Add cadf auditing to credentials
added audit logging to credentials. Closes-bug: #1831918 Change-Id: I028a86f44e049bcc7c54e844bfc91aa0b11cd541
This commit is contained in:
parent
485a6b2170
commit
579cc19857
|
@ -139,7 +139,8 @@ class CredentialResource(ks_flask.ResourceBase):
|
||||||
trust_id = getattr(self.oslo_context, 'trust_id', None)
|
trust_id = getattr(self.oslo_context, 'trust_id', None)
|
||||||
ref = self._assign_unique_id(
|
ref = self._assign_unique_id(
|
||||||
self._normalize_dict(credential), trust_id=trust_id)
|
self._normalize_dict(credential), trust_id=trust_id)
|
||||||
ref = PROVIDERS.credential_api.create_credential(ref['id'], ref)
|
ref = PROVIDERS.credential_api.create_credential(ref['id'], ref,
|
||||||
|
initiator=self.audit_initiator)
|
||||||
return self.wrap_member(ref), http_client.CREATED
|
return self.wrap_member(ref), http_client.CREATED
|
||||||
|
|
||||||
def patch(self, credential_id):
|
def patch(self, credential_id):
|
||||||
|
@ -164,7 +165,8 @@ class CredentialResource(ks_flask.ResourceBase):
|
||||||
build_target=_build_target_enforcement
|
build_target=_build_target_enforcement
|
||||||
)
|
)
|
||||||
|
|
||||||
return (PROVIDERS.credential_api.delete_credential(credential_id),
|
return (PROVIDERS.credential_api.delete_credential(credential_id,
|
||||||
|
initiator=self.audit_initiator),
|
||||||
http_client.NO_CONTENT)
|
http_client.NO_CONTENT)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@ from keystone.common import manager
|
||||||
from keystone.common import provider_api
|
from keystone.common import provider_api
|
||||||
import keystone.conf
|
import keystone.conf
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
|
from keystone import notifications
|
||||||
|
|
||||||
|
|
||||||
CONF = keystone.conf.CONF
|
CONF = keystone.conf.CONF
|
||||||
|
@ -40,6 +41,8 @@ class Manager(manager.Manager):
|
||||||
driver_namespace = 'keystone.credential'
|
driver_namespace = 'keystone.credential'
|
||||||
_provides_api = 'credential_api'
|
_provides_api = 'credential_api'
|
||||||
|
|
||||||
|
_CRED = 'credential'
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
super(Manager, self).__init__(CONF.credential.driver)
|
super(Manager, self).__init__(CONF.credential.driver)
|
||||||
|
|
||||||
|
@ -112,7 +115,8 @@ class Manager(manager.Manager):
|
||||||
def _get_credential(self, credential_id):
|
def _get_credential(self, credential_id):
|
||||||
return self.driver.get_credential(credential_id)
|
return self.driver.get_credential(credential_id)
|
||||||
|
|
||||||
def create_credential(self, credential_id, credential):
|
def create_credential(self, credential_id, credential,
|
||||||
|
initiator=None):
|
||||||
"""Create a credential."""
|
"""Create a credential."""
|
||||||
credential_copy = self._encrypt_credential(credential)
|
credential_copy = self._encrypt_credential(credential)
|
||||||
ref = self.driver.create_credential(credential_id, credential_copy)
|
ref = self.driver.create_credential(credential_id, credential_copy)
|
||||||
|
@ -129,6 +133,10 @@ class Manager(manager.Manager):
|
||||||
ref.pop('key_hash', None)
|
ref.pop('key_hash', None)
|
||||||
ref.pop('encrypted_blob', None)
|
ref.pop('encrypted_blob', None)
|
||||||
ref['blob'] = credential['blob']
|
ref['blob'] = credential['blob']
|
||||||
|
notifications.Audit.created(
|
||||||
|
self._CRED,
|
||||||
|
credential_id,
|
||||||
|
initiator)
|
||||||
return ref
|
return ref
|
||||||
|
|
||||||
def _validate_credential_update(self, credential_id, credential):
|
def _validate_credential_update(self, credential_id, credential):
|
||||||
|
@ -172,7 +180,8 @@ class Manager(manager.Manager):
|
||||||
ref['blob'] = existing_blob
|
ref['blob'] = existing_blob
|
||||||
return ref
|
return ref
|
||||||
|
|
||||||
def delete_credential(self, credential_id):
|
def delete_credential(self, credential_id,
|
||||||
|
initiator=None):
|
||||||
"""Delete a credential."""
|
"""Delete a credential."""
|
||||||
cred = self.get_credential(credential_id)
|
cred = self.get_credential(credential_id)
|
||||||
self.driver.delete_credential(credential_id)
|
self.driver.delete_credential(credential_id)
|
||||||
|
@ -183,6 +192,8 @@ class Manager(manager.Manager):
|
||||||
self._list_credentials_for_user.invalidate(self,
|
self._list_credentials_for_user.invalidate(self,
|
||||||
cred['user_id'],
|
cred['user_id'],
|
||||||
None)
|
None)
|
||||||
|
notifications.Audit.deleted(
|
||||||
|
self._CRED, credential_id, initiator)
|
||||||
|
|
||||||
def delete_credentials_for_project(self, project_id):
|
def delete_credentials_for_project(self, project_id):
|
||||||
"""Delete all credentials for a project."""
|
"""Delete all credentials for a project."""
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
[`bug 1831918 <https://bugs.launchpad.net/keystone/+bug/1831918>`_]
|
||||||
|
Credentials now logs cadf audit messages.
|
||||||
|
|
Loading…
Reference in New Issue