[keystone][swift] audit logs
Hi, I am currently trying to add keystone audit middleware in Swift. Middleware is managed in swift proxy server, hence I have added the audit filter in proxy server conf and have mentioned audit_middleware_notifications driver as log in swift.conf . I can see REST API call flow reaching audit middleware and constructing the audit event with minimal data as Swift is not loading service catalog information. But the audit event is not getting notified as per audit_middleware_notifications. I tried adding oslo_messaging_notifications with the driver as log, but audit events are not getting notified. Below are the changes in swift_proxy_server container, proxy-server.conf [pipeline:main] pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk tempurl ratelimit formpost authtoken keystoneauth audit container_quotas account_quotas slo dlo keymaster encryption proxy-server [filter:audit] paste.filter_factory = keystonemiddleware.audit:filter_factory audit_map_file = /etc/swift/api_audit_map.conf swift.conf [oslo_messaging_notifications] driver = log [audit_middleware_notifications] driver = log Kindly confirm whether the configuration changes are enough or need more changes. Regards, Sharath
I looked briefly at keystonemiddleware.audit here https://github.com/openstack/keystonemiddleware/tree/master/keystonemiddlewa... And I highly doubt that it can work in Swift's pipeline. For one thing, it gets its configuration with oslo_config, and I don't know if that's compatible. -- Pete On Wed, 18 May 2022 13:59:50 +0530 Sharath Ck <sharath.madhava@gmail.com> wrote:
Hi,
I am currently trying to add keystone audit middleware in Swift. Middleware is managed in swift proxy server, hence I have added the audit filter in proxy server conf and have mentioned audit_middleware_notifications driver as log in swift.conf . I can see REST API call flow reaching audit middleware and constructing the audit event with minimal data as Swift is not loading service catalog information. But the audit event is not getting notified as per audit_middleware_notifications. I tried adding oslo_messaging_notifications with the driver as log, but audit events are not getting notified.
Below are the changes in swift_proxy_server container,
proxy-server.conf
[pipeline:main] pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk tempurl ratelimit formpost authtoken keystoneauth audit container_quotas account_quotas slo dlo keymaster encryption proxy-server
[filter:audit] paste.filter_factory = keystonemiddleware.audit:filter_factory audit_map_file = /etc/swift/api_audit_map.conf
swift.conf
[oslo_messaging_notifications] driver = log
[audit_middleware_notifications] driver = log
Kindly confirm whether the configuration changes are enough or need more changes.
Regards, Sharath
Hi Pete, That’s correct. Audit map file path is picked from proxy_server.conf but notification details are not. Is this a known issue? Or Audit is not supported in Swift ? Regards, Sharath On Thu, 19 May 2022 at 8:53 PM, Pete Zaitcev <zaitcev@redhat.com> wrote:
I looked briefly at keystonemiddleware.audit here
https://github.com/openstack/keystonemiddleware/tree/master/keystonemiddlewa...
And I highly doubt that it can work in Swift's pipeline. For one thing, it gets its configuration with oslo_config, and I don't know if that's compatible.
-- Pete
On Wed, 18 May 2022 13:59:50 +0530 Sharath Ck <sharath.madhava@gmail.com> wrote:
Hi,
I am currently trying to add keystone audit middleware in Swift. Middleware is managed in swift proxy server, hence I have added the audit filter in proxy server conf and have mentioned audit_middleware_notifications driver as log in swift.conf . I can see REST API call flow reaching audit middleware and constructing the audit event with minimal data as Swift is not loading service catalog information. But the audit event is not getting notified as per audit_middleware_notifications. I tried adding oslo_messaging_notifications with the driver as log, but audit events are not getting notified.
Below are the changes in swift_proxy_server container,
proxy-server.conf
[pipeline:main] pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk tempurl ratelimit formpost authtoken keystoneauth audit container_quotas account_quotas slo dlo keymaster encryption proxy-server
[filter:audit] paste.filter_factory = keystonemiddleware.audit:filter_factory audit_map_file = /etc/swift/api_audit_map.conf
swift.conf
[oslo_messaging_notifications] driver = log
[audit_middleware_notifications] driver = log
Kindly confirm whether the configuration changes are enough or need more changes.
Regards, Sharath
-- Regards, Sharath
Hi Pete, everyone, Kindly confirm the audit support for Swift. If there is a document with a support matrix for keystone audit middleware, It will help a lot. Kindly point to any supporting document. Regards, Sharath On Thu, May 19, 2022 at 8:57 PM Sharath Ck <sharath.madhava@gmail.com> wrote:
Hi Pete,
That’s correct. Audit map file path is picked from proxy_server.conf but notification details are not. Is this a known issue? Or Audit is not supported in Swift ?
Regards, Sharath
On Thu, 19 May 2022 at 8:53 PM, Pete Zaitcev <zaitcev@redhat.com> wrote:
I looked briefly at keystonemiddleware.audit here
https://github.com/openstack/keystonemiddleware/tree/master/keystonemiddlewa...
And I highly doubt that it can work in Swift's pipeline. For one thing, it gets its configuration with oslo_config, and I don't know if that's compatible.
-- Pete
On Wed, 18 May 2022 13:59:50 +0530 Sharath Ck <sharath.madhava@gmail.com> wrote:
Hi,
I am currently trying to add keystone audit middleware in Swift. Middleware is managed in swift proxy server, hence I have added the audit filter in proxy server conf and have mentioned audit_middleware_notifications driver as log in swift.conf . I can see REST API call flow reaching audit middleware and constructing the audit event with minimal data as Swift is not loading service catalog information. But the audit event is not getting notified as per audit_middleware_notifications. I tried adding oslo_messaging_notifications with the driver as log, but audit events are not getting notified.
Below are the changes in swift_proxy_server container,
proxy-server.conf
[pipeline:main] pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk tempurl ratelimit formpost authtoken keystoneauth audit container_quotas account_quotas slo dlo keymaster encryption proxy-server
[filter:audit] paste.filter_factory = keystonemiddleware.audit:filter_factory audit_map_file = /etc/swift/api_audit_map.conf
swift.conf
[oslo_messaging_notifications] driver = log
[audit_middleware_notifications] driver = log
Kindly confirm whether the configuration changes are enough or need more changes.
Regards, Sharath
-- Regards, Sharath
participants (2)
-
Pete Zaitcev
-
Sharath Ck