def _process_response(self, request, response=None): # NOTE(gordc): handle case where error processing request if 'cadf_event' not in request.environ: self._create_event(request) event = request.environ['cadf_event'] if response: if response.status_int >= 200 and response.status_int < 400: result = taxonomy.OUTCOME_SUCCESS else: result = taxonomy.OUTCOME_FAILURE event.reason = reason.Reason( reasonType='HTTP', reasonCode=str(response.status_int)) else: result = taxonomy.UNKNOWN event.outcome = result event.add_reporterstep( reporterstep.Reporterstep( role=cadftype.REPORTER_ROLE_MODIFIER, reporter=resource.Resource(id='target'), reporterTime=timestamp.get_utc_now())) self._emit_audit(context.get_admin_context().to_dict(), 'audit.http.response', event.as_dict())
def mod_audit_event(self, req, response): """Modifies CADF event in request based on response. If no event exists, a new event is created. """ if response: if response.status_int >= 200 and response.status_int < 400: result = taxonomy.OUTCOME_SUCCESS else: result = taxonomy.OUTCOME_FAILURE else: result = taxonomy.UNKNOWN if hasattr(req, 'cadf_model'): req.cadf_model.add_reporterstep( reporterstep.Reporterstep( role=cadftype.REPORTER_ROLE_MODIFIER, reporter='target', reporterTime=timestamp.get_utc_now())) else: self.append_audit_event(req) req.cadf_model.outcome = result if response: req.cadf_model.reason = \ reason.Reason(reasonType='HTTP', reasonCode=str(response.status_int)) req.environ['CADF_EVENT'] = req.cadf_model.as_dict()
def mod_audit_event(self, req, response): """Modifies CADF event in request based on response. If no event exists, a new event is created. """ if response: if response.status_int >= 200 and response.status_int < 400: result = taxonomy.OUTCOME_SUCCESS else: result = taxonomy.OUTCOME_FAILURE else: result = taxonomy.UNKNOWN if hasattr(req, 'cadf_model'): req.cadf_model.add_reporterstep( reporterstep.Reporterstep( role=cadftype.REPORTER_ROLE_MODIFIER, reporter=resource.Resource(id='target'), reporterTime=timestamp.get_utc_now())) else: self.append_audit_event(req) req.cadf_model.outcome = result if response: req.cadf_model.reason = \ reason.Reason(reasonType='HTTP', reasonCode=str(response.status_int)) req.environ['CADF_EVENT'] = req.cadf_model.as_dict()
def test_event(self): ev = event.Event(eventType='activity', id=identifier.generate_uuid(), eventTime=timestamp.get_utc_now(), initiator=resource.Resource(typeURI='storage'), initiatorId=identifier.generate_uuid(), action='read', target=resource.Resource(typeURI='storage'), targetId=identifier.generate_uuid(), observer='target', outcome='success', reason=reason.Reason(reasonType='HTTP', reasonCode='200'), severity='high') ev.add_measurement(measurement.Measurement(result='100')) ev.add_tag(tag.generate_name_value_tag('name', 'val')) ev.add_attachment(attachment.Attachment(typeURI='attachURI', content='content', name='attachment_name')) ev.observer = resource.Resource(typeURI='service/security') ev.add_reporterstep(reporterstep.Reporterstep( role='observer', reporter=resource.Resource(typeURI='service/security'))) ev.add_reporterstep(reporterstep.Reporterstep( reporterId=identifier.generate_uuid())) dict_ev = ev.as_dict() for key in event.EVENT_KEYNAMES: self.assertIn(key, dict_ev)
def _process_response(self, request, response=None): # NOTE(gordc): handle case where error processing request if 'cadf_event' not in request.environ: self._create_event(request) event = request.environ['cadf_event'] if response: if response.status_int >= 200 and response.status_int < 400: result = taxonomy.OUTCOME_SUCCESS else: result = taxonomy.OUTCOME_FAILURE event.reason = reason.Reason( reasonType='HTTP', reasonCode=str(response.status_int)) else: result = taxonomy.UNKNOWN event.outcome = result event.add_reporterstep( reporterstep.Reporterstep( role=cadftype.REPORTER_ROLE_MODIFIER, reporter=resource.Resource(id='target'), reporterTime=timestamp.get_utc_now())) self._notifier.notify(request.context, 'audit.http.response', event.as_dict())
def test_reporterstep(self): step = reporterstep.Reporterstep( role='modifier', reporter=resource.Resource(typeURI='storage'), reporterId=identifier.generate_uuid(), reporterTime=timestamp.get_utc_now()) dict_step = step.as_dict() for key in reporterstep.REPORTERSTEP_KEYNAMES: self.assertIn(key, dict_step)
def __init__(self, eventType=cadftype.EVENTTYPE_ACTIVITY, id=None, eventTime=None, action=cadftaxonomy.UNKNOWN, outcome=cadftaxonomy.UNKNOWN, initiator=None, initiatorId=None, target=None, targetId=None, severity=None, reason=None, observer=None, observerId=None): # Establish typeURI for the CADF Event data type # TODO(mrutkows): support extended typeURIs for Event subtypes setattr(self, EVENT_KEYNAME_TYPEURI, TYPE_URI_EVENT) # Event.eventType (Mandatory) setattr(self, EVENT_KEYNAME_EVENTTYPE, eventType) # Event.id (Mandatory) setattr(self, EVENT_KEYNAME_ID, id or identifier.generate_uuid()) # Event.eventTime (Mandatory) setattr(self, EVENT_KEYNAME_EVENTTIME, eventTime or timestamp.get_utc_now()) # Event.action (Mandatory) setattr(self, EVENT_KEYNAME_ACTION, action) # Event.outcome (Mandatory) setattr(self, EVENT_KEYNAME_OUTCOME, outcome) # Event.observer (Mandatory if no observerId) if observer is not None: setattr(self, EVENT_KEYNAME_OBSERVER, observer) # Event.observerId (Dependent) if observerId is not None: setattr(self, EVENT_KEYNAME_OBSERVERID, observerId) # Event.initiator (Mandatory if no initiatorId) if initiator is not None: setattr(self, EVENT_KEYNAME_INITIATOR, initiator) # Event.initiatorId (Dependent) if initiatorId is not None: setattr(self, EVENT_KEYNAME_INITIATORID, initiatorId) # Event.target (Mandatory if no targetId) if target is not None: setattr(self, EVENT_KEYNAME_TARGET, target) # Event.targetId (Dependent) if targetId is not None: setattr(self, EVENT_KEYNAME_TARGETID, targetId) # Event.severity (Optional) if severity is not None: setattr(self, EVENT_KEYNAME_SEVERITY, severity) # Event.reason (Optional) if reason is not None: setattr(self, EVENT_KEYNAME_REASON, reason)
def test_reporterstep(self): step = reporterstep.Reporterstep( role='modifier', reporter=resource.Resource(typeURI='storage'), reporterId=identifier.generate_uuid(), reporterTime=timestamp.get_utc_now()) self.assertEqual(False, step.is_valid()) dict_step = step.as_dict() for key in reporterstep.REPORTERSTEP_KEYNAMES: self.assertIn(key, dict_step) step = reporterstep.Reporterstep( role='modifier', reporter=resource.Resource(typeURI='storage'), reporterTime=timestamp.get_utc_now()) self.assertEqual(True, step.is_valid()) step = reporterstep.Reporterstep(role='modifier', reporterId=identifier.generate_uuid(), reporterTime=timestamp.get_utc_now()) self.assertEqual(True, step.is_valid())
def __init__(self, eventType=cadftype.EVENTTYPE_ACTIVITY, id=None, eventTime=None, action=cadftaxonomy.UNKNOWN, outcome=cadftaxonomy.UNKNOWN, initiator=None, initiatorId=None, target=None, targetId=None, severity=None, reason=None, observer=None, observerId=None): """Create an Event :param eventType: eventType of Event. Defaults to 'activity' type :param id: id of event. will generate uuid if None :param eventTime: time of event. will take current utc if None :param action: event's action (see Action taxonomy) :param outcome: Event's outcome (see Outcome taxonomy) :param initiator: Event's Initiator Resource :param initiatorId: Event's Initiator Resource id :param target: Event's Target Resource :param targetId: Event's Target Resource id :param severity: domain-relative severity of Event :param reason: domain-specific Reason type :param observer: Event's Observer Resource :param observerId: Event's Observer Resource id """ # Establish typeURI for the CADF Event data type # TODO(mrutkows): support extended typeURIs for Event subtypes setattr(self, EVENT_KEYNAME_TYPEURI, TYPE_URI_EVENT) # Event.eventType (Mandatory) setattr(self, EVENT_KEYNAME_EVENTTYPE, eventType) # Event.id (Mandatory) setattr(self, EVENT_KEYNAME_ID, id or identifier.generate_uuid()) # Event.eventTime (Mandatory) setattr(self, EVENT_KEYNAME_EVENTTIME, eventTime or timestamp.get_utc_now()) # Event.action (Mandatory) setattr(self, EVENT_KEYNAME_ACTION, action) # Event.outcome (Mandatory) setattr(self, EVENT_KEYNAME_OUTCOME, outcome) # Event.observer (Mandatory if no observerId) if observer is not None: setattr(self, EVENT_KEYNAME_OBSERVER, observer) # Event.observerId (Dependent) if observerId is not None: setattr(self, EVENT_KEYNAME_OBSERVERID, observerId) # Event.initiator (Mandatory if no initiatorId) if initiator is not None: setattr(self, EVENT_KEYNAME_INITIATOR, initiator) # Event.initiatorId (Dependent) if initiatorId is not None: setattr(self, EVENT_KEYNAME_INITIATORID, initiatorId) # Event.target (Mandatory if no targetId) if target is not None: setattr(self, EVENT_KEYNAME_TARGET, target) # Event.targetId (Dependent) if targetId is not None: setattr(self, EVENT_KEYNAME_TARGETID, targetId) # Event.severity (Optional) if severity is not None: setattr(self, EVENT_KEYNAME_SEVERITY, severity) # Event.reason (Optional) if reason is not None: setattr(self, EVENT_KEYNAME_REASON, reason)
def test_event(self): ev = event.Event(eventType='activity', id=identifier.generate_uuid(), eventTime=timestamp.get_utc_now(), initiator=resource.Resource(typeURI='storage'), initiatorId=identifier.generate_uuid(), action='read', target=resource.Resource(typeURI='storage'), targetId=identifier.generate_uuid(), observer=resource.Resource(id='target'), observerId=identifier.generate_uuid(), outcome='success', reason=reason.Reason(reasonType='HTTP', reasonCode='200'), severity='high') ev.add_measurement( measurement.Measurement(result='100', metricId=identifier.generate_uuid())), ev.add_tag(tag.generate_name_value_tag('name', 'val')) ev.add_attachment(attachment.Attachment(typeURI='attachURI', content='content', name='attachment_name')) ev.observer = resource.Resource(typeURI='service/security') ev.add_reporterstep(reporterstep.Reporterstep( role='observer', reporter=resource.Resource(typeURI='service/security'))) ev.add_reporterstep(reporterstep.Reporterstep( reporterId=identifier.generate_uuid())) self.assertEqual(ev.is_valid(), False) dict_ev = ev.as_dict() for key in event.EVENT_KEYNAMES: self.assertIn(key, dict_ev) ev = event.Event(eventType='activity', id=identifier.generate_uuid(), eventTime=timestamp.get_utc_now(), initiator=resource.Resource(typeURI='storage'), action='read', target=resource.Resource(typeURI='storage'), observer=resource.Resource(id='target'), outcome='success') self.assertEqual(ev.is_valid(), True) ev = event.Event(eventType='activity', id=identifier.generate_uuid(), eventTime=timestamp.get_utc_now(), initiatorId=identifier.generate_uuid(), action='read', targetId=identifier.generate_uuid(), observerId=identifier.generate_uuid(), outcome='success') self.assertEqual(ev.is_valid(), True) ev = event.Event(eventType='activity', id=identifier.generate_uuid(), eventTime=timestamp.get_utc_now(), initiator=resource.Resource(typeURI='storage'), action='read', targetId=identifier.generate_uuid(), observer=resource.Resource(id='target'), outcome='success') self.assertEqual(ev.is_valid(), True)
def generate_uuid(): uuid_temp = uuid.uuid5(uuid.NAMESPACE_DNS, cadftype.CADF_VERSION_1_0_0 + timestamp.get_utc_now()) return str(uuid_temp)