.. This work is licensed under a Creative Commons Attribution 3.0 Unported License. http://creativecommons.org/licenses/by/3.0/legalcode ======================================== Tacker Resource life-cycle audit support ======================================== https://blueprints.launchpad.net/tacker/+spec/audit-support This spec describes the plan to introduce generic audit/event logging capability for lifecycle management operations of Tacker managed resources such as VNF, VIM, VNFFG and any future such resources. Problem description =================== Currently there is no mechanism available in Tacker for an admin or an operator to obtain information on when and by whom certain Tacker resources were created, updated and terminated and what life cycle state changes it went through. This kind of information becomes critical when deployed in production for purposes of audit and troubleshooting. Also it helps to track the progress of the lifcycle operation. Proposed change =============== This spec proposes to introduce: - A generic approach that aims to capture in a new table of the Tacker database the below information: #. Tacker resource status changes caused by lifecycle management operations such as create, update (e.g; VNF configuration update and VNF manual scaling) and terminate. #. Timestamp value when the status change occurs. #. Associated UUID of the resource. #. Associated Resource Type such as VIM, VNF, VNFFG, VNFD etc. #. Additional information related to the event and/or resource that would be useful(e.g; VDU1 health monitoring failed - mgmt-ip unreachable). - Add new columns created_at, updated_at and deleted_at to the existing resources vim, devices and devicetemplates tables to capture timestamp values for corresponding create, update and delete operations. The existing DB api's have to be updated to support adding the above mentioned values to the db tables. - REST API to query the events created for given resource type based on status, time-window, and also with pagination from given index. A new 'event' extension that defines the event interface layer and describes the event REST APIs will be introduced. - Horizon changes to display events in time sequential order per resource Example: On clicking a VNF instance entry in the VNF Manager, it will open up details page where two tabs will be provided 1.details tab 2.events tab. - Tacker client changes to retrieve events based on supported queries in API as below: tacker event-list --type tacker event-show - Additional Tacker client changes to retrieve event(s) in the context of resource as shown below will be supported as well: tacker vnf-event-list --filter tacker vnf-event-show --event-id NOTE: The 'filter' could be mentioned multiple times to add more than one query. Similar support as above would be provided for VNFD, VIM and other Tacker managed resources. Alternatives ------------ None Data model impact ----------------- A new table in tacker database to capture the event/audit logs will be added. The table will hold the below attributes: +----------------+----------+---------------------------------------+ | Attribute Name | Type | Description | +----------------+----------+---------------------------------------+ | id | Integer | Autogenerated Event ID | +----------------+----------+---------------------------------------+ | resource_id | string | UUID of event source | | | (UUID) | | +----------------+----------+---------------------------------------+ | timestamp | datetime | Event Time Stamp in UTC | +----------------+----------+---------------------------------------+ | resource_state | string | Captured state of event source | +----------------+----------+---------------------------------------+ | event_type | string | Type of actionsuch as create,update, | | | | scale_out, etc. | +----------------+----------+---------------------------------------+ | resource_type | string | Event resource type such as VNFD, | | | | VNF, VIM, VNFFG, etc. | +----------------+----------+---------------------------------------+ | event_details | string | Captures Event specific information | +----------------+----------+---------------------------------------+ vims, devices and devicetemplates tables will be updated with below columns: - created_at - updated_at - deleted_at Here deleted_at column helps to introduce the soft delete - when user deletes a resource, deleted_at will be marked with current time stamp and tacker-db-manage will be provided with below option to purge the soft deleted resources based on the age: tacker-db-manage purge --age --timeline REST API impact --------------- /events?resource_id=&index=& count=&status=[]&event_type=& resource_type=&start-time=&end-time= +----------------+----------+---------+------------+-------------+---------------------+ | Attribute Name | Type | Access | Default | Validation/ | Description | | | | | Value | Conversion | | +----------------+----------+---------+------------+-------------+---------------------+ | id | Integer | RO, all | generated | N/A | Autogenerated | | | | | | | Event ID | +----------------+----------+---------+------------+-------------+---------------------+ | resource_id | string | RO, all | None | N/A | UUID of event | | | (UUID) | | (required) | | source | +----------------+----------+---------+------------+-------------+---------------------+ | timestamp | datetime | RO, all | None | N/A | Event Time Stamp | | | | | (required) | | in UTC | +----------------+----------+---------+------------+-------------+---------------------+ | resource_state | string | RO, all | None | N/A | Captured state of | | | | | (required) | | event source | +----------------+----------+---------+------------+-------------+---------------------+ | event_type | string | RO, all | None | N/A | Type of action such | | | | | (required) | | as create,update, | | | | | | | scale_out, etc. | +----------------+----------+---------+------------+-------------+---------------------+ | resource_type | string | RO, all | None | N/A | Event resource type | | | | | (required) | | such as VNFD,VNF, | | | | | | | VIM, VNFFG, etc. | +----------------+----------+---------+------------+-------------+---------------------+ | event_details | string | RO, all | '' | N/A | Event specific | | | | | | | information | +----------------+----------+---------+------------+-------------+---------------------+ +-------------------------------+--------+----------+-----------+---------------------------+ | REST Calls | Type | Expected | Body Data | Description | | | | Response | Schema | | +-------------------------------+--------+----------+-----------+---------------------------+ | /events/ | get | 200 OK | None | Returns output of | | | | | | specific event ID | +-------------------------------+--------+----------+-----------+---------------------------+ | /events?resource_id= | get | 200 OK | None | Returns list of events | | | | | | for a given resource | +-------------------------------+--------+----------+-----------+---------------------------+ | /events?resource_id=& | get | 200 OK | None | Returns specified count | | index=&count= | | | | of events for a given | | | | | | resource from a specified | | | | | | event id | +-------------------------------+--------+----------+-----------+---------------------------+ | /events?resource_id=& | get | 200 OK | None | Returns all events of | | event_type= | | | | a requested type for a | | | | | | given resource | +-------------------------------+--------+----------+-----------+---------------------------+ | /events?resource_id=& | get | 200 OK | None | Returns all events for a | | start-time=&end-time=< | | | | given resource between | | tval2> | | | | specified time interval | +-------------------------------+--------+----------+-----------+---------------------------+ +--------------------------+------+----------+------------+----------------------+ | REST Call Failures | Type | Negative | Response | Scenario | | | | Response | Message | | +--------------------------+------+----------+------------+----------------------+ | /events/ | get | 404 Not | Event Does | Specified event ID | | | | Found | not exist | does not exist in DB | +--------------------------+------+----------+------------+----------------------+ Security impact --------------- New ReST API will be supported only for owners and admins and other users will be forbidden from performing those operations. Other end user impact --------------------- None Performance Impact ------------------ None Other deployer impact --------------------- None Developer impact ---------------- None Implementation ============== Assignee(s) ----------- Primary assignee: Vishwanath Jayaraman Other contributors: Kanagaraj Manickam Work Items ---------- 1) Tacker DB configuration for audit/events log table. 2) Tacker client support and tacker-db-manage command support. 3) Tacker server support. 4) Add support in Tacker Horizon to provide a link for a tacker resource which when clicked displays resource details tab and events tab. 5) Add unit tests cases. 6) Add functional test cases as required. 7) Add user and developer document for this feature Dependencies ============ None Testing ======= Unit test cases will be written. Documentation Impact ==================== New User and Developer guide will be provided. References ========== None