[keystone][swift] audit logs

Pete Zaitcev zaitcev at redhat.com
Thu May 19 15:23:14 UTC 2022


I looked briefly at keystonemiddleware.audit here
https://github.com/openstack/keystonemiddleware/tree/master/keystonemiddleware/audit

And I highly doubt that it can work in Swift's pipeline.
For one thing, it gets its configuration with oslo_config,
and I don't know if that's compatible.

-- Pete

On Wed, 18 May 2022 13:59:50 +0530
Sharath Ck <sharath.madhava at gmail.com> wrote:

> Hi,
> 
> I am currently trying to add keystone audit middleware in Swift. Middleware
> is managed in swift proxy server, hence I have added the audit filter in
> proxy server conf and have mentioned audit_middleware_notifications driver
> as log in swift.conf .
> I can see REST API call flow reaching audit middleware and constructing the
> audit event with minimal data as Swift is not loading service catalog
> information. But the audit event is not getting notified as per
> audit_middleware_notifications. I tried adding oslo_messaging_notifications
> with the driver as log, but audit events are not getting notified.
> 
> Below are the changes in swift_proxy_server container,
> 
> proxy-server.conf
> 
> [pipeline:main]
> pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk
> tempurl ratelimit formpost authtoken keystoneauth audit container_quotas
> account_quotas slo dlo keymaster encryption proxy-server
> 
> [filter:audit]
> paste.filter_factory = keystonemiddleware.audit:filter_factory
> audit_map_file = /etc/swift/api_audit_map.conf
> 
> swift.conf
> 
> [oslo_messaging_notifications]
> driver = log
> 
> [audit_middleware_notifications]
> driver = log
> 
> Kindly confirm whether the configuration changes are enough or need more
> changes.
> 
> Regards,
> Sharath




More information about the openstack-discuss mailing list