Open Stack

Hi Pete, everyone,

Kindly confirm the audit support for Swift. If there is a document with a
support matrix for keystone audit middleware, It will help a lot. Kindly
point to any supporting document.

Regards,
Sharath


On Thu, May 19, 2022 at 8:57 PM Sharath Ck <sharath.madhava at gmail.com>
wrote:

> Hi Pete,
>
> That’s correct. Audit map file path is picked from proxy_server.conf but
> notification details are not. Is this a known issue? Or Audit is not
> supported in Swift ?
>
> Regards,
> Sharath
>
> On Thu, 19 May 2022 at 8:53 PM, Pete Zaitcev <zaitcev at redhat.com> wrote:
>
>> I looked briefly at keystonemiddleware.audit here
>>
>> https://github.com/openstack/keystonemiddleware/tree/master/keystonemiddleware/audit
>>
>> And I highly doubt that it can work in Swift's pipeline.
>> For one thing, it gets its configuration with oslo_config,
>> and I don't know if that's compatible.
>>
>> -- Pete
>>
>> On Wed, 18 May 2022 13:59:50 +0530
>> Sharath Ck <sharath.madhava at gmail.com> wrote:
>>
>> > Hi,
>> >
>> > I am currently trying to add keystone audit middleware in Swift.
>> Middleware
>> > is managed in swift proxy server, hence I have added the audit filter in
>> > proxy server conf and have mentioned audit_middleware_notifications
>> driver
>> > as log in swift.conf .
>> > I can see REST API call flow reaching audit middleware and constructing
>> the
>> > audit event with minimal data as Swift is not loading service catalog
>> > information. But the audit event is not getting notified as per
>> > audit_middleware_notifications. I tried adding
>> oslo_messaging_notifications
>> > with the driver as log, but audit events are not getting notified.
>> >
>> > Below are the changes in swift_proxy_server container,
>> >
>> > proxy-server.conf
>> >
>> > [pipeline:main]
>> > pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk
>> > tempurl ratelimit formpost authtoken keystoneauth audit container_quotas
>> > account_quotas slo dlo keymaster encryption proxy-server
>> >
>> > [filter:audit]
>> > paste.filter_factory = keystonemiddleware.audit:filter_factory
>> > audit_map_file = /etc/swift/api_audit_map.conf
>> >
>> > swift.conf
>> >
>> > [oslo_messaging_notifications]
>> > driver = log
>> >
>> > [audit_middleware_notifications]
>> > driver = log
>> >
>> > Kindly confirm whether the configuration changes are enough or need more
>> > changes.
>> >
>> > Regards,
>> > Sharath
>>
>> --
> Regards,
> Sharath
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220523/34433010/attachment-0001.htm>