Hi Pete,

That’s correct. Audit map file path is picked from proxy_server.conf but notification details are not. Is this a known issue? Or Audit is not supported in Swift ?

Regards,

Sharath

On Thu, 19 May 2022 at 8:53 PM, Pete Zaitcev <zaitcev@redhat.com> wrote:

I looked briefly at keystonemiddleware.audit here
https://github.com/openstack/keystonemiddleware/tree/master/keystonemiddleware/audit

And I highly doubt that it can work in Swift's pipeline.
For one thing, it gets its configuration with oslo_config,
and I don't know if that's compatible.

-- Pete

On Wed, 18 May 2022 13:59:50 +0530
Sharath Ck <sharath.madhava@gmail.com> wrote:

> Hi,
>
> I am currently trying to add keystone audit middleware in Swift. Middleware
> is managed in swift proxy server, hence I have added the audit filter in
> proxy server conf and have mentioned audit_middleware_notifications driver
> as log in swift.conf .
> I can see REST API call flow reaching audit middleware and constructing the
> audit event with minimal data as Swift is not loading service catalog
> information. But the audit event is not getting notified as per
> audit_middleware_notifications. I tried adding oslo_messaging_notifications
> with the driver as log, but audit events are not getting notified.
>
> Below are the changes in swift_proxy_server container,
>
> proxy-server.conf
>
> [pipeline:main]
> pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk
> tempurl ratelimit formpost authtoken keystoneauth audit container_quotas
> account_quotas slo dlo keymaster encryption proxy-server
>
> [filter:audit]
> paste.filter_factory = keystonemiddleware.audit:filter_factory
> audit_map_file = /etc/swift/api_audit_map.conf
>
> swift.conf
>
> [oslo_messaging_notifications]
> driver = log
>
> [audit_middleware_notifications]
> driver = log
>
> Kindly confirm whether the configuration changes are enough or need more
> changes.
>
> Regards,
> Sharath

--

Regards,
Sharath