OpenStack DBaaS (Trove)

Add Audit fields to Instances to track User Actions

Registered by Justin Hopper on 2013-10-21

Currently we do not track any user level information in the instances table. In Nova we have the user_id for the user that created the instance. However, if the instance is deleted or modified, we do not record their ID. This is critical information for audit and compliance. The proposal is the for each action, to have a corresponding fields with the user id. Suggested field names are "created_by", "updated_by" and "deleted_by". These fields are immutable once set, with the exception of "updated_by" which will have only track the last update.

Blueprint information

Status:: Not started

Approver:: None

Priority:: Undefined

Drafter:: None

Direction:: Approved

Assignee:: None

Definition:: Drafting

Series goal:: Accepted for future

Implementation:: Unknown

Milestone target:: ongoing

Related branches

Related bugs

Sprints

Whiteboard

once these fields are created the first and perhaps only hurdle will be is back filling the data. For created, we could pull data from nova. For updated_by, we could use created_by if updated_at == created_at. For deleted_by we only need to populate the data if deleted_at is not None. The value for this field would be difficult to determine.

Linked to https://bugs.launchpad.net/trove/+bug/1223217

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Ilya Sviridov