Add cadf auditing to credentials
added audit logging to credentials. This backport is a bit different than the original patch, since we don't have the adds caching of credentials patch find on commit479a2a0afa
and we were not able to backport it. So, there are sense on keep the invalidate cache calls in the original bits. Closes-bug: #1831918 Change-Id: I028a86f44e049bcc7c54e844bfc91aa0b11cd541 (cherry picked from commit579cc19857
)
This commit is contained in:
parent
dbc64b48b5
commit
abf5cb6a55
|
@ -120,7 +120,8 @@ class CredentialResource(ks_flask.ResourceBase):
|
|||
trust_id = getattr(self.oslo_context, 'trust_id', None)
|
||||
ref = self._assign_unique_id(
|
||||
self._normalize_dict(credential), trust_id=trust_id)
|
||||
ref = PROVIDERS.credential_api.create_credential(ref['id'], ref)
|
||||
ref = PROVIDERS.credential_api.create_credential(
|
||||
ref['id'], ref, initiator=self.audit_initiator)
|
||||
return self.wrap_member(ref), http_client.CREATED
|
||||
|
||||
def patch(self, credential_id):
|
||||
|
@ -143,7 +144,8 @@ class CredentialResource(ks_flask.ResourceBase):
|
|||
target_attr=_build_target_enforcement()
|
||||
)
|
||||
|
||||
return (PROVIDERS.credential_api.delete_credential(credential_id),
|
||||
return (PROVIDERS.credential_api.delete_credential(credential_id,
|
||||
initiator=self.audit_initiator),
|
||||
http_client.NO_CONTENT)
|
||||
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ from keystone.common import manager
|
|||
from keystone.common import provider_api
|
||||
import keystone.conf
|
||||
from keystone import exception
|
||||
from keystone import notifications
|
||||
|
||||
|
||||
CONF = keystone.conf.CONF
|
||||
|
@ -38,6 +39,8 @@ class Manager(manager.Manager):
|
|||
driver_namespace = 'keystone.credential'
|
||||
_provides_api = 'credential_api'
|
||||
|
||||
_CRED = 'credential'
|
||||
|
||||
def __init__(self):
|
||||
super(Manager, self).__init__(CONF.credential.driver)
|
||||
|
||||
|
@ -102,13 +105,18 @@ class Manager(manager.Manager):
|
|||
credential = self.driver.get_credential(credential_id)
|
||||
return self._decrypt_credential(credential)
|
||||
|
||||
def create_credential(self, credential_id, credential):
|
||||
def create_credential(self, credential_id, credential,
|
||||
initiator=None):
|
||||
"""Create a credential."""
|
||||
credential_copy = self._encrypt_credential(credential)
|
||||
ref = self.driver.create_credential(credential_id, credential_copy)
|
||||
ref.pop('key_hash', None)
|
||||
ref.pop('encrypted_blob', None)
|
||||
ref['blob'] = credential['blob']
|
||||
notifications.Audit.created(
|
||||
self._CRED,
|
||||
credential_id,
|
||||
initiator)
|
||||
return ref
|
||||
|
||||
def _validate_credential_update(self, credential_id, credential):
|
||||
|
@ -143,3 +151,10 @@ class Manager(manager.Manager):
|
|||
else:
|
||||
ref['blob'] = existing_blob
|
||||
return ref
|
||||
|
||||
def delete_credential(self, credential_id,
|
||||
initiator=None):
|
||||
"""Delete a credential."""
|
||||
self.driver.delete_credential(credential_id)
|
||||
notifications.Audit.deleted(
|
||||
self._CRED, credential_id, initiator)
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
[`bug 1831918 <https://bugs.launchpad.net/keystone/+bug/1831918>`_]
|
||||
Credentials now logs cadf audit messages.
|
||||
|
Loading…
Reference in New Issue