diff options
author | Gordon Chung <chungg@ca.ibm.com> | 2013-08-06 09:45:23 -0400 |
---|---|---|
committer | Gordon Chung <chungg@ca.ibm.com> | 2013-08-06 15:27:29 -0400 |
commit | 7f76e5cf7bf560603829ffaa73458a86c384ecb7 (patch) | |
tree | fc371bbd7b86ce8fb3b74d81aa56c9cbd66c4ce9 /pycadf/cadftaxonomy.py | |
parent | dd9bb2391719c7f0d4f26b127fdff541645f71d4 (diff) | |
download | pycadf-7f76e5cf7bf560603829ffaa73458a86c384ecb7.tar.gz |
DMTF CADF format
Adding support for the DMTF Cloud Audit (CADF) format which will be
used along with a generic notification filter to audit 'core'
component APIs.
initial code drop
blueprint support-standard-audit-formats
Change-Id: I3b27ceae8faa6427e4be1290c1406102e790e2e3
Diffstat (limited to 'pycadf/cadftaxonomy.py')
-rw-r--r-- | pycadf/cadftaxonomy.py | 179 |
1 files changed, 179 insertions, 0 deletions
diff --git a/pycadf/cadftaxonomy.py b/pycadf/cadftaxonomy.py new file mode 100644 index 0000000..74b1bfb --- /dev/null +++ b/pycadf/cadftaxonomy.py @@ -0,0 +1,179 @@ +# -*- encoding: utf-8 -*- +# +# Copyright 2013 IBM Corp. +# +# Author: Matt Rutkowski <mrutkows@us.ibm.com> +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from pycadf import cadftype + +TYPE_URI_ACTION = cadftype.CADF_VERSION_1_0_0 + 'action' + +UNKNOWN = 'unknown' + +# Commonly used (valid) Event.action values from Nova +ACTION_CREATE = 'create' +ACTION_READ = 'read' +ACTION_UPDATE = 'update' +ACTION_DELETE = 'delete' +# OpenStack specific, Profile or change CADF spec. to add this action +ACTION_LIST = 'list' + +# TODO(mrutkows): Make global using WSGI mechanism +ACTION_TAXONOMY = frozenset([ + 'backup', + 'capture', + ACTION_CREATE, + 'configure', + ACTION_READ, + ACTION_LIST, + ACTION_UPDATE, + ACTION_DELETE, + 'monitor', + 'start', + 'stop', + 'deploy', + 'undeploy', + 'enable', + 'disable', + 'send', + 'receive', + 'authenticate', + 'authenticate/login', + 'revoke', + 'renew', + 'restore', + 'evaluate', + 'allow', + 'deny', + 'notify', + UNKNOWN +]) + + +# TODO(mrutkows): validate absolute URIs as well +def is_valid_action(value): + return value in ACTION_TAXONOMY + + +TYPE_URI_OUTCOME = cadftype.CADF_VERSION_1_0_0 + 'outcome' + +# Valid Event.outcome values +OUTCOME_SUCCESS = 'success' +OUTCOME_FAILURE = 'failure' +OUTCOME_PENDING = 'pending' + +# TODO(mrutkows): Make global using WSGI mechanism +OUTCOME_TAXONOMY = frozenset([ + OUTCOME_SUCCESS, + OUTCOME_FAILURE, + OUTCOME_PENDING, + UNKNOWN +]) + + +# TODO(mrutkows): validate absolute URIs as well +def is_valid_outcome(value): + return value in OUTCOME_TAXONOMY + +ACCOUNT_USER = 'service/security/account/user' +CADF_AUDIT_FILTER = 'service/security/audit/filter' + +# TODO(mrutkows): Make global using WSGI mechanism +RESOURCE_TAXONOMY = frozenset([ + 'storage', + 'storage/node', + 'storage/volume', + 'storage/memory', + 'storage/container', + 'storage/directory', + 'storage/database', + 'storage/queue', + 'compute', + 'compute/node', + 'compute/cpu', + 'compute/machine', + 'compute/process', + 'compute/thread', + 'network', + 'network/node', + 'network/node/host', + 'network/connection', + 'network/domain', + 'network/cluster', + 'service', + 'service/oss', + 'service/bss', + 'service/bss/metering', + 'service/composition', + 'service/compute', + 'service/database', + 'service/security', + 'service/security/account', + ACCOUNT_USER, + CADF_AUDIT_FILTER, + 'service/storage', + 'service/storage/block', + 'service/storage/image', + 'service/storage/object', + 'service/network', + 'data', + 'data/message', + 'data/workload', + 'data/workload/app', + 'data/workload/service', + 'data/workload/task', + 'data/workload/job', + 'data/file', + 'data/file/catalog', + 'data/file/log', + 'data/template', + 'data/package', + 'data/image', + 'data/module', + 'data/config', + 'data/directory', + 'data/database', + 'data/security', + 'data/security/account', + 'data/security/credential', + 'data/security/group', + 'data/security/identity', + 'data/security/key', + 'data/security/license', + 'data/security/policy', + 'data/security/profile', + 'data/security/role', + 'data/security/service', + 'data/security/account/user', + 'data/security/account/user/privilege', + 'data/database/alias', + 'data/database/catalog', + 'data/database/constraints', + 'data/database/index', + 'data/database/instance', + 'data/database/key', + 'data/database/routine', + 'data/database/schema', + 'data/database/sequence', + 'data/database/table', + 'data/database/trigger', + 'data/database/view', + UNKNOWN +]) + + +# TODO(mrutkows): validate absolute URIs as well +def is_valid_resource(value): + return value in RESOURCE_TAXONOMY |