key',
|
||||
'data/database/routine',
|
||||
'data/database/schema',
|
||||
'data/database/sequence',
|
||||
'data/database/table',
|
||||
'data/database/trigger',
|
||||
'data/database/view',
|
||||
KEYMGR_CONTAINER,
|
||||
KEYMGR_ORDER,
|
||||
KEYMGR_SECRET,
|
||||
KEYMGR_OTHERS,
|
||||
UNKNOWN
|
||||
])
|
||||
|
||||
|
||||
# TODO(mrutkows): validate absolute URIs as well
|
||||
def is_valid_resource(value):
|
||||
for type in RESOURCE_TAXONOMY:
|
||||
if value.startswith(type):
|
||||
return True
|
||||
return False
|
|
@ -1,100 +0,0 @@
|
|||
# Copyright (c) 2013 IBM Corporation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import abc
|
||||
|
||||
from oslo_serialization import jsonutils
|
||||
import six
|
||||
|
||||
CADF_SCHEMA_1_0_0 = 'cadf:'
|
||||
CADF_VERSION_1_0_0 = 'http://schemas.dmtf.org/cloud/audit/1.0/'
|
||||
|
||||
# Valid cadf:Event record "types"
|
||||
EVENTTYPE_ACTIVITY = 'activity'
|
||||
EVENTTYPE_MONITOR = 'monitor'
|
||||
EVENTTYPE_CONTROL = 'control'
|
||||
|
||||
VALID_EVENTTYPES = frozenset([
|
||||
EVENTTYPE_ACTIVITY,
|
||||
EVENTTYPE_MONITOR,
|
||||
EVENTTYPE_CONTROL
|
||||
])
|
||||
|
||||
|
||||
def is_valid_eventType(value):
|
||||
return value in VALID_EVENTTYPES
|
||||
|
||||
# valid cadf:Event record "Reporter" roles
|
||||
REPORTER_ROLE_OBSERVER = 'observer'
|
||||
REPORTER_ROLE_MODIFIER = 'modifier'
|
||||
REPORTER_ROLE_RELAY = 'relay'
|
||||
|
||||
VALID_REPORTER_ROLES = frozenset([
|
||||
REPORTER_ROLE_OBSERVER,
|
||||
REPORTER_ROLE_MODIFIER,
|
||||
REPORTER_ROLE_RELAY
|
||||
])
|
||||
|
||||
|
||||
def is_valid_reporter_role(value):
|
||||
return value in VALID_REPORTER_ROLES
|
||||
|
||||
|
||||
class ValidatorDescriptor(object):
|
||||
def __init__(self, name, func=None):
|
||||
self.name = name
|
||||
self.func = func
|
||||
|
||||
def __set__(self, instance, value):
|
||||
if value is not None:
|
||||
if self.func is not None:
|
||||
if self.func(value):
|
||||
instance.__dict__[self.name] = value
|
||||
else:
|
||||
raise ValueError('%s failed validation: %s' %
|
||||
(self.name, self.func))
|
||||
else:
|
||||
instance.__dict__[self.name] = value
|
||||
else:
|
||||
raise ValueError('%s must not be None.' % self.name)
|
||||
|
||||
|
||||
@six.add_metaclass(abc.ABCMeta)
|
||||
class CADFAbstractType(object):
|
||||
"""The abstract base class for all CADF (complex) data types (classes)."""
|
||||
|
||||
@abc.abstractmethod
|
||||
def is_valid(self, value):
|
||||
pass
|
||||
|
||||
def as_dict(self):
|
||||
"""Return dict representation of Event."""
|
||||
return jsonutils.to_primitive(self, convert_instances=True)
|
||||
|
||||
def _isset(self, attr):
|
||||
"""Check to see if attribute is defined."""
|
||||
try:
|
||||
if isinstance(getattr(self, attr), ValidatorDescriptor):
|
||||
return False
|
||||
return True
|
||||
except AttributeError:
|
||||
return False
|
||||
|
||||
# TODO(mrutkows): Eventually, we want to use the OrderedDict (introduced
|
||||
# in Python 2.7) type for all CADF classes to store attributes in a
|
||||
# canonical form. Currently, OpenStack/Jenkins requires 2.6 compatibility
|
||||
# The reason is that we want to be able to support signing all or parts
|
||||
# of the event record and need to guarantee order.
|
||||
# def to_ordered_dict(self, value):
|
||||
# pass
|
|
@ -1,99 +0,0 @@
|
|||
# Copyright (c) 2013 IBM Corporation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
from pycadf import cadftype
|
||||
from pycadf import utils
|
||||
|
||||
TYPE_URI_CRED = cadftype.CADF_VERSION_1_0_0 + 'credential'
|
||||
|
||||
CRED_KEYNAME_TYPE = "type"
|
||||
CRED_KEYNAME_TOKEN = "token"
|
||||
|
||||
CRED_KEYNAMES = [CRED_KEYNAME_TYPE,
|
||||
CRED_KEYNAME_TOKEN]
|
||||
|
||||
|
||||
FED_CRED_KEYNAME_IDENTITY_PROVIDER = "identity_provider"
|
||||
FED_CRED_KEYNAME_USER = "user"
|
||||
FED_CRED_KEYNAME_GROUPS = "groups"
|
||||
|
||||
FED_CRED_KEYNAMES = CRED_KEYNAMES + [FED_CRED_KEYNAME_IDENTITY_PROVIDER,
|
||||
FED_CRED_KEYNAME_USER,
|
||||
FED_CRED_KEYNAME_GROUPS]
|
||||
|
||||
|
||||
class Credential(cadftype.CADFAbstractType):
|
||||
type = cadftype.ValidatorDescriptor(
|
||||
CRED_KEYNAME_TYPE,
|
||||
lambda x: isinstance(x, six.string_types))
|
||||
token = cadftype.ValidatorDescriptor(
|
||||
CRED_KEYNAME_TOKEN,
|
||||
lambda x: isinstance(x, six.string_types))
|
||||
|
||||
def __init__(self, token, type=None):
|
||||
"""Create Credential data type
|
||||
|
||||
:param token: identity or security token
|
||||
:param type: type of credential (ie. identity token)
|
||||
"""
|
||||
|
||||
# Credential.token
|
||||
setattr(self, CRED_KEYNAME_TOKEN, utils.mask_value(token))
|
||||
|
||||
# Credential.type
|
||||
if type is not None:
|
||||
setattr(self, CRED_KEYNAME_TYPE, type)
|
||||
|
||||
# TODO(mrutkows): validate this cadf:Credential type against schema
|
||||
def is_valid(self):
|
||||
"""Validation to ensure Credential required attributes are set."""
|
||||
# TODO(mrutkows): validate specific attribute type/format
|
||||
return self._isset(CRED_KEYNAME_TOKEN)
|
||||
|
||||
|
||||
class FederatedCredential(Credential):
|
||||
identity_provider = cadftype.ValidatorDescriptor(
|
||||
FED_CRED_KEYNAME_IDENTITY_PROVIDER,
|
||||
lambda x: isinstance(x, six.string_types))
|
||||
user = cadftype.ValidatorDescriptor(
|
||||
FED_CRED_KEYNAME_USER,
|
||||
lambda x: isinstance(x, six.string_types))
|
||||
groups = cadftype.ValidatorDescriptor(
|
||||
FED_CRED_KEYNAME_GROUPS,
|
||||
lambda x: isinstance(x, list))
|
||||
|
||||
def __init__(self, token, type, identity_provider, user, groups):
|
||||
super(FederatedCredential, self).__init__(
|
||||
token=token,
|
||||
type=type)
|
||||
|
||||
# FederatedCredential.identity_provider
|
||||
setattr(self, FED_CRED_KEYNAME_IDENTITY_PROVIDER, identity_provider)
|
||||
|
||||
# FederatedCredential.user
|
||||
setattr(self, FED_CRED_KEYNAME_USER, user)
|
||||
|
||||
# FederatedCredential.groups
|
||||
setattr(self, FED_CRED_KEYNAME_GROUPS, groups)
|
||||
|
||||
def is_valid(self):
|
||||
"""Validation to ensure Credential required attributes are set."""
|
||||
return (
|
||||
super(FederatedCredential, self).is_valid()
|
||||
and self._isset(CRED_KEYNAME_TYPE)
|
||||
and self._isset(FED_CRED_KEYNAME_IDENTITY_PROVIDER)
|
||||
and self._isset(FED_CRED_KEYNAME_USER)
|
||||
and self._isset(FED_CRED_KEYNAME_GROUPS))
|
|
@ -1,60 +0,0 @@
|
|||
# Copyright (c) 2013 IBM Corporation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
from pycadf import cadftype
|
||||
|
||||
TYPE_URI_ENDPOINT = cadftype.CADF_VERSION_1_0_0 + 'endpoint'
|
||||
|
||||
ENDPOINT_KEYNAME_URL = "url"
|
||||
ENDPOINT_KEYNAME_NAME = "name"
|
||||
ENDPOINT_KEYNAME_PORT = "port"
|
||||
|
||||
ENDPOINT_KEYNAMES = [ENDPOINT_KEYNAME_URL,
|
||||
ENDPOINT_KEYNAME_NAME,
|
||||
ENDPOINT_KEYNAME_PORT]
|
||||
|
||||
|
||||
class Endpoint(cadftype.CADFAbstractType):
|
||||
|
||||
url = cadftype.ValidatorDescriptor(
|
||||
ENDPOINT_KEYNAME_URL, lambda x: isinstance(x, six.string_types))
|
||||
name = cadftype.ValidatorDescriptor(
|
||||
ENDPOINT_KEYNAME_NAME, lambda x: isinstance(x, six.string_types))
|
||||
port = cadftype.ValidatorDescriptor(
|
||||
ENDPOINT_KEYNAME_PORT, lambda x: isinstance(x, six.string_types))
|
||||
|
||||
def __init__(self, url, name=None, port=None):
|
||||
"""Create Endpoint data type
|
||||
|
||||
:param url: address of endpoint
|
||||
:param name: name of endpoint
|
||||
:param port: port of endpoint
|
||||
"""
|
||||
|
||||
# ENDPOINT.url
|
||||
setattr(self, ENDPOINT_KEYNAME_URL, url)
|
||||
# ENDPOINT.name
|
||||
if name is not None:
|
||||
setattr(self, ENDPOINT_KEYNAME_NAME, name)
|
||||
# ENDPOINT.port
|
||||
if port is not None:
|
||||
setattr(self, ENDPOINT_KEYNAME_PORT, port)
|
||||
|
||||
# TODO(mrutkows): validate this cadf:ENDPOINT type against schema
|
||||
def is_valid(self):
|
||||
"""Validation to ensure Endpoint required attributes are set.
|
||||
"""
|
||||
return self._isset(ENDPOINT_KEYNAME_URL)
|
286
pycadf/event.py
286
pycadf/event.py
|
@ -1,286 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
from pycadf import attachment
|
||||
from pycadf import cadftaxonomy
|
||||
from pycadf import cadftype
|
||||
from pycadf import identifier
|
||||
from pycadf import measurement
|
||||
from pycadf import reason
|
||||
from pycadf import reporterstep
|
||||
from pycadf import resource
|
||||
from pycadf import tag
|
||||
from pycadf import timestamp
|
||||
|
||||
TYPE_URI_EVENT = cadftype.CADF_VERSION_1_0_0 + 'event'
|
||||
|
||||
# Event.eventType
|
||||
EVENT_KEYNAME_TYPEURI = "typeURI"
|
||||
EVENT_KEYNAME_EVENTTYPE = "eventType"
|
||||
EVENT_KEYNAME_ID = "id"
|
||||
EVENT_KEYNAME_EVENTTIME = "eventTime"
|
||||
EVENT_KEYNAME_INITIATOR = "initiator"
|
||||
EVENT_KEYNAME_INITIATORID = "initiatorId"
|
||||
EVENT_KEYNAME_ACTION = "action"
|
||||
EVENT_KEYNAME_TARGET = "target"
|
||||
EVENT_KEYNAME_TARGETID = "targetId"
|
||||
EVENT_KEYNAME_OUTCOME = "outcome"
|
||||
EVENT_KEYNAME_REASON = "reason"
|
||||
EVENT_KEYNAME_SEVERITY = "severity"
|
||||
EVENT_KEYNAME_NAME = "name"
|
||||
EVENT_KEYNAME_MEASUREMENTS = "measurements"
|
||||
EVENT_KEYNAME_TAGS = "tags"
|
||||
EVENT_KEYNAME_ATTACHMENTS = "attachments"
|
||||
EVENT_KEYNAME_OBSERVER = "observer"
|
||||
EVENT_KEYNAME_OBSERVERID = "observerId"
|
||||
EVENT_KEYNAME_REPORTERCHAIN = "reporterchain"
|
||||
|
||||
EVENT_KEYNAMES = [EVENT_KEYNAME_TYPEURI,
|
||||
EVENT_KEYNAME_EVENTTYPE,
|
||||
EVENT_KEYNAME_ID,
|
||||
EVENT_KEYNAME_EVENTTIME,
|
||||
EVENT_KEYNAME_INITIATOR,
|
||||
EVENT_KEYNAME_INITIATORID,
|
||||
EVENT_KEYNAME_ACTION,
|
||||
EVENT_KEYNAME_TARGET,
|
||||
EVENT_KEYNAME_TARGETID,
|
||||
EVENT_KEYNAME_OUTCOME,
|
||||
EVENT_KEYNAME_REASON,
|
||||
EVENT_KEYNAME_SEVERITY,
|
||||
EVENT_KEYNAME_NAME,
|
||||
EVENT_KEYNAME_MEASUREMENTS,
|
||||
EVENT_KEYNAME_TAGS,
|
||||
EVENT_KEYNAME_ATTACHMENTS,
|
||||
EVENT_KEYNAME_OBSERVER,
|
||||
EVENT_KEYNAME_OBSERVERID,
|
||||
EVENT_KEYNAME_REPORTERCHAIN]
|
||||
|
||||
|
||||
class Event(cadftype.CADFAbstractType):
|
||||
|
||||
eventType = cadftype.ValidatorDescriptor(
|
||||
EVENT_KEYNAME_EVENTTYPE, lambda x: cadftype.is_valid_eventType(x))
|
||||
id = cadftype.ValidatorDescriptor(EVENT_KEYNAME_ID,
|
||||
lambda x: identifier.is_valid(x))
|
||||
eventTime = cadftype.ValidatorDescriptor(EVENT_KEYNAME_EVENTTIME,
|
||||
lambda x: timestamp.is_valid(x))
|
||||
initiator = cadftype.ValidatorDescriptor(
|
||||
EVENT_KEYNAME_INITIATOR,
|
||||
(lambda x: isinstance(x, resource.Resource) and x.is_valid()
|
||||
and x.id != 'initiator'))
|
||||
initiatorId = cadftype.ValidatorDescriptor(
|
||||
EVENT_KEYNAME_INITIATORID, lambda x: identifier.is_valid(x))
|
||||
action = cadftype.ValidatorDescriptor(
|
||||
EVENT_KEYNAME_ACTION, lambda x: cadftaxonomy.is_valid_action(x))
|
||||
target = cadftype.ValidatorDescriptor(
|
||||
EVENT_KEYNAME_TARGET,
|
||||
(lambda x: isinstance(x, resource.Resource) and x.is_valid()
|
||||
and x.id != 'target'))
|
||||
targetId = cadftype.ValidatorDescriptor(
|
||||
EVENT_KEYNAME_TARGETID, lambda x: identifier.is_valid(x))
|
||||
outcome = cadftype.ValidatorDescriptor(
|
||||
EVENT_KEYNAME_OUTCOME, lambda x: cadftaxonomy.is_valid_outcome(x))
|
||||
reason = cadftype.ValidatorDescriptor(
|
||||
EVENT_KEYNAME_REASON,
|
||||
lambda x: isinstance(x, reason.Reason) and x.is_valid())
|
||||
name = cadftype.ValidatorDescriptor(EVENT_KEYNAME_NAME,
|
||||
lambda x: isinstance(
|
||||
x, six.string_types))
|
||||
severity = cadftype.ValidatorDescriptor(EVENT_KEYNAME_SEVERITY,
|
||||
lambda x: isinstance(
|
||||
x, six.string_types))
|
||||
observer = cadftype.ValidatorDescriptor(
|
||||
EVENT_KEYNAME_OBSERVER,
|
||||
(lambda x: isinstance(x, resource.Resource) and x.is_valid()))
|
||||
observerId = cadftype.ValidatorDescriptor(
|
||||
EVENT_KEYNAME_OBSERVERID, lambda x: identifier.is_valid(x))
|
||||
|
||||
def __init__(self, eventType=cadftype.EVENTTYPE_ACTIVITY,
|
||||
id=None, eventTime=None,
|
||||
action=cadftaxonomy.UNKNOWN, outcome=cadftaxonomy.UNKNOWN,
|
||||
initiator=None, initiatorId=None, target=None, targetId=None,
|
||||
severity=None, reason=None, observer=None, observerId=None,
|
||||
name=None):
|
||||
"""Create an Event
|
||||
|
||||
:param eventType: eventType of Event. Defaults to 'activity' type
|
||||
:param id: id of event. will generate uuid if None
|
||||
:param eventTime: time of event. will take current utc if None
|
||||
:param action: event's action (see Action taxonomy)
|
||||
:param outcome: Event's outcome (see Outcome taxonomy)
|
||||
:param initiator: Event's Initiator Resource
|
||||
:param initiatorId: Event's Initiator Resource id
|
||||
:param target: Event's Target Resource
|
||||
:param targetId: Event's Target Resource id
|
||||
:param severity: domain-relative severity of Event
|
||||
:param reason: domain-specific Reason type
|
||||
:param observer: Event's Observer Resource
|
||||
:param observerId: Event's Observer Resource id
|
||||
:param name: descriptive name for the event
|
||||
"""
|
||||
# Establish typeURI for the CADF Event data type
|
||||
# TODO(mrutkows): support extended typeURIs for Event subtypes
|
||||
setattr(self, EVENT_KEYNAME_TYPEURI, TYPE_URI_EVENT)
|
||||
|
||||
# Event.eventType (Mandatory)
|
||||
setattr(self, EVENT_KEYNAME_EVENTTYPE, eventType)
|
||||
|
||||
# Event.id (Mandatory)
|
||||
setattr(self, EVENT_KEYNAME_ID, id or identifier.generate_uuid())
|
||||
|
||||
# Event.eventTime (Mandatory)
|
||||
setattr(self, EVENT_KEYNAME_EVENTTIME,
|
||||
eventTime or timestamp.get_utc_now())
|
||||
|
||||
# Event.action (Mandatory)
|
||||
setattr(self, EVENT_KEYNAME_ACTION, action)
|
||||
|
||||
# Event.outcome (Mandatory)
|
||||
setattr(self, EVENT_KEYNAME_OUTCOME, outcome)
|
||||
|
||||
# Event.observer (Mandatory if no observerId)
|
||||
if observer is not None:
|
||||
setattr(self, EVENT_KEYNAME_OBSERVER, observer)
|
||||
# Event.observerId (Dependent)
|
||||
if observerId is not None:
|
||||
setattr(self, EVENT_KEYNAME_OBSERVERID, observerId)
|
||||
|
||||
# Event.initiator (Mandatory if no initiatorId)
|
||||
if initiator is not None:
|
||||
setattr(self, EVENT_KEYNAME_INITIATOR, initiator)
|
||||
# Event.initiatorId (Dependent)
|
||||
if initiatorId is not None:
|
||||
setattr(self, EVENT_KEYNAME_INITIATORID, initiatorId)
|
||||
|
||||
# Event.target (Mandatory if no targetId)
|
||||
if target is not None:
|
||||
setattr(self, EVENT_KEYNAME_TARGET, target)
|
||||
# Event.targetId (Dependent)
|
||||
if targetId is not None:
|
||||
setattr(self, EVENT_KEYNAME_TARGETID, targetId)
|
||||
|
||||
# Event.name (Optional)
|
||||
if name is not None:
|
||||
setattr(self, EVENT_KEYNAME_NAME, name)
|
||||
|
||||
# Event.severity (Optional)
|
||||
if severity is not None:
|
||||
setattr(self, EVENT_KEYNAME_SEVERITY, severity)
|
||||
|
||||
# Event.reason (Optional)
|
||||
if reason is not None:
|
||||
setattr(self, EVENT_KEYNAME_REASON, reason)
|
||||
|
||||
# Event.reporterchain
|
||||
def add_reporterstep(self, step):
|
||||
"""Add a Reporterstep
|
||||
|
||||
:param step: Reporterstep to be added to reporterchain
|
||||
"""
|
||||
if step is not None and isinstance(step, reporterstep.Reporterstep):
|
||||
if step.is_valid():
|
||||
# Create the list of Reportersteps if needed
|
||||
if not hasattr(self, EVENT_KEYNAME_REPORTERCHAIN):
|
||||
setattr(self, EVENT_KEYNAME_REPORTERCHAIN, list())
|
||||
|
||||
reporterchain = getattr(self,
|
||||
EVENT_KEYNAME_REPORTERCHAIN)
|
||||
reporterchain.append(step)
|
||||
else:
|
||||
raise ValueError('Invalid reporterstep')
|
||||
else:
|
||||
raise ValueError('Invalid reporterstep. '
|
||||
'Value must be a Reporterstep')
|
||||
|
||||
# Event.measurements
|
||||
def add_measurement(self, measure_val):
|
||||
"""Add a measurement value
|
||||
|
||||
:param measure_val: Measurement data type to be added to Event
|
||||
"""
|
||||
if (measure_val is not None
|
||||
and isinstance(measure_val, measurement.Measurement)):
|
||||
|
||||
if measure_val.is_valid():
|
||||
|
||||
# Create the list of event.Measurements if needed
|
||||
if not hasattr(self, EVENT_KEYNAME_MEASUREMENTS):
|
||||
setattr(self, EVENT_KEYNAME_MEASUREMENTS, list())
|
||||
|
||||
measurements = getattr(self, EVENT_KEYNAME_MEASUREMENTS)
|
||||
measurements.append(measure_val)
|
||||
else:
|
||||
raise ValueError('Invalid measurement')
|
||||
else:
|
||||
raise ValueError('Invalid measurement. '
|
||||
'Value must be a Measurement')
|
||||
|
||||
# Event.tags
|
||||
def add_tag(self, tag_val):
|
||||
"""Add Tag to Event
|
||||
|
||||
:param tag_val: Tag to add to event
|
||||
"""
|
||||
if tag.is_valid(tag_val):
|
||||
if not hasattr(self, EVENT_KEYNAME_TAGS):
|
||||
setattr(self, EVENT_KEYNAME_TAGS, list())
|
||||
getattr(self, EVENT_KEYNAME_TAGS).append(tag_val)
|
||||
else:
|
||||
raise ValueError('Invalid tag')
|
||||
|
||||
# Event.attachments
|
||||
def add_attachment(self, attachment_val):
|
||||
"""Add Attachment to Event
|
||||
|
||||
:param attachment_val: Attachment to add to Event
|
||||
"""
|
||||
if (attachment_val is not None
|
||||
and isinstance(attachment_val, attachment.Attachment)):
|
||||
|
||||
if attachment_val.is_valid():
|
||||
# Create the list of Attachments if needed
|
||||
if not hasattr(self, EVENT_KEYNAME_ATTACHMENTS):
|
||||
setattr(self, EVENT_KEYNAME_ATTACHMENTS, list())
|
||||
|
||||
attachments = getattr(self, EVENT_KEYNAME_ATTACHMENTS)
|
||||
attachments.append(attachment_val)
|
||||
else:
|
||||
raise ValueError('Invalid attachment')
|
||||
else:
|
||||
raise ValueError('Invalid attachment. '
|
||||
'Value must be an Attachment')
|
||||
|
||||
# self validate cadf:Event record against schema
|
||||
def is_valid(self):
|
||||
"""Validation to ensure Event required attributes are set.
|
||||
"""
|
||||
# TODO(mrutkows): Eventually, make sure all attributes are
|
||||
# from either the CADF spec. (or profiles thereof)
|
||||
# TODO(mrutkows): validate all child attributes that are CADF types
|
||||
return (
|
||||
self._isset(EVENT_KEYNAME_TYPEURI) and
|
||||
self._isset(EVENT_KEYNAME_EVENTTYPE) and
|
||||
self._isset(EVENT_KEYNAME_ID) and
|
||||
self._isset(EVENT_KEYNAME_EVENTTIME) and
|
||||
self._isset(EVENT_KEYNAME_ACTION) and
|
||||
self._isset(EVENT_KEYNAME_OUTCOME) and
|
||||
(self._isset(EVENT_KEYNAME_INITIATOR) ^
|
||||
self._isset(EVENT_KEYNAME_INITIATORID)) and
|
||||
(self._isset(EVENT_KEYNAME_TARGET) ^
|
||||
self._isset(EVENT_KEYNAME_TARGETID)) and
|
||||
(self._isset(EVENT_KEYNAME_OBSERVER) ^
|
||||
self._isset(EVENT_KEYNAME_OBSERVERID))
|
||||
)
|
|
@ -1,58 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
from pycadf import cadftype
|
||||
from pycadf import event
|
||||
|
||||
ERROR_UNKNOWN_EVENTTYPE = 'Unknown CADF EventType requested on factory method'
|
||||
|
||||
|
||||
class EventFactory(object):
|
||||
"""Factory class to create different required attributes for
|
||||
the following CADF event types:
|
||||
'activity': for tracking any interesting system activities for audit
|
||||
'monitor': Events that carry Metrics and Measurements and support
|
||||
standards such as NIST
|
||||
'control': For audit events that are based upon (security) policies
|
||||
and reflect some policy decision.
|
||||
"""
|
||||
def new_event(self, eventType=cadftype.EVENTTYPE_ACTIVITY, **kwargs):
|
||||
"""Create new event
|
||||
|
||||
:param eventType: eventType of event. Defaults to 'activity'
|
||||
"""
|
||||
|
||||
# for now, construct a base ('activity') event as the default
|
||||
event_val = event.Event(**kwargs)
|
||||
|
||||
if not cadftype.is_valid_eventType(eventType):
|
||||
raise ValueError(ERROR_UNKNOWN_EVENTTYPE)
|
||||
|
||||
event_val.eventType = eventType
|
||||
|
||||
# TODO(mrutkows): CADF is only being used for basic
|
||||
# 'activity' auditing (on APIs). An IF-ELIF will
|
||||
# become more meaningful as we add support for other
|
||||
# event types.
|
||||
# elif eventType == cadftype.EVENTTYPE_MONITOR:
|
||||
# # TODO(mrutkows): If we add support for standard (NIST)
|
||||
# # monitoring messages, we will would have a "monitor"
|
||||
# # subclass of the CADF Event type and create it here
|
||||
# event_val.set_eventType(cadftype.EVENTTYPE_MONITOR)
|
||||
# elif eventType == cadftype.EVENTTYPE_CONTROL:
|
||||
# # TODO(mrutkows): If we add support for standard (NIST)
|
||||
# # monitoring messages, we will would have a "control"
|
||||
# # subclass of the CADF Event type and create it here
|
||||
# event_val.set_eventType(cadftype.EVENTTYPE_CONTROL)
|
||||
return event_val
|
|
@ -1,130 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
from pycadf import cadftype
|
||||
from pycadf import identifier
|
||||
|
||||
# Geolocation types can appear outside a cadf:Event record context, in these
|
||||
# cases a typeURI may be used to identify the cadf:Geolocation data type.
|
||||
TYPE_URI_GEOLOCATION = cadftype.CADF_VERSION_1_0_0 + 'geolocation'
|
||||
|
||||
GEO_KEYNAME_ID = "id"
|
||||
GEO_KEYNAME_LATITUDE = "latitude"
|
||||
GEO_KEYNAME_LONGITUDE = "longitude"
|
||||
GEO_KEYNAME_ELEVATION = "elevation"
|
||||
GEO_KEYNAME_ACCURACY = "accuracy"
|
||||
GEO_KEYNAME_CITY = "city"
|
||||
GEO_KEYNAME_STATE = "state"
|
||||
GEO_KEYNAME_REGIONICANN = "regionICANN"
|
||||
# GEO_KEYNAME_ANNOTATIONS = "annotations"
|
||||
|
||||
GEO_KEYNAMES = [GEO_KEYNAME_ID,
|
||||
GEO_KEYNAME_LATITUDE,
|
||||
GEO_KEYNAME_LONGITUDE,
|
||||
GEO_KEYNAME_ELEVATION,
|
||||
GEO_KEYNAME_ACCURACY,
|
||||
GEO_KEYNAME_CITY,
|
||||
GEO_KEYNAME_STATE,
|
||||
GEO_KEYNAME_REGIONICANN
|
||||
# GEO_KEYNAME_ANNOTATIONS
|
||||
]
|
||||
|
||||
|
||||
class Geolocation(cadftype.CADFAbstractType):
|
||||
|
||||
id = cadftype.ValidatorDescriptor(GEO_KEYNAME_ID,
|
||||
lambda x: identifier.is_valid(x))
|
||||
# TODO(mrutkows): we may want to do more validation to make
|
||||
# sure numeric range represented by string is valid
|
||||
latitude = cadftype.ValidatorDescriptor(GEO_KEYNAME_LATITUDE,
|
||||
lambda x: isinstance(
|
||||
x, six.string_types))
|
||||
longitude = cadftype.ValidatorDescriptor(GEO_KEYNAME_LONGITUDE,
|
||||
lambda x: isinstance(
|
||||
x, six.string_types))
|
||||
elevation = cadftype.ValidatorDescriptor(GEO_KEYNAME_ELEVATION,
|
||||
lambda x: isinstance(
|
||||
x, six.string_types))
|
||||
accuracy = cadftype.ValidatorDescriptor(GEO_KEYNAME_ACCURACY,
|
||||
lambda x: isinstance(
|
||||
x, six.string_types))
|
||||
city = cadftype.ValidatorDescriptor(GEO_KEYNAME_CITY,
|
||||
lambda x: isinstance(
|
||||
x, six.string_types))
|
||||
state = cadftype.ValidatorDescriptor(GEO_KEYNAME_STATE,
|
||||
lambda x: isinstance(
|
||||
x, six.string_types))
|
||||
regionICANN = cadftype.ValidatorDescriptor(
|
||||
GEO_KEYNAME_REGIONICANN,
|
||||
lambda x: isinstance(x, six.string_types))
|
||||
|
||||
def __init__(self, id=None, latitude=None, longitude=None,
|
||||
elevation=None, accuracy=None, city=None, state=None,
|
||||
regionICANN=None):
|
||||
"""Create Geolocation data type
|
||||
|
||||
:param id: id of geolocation
|
||||
:param latitude: latitude of geolocation
|
||||
:param longitude: longitude of geolocation
|
||||
:param elevation: elevation of geolocation in meters
|
||||
:param accuracy: accuracy of geolocation in meters
|
||||
:param city: city of geolocation
|
||||
:param state: state/province of geolocation
|
||||
:param regionICANN: region of geolocation (ie. country)
|
||||
"""
|
||||
|
||||
# Geolocation.id
|
||||
if id is not None:
|
||||
setattr(self, GEO_KEYNAME_ID, id)
|
||||
|
||||
# Geolocation.latitude
|
||||
if latitude is not None:
|
||||
setattr(self, GEO_KEYNAME_LATITUDE, latitude)
|
||||
|
||||
# Geolocation.longitude
|
||||
if longitude is not None:
|
||||
setattr(self, GEO_KEYNAME_LONGITUDE, longitude)
|
||||
|
||||
# Geolocation.elevation
|
||||
if elevation is not None:
|
||||
setattr(self, GEO_KEYNAME_ELEVATION, elevation)
|
||||
|
||||
# Geolocation.accuracy
|
||||
if accuracy is not None:
|
||||
setattr(self, GEO_KEYNAME_ACCURACY, accuracy)
|
||||
|
||||
# Geolocation.city
|
||||
if city is not None:
|
||||
setattr(self, GEO_KEYNAME_CITY, city)
|
||||
|
||||
# Geolocation.state
|
||||
if state is not None:
|
||||
setattr(self, GEO_KEYNAME_STATE, state)
|
||||
|
||||
# Geolocation.regionICANN
|
||||
if regionICANN is not None:
|
||||
setattr(self, GEO_KEYNAME_REGIONICANN, regionICANN)
|
||||
|
||||
# TODO(mrutkows): add mechanism for annotations, OpenStack may choose
|
||||
# not to support this "extension mechanism" and is not required (and not
|
||||
# critical in many audit contexts)
|
||||
def set_annotations(self, value):
|
||||
raise NotImplementedError()
|
||||
# setattr(self, GEO_KEYNAME_ANNOTATIONS, value)
|
||||
|
||||
# self validate cadf:Geolocation type
|
||||
def is_valid(self):
|
||||
return True
|
|
@ -1,40 +0,0 @@
|
|||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
from pycadf import cadftaxonomy
|
||||
|
||||
|
||||
def convert_req_action(method, details=None):
|
||||
"""Maps standard HTTP methods to equivalent CADF action
|
||||
|
||||
:param method: HTTP request method
|
||||
:param details: Extra details to append to action.
|
||||
"""
|
||||
|
||||
mapping = {'get': cadftaxonomy.ACTION_READ,
|
||||
'head': cadftaxonomy.ACTION_READ,
|
||||
'post': cadftaxonomy.ACTION_CREATE,
|
||||
'put': cadftaxonomy.ACTION_UPDATE,
|
||||
'delete': cadftaxonomy.ACTION_DELETE,
|
||||
'patch': cadftaxonomy.ACTION_UPDATE,
|
||||
'options': cadftaxonomy.ACTION_READ,
|
||||
'trace': 'capture'}
|
||||
|
||||
action = None
|
||||
if isinstance(method, six.string_types):
|
||||
action = mapping.get(method.lower())
|
||||
if action and isinstance(details, six.string_types):
|
||||
action += '/%s' % details
|
||||
return action or cadftaxonomy.UNKNOWN
|
|
@ -1,71 +0,0 @@
|
|||
# Copyright (c) 2013 IBM Corporation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
from pycadf import cadftype
|
||||
from pycadf import identifier
|
||||
|
||||
TYPE_URI_HOST = cadftype.CADF_VERSION_1_0_0 + 'host'
|
||||
|
||||
HOST_KEYNAME_ID = "id"
|
||||
HOST_KEYNAME_ADDR = "address"
|
||||
HOST_KEYNAME_AGENT = "agent"
|
||||
HOST_KEYNAME_PLATFORM = "platform"
|
||||
|
||||
HOST_KEYNAMES = [HOST_KEYNAME_ID,
|
||||
HOST_KEYNAME_ADDR,
|
||||
HOST_KEYNAME_AGENT,
|
||||
HOST_KEYNAME_PLATFORM]
|
||||
|
||||
|
||||
class Host(cadftype.CADFAbstractType):
|
||||
|
||||
id = cadftype.ValidatorDescriptor(
|
||||
HOST_KEYNAME_ID, lambda x: identifier.is_valid(x))
|
||||
address = cadftype.ValidatorDescriptor(
|
||||
HOST_KEYNAME_ADDR, lambda x: isinstance(x, six.string_types))
|
||||
agent = cadftype.ValidatorDescriptor(
|
||||
HOST_KEYNAME_AGENT, lambda x: isinstance(x, six.string_types))
|
||||
platform = cadftype.ValidatorDescriptor(
|
||||
HOST_KEYNAME_PLATFORM, lambda x: isinstance(x, six.string_types))
|
||||
|
||||
def __init__(self, id=None, address=None, agent=None,
|
||||
platform=None):
|
||||
"""Create Host data type
|
||||
|
||||
:param id: id of Host
|
||||
:param address: optional Address of Host
|
||||
:param agent: agent (name) of Host
|
||||
:param platform: platform of Host
|
||||
"""
|
||||
|
||||
# Host.id
|
||||
if id is not None:
|
||||
setattr(self, HOST_KEYNAME_ID, id)
|
||||
# Host.address
|
||||
if address is not None:
|
||||
setattr(self, HOST_KEYNAME_ADDR, address)
|
||||
# Host.agent
|
||||
if agent is not None:
|
||||
setattr(self, HOST_KEYNAME_AGENT, agent)
|
||||
# Host.platform
|
||||
if platform is not None:
|
||||
setattr(self, HOST_KEYNAME_PLATFORM, platform)
|
||||
|
||||
# TODO(mrutkows): validate this cadf:Host type against schema
|
||||
def is_valid(self):
|
||||
"""Validation to ensure Host required attributes are set.
|
||||
"""
|
||||
return True
|
|
@ -1,81 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
import hashlib
|
||||
import re
|
||||
import uuid
|
||||
import warnings
|
||||
|
||||
from debtcollector import removals
|
||||
from oslo_config import cfg
|
||||
import six
|
||||
|
||||
CONF = cfg.CONF
|
||||
opts = [
|
||||
cfg.StrOpt('namespace',
|
||||
default='openstack',
|
||||
help='namespace prefix for generated id'),
|
||||
]
|
||||
CONF.register_opts(opts, group='audit')
|
||||
|
||||
|
||||
AUDIT_NS = None
|
||||
if CONF.audit.namespace:
|
||||
md5_hash = hashlib.md5(CONF.audit.namespace.encode('utf-8'))
|
||||
AUDIT_NS = uuid.UUID(md5_hash.hexdigest())
|
||||
|
||||
VALID_EXCEPTIONS = ['default', 'initiator', 'observer', 'target']
|
||||
|
||||
|
||||
def generate_uuid():
|
||||
"""Generate a CADF identifier."""
|
||||
if AUDIT_NS:
|
||||
return str(uuid.uuid5(AUDIT_NS, str(uuid.uuid4())))
|
||||
return str(uuid.uuid4())
|
||||
|
||||
|
||||
@removals.remove
|
||||
def norm_ns(str_id):
|
||||
"""Apply a namespace to the identifier."""
|
||||
prefix = CONF.audit.namespace + ':' if CONF.audit.namespace else ''
|
||||
return prefix + str_id
|
||||
|
||||
|
||||
def _check_valid_uuid(value):
|
||||
"""Checks a value for one or multiple valid uuids joined together."""
|
||||
|
||||
if not value:
|
||||
raise ValueError
|
||||
|
||||
value = re.sub('[{}-]|urn:uuid:', '', value)
|
||||
for val in [value[i:i + 32] for i in range(0, len(value), 32)]:
|
||||
uuid.UUID(val)
|
||||
|
||||
|
||||
def is_valid(value):
|
||||
"""Validation to ensure Identifier is correct.
|
||||
|
||||
If the Identifier value is a string type but not a valid UUID string,
|
||||
warn against interoperability issues and return True. This relaxes
|
||||
the requirement of having strict UUID checking.
|
||||
"""
|
||||
if value in VALID_EXCEPTIONS:
|
||||
return True
|
||||
try:
|
||||
_check_valid_uuid(value)
|
||||
except (ValueError, TypeError):
|
||||
if not isinstance(value, six.string_types) or not value:
|
||||
return False
|
||||
warnings.warn(('Invalid uuid: %s. To ensure interoperability, '
|
||||
'identifiers should be a valid uuid.' % (value)))
|
||||
return True
|
|
@ -1,73 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
from pycadf import cadftype
|
||||
from pycadf import identifier
|
||||
from pycadf import metric
|
||||
from pycadf import resource
|
||||
|
||||
MEASUREMENT_KEYNAME_RESULT = "result"
|
||||
MEASUREMENT_KEYNAME_METRIC = "metric"
|
||||
MEASUREMENT_KEYNAME_METRICID = "metricId"
|
||||
MEASUREMENT_KEYNAME_CALCBY = "calculatedBy"
|
||||
|
||||
MEASUREMENT_KEYNAMES = [MEASUREMENT_KEYNAME_RESULT,
|
||||
MEASUREMENT_KEYNAME_METRICID,
|
||||
MEASUREMENT_KEYNAME_METRIC,
|
||||
MEASUREMENT_KEYNAME_CALCBY]
|
||||
|
||||
|
||||
class Measurement(cadftype.CADFAbstractType):
|
||||
|
||||
result = cadftype.ValidatorDescriptor(MEASUREMENT_KEYNAME_RESULT)
|
||||
metric = cadftype.ValidatorDescriptor(
|
||||
MEASUREMENT_KEYNAME_METRIC, lambda x: isinstance(x, metric.Metric))
|
||||
metricId = cadftype.ValidatorDescriptor(MEASUREMENT_KEYNAME_METRICID,
|
||||
lambda x: identifier.is_valid(x))
|
||||
calculatedBy = cadftype.ValidatorDescriptor(
|
||||
MEASUREMENT_KEYNAME_CALCBY,
|
||||
(lambda x: isinstance(x, resource.Resource) and x.is_valid()))
|
||||
|
||||
def __init__(self, result=None, metric=None, metricId=None,
|
||||
calculatedBy=None):
|
||||
"""Create Measurement data type
|
||||
|
||||
:param result: value of measurement
|
||||
:param metric: Metric data type of current measurement
|
||||
:param metricId: id of Metric data type of current measurement
|
||||
:param calculatedBy: Resource that calculated measurement
|
||||
"""
|
||||
# Measurement.result
|
||||
if result is not None:
|
||||
setattr(self, MEASUREMENT_KEYNAME_RESULT, result)
|
||||
|
||||
# Measurement.metricId
|
||||
if metricId is not None:
|
||||
setattr(self, MEASUREMENT_KEYNAME_METRICID, metricId)
|
||||
|
||||
# Measurement.metric
|
||||
if metric is not None:
|
||||
setattr(self, MEASUREMENT_KEYNAME_METRIC, metric)
|
||||
|
||||
# Measurement.calculaedBy
|
||||
if calculatedBy is not None:
|
||||
setattr(self, MEASUREMENT_KEYNAME_CALCBY, calculatedBy)
|
||||
|
||||
# self validate this cadf:Measurement type against schema
|
||||
def is_valid(self):
|
||||
"""Validation to ensure Measurement required attributes are set.
|
||||
"""
|
||||
return (self._isset(MEASUREMENT_KEYNAME_RESULT) and
|
||||
(self._isset(MEASUREMENT_KEYNAME_METRIC) ^
|
||||
self._isset(MEASUREMENT_KEYNAME_METRICID)))
|
|
@ -1,81 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
from pycadf import cadftype
|
||||
from pycadf import identifier
|
||||
|
||||
# Metric types can appear outside a cadf:Event record context, in these cases
|
||||
# a typeURI may be used to identify the cadf:Metric data type.
|
||||
TYPE_URI_METRIC = cadftype.CADF_VERSION_1_0_0 + 'metric'
|
||||
|
||||
METRIC_KEYNAME_METRICID = "metricId"
|
||||
METRIC_KEYNAME_UNIT = "unit"
|
||||
METRIC_KEYNAME_NAME = "name"
|
||||
# METRIC_KEYNAME_ANNOTATIONS = "annotations"
|
||||
|
||||
METRIC_KEYNAMES = [METRIC_KEYNAME_METRICID,
|
||||
METRIC_KEYNAME_UNIT,
|
||||
METRIC_KEYNAME_NAME
|
||||
# METRIC_KEYNAME_ANNOTATIONS
|
||||
]
|
||||
|
||||
|
||||
class Metric(cadftype.CADFAbstractType):
|
||||
|
||||
metricId = cadftype.ValidatorDescriptor(METRIC_KEYNAME_METRICID,
|
||||
lambda x: identifier.is_valid(x))
|
||||
unit = cadftype.ValidatorDescriptor(METRIC_KEYNAME_UNIT,
|
||||
lambda x: isinstance(x,
|
||||
six.string_types))
|
||||
name = cadftype.ValidatorDescriptor(METRIC_KEYNAME_NAME,
|
||||
lambda x: isinstance(x,
|
||||
six.string_types))
|
||||
|
||||
def __init__(self, metricId=None, unit=None, name=None):
|
||||
"""Create metric data type
|
||||
|
||||
:param metricId: id of metric. uuid generated if not provided
|
||||
:param unit: unit of metric
|
||||
:param name: name of metric
|
||||
"""
|
||||
# Metric.id
|
||||
setattr(self, METRIC_KEYNAME_METRICID,
|
||||
metricId or identifier.generate_uuid())
|
||||
|
||||
# Metric.unit
|
||||
if unit is not None:
|
||||
setattr(self, METRIC_KEYNAME_UNIT, unit)
|
||||
|
||||
# Metric.name
|
||||
if name is not None:
|
||||
setattr(self, METRIC_KEYNAME_NAME, name)
|
||||
|
||||
# TODO(mrutkows): add mechanism for annotations, OpenStack may choose
|
||||
# not to support this "extension mechanism" and is not required (and not
|
||||
# critical in many audit contexts)
|
||||
def set_annotations(self, value):
|
||||
raise NotImplementedError()
|
||||
# setattr(self, METRIC_KEYNAME_ANNOTATIONS, value)
|
||||
|
||||
# self validate cadf:Metric type against schema
|
||||
def is_valid(self):
|
||||
"""Validation to ensure Metric required attributes are set.
|
||||
"""
|
||||
# Existence test, id, and unit attributes must both exist
|
||||
return (
|
||||
self._isset(METRIC_KEYNAME_METRICID) and
|
||||
self._isset(METRIC_KEYNAME_UNIT)
|
||||
)
|
|
@ -1,36 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
from pycadf import cadftype
|
||||
|
||||
|
||||
class Path(cadftype.CADFAbstractType):
|
||||
|
||||
def set_path_absolute(self):
|
||||
# TODO(mrutkows): validate absolute path format, else Type error
|
||||
raise NotImplementedError()
|
||||
|
||||
def set_path_relative(self):
|
||||
# TODO(mrutkows); validate relative path format, else Type error
|
||||
raise NotImplementedError()
|
||||
|
||||
# TODO(mrutkows): validate any cadf:Path (type) record against CADF schema
|
||||
@staticmethod
|
||||
def is_valid(value):
|
||||
if not isinstance(value, six.string_types):
|
||||
raise TypeError
|
||||
|
||||
return True
|
|
@ -1,81 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
from pycadf import cadftype
|
||||
|
||||
TYPE_URI_REASON = cadftype.CADF_VERSION_1_0_0 + 'reason'
|
||||
|
||||
REASON_KEYNAME_REASONTYPE = "reasonType"
|
||||
REASON_KEYNAME_REASONCODE = "reasonCode"
|
||||
REASON_KEYNAME_POLICYTYPE = "policyType"
|
||||
REASON_KEYNAME_POLICYID = "policyId"
|
||||
|
||||
REASON_KEYNAMES = [REASON_KEYNAME_REASONTYPE,
|
||||
REASON_KEYNAME_REASONCODE,
|
||||
REASON_KEYNAME_POLICYTYPE,
|
||||
REASON_KEYNAME_POLICYID]
|
||||
|
||||
|
||||
class Reason(cadftype.CADFAbstractType):
|
||||
|
||||
reasonType = cadftype.ValidatorDescriptor(
|
||||
REASON_KEYNAME_REASONTYPE,
|
||||
lambda x: isinstance(x, six.string_types))
|
||||
reasonCode = cadftype.ValidatorDescriptor(
|
||||
REASON_KEYNAME_REASONCODE,
|
||||
lambda x: isinstance(x, six.string_types))
|
||||
policyType = cadftype.ValidatorDescriptor(
|
||||
REASON_KEYNAME_POLICYTYPE,
|
||||
lambda x: isinstance(x, six.string_types))
|
||||
policyId = cadftype.ValidatorDescriptor(
|
||||
REASON_KEYNAME_POLICYID,
|
||||
lambda x: isinstance(x, six.string_types))
|
||||
|
||||
def __init__(self, reasonType=None, reasonCode=None, policyType=None,
|
||||
policyId=None):
|
||||
"""Create Reason data type
|
||||
|
||||
:param reasonType: domain URI which describes reasonCode
|
||||
:param reasonCode: detailed result code
|
||||
:param policyType: domain URI which describes policyId
|
||||
:param policyId: id of policy applied that describes outcome
|
||||
"""
|
||||
|
||||
# Reason.reasonType
|
||||
if reasonType is not None:
|
||||
setattr(self, REASON_KEYNAME_REASONTYPE, reasonType)
|
||||
|
||||
# Reason.reasonCode
|
||||
if reasonCode is not None:
|
||||
setattr(self, REASON_KEYNAME_REASONCODE, reasonCode)
|
||||
|
||||
# Reason.policyType
|
||||
if policyType is not None:
|
||||
setattr(self, REASON_KEYNAME_POLICYTYPE, policyType)
|
||||
|
||||
# Reason.policyId
|
||||
if policyId is not None:
|
||||
setattr(self, REASON_KEYNAME_POLICYID, policyId)
|
||||
|
||||
# TODO(mrutkows): validate this cadf:Reason type against schema
|
||||
def is_valid(self):
|
||||
"""Validation to ensure Reason required attributes are set.
|
||||
"""
|
||||
# MUST have at least one valid pairing of reason+code or policy+id
|
||||
return ((self._isset(REASON_KEYNAME_REASONTYPE) and
|
||||
self._isset(REASON_KEYNAME_REASONCODE)) or
|
||||
(self._isset(REASON_KEYNAME_POLICYTYPE) and
|
||||
self._isset(REASON_KEYNAME_POLICYID)))
|
|
@ -1,79 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
from pycadf import cadftype
|
||||
from pycadf import identifier
|
||||
from pycadf import resource
|
||||
from pycadf import timestamp
|
||||
|
||||
REPORTERSTEP_KEYNAME_ROLE = "role"
|
||||
REPORTERSTEP_KEYNAME_REPORTER = "reporter"
|
||||
REPORTERSTEP_KEYNAME_REPORTERID = "reporterId"
|
||||
REPORTERSTEP_KEYNAME_REPORTERTIME = "reporterTime"
|
||||
# REPORTERSTEP_KEYNAME_ATTACHMENTS = "attachments"
|
||||
|
||||
REPORTERSTEP_KEYNAMES = [REPORTERSTEP_KEYNAME_ROLE,
|
||||
REPORTERSTEP_KEYNAME_REPORTER,
|
||||
REPORTERSTEP_KEYNAME_REPORTERID,
|
||||
REPORTERSTEP_KEYNAME_REPORTERTIME,
|
||||
# REPORTERSTEP_KEYNAME_ATTACHMENTS
|
||||
]
|
||||
|
||||
|
||||
class Reporterstep(cadftype.CADFAbstractType):
|
||||
|
||||
role = cadftype.ValidatorDescriptor(
|
||||
REPORTERSTEP_KEYNAME_ROLE,
|
||||
lambda x: cadftype.is_valid_reporter_role(x))
|
||||
reporter = cadftype.ValidatorDescriptor(
|
||||
REPORTERSTEP_KEYNAME_REPORTER,
|
||||
(lambda x: isinstance(x, resource.Resource) and x.is_valid()))
|
||||
reporterId = cadftype.ValidatorDescriptor(
|
||||
REPORTERSTEP_KEYNAME_REPORTERID, lambda x: identifier.is_valid(x))
|
||||
reporterTime = cadftype.ValidatorDescriptor(
|
||||
REPORTERSTEP_KEYNAME_REPORTERTIME, lambda x: timestamp.is_valid(x))
|
||||
|
||||
def __init__(self, role=cadftype.REPORTER_ROLE_MODIFIER,
|
||||
reporterTime=None, reporter=None, reporterId=None):
|
||||
"""Create ReporterStep data type
|
||||
|
||||
:param role: optional role of Reporterstep. Defaults to 'modifier'
|
||||
:param reporterTime: utc time of Reporterstep.
|
||||
:param reporter: CADF Resource of reporter
|
||||
:param reporterId: id of CADF resource for reporter
|
||||
"""
|
||||
# Reporterstep.role
|
||||
setattr(self, REPORTERSTEP_KEYNAME_ROLE, role)
|
||||
|
||||
# Reporterstep.reportTime
|
||||
if reporterTime is not None:
|
||||
setattr(self, REPORTERSTEP_KEYNAME_REPORTERTIME, reporterTime)
|
||||
|
||||
# Reporterstep.reporter
|
||||
if reporter is not None:
|
||||
setattr(self, REPORTERSTEP_KEYNAME_REPORTER, reporter)
|
||||
|
||||
# Reporterstep.reporterId
|
||||
if reporterId is not None:
|
||||
setattr(self, REPORTERSTEP_KEYNAME_REPORTERID, reporterId)
|
||||
|
||||
# self validate this cadf:Reporterstep type against schema
|
||||
def is_valid(self):
|
||||
"""Validation to ensure Reporterstep required attributes are set.
|
||||
"""
|
||||
return (
|
||||
self._isset(REPORTERSTEP_KEYNAME_ROLE) and
|
||||
(self._isset(REPORTERSTEP_KEYNAME_REPORTER) ^
|
||||
self._isset(REPORTERSTEP_KEYNAME_REPORTERID))
|
||||
)
|
|
@ -1,183 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
from pycadf import attachment
|
||||
from pycadf import cadftaxonomy
|
||||
from pycadf import cadftype
|
||||
from pycadf import credential
|
||||
from pycadf import endpoint
|
||||
from pycadf import geolocation
|
||||
from pycadf import host
|
||||
from pycadf import identifier
|
||||
|
||||
TYPE_URI_RESOURCE = cadftype.CADF_VERSION_1_0_0 + 'resource'
|
||||
|
||||
RESOURCE_KEYNAME_TYPEURI = "typeURI"
|
||||
RESOURCE_KEYNAME_ID = "id"
|
||||
RESOURCE_KEYNAME_NAME = "name"
|
||||
RESOURCE_KEYNAME_DOMAIN = "domain"
|
||||
RESOURCE_KEYNAME_CRED = "credential"
|
||||
RESOURCE_KEYNAME_REF = "ref"
|
||||
RESOURCE_KEYNAME_GEO = "geolocation"
|
||||
RESOURCE_KEYNAME_GEOID = "geolocationId"
|
||||
RESOURCE_KEYNAME_HOST = "host"
|
||||
RESOURCE_KEYNAME_ADDRS = "addresses"
|
||||
RESOURCE_KEYNAME_ATTACHMENTS = "attachments"
|
||||
|
||||
RESOURCE_KEYNAMES = [RESOURCE_KEYNAME_TYPEURI,
|
||||
RESOURCE_KEYNAME_ID,
|
||||
RESOURCE_KEYNAME_NAME,
|
||||
RESOURCE_KEYNAME_DOMAIN,
|
||||
RESOURCE_KEYNAME_CRED,
|
||||
RESOURCE_KEYNAME_REF,
|
||||
RESOURCE_KEYNAME_GEO,
|
||||
RESOURCE_KEYNAME_GEOID,
|
||||
RESOURCE_KEYNAME_HOST,
|
||||
RESOURCE_KEYNAME_ADDRS,
|
||||
RESOURCE_KEYNAME_ATTACHMENTS]
|
||||
|
||||
|
||||
class Resource(cadftype.CADFAbstractType):
|
||||
|
||||
typeURI = cadftype.ValidatorDescriptor(
|
||||
RESOURCE_KEYNAME_TYPEURI, lambda x: cadftaxonomy.is_valid_resource(x))
|
||||
id = cadftype.ValidatorDescriptor(RESOURCE_KEYNAME_ID,
|
||||
lambda x: identifier.is_valid(x))
|
||||
name = cadftype.ValidatorDescriptor(RESOURCE_KEYNAME_NAME,
|
||||
lambda x: isinstance(x,
|
||||
six.string_types))
|
||||
domain = cadftype.ValidatorDescriptor(RESOURCE_KEYNAME_DOMAIN,
|
||||
lambda x: isinstance(
|
||||
x, six.string_types))
|
||||
credential = cadftype.ValidatorDescriptor(
|
||||
RESOURCE_KEYNAME_CRED, (lambda x: isinstance(x, credential.Credential)
|
||||
and x.is_valid()))
|
||||
host = cadftype.ValidatorDescriptor(
|
||||
RESOURCE_KEYNAME_HOST, lambda x: isinstance(x, host.Host))
|
||||
# TODO(mrutkows): validate the "ref" attribute is indeed a URI (format),
|
||||
# If it is a URL, we do not need to validate it is accessible/working,
|
||||
# for audit purposes this could have been a valid URL at some point
|
||||
# in the past or a URL that is only valid within some domain (e.g. a
|
||||
# private cloud)
|
||||
ref = cadftype.ValidatorDescriptor(RESOURCE_KEYNAME_REF,
|
||||
lambda x: isinstance(x,
|
||||
six.string_types))
|
||||
geolocation = cadftype.ValidatorDescriptor(
|
||||
RESOURCE_KEYNAME_GEO,
|
||||
lambda x: isinstance(x, geolocation.Geolocation))
|
||||
geolocationId = cadftype.ValidatorDescriptor(
|
||||
RESOURCE_KEYNAME_GEOID, lambda x: identifier.is_valid(x))
|
||||
|
||||
def __init__(self, id=None, typeURI=cadftaxonomy.UNKNOWN, name=None,
|
||||
ref=None, domain=None, credential=None, host=None,
|
||||
geolocation=None, geolocationId=None):
|
||||
"""Resource data type
|
||||
|
||||
:param id: id of resource
|
||||
:param typeURI: typeURI of resource, defaults to 'unknown' if not set
|
||||
:param name: name of resource
|
||||
:param domain: domain to qualify name of resource
|
||||
:param credential: optional security Credential data type
|
||||
:param host: optional Host data type information relating to resource
|
||||
:param geolocation: optional CADF Geolocation of resource
|
||||
:param geolocationId: optional id of CADF Geolocation for resource
|
||||
"""
|
||||
|
||||
# Resource.id
|
||||
setattr(self, RESOURCE_KEYNAME_ID, id or identifier.generate_uuid())
|
||||
|
||||
# Resource.typeURI
|
||||
if (getattr(self, RESOURCE_KEYNAME_ID) != "target" and
|
||||
getattr(self, RESOURCE_KEYNAME_ID) != "initiator"):
|
||||
setattr(self, RESOURCE_KEYNAME_TYPEURI, typeURI)
|
||||
|
||||
# Resource.name
|
||||
if name is not None:
|
||||
setattr(self, RESOURCE_KEYNAME_NAME, name)
|
||||
|
||||
# Resource.ref
|
||||
if ref is not None:
|
||||
setattr(self, RESOURCE_KEYNAME_REF, ref)
|
||||
|
||||
# Resource.domain
|
||||
if domain is not None:
|
||||
setattr(self, RESOURCE_KEYNAME_DOMAIN, domain)
|
||||
|
||||
# Resource.credential
|
||||
if credential is not None:
|
||||
setattr(self, RESOURCE_KEYNAME_CRED, credential)
|
||||
|
||||
# Resource.host
|
||||
if host is not None:
|
||||
setattr(self, RESOURCE_KEYNAME_HOST, host)
|
||||
|
||||
# Resource.geolocation
|
||||
if geolocation is not None:
|
||||
setattr(self, RESOURCE_KEYNAME_GEO, geolocation)
|
||||
|
||||
# Resource.geolocationId
|
||||
if geolocationId:
|
||||
setattr(self, RESOURCE_KEYNAME_GEOID, geolocationId)
|
||||
|
||||
# Resource.address
|
||||
def add_address(self, addr):
|
||||
"""Add CADF endpoints to Resource
|
||||
|
||||
:param addr: CADF Endpoint to add to Resource
|
||||
"""
|
||||
if (addr is not None and isinstance(addr, endpoint.Endpoint)):
|
||||
if addr.is_valid():
|
||||
# Create the list of Endpoints if needed
|
||||
if not hasattr(self, RESOURCE_KEYNAME_ADDRS):
|
||||
setattr(self, RESOURCE_KEYNAME_ADDRS, list())
|
||||
|
||||
addrs = getattr(self, RESOURCE_KEYNAME_ADDRS)
|
||||
addrs.append(addr)
|
||||
else:
|
||||
raise ValueError('Invalid endpoint')
|
||||
else:
|
||||
raise ValueError('Invalid endpoint. Value must be an Endpoint')
|
||||
|
||||
# Resource.attachments
|
||||
def add_attachment(self, attach_val):
|
||||
"""Add CADF attachment to Resource
|
||||
|
||||
:param attach_val: CADF Attachment to add to Resource
|
||||
"""
|
||||
if (attach_val is not None
|
||||
and isinstance(attach_val, attachment.Attachment)):
|
||||
if attach_val.is_valid():
|
||||
# Create the list of Attachments if needed
|
||||
if not hasattr(self, RESOURCE_KEYNAME_ATTACHMENTS):
|
||||
setattr(self, RESOURCE_KEYNAME_ATTACHMENTS, list())
|
||||
|
||||
attachments = getattr(self, RESOURCE_KEYNAME_ATTACHMENTS)
|
||||
attachments.append(attach_val)
|
||||
else:
|
||||
raise ValueError('Invalid attachment')
|
||||
else:
|
||||
raise ValueError('Invalid attachment. Value must be an Attachment')
|
||||
|
||||
# self validate this cadf:Resource type against schema
|
||||
def is_valid(self):
|
||||
"""Validation to ensure Resource required attributes are set
|
||||
"""
|
||||
return (self._isset(RESOURCE_KEYNAME_ID) and
|
||||
(self._isset(RESOURCE_KEYNAME_TYPEURI) or
|
||||
((getattr(self, RESOURCE_KEYNAME_ID) == "target" or
|
||||
getattr(self, RESOURCE_KEYNAME_ID) == "initiator") and
|
||||
len(vars(self).keys()) == 1)))
|
||||
# TODO(mrutkows): validate the Resource's attribute types
|
|
@ -1,37 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
|
||||
def generate_name_value_tag(name, value):
|
||||
"""Generate a CADF tag in the format name?value=<value>
|
||||
|
||||
:param name: name of tag
|
||||
:param valuue: optional value tag
|
||||
"""
|
||||
if name is None or value is None:
|
||||
raise ValueError('Invalid name and/or value. Values cannot be None')
|
||||
|
||||
tag = name + "?value=" + value
|
||||
return tag
|
||||
|
||||
|
||||
# TODO(mrutkows): validate any Tag's name?value= format
|
||||
def is_valid(value):
|
||||
"""Validation check to ensure proper Tag format
|
||||
"""
|
||||
if not isinstance(value, six.string_types):
|
||||
raise TypeError
|
||||
return True
|
|
@ -1,51 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
"""Test base classes."""
|
||||
|
||||
import os.path
|
||||
|
||||
import fixtures
|
||||
from oslo_config import cfg
|
||||
from oslotest import moxstubout
|
||||
import testtools
|
||||
|
||||
|
||||
class TestCase(testtools.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(TestCase, self).setUp()
|
||||
self.tempdir = self.useFixture(fixtures.TempDir())
|
||||
moxfixture = self.useFixture(moxstubout.MoxStubout())
|
||||
self.mox = moxfixture.mox
|
||||
self.stubs = moxfixture.stubs
|
||||
cfg.CONF([], project='pycadf')
|
||||
|
||||
def path_get(self, project_file=None):
|
||||
root = os.path.abspath(os.path.join(os.path.dirname(__file__),
|
||||
'..',
|
||||
'..',
|
||||
)
|
||||
)
|
||||
if project_file:
|
||||
return os.path.join(root, project_file)
|
||||
else:
|
||||
return root
|
||||
|
||||
def temp_config_file_path(self, name='api_audit_map.conf'):
|
||||
return os.path.join(self.tempdir.path, name)
|
||||
|
||||
def tearDown(self):
|
||||
cfg.CONF.reset()
|
||||
super(TestCase, self).tearDown()
|
|
@ -1,44 +0,0 @@
|
|||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
from pycadf import cadftaxonomy
|
||||
from pycadf.helper import api
|
||||
from pycadf.tests import base
|
||||
|
||||
|
||||
class TestApiHelper(base.TestCase):
|
||||
def test_convert_req_action(self):
|
||||
self.assertEqual(cadftaxonomy.ACTION_READ,
|
||||
api.convert_req_action('get'))
|
||||
self.assertEqual(cadftaxonomy.ACTION_CREATE,
|
||||
api.convert_req_action('POST'))
|
||||
self.assertEqual(cadftaxonomy.ACTION_DELETE,
|
||||
api.convert_req_action('deLetE'))
|
||||
|
||||
def test_convert_req_action_invalid(self):
|
||||
self.assertEqual(cadftaxonomy.UNKNOWN, api.convert_req_action(124))
|
||||
self.assertEqual(cadftaxonomy.UNKNOWN, api.convert_req_action('blah'))
|
||||
|
||||
def test_convert_req_action_with_details(self):
|
||||
detail = 'compute/instance'
|
||||
self.assertEqual(cadftaxonomy.ACTION_READ + '/%s' % detail,
|
||||
api.convert_req_action('GET', detail))
|
||||
self.assertEqual(cadftaxonomy.ACTION_DELETE + '/%s' % detail,
|
||||
api.convert_req_action('DELETE', detail))
|
||||
|
||||
def test_convert_req_action_with_details_invalid(self):
|
||||
detail = 123
|
||||
self.assertEqual(cadftaxonomy.ACTION_READ,
|
||||
api.convert_req_action('GET', detail))
|
||||
self.assertEqual(cadftaxonomy.ACTION_DELETE,
|
||||
api.convert_req_action('DELETE', detail))
|
|
@ -1,392 +0,0 @@
|
|||
# Copyright 2013 OpenStack LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import time
|
||||
import uuid
|
||||
|
||||
import mock
|
||||
|
||||
from pycadf import attachment
|
||||
from pycadf import cadftype
|
||||
from pycadf import credential
|
||||
from pycadf import endpoint
|
||||
from pycadf import event
|
||||
from pycadf import geolocation
|
||||
from pycadf import host
|
||||
from pycadf import identifier
|
||||
from pycadf import measurement
|
||||
from pycadf import metric
|
||||
from pycadf import reason
|
||||
from pycadf import reporterstep
|
||||
from pycadf import resource
|
||||
from pycadf import tag
|
||||
from pycadf.tests import base
|
||||
from pycadf import timestamp
|
||||
|
||||
|
||||
class TestCADFSpec(base.TestCase):
|
||||
|
||||
@mock.patch('pycadf.identifier.warnings.warn')
|
||||
def test_identifier_generated_uuid(self, warning_mock):
|
||||
# generated uuid
|
||||
self.assertTrue(identifier.is_valid(identifier.generate_uuid()))
|
||||
self.assertFalse(warning_mock.called)
|
||||
|
||||
@mock.patch('pycadf.identifier.warnings.warn')
|
||||
def test_identifier_empty_string_is_invalid(self, warning_mock):
|
||||
# empty string
|
||||
self.assertFalse(identifier.is_valid(''))
|
||||
self.assertFalse(warning_mock.called)
|
||||
|
||||
@mock.patch('pycadf.identifier.warnings.warn')
|
||||
def test_identifier_any_string_is_invalid(self, warning_mock):
|
||||
# any string
|
||||
self.assertTrue(identifier.is_valid('blah'))
|
||||
self.assertTrue(warning_mock.called)
|
||||
|
||||
@mock.patch('pycadf.identifier.warnings.warn')
|
||||
def test_identifier_joined_uuids_are_valid(self, warning_mock):
|
||||
# multiple uuids joined together
|
||||
long_128_uuids = [
|
||||
('3adce28e67e44544a5a9d5f1ab54f578a86d310aac3a465e9d'
|
||||
'd2693a78b45c0e42dce28e67e44544a5a9d5f1ab54f578a86d'
|
||||
'310aac3a465e9dd2693a78b45c0e'),
|
||||
('{3adce28e67e44544a5a9d5f1ab54f578a86d310aac3a465e9d'
|
||||
'd2693a78b45c0e42dce28e67e44544a5a9d5f1ab54f578a86d'
|
||||
'310aac3a465e9dd2693a78b45c0e}'),
|
||||
('{12345678-1234-5678-1234-567812345678'
|
||||
'12345678-1234-5678-1234-567812345678'
|
||||
'12345678-1234-5678-1234-567812345678'
|
||||
'12345678-1234-5678-1234-567812345678}'),
|
||||
('urn:uuid:3adce28e67e44544a5a9d5f1ab54f578a86d310aac3a465e9d'
|
||||
'd2693a78b45c0e42dce28e67e44544a5a9d5f1ab54f578a86d'
|
||||
'310aac3a465e9dd2693a78b45c0e')]
|
||||
|
||||
for value in long_128_uuids:
|
||||
self.assertTrue(identifier.is_valid(value))
|
||||
self.assertFalse(warning_mock.called)
|
||||
|
||||
@mock.patch('pycadf.identifier.warnings.warn')
|
||||
def test_identifier_long_nonjoined_uuid_is_invalid(self, warning_mock):
|
||||
# long uuid not of size % 32
|
||||
char_42_id = '3adce28e67e44544a5a9d5f1ab54f578a86d310aac'
|
||||
self.assertTrue(identifier.is_valid(char_42_id))
|
||||
self.assertTrue(warning_mock.called)
|
||||
|
||||
@mock.patch('pycadf.identifier.warnings.warn')
|
||||
def test_identifier_specific_exceptions_are_valid(self, warning_mock):
|
||||
# uuid exceptions
|
||||
for value in identifier.VALID_EXCEPTIONS:
|
||||
self.assertTrue(identifier.is_valid(value))
|
||||
self.assertFalse(warning_mock.called)
|
||||
|
||||
@mock.patch('pycadf.identifier.warnings.warn')
|
||||
def test_identifier_valid_id_extra_chars_is_valid(self, warning_mock):
|
||||
# valid uuid with additional characters according to:
|
||||
# https://docs.python.org/2/library/uuid.html
|
||||
valid_ids = [
|
||||
'{1234567890abcdef1234567890abcdef}',
|
||||
'{12345678-1234-5678-1234-567812345678}',
|
||||
'urn:uuid:12345678-1234-5678-1234-567812345678']
|
||||
|
||||
for value in valid_ids:
|
||||
self.assertTrue(identifier.is_valid(value))
|
||||
self.assertFalse(warning_mock.called)
|
||||
|
||||
def test_endpoint(self):
|
||||
endp = endpoint.Endpoint(url='http://192.168.0.1',
|
||||
name='endpoint name',
|
||||
port='8080')
|
||||
self.assertEqual(True, endp.is_valid())
|
||||
dict_endp = endp.as_dict()
|
||||
for key in endpoint.ENDPOINT_KEYNAMES:
|
||||
self.assertIn(key, dict_endp)
|
||||
|
||||
def test_host(self):
|
||||
h = host.Host(id=identifier.generate_uuid(),
|
||||
address='192.168.0.1',
|
||||
agent='client',
|
||||
platform='AIX')
|
||||
self.assertEqual(True, h.is_valid())
|
||||
dict_host = h.as_dict()
|
||||
for key in host.HOST_KEYNAMES:
|
||||
self.assertIn(key, dict_host)
|
||||
|
||||
def test_credential(self):
|
||||
cred = credential.Credential(type='auth token',
|
||||
token=identifier.generate_uuid())
|
||||
self.assertEqual(True, cred.is_valid())
|
||||
dict_cred = cred.as_dict()
|
||||
for key in credential.CRED_KEYNAMES:
|
||||
self.assertIn(key, dict_cred)
|
||||
|
||||
def test_federated_credential(self):
|
||||
cred = credential.FederatedCredential(
|
||||
token=identifier.generate_uuid(),
|
||||
type='http://docs.oasis-open.org/security/saml/v2.0',
|
||||
identity_provider=identifier.generate_uuid(),
|
||||
user=identifier.generate_uuid(),
|
||||
groups=[
|
||||
identifier.generate_uuid(),
|
||||
identifier.generate_uuid(),
|
||||
identifier.generate_uuid()])
|
||||
self.assertEqual(True, cred.is_valid())
|
||||
dict_cred = cred.as_dict()
|
||||
for key in credential.FED_CRED_KEYNAMES:
|
||||
self.assertIn(key, dict_cred)
|
||||
|
||||
def test_geolocation(self):
|
||||
geo = geolocation.Geolocation(id=identifier.generate_uuid(),
|
||||
latitude='43.6481 N',
|
||||
longitude='79.4042 W',
|
||||
elevation='0',
|
||||
accuracy='1',
|
||||
city='toronto',
|
||||
state='ontario',
|
||||
regionICANN='ca')
|
||||
self.assertEqual(True, geo.is_valid())
|
||||
|
||||
dict_geo = geo.as_dict()
|
||||
for key in geolocation.GEO_KEYNAMES:
|
||||
self.assertIn(key, dict_geo)
|
||||
|
||||
def test_metric(self):
|
||||
metric_val = metric.Metric(metricId=identifier.generate_uuid(),
|
||||
unit='b',
|
||||
name='bytes')
|
||||
self.assertEqual(True, metric_val.is_valid())
|
||||
|
||||
dict_metric_val = metric_val.as_dict()
|
||||
for key in metric.METRIC_KEYNAMES:
|
||||
self.assertIn(key, dict_metric_val)
|
||||
|
||||
def test_measurement(self):
|
||||
measure_val = measurement.Measurement(
|
||||
result='100',
|
||||
metric=metric.Metric(),
|
||||
metricId=identifier.generate_uuid(),
|
||||
calculatedBy=resource.Resource(typeURI='storage'))
|
||||
self.assertEqual(False, measure_val.is_valid())
|
||||
|
||||
dict_measure_val = measure_val.as_dict()
|
||||
for key in measurement.MEASUREMENT_KEYNAMES:
|
||||
self.assertIn(key, dict_measure_val)
|
||||
|
||||
measure_val = measurement.Measurement(
|
||||
result='100',
|
||||
metric=metric.Metric(),
|
||||
calculatedBy=resource.Resource(typeURI='storage'))
|
||||
self.assertEqual(True, measure_val.is_valid())
|
||||
|
||||
measure_val = measurement.Measurement(
|
||||
result='100',
|
||||
metricId=identifier.generate_uuid(),
|
||||
calculatedBy=resource.Resource(typeURI='storage'))
|
||||
self.assertEqual(True, measure_val.is_valid())
|
||||
|
||||
def test_reason(self):
|
||||
reason_val = reason.Reason(reasonType='HTTP',
|
||||
reasonCode='200',
|
||||
policyType='poltype',
|
||||
policyId=identifier.generate_uuid())
|
||||
self.assertEqual(True, reason_val.is_valid())
|
||||
|
||||
dict_reason_val = reason_val.as_dict()
|
||||
for key in reason.REASON_KEYNAMES:
|
||||
self.assertIn(key, dict_reason_val)
|
||||
|
||||
def test_reporterstep(self):
|
||||
step = reporterstep.Reporterstep(
|
||||
role='modifier',
|
||||
reporter=resource.Resource(typeURI='storage'),
|
||||
reporterId=identifier.generate_uuid(),
|
||||
reporterTime=timestamp.get_utc_now())
|
||||
self.assertEqual(False, step.is_valid())
|
||||
|
||||
dict_step = step.as_dict()
|
||||
for key in reporterstep.REPORTERSTEP_KEYNAMES:
|
||||
self.assertIn(key, dict_step)
|
||||
|
||||
step = reporterstep.Reporterstep(
|
||||
role='modifier',
|
||||
reporter=resource.Resource(typeURI='storage'),
|
||||
reporterTime=timestamp.get_utc_now())
|
||||
self.assertEqual(True, step.is_valid())
|
||||
|
||||
step = reporterstep.Reporterstep(
|
||||
role='modifier',
|
||||
reporterId=identifier.generate_uuid(),
|
||||
reporterTime=timestamp.get_utc_now())
|
||||
self.assertEqual(True, step.is_valid())
|
||||
|
||||
def test_attachment(self):
|
||||
attach = attachment.Attachment(typeURI='attachURI',
|
||||
content='content',
|
||||
name='attachment_name')
|
||||
self.assertEqual(True, attach.is_valid())
|
||||
|
||||
dict_attach = attach.as_dict()
|
||||
for key in attachment.ATTACHMENT_KEYNAMES:
|
||||
self.assertIn(key, dict_attach)
|
||||
|
||||
def test_resource(self):
|
||||
res = resource.Resource(typeURI='storage',
|
||||
name='res_name',
|
||||
domain='res_domain',
|
||||
ref='res_ref',
|
||||
credential=credential.Credential(
|
||||
token=identifier.generate_uuid()),
|
||||
host=host.Host(address='192.168.0.1'),
|
||||
geolocation=geolocation.Geolocation(),
|
||||
geolocationId=identifier.generate_uuid())
|
||||
|
||||
res.add_attachment(attachment.Attachment(typeURI='attachURI',
|
||||
content='content',
|
||||
name='attachment_name'))
|
||||
res.add_address(endpoint.Endpoint(url='http://192.168.0.1'))
|
||||
|
||||
self.assertEqual(True, res.is_valid())
|
||||
dict_res = res.as_dict()
|
||||
for key in resource.RESOURCE_KEYNAMES:
|
||||
self.assertIn(key, dict_res)
|
||||
|
||||
def test_resource_shortform(self):
|
||||
res = resource.Resource(id='target')
|
||||
self.assertEqual(True, res.is_valid())
|
||||
|
||||
res.add_attachment(attachment.Attachment(typeURI='attachURI',
|
||||
content='content',
|
||||
name='attachment_name'))
|
||||
self.assertEqual(False, res.is_valid())
|
||||
|
||||
def test_event(self):
|
||||
ev = event.Event(eventType='activity',
|
||||
id=identifier.generate_uuid(),
|
||||
eventTime=timestamp.get_utc_now(),
|
||||
initiator=resource.Resource(typeURI='storage'),
|
||||
initiatorId=identifier.generate_uuid(),
|
||||
action='read',
|
||||
target=resource.Resource(typeURI='storage'),
|
||||
targetId=identifier.generate_uuid(),
|
||||
observer=resource.Resource(id='target'),
|
||||
observerId=identifier.generate_uuid(),
|
||||
outcome='success',
|
||||
reason=reason.Reason(reasonType='HTTP',
|
||||
reasonCode='200'),
|
||||
severity='high',
|
||||
name='descriptive name')
|
||||
ev.add_measurement(
|
||||
measurement.Measurement(result='100',
|
||||
metricId=identifier.generate_uuid())),
|
||||
ev.add_tag(tag.generate_name_value_tag('name', 'val'))
|
||||
ev.add_attachment(attachment.Attachment(typeURI='attachURI',
|
||||
content='content',
|
||||
name='attachment_name'))
|
||||
ev.observer = resource.Resource(typeURI='service/security')
|
||||
ev.add_reporterstep(reporterstep.Reporterstep(
|
||||
role='observer',
|
||||
reporter=resource.Resource(typeURI='service/security')))
|
||||
ev.add_reporterstep(reporterstep.Reporterstep(
|
||||
reporterId=identifier.generate_uuid()))
|
||||
self.assertEqual(False, ev.is_valid())
|
||||
|
||||
dict_ev = ev.as_dict()
|
||||
for key in event.EVENT_KEYNAMES:
|
||||
self.assertIn(key, dict_ev)
|
||||
|
||||
ev = event.Event(eventType='activity',
|
||||
id=identifier.generate_uuid(),
|
||||
eventTime=timestamp.get_utc_now(),
|
||||
initiator=resource.Resource(typeURI='storage'),
|
||||
action='read',
|
||||
target=resource.Resource(typeURI='storage'),
|
||||
observer=resource.Resource(id='target'),
|
||||
outcome='success')
|
||||
self.assertEqual(True, ev.is_valid())
|
||||
|
||||
ev = event.Event(eventType='activity',
|
||||
id=identifier.generate_uuid(),
|
||||
eventTime=timestamp.get_utc_now(),
|
||||
initiatorId=identifier.generate_uuid(),
|
||||
action='read',
|
||||
targetId=identifier.generate_uuid(),
|
||||
observerId=identifier.generate_uuid(),
|
||||
outcome='success')
|
||||
self.assertEqual(True, ev.is_valid())
|
||||
|
||||
ev = event.Event(eventType='activity',
|
||||
id=identifier.generate_uuid(),
|
||||
eventTime=timestamp.get_utc_now(),
|
||||
initiator=resource.Resource(typeURI='storage'),
|
||||
action='read',
|
||||
targetId=identifier.generate_uuid(),
|
||||
observer=resource.Resource(id='target'),
|
||||
outcome='success')
|
||||
self.assertEqual(True, ev.is_valid())
|
||||
|
||||
def test_event_unique(self):
|
||||
ev = event.Event(eventType='activity',
|
||||
initiator=resource.Resource(typeURI='storage'),
|
||||
action='read',
|
||||
target=resource.Resource(typeURI='storage'),
|
||||
observer=resource.Resource(id='target'),
|
||||
outcome='success')
|
||||
time.sleep(1)
|
||||
ev2 = event.Event(eventType='activity',
|
||||
initiator=resource.Resource(typeURI='storage'),
|
||||
action='read',
|
||||
target=resource.Resource(typeURI='storage'),
|
||||
observer=resource.Resource(id='target'),
|
||||
outcome='success')
|
||||
self.assertNotEqual(ev.id, ev2.id)
|
||||
self.assertNotEqual(ev.eventTime, ev2.eventTime)
|
||||
|
||||
def test_event_resource_shortform_not_self(self):
|
||||
self.assertRaises(ValueError,
|
||||
lambda: event.Event(
|
||||
eventType='activity',
|
||||
initiator=resource.Resource(typeURI='storage'),
|
||||
action='read',
|
||||
target=resource.Resource(id='target'),
|
||||
observer=resource.Resource(id='target'),
|
||||
outcome='success'))
|
||||
self.assertRaises(ValueError,
|
||||
lambda: event.Event(
|
||||
eventType='activity',
|
||||
initiator=resource.Resource(id='initiator'),
|
||||
action='read',
|
||||
target=resource.Resource(typeURI='storage'),
|
||||
observer=resource.Resource(id='target'),
|
||||
outcome='success'))
|
||||
|
||||
def _create_none_validator_descriptor(self):
|
||||
class Owner(object):
|
||||
x = cadftype.ValidatorDescriptor(uuid.uuid4().hex)
|
||||
|
||||
owner = Owner()
|
||||
owner.x = None
|
||||
|
||||
def test_invalid_value_descriptor(self):
|
||||
"""Test setting a ValidatorDescriptor to None results in ValueError"""
|
||||
|
||||
self.assertRaises(ValueError, self._create_none_validator_descriptor)
|
||||
|
||||
def test_cadfabstracttype_attribute_error(self):
|
||||
"""Test an invalid CADFAbstractType attribute is set returns False"""
|
||||
|
||||
h = host.Host(id=identifier.generate_uuid(),
|
||||
address='192.168.0.1',
|
||||
agent='client',
|
||||
platform='AIX')
|
||||
self.assertEqual(False, h._isset(uuid.uuid4().hex))
|
|
@ -1,38 +0,0 @@
|
|||
# Copyright 2013 OpenStack LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import uuid
|
||||
|
||||
from pycadf.tests import base
|
||||
from pycadf import utils
|
||||
|
||||
|
||||
class TestUtils(base.TestCase):
|
||||
def test_mask_value(self):
|
||||
value = str(uuid.uuid4())
|
||||
m_percent = 0.125
|
||||
obfuscate = utils.mask_value(value, m_percent)
|
||||
visible = int(round(len(value) * m_percent))
|
||||
self.assertEqual(value[:visible], obfuscate[:visible])
|
||||
self.assertNotEqual(value[:visible + 1], obfuscate[:visible + 1])
|
||||
self.assertEqual(value[-visible:], obfuscate[-visible:])
|
||||
self.assertNotEqual(value[-visible - 1:], obfuscate[-visible - 1:])
|
||||
|
||||
def test_mask_value_nonstring(self):
|
||||
value = 12
|
||||
|
||||
# If a non-string parameter is given to mask_value(), the non-string
|
||||
# parameter is returned unmodified.
|
||||
obfuscate = utils.mask_value(value)
|
||||
self.assertEqual(value, obfuscate)
|
|
@ -1,45 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import datetime
|
||||
|
||||
import pytz
|
||||
import six
|
||||
|
||||
TIME_FORMAT = "%Y-%m-%dT%H:%M:%S.%f%z"
|
||||
|
||||
|
||||
def get_utc_now(timezone=None):
|
||||
"""Return the current UTC time.
|
||||
|
||||
:param timezone: an optional timezone param to offset time to.
|
||||
"""
|
||||
utc_datetime = pytz.utc.localize(datetime.datetime.utcnow())
|
||||
if timezone is not None:
|
||||
try:
|
||||
utc_datetime = utc_datetime.astimezone(pytz.timezone(timezone))
|
||||
except Exception:
|
||||
utc_datetime.strftime(TIME_FORMAT)
|
||||
return utc_datetime.strftime(TIME_FORMAT)
|
||||
|
||||
|
||||
# TODO(mrutkows): validate any cadf:Timestamp (type) record against
|
||||
# CADF schema
|
||||
def is_valid(value):
|
||||
"""Validation to ensure timestamp is a string.
|
||||
"""
|
||||
if not isinstance(value, six.string_types):
|
||||
raise ValueError('Timestamp should be a String')
|
||||
|
||||
return True
|
|
@ -1,28 +0,0 @@
|
|||
# Copyright 2013 IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
import six
|
||||
|
||||
|
||||
def mask_value(value, s_percent=0.125):
|
||||
"""Obfuscate a given string to show only a percentage of leading
|
||||
and trailing characters.
|
||||
|
||||
:param s_percent: The percentage (in decimal) of characters to replace
|
||||
"""
|
||||
if isinstance(value, six.string_types):
|
||||
visible = (32 if int(round(len(value) * s_percent)) > 32
|
||||
else int(round(len(value) * s_percent)))
|
||||
return value[:visible] + " xxxxxxxx " + value[-visible:]
|
||||
return value
|
|
@ -1,8 +0,0 @@
|
|||
# The order of packages is significant, because pip processes them in the order
|
||||
# of appearance. Changing the order has an impact on the overall integration
|
||||
# process, which may cause wedges in the gate later.
|
||||
oslo.config>=3.22.0 # Apache-2.0
|
||||
oslo.serialization>=1.10.0 # Apache-2.0
|
||||
pytz>=2013.6 # MIT
|
||||
six>=1.9.0 # MIT
|
||||
debtcollector>=1.2.0 # Apache-2.0
|
50
setup.cfg
50
setup.cfg
|
@ -1,50 +0,0 @@
|
|||
[metadata]
|
||||
name = pycadf
|
||||
author = OpenStack
|
||||
author-email = openstack-dev@lists.openstack.org
|
||||
summary = CADF Library
|
||||
description-file =
|
||||
README.rst
|
||||
home-page = https://docs.openstack.org/pycadf/latest/
|
||||
classifier =
|
||||
Development Status :: 3 - Alpha
|
||||
Environment :: OpenStack
|
||||
Intended Audience :: Developers
|
||||
Intended Audience :: Information Technology
|
||||
License :: OSI Approved :: Apache Software License
|
||||
Operating System :: OS Independent
|
||||
Programming Language :: Python
|
||||
Programming Language :: Python :: 2
|
||||
Programming Language :: Python :: 2.7
|
||||
Programming Language :: Python :: 3
|
||||
Programming Language :: Python :: 3.5
|
||||
|
||||
[files]
|
||||
packages =
|
||||
pycadf
|
||||
data_files =
|
||||
etc/pycadf =
|
||||
etc/pycadf/cinder_api_audit_map.conf
|
||||
etc/pycadf/glance_api_audit_map.conf
|
||||
etc/pycadf/neutron_api_audit_map.conf
|
||||
etc/pycadf/nova_api_audit_map.conf
|
||||
etc/pycadf/trove_api_audit_map.conf
|
||||
etc/pycadf/ceilometer_api_audit_map.conf
|
||||
|
||||
[global]
|
||||
setup-hooks =
|
||||
pbr.hooks.setup_hook
|
||||
|
||||
[build_sphinx]
|
||||
source-dir = doc/source
|
||||
build-dir = doc/build
|
||||
all_files = 1
|
||||
warning-is-error = 1
|
||||
|
||||
[upload_sphinx]
|
||||
upload-dir = doc/build/html
|
||||
|
||||
[pbr]
|
||||
warnerrors = True
|
||||
#autodoc_tree_index_modules = True
|
||||
#autodoc_tree_root = ./pycadf
|
29
setup.py
29
setup.py
|
@ -1,29 +0,0 @@
|
|||
# Copyright (c) 2013 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT
|
||||
import setuptools
|
||||
|
||||
# In python < 2.7.4, a lazy loading of package `pbr` will break
|
||||
# setuptools if some other modules registered functions in `atexit`.
|
||||
# solution from: http://bugs.python.org/issue15881#msg170215
|
||||
try:
|
||||
import multiprocessing # noqa
|
||||
except ImportError:
|
||||
pass
|
||||
|
||||
setuptools.setup(
|
||||
setup_requires=['pbr>=2.0.0'],
|
||||
pbr=True)
|
|
@ -1,17 +0,0 @@
|
|||
# The order of packages is significant, because pip processes them in the order
|
||||
# of appearance. Changing the order has an impact on the overall integration
|
||||
# process, which may cause wedges in the gate later.
|
||||
# Hacking already pins down pep8, pyflakes and flake8
|
||||
hacking<0.11,>=0.10.0
|
||||
flake8-docstrings==0.2.1.post1 # MIT
|
||||
|
||||
coverage!=4.4,>=4.0 # Apache-2.0
|
||||
fixtures>=3.0.0 # Apache-2.0/BSD
|
||||
oslotest>=1.10.0 # Apache-2.0
|
||||
python-subunit>=0.0.18 # Apache-2.0/BSD
|
||||
testrepository>=0.0.18 # Apache-2.0/BSD
|
||||
testtools>=1.4.0 # MIT
|
||||
|
||||
# this is required for the docs build jobs
|
||||
openstackdocstheme>=1.11.0 # Apache-2.0
|
||||
sphinx>=1.6.2 # BSD
|
|
@ -1,30 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# Client constraint file contains this client version pin that is in conflict
|
||||
# with installing the client from source. We should remove the version pin in
|
||||
# the constraints file before applying it for from-source installation.
|
||||
|
||||
CONSTRAINTS_FILE="$1"
|
||||
shift 1
|
||||
|
||||
set -e
|
||||
|
||||
# NOTE(tonyb): Place this in the tox enviroment's log dir so it will get
|
||||
# published to logs.openstack.org for easy debugging.
|
||||
localfile="$VIRTUAL_ENV/log/upper-constraints.txt"
|
||||
|
||||
if [[ "$CONSTRAINTS_FILE" != http* ]]; then
|
||||
CONSTRAINTS_FILE="file://$CONSTRAINTS_FILE"
|
||||
fi
|
||||
# NOTE(tonyb): need to add curl to bindep.txt if the project supports bindep
|
||||
curl "$CONSTRAINTS_FILE" --insecure --progress-bar --output "$localfile"
|
||||
|
||||
pip install -c"$localfile" openstack-requirements
|
||||
|
||||
# This is the main purpose of the script: Allow local installation of
|
||||
# the current repo. It is listed in constraints file and thus any
|
||||
# install will be constrained and we need to unconstrain it.
|
||||
edit-constraints "$localfile" -- "$CLIENT_NAME"
|
||||
|
||||
pip install -c"$localfile" -U "$@"
|
||||
exit $?
|
48
tox.ini
48
tox.ini
|
@ -1,48 +0,0 @@
|
|||
[tox]
|
||||
minversion = 2.0
|
||||
envlist = py35,py27,pep8
|
||||
|
||||
[testenv]
|
||||
setenv =
|
||||
VIRTUAL_ENV={envdir}
|
||||
BRANCH_NAME=master
|
||||
CLIENT_NAME=pycadf
|
||||
install_command = {toxinidir}/tools/tox_install.sh {env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
|
||||
deps = -r{toxinidir}/test-requirements.txt
|
||||
commands = python setup.py testr --slowest --testr-args='{posargs}'
|
||||
|
||||
[testenv:pep8]
|
||||
commands = flake8
|
||||
|
||||
[testenv:docs]
|
||||
commands = python setup.py build_sphinx
|
||||
|
||||
[testenv:cover]
|
||||
commands = python setup.py testr --coverage
|
||||
|
||||
[testenv:venv]
|
||||
commands = {posargs}
|
||||
|
||||
[testenv:debug]
|
||||
commands = oslo_debug_helper {posargs}
|
||||
|
||||
[flake8]
|
||||
show-source = True
|
||||
# H405: Multi line docstrings should start with a one line summary followed by
|
||||
# an empty line.
|
||||
# D100: Missing docstring in public module
|
||||
# D101: Missing docstring in public class
|
||||
# D102: Missing docstring in public method
|
||||
# D103: Missing docstring in public function
|
||||
# D104: Missing docstring in public package
|
||||
# D105: Missing docstring in magic method
|
||||
# D200: One-line docstring should fit on one line with quotes
|
||||
# D202: No blank lines allowed after function docstring
|
||||
# D203: 1 blank required before class docstring
|
||||
# D204: 1 blank line required after class docstring
|
||||
# D205: 1 blank line required between summary line and description
|
||||
# D208: Docstring is over-indented
|
||||
# D400: First line should end with a period
|
||||
# D401: First line should be in imperative mood
|
||||
ignore = H405,D100,D101,D102,D103,D104,D105,D200,D202,D203,D204,D205,D208,D400,D401
|
||||
exclude = .tox,dist,doc,*.egg,build
|
Loading…
Reference in New Issue