def _send_audit_notification(action, initiator, outcome, target, event_type,
**kwargs):
"""Send CADF notification to inform observers about the affected resource.
This method logs an exception when sending the notification fails.
:param action: CADF action being audited (e.g., 'authenticate')
:param initiator: CADF resource representing the initiator
:param outcome: The CADF outcome (taxonomy.OUTCOME_PENDING,
taxonomy.OUTCOME_SUCCESS, taxonomy.OUTCOME_FAILURE)
:param target: CADF resource representing the target
:param event_type: An OpenStack-ism, typically this is the meter name that
Ceilometer uses to poll events.
:param kwargs: Any additional arguments passed in will be added as
key-value pairs to the CADF event.
"""
if _check_notification_opt_out(event_type, outcome):
return
global _CATALOG_HELPER_OBJ
if _CATALOG_HELPER_OBJ is None:
_CATALOG_HELPER_OBJ = _CatalogHelperObj()
service_list = _CATALOG_HELPER_OBJ.catalog_api.list_services()
service_id = None
for i in service_list:
if i['type'] == SERVICE:
service_id = i['id']
break
event = eventfactory.EventFactory().new_event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
outcome=outcome,
action=action,
initiator=initiator,
target=target,
observer=resource.Resource(typeURI=taxonomy.SERVICE_SECURITY))
if service_id is not None:
event.observer.id = service_id
for key, value in kwargs.items():
setattr(event, key, value)
context = {}
payload = event.as_dict()
notifier = _get_notifier()
if notifier:
try:
notifier.info(context, event_type, payload)
except Exception:
# diaper defense: any exception that occurs while emitting the
# notification should not interfere with the API request
LOG.exception(
_LE('Failed to send %(action)s %(event_type)s notification'), {
'action': action,
'event_type': event_type
})
def notify_about_cluster_operation(context, action, outcome):
"""Send a notification about cluster operation.
:param action: CADF action being audited
:param outcome: CADF outcome
"""
notifier = rpc.get_notifier()
event = eventfactory.EventFactory().new_event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
outcome=outcome,
action=action,
initiator=_get_request_audit_info(context),
target=resource.Resource(typeURI='service/magnum/cluster'),
observer=resource.Resource(typeURI='service/magnum/cluster'))
service = 'magnum'
event_type = '%(service)s.cluster.%(action)s' % {
'service': service, 'action': action}
payload = event.as_dict()
if outcome == taxonomy.OUTCOME_FAILURE:
method = notifier.error
else:
method = notifier.info
method(context, event_type, payload)
def _create_event(self, req):
correlation_id = identifier.generate_uuid()
action = self.get_action(req)
initiator = ClientResource(
typeURI=taxonomy.ACCOUNT_USER,
id=req.environ.get('HTTP_X_USER_ID', taxonomy.UNKNOWN),
name=req.environ.get('HTTP_X_USER_NAME', taxonomy.UNKNOWN),
host=host.Host(address=req.client_addr, agent=req.user_agent),
credential=KeystoneCredential(
token=req.environ.get('HTTP_X_AUTH_TOKEN', ''),
identity_status=req.environ.get('HTTP_X_IDENTITY_STATUS',
taxonomy.UNKNOWN)),
project_id=req.environ.get('HTTP_X_PROJECT_ID', taxonomy.UNKNOWN))
target = self.get_target_resource(req)
event = factory.EventFactory().new_event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
outcome=taxonomy.OUTCOME_PENDING,
action=action,
initiator=initiator,
target=target,
observer=resource.Resource(id='target'))
event.requestPath = req.path_qs
event.add_tag(tag.generate_name_value_tag('correlation_id',
correlation_id))
return event
def _create_event(self, req):
correlation_id = identifier.generate_uuid()
action = self._cadf_audit.get_action(req)
initiator = ClientResource(
typeURI=taxonomy.ACCOUNT_USER,
id=identifier.norm_ns(str(req.environ['HTTP_X_USER_ID'])),
name=req.environ['HTTP_X_USER_NAME'],
host=host.Host(address=req.client_addr, agent=req.user_agent),
credential=KeystoneCredential(
token=req.environ['HTTP_X_AUTH_TOKEN'],
identity_status=req.environ['HTTP_X_IDENTITY_STATUS']),
project_id=identifier.norm_ns(req.environ['HTTP_X_PROJECT_ID']))
target = self._cadf_audit.get_target_resource(req)
event = factory.EventFactory().new_event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
outcome=taxonomy.OUTCOME_PENDING,
action=action,
initiator=initiator,
target=target,
observer=resource.Resource(id='target'))
event.requestPath = req.path_qs
event.add_tag(
tag.generate_name_value_tag('correlation_id', correlation_id))
# cache model in request to allow tracking of transistive steps.
req.environ['cadf_event'] = event
return event
def _send_audit_notification(action, initiator, outcome, **kwargs):
"""Send CADF notification to inform observers about the affected resource.
This method logs an exception when sending the notification fails.
:param action: CADF action being audited (e.g., 'authenticate')
:param initiator: CADF resource representing the initiator
:param outcome: The CADF outcome (taxonomy.OUTCOME_PENDING,
taxonomy.OUTCOME_SUCCESS, taxonomy.OUTCOME_FAILURE)
"""
event = eventfactory.EventFactory().new_event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
outcome=outcome,
action=action,
initiator=initiator,
target=resource.Resource(typeURI=taxonomy.ACCOUNT_USER),
observer=resource.Resource(typeURI=taxonomy.SERVICE_SECURITY))
for key, value in kwargs.items():
setattr(event, key, value)
context = {}
payload = event.as_dict()
service = 'identity'
event_type = '%(service)s.%(action)s' % {
'service': service,
'action': action
}
notifier = _get_notifier()
if notifier:
try:
notifier.info(context, event_type, payload)
except Exception:
# diaper defense: any exception that occurs while emitting the
# notification should not interfere with the API request
LOG.exception(
_LE('Failed to send %(action)s %(event_type)s notification'), {
'action': action,
'event_type': event_type
})
def fake_audit(action, initiator, outcome, target,
event_type, **kwargs):
service_security = cadftaxonomy.SERVICE_SECURITY
event = eventfactory.EventFactory().new_event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
outcome=outcome,
action=action,
initiator=initiator,
target=target,
observer=cadfresource.Resource(typeURI=service_security))
for key, value in kwargs.items():
setattr(event, key, value)
audit = {
'payload': event.as_dict(),
'event_type': event_type,
'send_notification_called': True}
self._audits.append(audit)
def fake_notify(action, initiator, outcome, target, event_type,
**kwargs):
service_security = cadftaxonomy.SERVICE_SECURITY
event = eventfactory.EventFactory().new_event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
outcome=outcome,
action=action,
initiator=initiator,
target=target,
observer=cadfresource.Resource(typeURI=service_security))
for key, value in kwargs.items():
setattr(event, key, value)
note = {
'action': action,
'initiator': initiator,
'event': event,
'send_notification_called': True
}
self._notifications.append(note)
def create_event(self, req, correlation_id):
action = self._get_action(req)
initiator_host = host.Host(address=req.client_addr,
agent=req.user_agent)
catalog = ast.literal_eval(req.environ['HTTP_X_SERVICE_CATALOG'])
service_info = self.Service(type=taxonomy.UNKNOWN,
name=taxonomy.UNKNOWN,
id=taxonomy.UNKNOWN,
admin_endp=None,
private_endp=None,
public_endp=None)
default_endpoint = None
for endp in catalog:
admin_urlparse = urlparse.urlparse(
endp['endpoints'][0]['adminURL'])
public_urlparse = urlparse.urlparse(
endp['endpoints'][0]['publicURL'])
req_url = urlparse.urlparse(req.host_url)
if (req_url.netloc == admin_urlparse.netloc
or req_url.netloc == public_urlparse.netloc):
service_info = self._get_service_info(endp)
break
elif (self._MAP.default_target_endpoint_type
and endp['type'] == self._MAP.default_target_endpoint_type):
default_endpoint = endp
else:
if default_endpoint:
service_info = self._get_service_info(default_endpoint)
initiator = ClientResource(
typeURI=taxonomy.ACCOUNT_USER,
id=identifier.norm_ns(str(req.environ['HTTP_X_USER_ID'])),
name=req.environ['HTTP_X_USER_NAME'],
host=initiator_host,
credential=KeystoneCredential(
token=req.environ['HTTP_X_AUTH_TOKEN'],
identity_status=req.environ['HTTP_X_IDENTITY_STATUS']),
project_id=identifier.norm_ns(req.environ['HTTP_X_PROJECT_ID']))
target_typeURI = (self._build_typeURI(req, service_info.type)
if service_info.type != taxonomy.UNKNOWN else
service_info.type)
target = resource.Resource(typeURI=target_typeURI,
id=service_info.id,
name=service_info.name)
if service_info.admin_endp:
target.add_address(service_info.admin_endp)
if service_info.private_endp:
target.add_address(service_info.private_endp)
if service_info.public_endp:
target.add_address(service_info.public_endp)
event = factory.EventFactory().new_event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
outcome=taxonomy.OUTCOME_PENDING,
action=action,
initiator=initiator,
target=target,
observer=resource.Resource(id='target'))
event.requestPath = req.path_qs
event.add_tag(
tag.generate_name_value_tag('correlation_id', correlation_id))
return event
def _create_cadf_event(self, project, res_spec, res_id, res_parent_id,
request, response, suffix):
action, key = self._get_action_and_key(res_spec, res_id, request,
suffix)
if not action:
return None
project_id = request.environ.get('HTTP_X_PROJECT_ID')
domain_id = request.environ.get('HTTP_X_DOMAIN_ID')
initiator = OpenStackResource(
project_id=project_id,
domain_id=domain_id,
typeURI=taxonomy.ACCOUNT_USER,
id=request.environ.get('HTTP_X_USER_ID', taxonomy.UNKNOWN),
name=request.environ.get('HTTP_X_USER_NAME', taxonomy.UNKNOWN),
domain=request.environ.get('HTTP_X_USER_DOMAIN_NAME',
taxonomy.UNKNOWN),
host=host.Host(address=request.client_addr,
agent=request.user_agent))
action_result = None
event_reason = None
if response:
if 200 <= response.status_int < 400:
action_result = taxonomy.OUTCOME_SUCCESS
else:
action_result = taxonomy.OUTCOME_FAILURE
event_reason = reason.Reason(reasonType='HTTP',
reasonCode=str(response.status_int))
else:
action_result = taxonomy.UNKNOWN
target = None
if res_id or res_parent_id:
target = self._create_target_resource(project,
res_spec,
res_id,
res_parent_id,
key=key)
else:
target = self._create_target_resource(project,
res_spec,
None,
self._service_id,
key=key)
target.name = self._service_name
observer = self._create_observer_resource()
event = eventfactory.EventFactory().new_event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
outcome=action_result,
action=action,
initiator=initiator,
observer=observer,
reason=event_reason,
target=target)
event.requestPath = request.path_qs
# add reporter step again?
# event.add_reporterstep(
# reporterstep.Reporterstep(
# role=cadftype.REPORTER_ROLE_MODIFIER,
# reporter=resource.Resource(id='observer'),
# reporterTime=timestamp.get_utc_now()))
return event
def _create_cadf_event(self, project, res_spec, res_id, res_parent_id,
request, response, suffix):
action = self._get_action(res_spec, res_id, request, suffix)
key = None
if not action:
# ignored unknown actions
if suffix == 'action':
return None
# suffix must be a key
key = suffix
# determine action from method (never None)
action = self._get_action(res_spec, res_id, request, None)
action += action_suffix_map[action]
project_id = request.environ.get('HTTP_X_PROJECT_ID')
domain_id = request.environ.get('HTTP_X_DOMAIN_ID')
initiator = OpenStackResource(
project_id=project_id,
domain_id=domain_id,
typeURI=taxonomy.ACCOUNT_USER,
id=request.environ.get('HTTP_X_USER_ID', taxonomy.UNKNOWN),
name=request.environ.get('HTTP_X_USER_NAME', taxonomy.UNKNOWN),
domain=request.environ.get('HTTP_X_USER_DOMAIN_NAME',
taxonomy.UNKNOWN),
host=host.Host(address=request.client_addr,
agent=request.user_agent))
action_result = None
event_reason = None
if response:
if 200 <= response.status_int < 400:
action_result = taxonomy.OUTCOME_SUCCESS
else:
action_result = taxonomy.OUTCOME_FAILURE
event_reason = reason.Reason(reasonType='HTTP',
reasonCode=str(response.status_int))
else:
action_result = taxonomy.UNKNOWN
target = None
if res_id or res_parent_id:
target = self._create_target_resource(project,
res_spec,
res_id,
res_parent_id,
key=key)
else:
target = self._create_target_resource(project,
res_spec,
None,
self._service_id,
key=key)
target.name = self._service_name
observer = self._create_observer_resource(request)
event = eventfactory.EventFactory().new_event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
outcome=action_result,
action=action,
initiator=initiator,
observer=observer,
reason=event_reason,
target=target)
event.requestPath = request.path_qs
#
if key and request.method[0] == 'P' and self._payloads_enabled and \
res_spec.payloads['enabled']:
req_pl = request.json
# remove possible wrapper elements
req_pl = req_pl.get(res_spec.el_type_name, req_pl)
self._attach_payload(event, req_pl, res_spec)
# TODO add reporter step again?
# event.add_reporterstep(
# reporterstep.Reporterstep(
# role=cadftype.REPORTER_ROLE_MODIFIER,
# reporter=resource.Resource(id='observer'),
# reporterTime=timestamp.get_utc_now()))
return event
