Provide real targets in cadf events produced by audit middleware
Currently the audit middleware populates the target.id field with the ID of the service from the catalog. With this information, the reader of audit report cannot identify the actual resources affected by the change. The "What?" question cannot be answered that way. We suggest to extend the mapping rule engine, so that is able to extract the IDs of the actual objects affected by the change.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- jobrs
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Lance Bragstad
Related branches
Related bugs
Sprints
Whiteboard
The target field would then read like this:
target:
typeURI: compute/server # instead of service/
id: <server-id>
To be able to produce that information a slighly more complex but also more intuitive syntax for mapping rules needs to be invented.
The new mapping rules are essentially a model of resources. Due to REST principles, this model implies how the HTTP API requests are formed. Additional hints are added to address exceptions.
The following model and syntax is proposed:
# default target endpoint type
# should match the endpoint type defined in service catalog
target_
# list of resources exposed by the REST API
# URL paths follow one of the following patterns:
# - /<resource>s: HTTP POST for create, GET for list
# - /<resource>
# - /<resource>
# - /<resource>
# - /<resource>
# - /<resource>
resources:
server: # resource name, placed first in the URL path (with an added "s"), followed by the ID
# typeURI of the resource, defaults to <service-
typeURI: compute/server
# URL-endcoded actions, last part of the URL path, following the ID of the target (child-)resource
# or "action" in which case the actual action is the first and only element of the JSON payload
# simple
# <url-path-suffix>: <cadf-action>
# child resources, placed after the parent resource ID in the URL path
children:
# typeURI of the resource, defaults to <parent-
# there is only a single resource per parent (it's an attribute), no pluralization
(lbragstad) 19-02-15: I'm marking this as obsolete based on the plan socialized on the mailing list [0]. If you'd like to continue discussing this feature, please don't hesitate to propose a specification to the openstack/
[0] http://
[1] https:/
Work Items
Work items:
Specify rule syntax: DONE
Mapping rule engine: TODO
Integrate engine: TODO