Audit logging for TPS REST operations

[pki-bot]

This issue was migrated from Pagure Issue #1006. Originally filed by edewata (@edewata) on 2014-05-19 19:10:29:

• Closed as Fixed
• Assigned to cfu (@cfu)
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1241211

---

Currently the TPS REST operations do not generate audit logs. Additional code needs to be added to each REST method to log the operation.

[pki-bot]

Comment from edewata (@edewata) at 2014-05-20 00:30:24

The REST services need to call PKIService.audit() to generate audit events as defined in ticket 884.

Since REST services can only be used by REST clients, the service code may need to be refactored so that it can be reused directly by other TPS components.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2014-09-18 03:22:14

Proposed Milestone: 10.2.2 (per CS Meeting of 09/17/2014)

audit

[pki-bot]

Comment from mharmsen (@mharmsen) at 2014-09-18 04:28:44

[PKI TRAC Ticket 1031 - TPS rewrite: add auditing to appropriate places] closed as duplicate of https://fedorahosted.org/pki/ticket/1006 PKI TRAC Ticket 1006 - Audit logging for TPS REST operations (per CS Meeting of 09/17/2014)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2015-02-24 23:39:03

Per 10.2.2 Triage meeting of 02/24/2015: 10.2.3

(related to PKI TRAC Ticket 1007 - Additional audit events)

[pki-bot]

Comment from edewata (@edewata) at 2015-04-21 03:37:05

Moving to 10.2.4 per CS team meeting.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2015-04-28 20:49:13

Per Dogtag 10.2.x TRIAGE meeting of 04/28/2015: (Tech Preview Feature)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2015-06-08 20:52:10

Per CS/DS meeting of 06/08/2015: 10.2.6

[pki-bot]

Comment from mharmsen (@mharmsen) at 2015-06-30 20:40:57

Per Dogtag 10.2.6 TRIAGE meeting of 06/30/2015: 10.3

[pki-bot]

Comment from cfu (@cfu) at 2016-03-29 01:22:25

Pushed to master. Sample messages (document) will follow.

commit 41a99a5
Author: Christina Fu cfu@redhat.com
Date: Thu Mar 24 16:23:05 2016 -0700

Ticket 1006 Audit logging for TPS REST operations
This patch adds audit logging to TPS REST wrote-specific operations.
The read-specific operations are already captured by AuditEvent=AUTHZ_*
The affected (new or modified) log messages include:
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_GENERAL_5
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_PROFILE_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_MAPPING_RESOLVER_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_AUTHENTICATOR_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_CONNECTOR_6
LOGGING_SIGNED_AUDIT_CONFIG_TOKEN_RECORD_6
LOGGING_SIGNED_AUDIT_TOKEN_STATE_CHANGE_8

[pki-bot]

Comment from edewata (@edewata) at 2017-02-27 14:04:05

Metadata Update from @edewata:

• Issue assigned to cfu
• Issue set to the milestone: 10.3.0.b1