add audit_maps for more OpenStack components

add audit_maps for: - cinder - glance - neutron Change-Id: If324c1296f852e57f3a376ccfc485ed1b3df75e3 Blueprint: audit-all-apis
2014-02-13 12:51:22 -05:00 · 2014-02-13 12:51:22 -05:00 · c575e6d1df
parent 6ac553173d
commit c575e6d1df
8 changed files with 106 additions and 31 deletions
--- a/etc/pycadf/cinder_api_audit_map.conf
+++ b/etc/pycadf/cinder_api_audit_map.conf
@ -0,0 +1,27 @@
+[DEFAULT]
+# default target endpoint type
+# should match the endpoint type defined in service catalog
+target_endpoint_type = None
+
+# map urls ending with specific text to a unique action
+[custom_actions]
+associate = update/associate
+disassociate = update/disassociate
+disassociate_all = update/disassociate_all
+associations = read/list/associations
+
+# possible end path of api requests
+[path_keywords]
+defaults = None
+detail = None
+limits = None
+os-quota-specs = project
+qos-specs = qos-spec
+snapshots = snapshot
+types = type
+volumes = volume
+
+# map endpoint type defined in service catalog to CADF typeURI
+[service_endpoints]
+volume = service/storage/block
+volumev2 = service/storage/block
--- a/etc/pycadf/glance_api_audit_map.conf
+++ b/etc/pycadf/glance_api_audit_map.conf
@ -0,0 +1,16 @@
+[DEFAULT]
+# default target endpoint type
+# should match the endpoint type defined in service catalog
+target_endpoint_type = None
+
+# possible end path of api requests
+[path_keywords]
+detail = None
+file = None
+images = image
+members = member
+tags = tag
+
+# map endpoint type defined in service catalog to CADF typeURI
+[service_endpoints]
+image = service/storage/image
--- a/etc/pycadf/neutron_api_audit_map.conf
+++ b/etc/pycadf/neutron_api_audit_map.conf
@ -0,0 +1,31 @@
+[DEFAULT]
+# default target endpoint type
+# should match the endpoint type defined in service catalog
+target_endpoint_type = None
+
+[custom_actions]
+add_router_interface = update/add
+remove_router_interface = update/remove
+
+# possible end path of api requests
+[path_keywords]
+floatingips = ip
+healthmonitors = healthmonitor
+health_monitors = health_monitor
+lb = None
+members = member
+metering-labels = label
+metering-label-rules = rule
+networks = network
+pools = pool
+ports = port
+routers = router
+quotas = quota
+security-groups = security-group
+security-group-rules = rule
+subnets = subnet
+vips = vip
+
+# map endpoint type defined in service catalog to CADF typeURI
+[service_endpoints]
+network = service/network
--- a/etc/pycadf/nova_api_audit_map.conf
+++ b/etc/pycadf/nova_api_audit_map.conf
@ -50,7 +50,7 @@ os-keypairs = keypair
 os-migrations = None
 os-networks = network
 os-quota-sets = tenant
-os-security-groups = security-group
+os-security-groups = security_group
 os-security-group-rules = rule
 os-server-password = None
 os-services = None
@ -66,13 +66,6 @@ shutdown = None
 startup = None
 statistics = None

-
 # map endpoint type defined in service catalog to CADF typeURI
 [service_endpoints]
-identity = service/security
-object-store = service/storage/object
-volume = service/storage/block
-image = service/storage/image
-network = service/network
-compute = service/compute
-metering = service/bss/metering
+compute = service/compute
--- a/pycadf/audit/api.py
+++ b/pycadf/audit/api.py
@ -124,6 +124,10 @@ class OpenStackAuditApi(object):
                map_file = cfg.CONF.find_file(CONF.audit.api_audit_map)
        self._MAP = _configure_audit_map(map_file)

+    @staticmethod
+    def _clean_path(value):
+        return value[:-5] if value.endswith('.json') else value
+
    def _get_action(self, req):
        """Take a given Request, parse url path to calculate action type.

@ -140,7 +144,7 @@ class OpenStackAuditApi(object):

        """
        path = req.path[:-1] if req.path.endswith('/') else req.path
-        url_ending = path[path.rfind('/') + 1:]
+        url_ending = self._clean_path(path[path.rfind('/') + 1:])
        method = req.method

        if url_ending + '/' + method.lower() in self._MAP.custom_actions:
@ -167,7 +171,7 @@ class OpenStackAuditApi(object):
                action = taxonomy.ACTION_LIST
            else:
                action = taxonomy.ACTION_READ
-        elif method == 'PUT':
+        elif method == 'PUT' or method == 'PATCH':
            action = taxonomy.ACTION_UPDATE
        elif method == 'DELETE':
            action = taxonomy.ACTION_DELETE
@ -201,6 +205,7 @@ class OpenStackAuditApi(object):
        type_uri = ''
        prev_key = None
        for key in re.split('/', req.path):
+            key = self._clean_path(key)
            if key in self._MAP.path_kw:
                type_uri += '/' + key
            elif prev_key in self._MAP.path_kw:
--- a/pycadf/tests/audit/test_api.py
+++ b/pycadf/tests/audit/test_api.py
@ -45,7 +45,7 @@ class TestAuditApi(base.TestCase):
    def setUp(self):
        super(TestAuditApi, self).setUp()
        self.audit_api = api.OpenStackAuditApi(
-            'etc/pycadf/api_audit_map.conf')
+            'etc/pycadf/nova_api_audit_map.conf')

    def api_request(self, method, url):
        self.ENV_HEADERS['REQUEST_METHOD'] = method
@ -58,7 +58,7 @@ class TestAuditApi(base.TestCase):
    def test_get_list_with_cfg(self):
        cfg.CONF.set_override(
            'api_audit_map',
-            self.path_get('etc/pycadf/api_audit_map.conf'),
+            self.path_get('etc/pycadf/nova_api_audit_map.conf'),
            group='audit')
        self.audit_api = api.OpenStackAuditApi()
        req = self.api_request('GET',
--- a/pycadf/tests/middleware/test_audit.py
+++ b/pycadf/tests/middleware/test_audit.py
@ -58,13 +58,13 @@ class AuditMiddlewareTest(base.TestCase):

    def setUp(self):
        super(AuditMiddlewareTest, self).setUp()
-        self.map_file = 'etc/pycadf/api_audit_map.conf'
+        self.map_file = 'etc/pycadf/nova_api_audit_map.conf'

    def test_api_request(self):
-        middleware = audit.AuditMiddleware(FakeApp(),
-                                           audit_map_file=
-                                           'etc/pycadf/api_audit_map.conf',
-                                           service_name='pycadf')
+        middleware = audit.AuditMiddleware(
+            FakeApp(),
+            audit_map_file='etc/pycadf/nova_api_audit_map.conf',
+            service_name='pycadf')
        self.ENV_HEADERS['REQUEST_METHOD'] = 'GET'
        req = webob.Request.blank('/foo/bar',
                                  environ=self.ENV_HEADERS)
@ -95,10 +95,10 @@ class AuditMiddlewareTest(base.TestCase):
            self.assertEqual(request['CADF_EVENT']['outcome'], 'success')

    def test_api_request_failure(self):
-        middleware = audit.AuditMiddleware(FakeFailingApp(),
-                                           audit_map_file=
-                                           'etc/pycadf/api_audit_map.conf',
-                                           service_name='pycadf')
+        middleware = audit.AuditMiddleware(
+            FakeFailingApp(),
+            audit_map_file='etc/pycadf/nova_api_audit_map.conf',
+            service_name='pycadf')
        self.ENV_HEADERS['REQUEST_METHOD'] = 'GET'
        req = webob.Request.blank('/foo/bar',
                                  environ=self.ENV_HEADERS)
@ -137,10 +137,10 @@ class AuditMiddlewareTest(base.TestCase):
            raise Exception('error')
        self.stubs.Set(cadf_api.OpenStackAuditApi, 'append_audit_event',
                       func_error)
-        middleware = audit.AuditMiddleware(FakeApp(),
-                                           audit_map_file=
-                                           'etc/pycadf/api_audit_map.conf',
-                                           service_name='pycadf')
+        middleware = audit.AuditMiddleware(
+            FakeApp(),
+            audit_map_file='etc/pycadf/nova_api_audit_map.conf',
+            service_name='pycadf')
        req = webob.Request.blank('/foo/bar',
                                  environ={'REQUEST_METHOD': 'GET'})
        middleware.process_request(req)
@ -150,10 +150,10 @@ class AuditMiddlewareTest(base.TestCase):
            raise Exception('error')
        self.stubs.Set(cadf_api.OpenStackAuditApi, 'mod_audit_event',
                       func_error)
-        middleware = audit.AuditMiddleware(FakeApp(),
-                                           audit_map_file=
-                                           'etc/pycadf/api_audit_map.conf',
-                                           service_name='pycadf')
+        middleware = audit.AuditMiddleware(
+            FakeApp(),
+            audit_map_file='etc/pycadf/nova_api_audit_map.conf',
+            service_name='pycadf')
        req = webob.Request.blank('/foo/bar',
                                  environ={'REQUEST_METHOD': 'GET'})
        middleware.process_response(req, webob.response.Response())
--- a/setup.cfg
+++ b/setup.cfg
@ -22,7 +22,10 @@ packages =
    pycadf
 data_files =
    etc/pycadf =
-        etc/pycadf/api_audit_map.conf
+        etc/pycadf/cinder_api_audit_map.conf
+        etc/pycadf/glance_api_audit_map.conf
+        etc/pycadf/neutron_api_audit_map.conf
+        etc/pycadf/nova_api_audit_map.conf

 [global]
 setup-hooks =