diff options
author | Gordon Chung <chungg@ca.ibm.com> | 2013-08-06 09:45:23 -0400 |
---|---|---|
committer | Gordon Chung <chungg@ca.ibm.com> | 2013-08-06 15:27:29 -0400 |
commit | 7f76e5cf7bf560603829ffaa73458a86c384ecb7 (patch) | |
tree | fc371bbd7b86ce8fb3b74d81aa56c9cbd66c4ce9 /pycadf/event.py | |
parent | dd9bb2391719c7f0d4f26b127fdff541645f71d4 (diff) | |
download | pycadf-7f76e5cf7bf560603829ffaa73458a86c384ecb7.tar.gz |
DMTF CADF format
Adding support for the DMTF Cloud Audit (CADF) format which will be
used along with a generic notification filter to audit 'core'
component APIs.
initial code drop
blueprint support-standard-audit-formats
Change-Id: I3b27ceae8faa6427e4be1290c1406102e790e2e3
Diffstat (limited to 'pycadf/event.py')
-rw-r--r-- | pycadf/event.py | 228 |
1 files changed, 228 insertions, 0 deletions
diff --git a/pycadf/event.py b/pycadf/event.py new file mode 100644 index 0000000..2bfb7e8 --- /dev/null +++ b/pycadf/event.py @@ -0,0 +1,228 @@ +# -*- encoding: utf-8 -*- +# +# Copyright 2013 IBM Corp. +# +# Author: Matt Rutkowski <mrutkows@us.ibm.com> +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from pycadf import attachment +from pycadf import cadftaxonomy +from pycadf import cadftype +from pycadf import identifier +from pycadf import measurement +from pycadf import reason +from pycadf import reporterstep +from pycadf import resource +from pycadf import tag +from pycadf import timestamp + +TYPE_URI_EVENT = cadftype.CADF_VERSION_1_0_0 + 'event' + +# Event.eventType +EVENT_KEYNAME_TYPEURI = "typeURI" +EVENT_KEYNAME_EVENTTYPE = "eventType" +EVENT_KEYNAME_ID = "id" +EVENT_KEYNAME_EVENTTIME = "eventTime" +EVENT_KEYNAME_INITIATOR = "initiator" +EVENT_KEYNAME_INITIATORID = "initiatorId" +EVENT_KEYNAME_ACTION = "action" +EVENT_KEYNAME_TARGET = "target" +EVENT_KEYNAME_TARGETID = "targetId" +EVENT_KEYNAME_OUTCOME = "outcome" +EVENT_KEYNAME_REASON = "reason" +EVENT_KEYNAME_SEVERITY = "severity" +EVENT_KEYNAME_MEASUREMENTS = "measurements" +EVENT_KEYNAME_TAGS = "tags" +EVENT_KEYNAME_ATTACHMENTS = "attachments" +EVENT_KEYNAME_REPORTERCHAIN = "reporterchain" + +EVENT_KEYNAMES = [EVENT_KEYNAME_TYPEURI, + EVENT_KEYNAME_EVENTTYPE, + EVENT_KEYNAME_ID, + EVENT_KEYNAME_EVENTTIME, + EVENT_KEYNAME_INITIATOR, + EVENT_KEYNAME_INITIATORID, + EVENT_KEYNAME_ACTION, + EVENT_KEYNAME_TARGET, + EVENT_KEYNAME_TARGETID, + EVENT_KEYNAME_OUTCOME, + EVENT_KEYNAME_REASON, + EVENT_KEYNAME_SEVERITY, + EVENT_KEYNAME_MEASUREMENTS, + EVENT_KEYNAME_TAGS, + EVENT_KEYNAME_ATTACHMENTS, + EVENT_KEYNAME_REPORTERCHAIN] + + +class Event(cadftype.CADFAbstractType): + + eventType = cadftype.ValidatorDescriptor( + EVENT_KEYNAME_EVENTTYPE, lambda x: cadftype.is_valid_eventType(x)) + id = cadftype.ValidatorDescriptor(EVENT_KEYNAME_ID, + lambda x: identifier.is_valid(x)) + eventTime = cadftype.ValidatorDescriptor(EVENT_KEYNAME_EVENTTIME, + lambda x: timestamp.is_valid(x)) + initiator = cadftype.ValidatorDescriptor( + EVENT_KEYNAME_INITIATOR, + (lambda x: isinstance(x, resource.Resource) and + x.is_valid())) + initiatorId = cadftype.ValidatorDescriptor( + EVENT_KEYNAME_INITIATORID, lambda x: identifier.is_valid(x)) + action = cadftype.ValidatorDescriptor( + EVENT_KEYNAME_ACTION, lambda x: cadftaxonomy.is_valid_action(x)) + target = cadftype.ValidatorDescriptor( + EVENT_KEYNAME_TARGET, (lambda x: isinstance(x, resource.Resource) and + x.is_valid())) + targetId = cadftype.ValidatorDescriptor( + EVENT_KEYNAME_TARGETID, lambda x: identifier.is_valid(x)) + outcome = cadftype.ValidatorDescriptor( + EVENT_KEYNAME_OUTCOME, lambda x: cadftaxonomy.is_valid_outcome(x)) + reason = cadftype.ValidatorDescriptor( + EVENT_KEYNAME_REASON, + lambda x: isinstance(x, reason.Reason) and x.is_valid()) + severity = cadftype.ValidatorDescriptor(EVENT_KEYNAME_SEVERITY, + lambda x: isinstance(x, str)) + + def __init__(self, eventType=cadftype.EVENTTYPE_ACTIVITY, + id=identifier.generate_uuid(), + eventTime=timestamp.get_utc_now(), + action=cadftaxonomy.UNKNOWN, outcome=cadftaxonomy.UNKNOWN, + initiator=None, initiatorId=None, target=None, targetId=None, + severity=None, reason=None): + + # Establish typeURI for the CADF Event data type + # TODO(mrutkows): support extended typeURIs for Event subtypes + setattr(self, EVENT_KEYNAME_TYPEURI, TYPE_URI_EVENT) + + # Event.eventType (Mandatory) + setattr(self, EVENT_KEYNAME_EVENTTYPE, eventType) + + # Event.id (Mandatory) + setattr(self, EVENT_KEYNAME_ID, id) + + # Event.eventTime (Mandatory) + setattr(self, EVENT_KEYNAME_EVENTTIME, eventTime) + + # Event.action (Mandatory) + setattr(self, EVENT_KEYNAME_ACTION, action) + + # Event.outcome (Mandatory) + setattr(self, EVENT_KEYNAME_OUTCOME, outcome) + + # Event.initiator (Mandatory if no initiatorId) + if initiator is not None: + setattr(self, EVENT_KEYNAME_INITIATOR, initiator) + + # Event.initiatorId (Dependent) + if initiatorId is not None: + setattr(self, EVENT_KEYNAME_INITIATORID, initiatorId) + + # Event.target (Mandatory if no targetId) + if target is not None: + setattr(self, EVENT_KEYNAME_TARGET, target) + + # Event.targetId (Dependent) + if targetId is not None: + setattr(self, EVENT_KEYNAME_TARGETID, targetId) + + # Event.severity (Optional) + if severity is not None: + setattr(self, EVENT_KEYNAME_SEVERITY, severity) + + # Event.reason (Optional) + if reason is not None: + setattr(self, EVENT_KEYNAME_REASON, reason) + + # Event.reporterchain (Mandatory) + # Prepare the Event.reporterchain (list of cadf:Reporterstep) since + # at least one cadf:Reporterstep entry is required + setattr(self, EVENT_KEYNAME_REPORTERCHAIN, list()) + + # Event.reporterchain + def add_reporterstep(self, step): + if step is not None and isinstance(step, reporterstep.Reporterstep): + if step.is_valid(): + reporterchain = getattr(self, + EVENT_KEYNAME_REPORTERCHAIN) + reporterchain.append(step) + else: + raise ValueError('Invalid reporterstep') + else: + raise ValueError('Invalid reporterstep. ' + 'Value must be a Reporterstep') + + # Event.measurements + def add_measurement(self, measure_val): + if (measure_val is not None + and isinstance(measure_val, measurement.Measurement)): + + if measure_val.is_valid(): + + # Create the list of event.Measurements if needed + if not hasattr(self, EVENT_KEYNAME_MEASUREMENTS): + setattr(self, EVENT_KEYNAME_MEASUREMENTS, list()) + + measurements = getattr(self, EVENT_KEYNAME_MEASUREMENTS) + measurements.append(measure_val) + else: + raise ValueError('Invalid measurement') + else: + raise ValueError('Invalid measurement. ' + 'Value must be a Measurement') + + # Event.tags + def add_tag(self, tag_val): + if tag.is_valid(tag_val): + if not hasattr(self, EVENT_KEYNAME_TAGS): + setattr(self, EVENT_KEYNAME_TAGS, list()) + getattr(self, EVENT_KEYNAME_TAGS).append(tag_val) + else: + raise ValueError('Invalid tag') + + # Event.attachments + def add_attachment(self, attachment_val): + if (attachment_val is not None + and isinstance(attachment_val, attachment.Attachment)): + + if attachment_val.is_valid(): + # Create the list of Attachments if needed + if not hasattr(self, EVENT_KEYNAME_ATTACHMENTS): + setattr(self, EVENT_KEYNAME_ATTACHMENTS, list()) + + attachments = getattr(self, EVENT_KEYNAME_ATTACHMENTS) + attachments.append(attachment_val) + else: + raise ValueError('Invalid attachment') + else: + raise ValueError('Invalid attachment. ' + 'Value must be an Attachment') + + # self validate cadf:Event record against schema + def is_valid(self): + # TODO(mrutkows): Eventually, make sure all attributes are + # from either the CADF spec. (or profiles thereof) + # TODO(mrutkows): validate all child attributes that are CADF types + # TODO(mrutkows): Cannot have both an initiator and initiatorId + # TODO(mrutkows): Cannot have both an target and targetId + return ( + hasattr(self, EVENT_KEYNAME_TYPEURI) and + hasattr(self, EVENT_KEYNAME_EVENTTYPE) and + hasattr(self, EVENT_KEYNAME_ID) and + hasattr(self, EVENT_KEYNAME_EVENTTIME) and + hasattr(self, EVENT_KEYNAME_ACTION) and + hasattr(self, EVENT_KEYNAME_OUTCOME) and + hasattr(self, EVENT_KEYNAME_INITIATOR) and + hasattr(self, EVENT_KEYNAME_TARGET) and + hasattr(self, EVENT_KEYNAME_REPORTERCHAIN) + ) |