Tacker Resource life-cycle audit support

Tacker Resource life-cycle audit support

https://blueprints.launchpad.net/tacker/+spec/audit-support

This spec describes the plan to introduce generic audit/event logging capability for lifecycle management operations of Tacker managed resources such as VNF, VIM, VNFFG and any future such resources.

Problem description

Currently there is no mechanism available in Tacker for an admin or an operator to obtain information on when and by whom certain Tacker resources were created, updated and terminated and what life cycle state changes it went through. This kind of information becomes critical when deployed in production for purposes of audit and troubleshooting. Also it helps to track the progress of the lifcycle operation.

Proposed change

This spec proposes to introduce:

  • A generic approach that aims to capture in a new table of the Tacker database the below information:
  1. Tacker resource status changes caused by lifecycle management operations such as create, update (e.g; VNF configuration update and VNF manual scaling) and terminate.
  2. Timestamp value when the status change occurs.
  3. Associated UUID of the resource.
  4. Associated Resource Type such as VIM, VNF, VNFFG, VNFD etc.
  5. Additional information related to the event and/or resource that would be useful(e.g; VDU1 health monitoring failed - mgmt-ip unreachable).
  • Add new columns created_at, updated_at and deleted_at to the existing resources vim, devices and devicetemplates tables to capture timestamp values for corresponding create, update and delete operations. The existing DB api’s have to be updated to support adding the above mentioned values to the db tables.

  • REST API to query the events created for given resource type based on status, time-window, and also with pagination from given index. A new ‘event’ extension that defines the event interface layer and describes the event REST APIs will be introduced.

  • Horizon changes to display events in time sequential order per resource Example: On clicking a VNF instance entry in the VNF Manager, it will open up details page where two tabs will be provided 1.details tab 2.events tab.

  • Tacker client changes to retrieve events based on supported queries in API as below:

    tacker event-list –type <resource-type> <query options and values>

    tacker event-show <event id>

  • Additional Tacker client changes to retrieve event(s) in the context of resource as shown below will be supported as well:

    tacker vnf-event-list <vnf-name or vnf-id> –filter <query options/values>

    tacker vnf-event-show <vnf-name or vnf-id> –event-id <event-id>

    NOTE: The ‘filter’ could be mentioned multiple times to add more than one query. Similar support as above would be provided for VNFD, VIM and other Tacker managed resources.

Alternatives

None

Data model impact

A new table in tacker database to capture the event/audit logs will be added. The table will hold the below attributes:

Attribute Name Type Description
id Integer Autogenerated Event ID
resource_id string (UUID) UUID of event source
timestamp datetime Event Time Stamp in UTC
resource_state string Captured state of event source
event_type string Type of actionsuch as create,update, scale_out, etc.
resource_type string Event resource type such as VNFD, VNF, VIM, VNFFG, etc.
event_details string Captures Event specific information

vims, devices and devicetemplates tables will be updated with below columns:

  • created_at
  • updated_at
  • deleted_at

Here deleted_at column helps to introduce the soft delete - when user deletes a resource, deleted_at will be marked with current time stamp and tacker-db-manage will be provided with below option to purge the soft deleted resources based on the age:

tacker-db-manage purge –age <count> –timeline <days|hours|minutes>

REST API impact

/events?resource_id=<uuid>&index=<event-id>& count=<number of events>&status=[<supported status>]&event_type=<event-type>& resource_type=<resource-type>&start-time=<time-val>&end-time=<time-val>

Attribute Name Type Access Default Value Validation/ Conversion Description
id Integer RO, all generated N/A Autogenerated Event ID
resource_id string (UUID) RO, all None (required) N/A UUID of event source
timestamp datetime RO, all None (required) N/A Event Time Stamp in UTC
resource_state string RO, all None (required) N/A Captured state of event source
event_type string RO, all None (required) N/A Type of action such as create,update, scale_out, etc.
resource_type string RO, all None (required) N/A Event resource type such as VNFD,VNF, VIM, VNFFG, etc.
event_details string RO, all ‘’ N/A Event specific information
REST Calls Type Expected Response Body Data Schema Description
/events/<event-id> get 200 OK None Returns output of specific event ID
/events?resource_id=<res_id> get 200 OK None Returns list of events for a given resource
/events?resource_id=<res_id>& index=<event-id>&count=<cnt> get 200 OK None Returns specified count of events for a given resource from a specified event id
/events?resource_id=<res_id>& event_type=<etype> get 200 OK None Returns all events of a requested type for a given resource
/events?resource_id=<res_id>& start-time=<tval1>&end-time=< tval2> get 200 OK None Returns all events for a given resource between specified time interval
REST Call Failures Type Negative Response Response Message Scenario
/events/<event-id> get 404 Not Found Event Does not exist Specified event ID does not exist in DB

Security impact

New ReST API will be supported only for owners and admins and other users will be forbidden from performing those operations.

Other end user impact

None

Performance Impact

None

Other deployer impact

None

Developer impact

None

Implementation

Assignee(s)

Primary assignee:
Vishwanath Jayaraman <vishwanathj@hotmail.com>
Other contributors:
Kanagaraj Manickam <mkr1481@gmail.com>

Work Items

  1. Tacker DB configuration for audit/events log table.
  2. Tacker client support and tacker-db-manage command support.
  3. Tacker server support.
  4. Add support in Tacker Horizon to provide a link for a tacker resource which when clicked displays resource details tab and events tab.
  5. Add unit tests cases.
  6. Add functional test cases as required.
  7. Add user and developer document for this feature

Dependencies

None

Testing

Unit test cases will be written.

Documentation Impact

New User and Developer guide will be provided.

References

None

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.