openstack/ironic
Code Issues Proposed changes
ironic/doc/source/admin/api-audit-support.rst
Jay Faulkner f6191f2969 Fix lint issues with documentation 
The doc8 linter found several syntax problems in our docs; primarily a
large number of places we used single-backticks to surround something
when we should've used double-backticks.

This is frontrunning a change that will add these checks to CI.

Change-Id: Ib23b5728c072f2008cb3b19e9fb7192ee5d82413
2024-10-29 14:59:28 -07:00

3.7 KiB
Raw Permalink Blame History

API Audit Logging

Audit middleware supports the delivery of CADF audit events via the Oslo messaging notifier capability. Based on the notification_driver configuration, audit event can be routed to messaging infrastructure (notification_driver = messagingv2) or can be routed to a log file ( [oslo_messaging_notifications]/driver = log).

Audit middleware creates two events per REST API interaction. The first event has information extracted from request data and the second one has request outcome (response).

Enabling API Audit Logging

Audit middleware is available as part of keystonemiddleware (>= 1.6) library. For information regarding how audit middleware functions refer here <audit.html>.

Auditing can be enabled for the Bare Metal service by making the following changes to /etc/ironic/ironic.conf.

  1. To enable audit logging of API requests:

    [audit]
...
enabled=true

  2. To customize auditing API requests, the audit middleware requires the audit_map_file setting to be defined. Update the value of the configuration setting 'audit_map_file' to set its location. Audit map file configuration options for the Bare Metal service are included in the etc/ironic/ironic_api_audit_map.conf.sample file. To understand CADF format specified in ironic_api_audit_map.conf file, refer to CADF Format.:

    [audit]
...
audit_map_file=/etc/ironic/api_audit_map.conf

  3. Comma-separated list of Ironic REST API HTTP methods to be ignored during audit. It is used only when API audit is enabled. For example:

    [audit]
...
ignore_req_list=GET,POST

Sample Audit Event

Following is the sample of the audit event for the ironic node list request.

{
   "event_type":"audit.http.request",
   "timestamp":"2016-06-15 06:04:30.904397",
   "payload":{
      "typeURI":"http://schemas.dmtf.org/cloud/audit/1.0/event",
      "eventTime":"2016-06-15T06:04:30.903071+0000",
      "target":{
         "id":"ironic",
         "typeURI":"unknown",
         "addresses":[
            {
               "url":"http://{ironic_admin_host}:6385",
               "name":"admin"
            },
           {
               "url":"http://{ironic_internal_host}:6385",
               "name":"private"
           },
           {
               "url":"http://{ironic_public_host}:6385",
               "name":"public"
           }
         ],
         "name":"ironic"
      },
      "observer":{
         "id":"target"
      },
      "tags":[
         "correlation_id?value=685f1abb-620e-5d5d-b74a-b4135fb32373"
      ],
      "eventType":"activity",
      "initiator":{
         "typeURI":"service/security/account/user",
         "name":"admin",
         "credential":{
            "token":"***",
            "identity_status":"Confirmed"
         },
         "host":{
            "agent":"python-ironicclient",
            "address":"10.1.200.129"
         },
         "project_id":"d8f52dd7d9e1475dbbf3ba47a4a83313",
         "id":"8c1a948bad3948929aa5d5b50627a174"
      },
      "action":"read",
      "outcome":"pending",
      "id":"061b7aa7-5879-5225-a331-c002cf23cb6c",
      "requestPath":"/v1/nodes/?associated=True"
   },
   "priority":"INFO",
   "publisher_id":"ironic-api",
   "message_id":"2f61ebaa-2d3e-4023-afba-f9fca6f21fc2"
}