Tacker Resource life-cycle audit support¶
https://blueprints.launchpad.net/tacker/+spec/audit-support
This spec describes the plan to introduce generic audit/event logging capability for lifecycle management operations of Tacker managed resources such as VNF, VIM, VNFFG and any future such resources.
Problem description¶
Currently there is no mechanism available in Tacker for an admin or an operator to obtain information on when and by whom certain Tacker resources were created, updated and terminated and what life cycle state changes it went through. This kind of information becomes critical when deployed in production for purposes of audit and troubleshooting. Also it helps to track the progress of the lifecycle operation.
Proposed change¶
This spec proposes to introduce:
A generic approach that aims to capture in a new table of the Tacker database the below information:
Tacker resource status changes caused by lifecycle management operations such as create, update (e.g; VNF configuration update and VNF manual scaling) and terminate.
Timestamp value when the status change occurs.
Associated UUID of the resource.
Associated Resource Type such as VIM, VNF, VNFFG, VNFD etc.
Additional information related to the event and/or resource that would be useful(e.g; VDU1 health monitoring failed - mgmt-ip unreachable).
Add new columns created_at, updated_at and deleted_at to the existing resources vim, devices and devicetemplates tables to capture timestamp values for corresponding create, update and delete operations. The existing DB api’s have to be updated to support adding the above mentioned values to the db tables.
REST API to query the events created for given resource type based on status, time-window, and also with pagination from given index. A new ‘event’ extension that defines the event interface layer and describes the event REST APIs will be introduced.
Horizon changes to display events in time sequential order per resource Example: On clicking a VNF instance entry in the VNF Manager, it will open up details page where two tabs will be provided 1.details tab 2.events tab.
Tacker client changes to retrieve events based on supported queries in API as below:
tacker event-list –type <resource-type> <query options and values>
tacker event-show <event id>
Additional Tacker client changes to retrieve event(s) in the context of resource as shown below will be supported as well:
tacker vnf-event-list <vnf-name or vnf-id> –filter <query options/values>
tacker vnf-event-show <vnf-name or vnf-id> –event-id <event-id>
NOTE: The ‘filter’ could be mentioned multiple times to add more than one query. Similar support as above would be provided for VNFD, VIM and other Tacker managed resources.
Alternatives¶
None
Data model impact¶
A new table in tacker database to capture the event/audit logs will be added. The table will hold the below attributes:
Attribute Name |
Type |
Description |
id |
Integer |
Autogenerated Event ID |
resource_id |
string (UUID) |
UUID of event source |
timestamp |
datetime |
Event Time Stamp in UTC |
resource_state |
string |
Captured state of event source |
event_type |
string |
Type of action such as create,update, scale_out, etc. |
resource_type |
string |
Event resource type such as VNFD, VNF, VIM, VNFFG, etc. |
event_details |
string |
Captures Event specific information |
vims, devices and devicetemplates tables will be updated with below columns:
created_at
updated_at
deleted_at
Here deleted_at column helps to introduce the soft delete - when user deletes a resource, deleted_at will be marked with current time stamp and tacker-db-manage will be provided with below option to purge the soft deleted resources based on the age:
tacker-db-manage purge –age <count> –timeline <days|hours|minutes>
REST API impact¶
/events?resource_id=<uuid>&index=<event-id>& count=<number of events>&status=[<supported status>]&event_type=<event-type>& resource_type=<resource-type>&start-time=<time-val>&end-time=<time-val>
Attribute Name |
Type |
Access |
Default Value |
Validation/ Conversion |
Description |
id |
Integer |
RO, all |
generated |
N/A |
Autogenerated Event ID |
resource_id |
string (UUID) |
RO, all |
None (required) |
N/A |
UUID of event source |
timestamp |
datetime |
RO, all |
None (required) |
N/A |
Event Time Stamp in UTC |
resource_state |
string |
RO, all |
None (required) |
N/A |
Captured state of event source |
event_type |
string |
RO, all |
None (required) |
N/A |
Type of action such as create,update, scale_out, etc. |
resource_type |
string |
RO, all |
None (required) |
N/A |
Event resource type such as VNFD,VNF, VIM, VNFFG, etc. |
event_details |
string |
RO, all |
‘’ |
N/A |
Event specific information |
REST Calls |
Type |
Expected Response |
Body Data Schema |
Description |
/events/<event-id> |
get |
200 OK |
None |
Returns output of specific event ID |
/events?resource_id=<res_id> |
get |
200 OK |
None |
Returns list of events for a given resource |
/events?resource_id=<res_id>& index=<event-id>&count=<cnt> |
get |
200 OK |
None |
Returns specified count of events for a given resource from a specified event id |
/events?resource_id=<res_id>& event_type=<etype> |
get |
200 OK |
None |
Returns all events of a requested type for a given resource |
/events?resource_id=<res_id>& start-time=<tval1>&end-time=< tval2> |
get |
200 OK |
None |
Returns all events for a given resource between specified time interval |
REST Call Failures |
Type |
Negative Response |
Response Message |
Scenario |
/events/<event-id> |
get |
404 Not Found |
Event Does not exist |
Specified event ID does not exist in DB |
Security impact¶
New ReST API will be supported only for owners and admins and other users will be forbidden from performing those operations.
Other end user impact¶
None
Performance Impact¶
None
Other deployer impact¶
None
Developer impact¶
None
Implementation¶
Assignee(s)¶
- Primary assignee:
Vishwanath Jayaraman <vishwanathj@hotmail.com>
- Other contributors:
Kanagaraj Manickam <mkr1481@gmail.com>
Work Items¶
Tacker DB configuration for audit/events log table.
Tacker client support and tacker-db-manage command support.
Tacker server support.
Add support in Tacker Horizon to provide a link for a tacker resource which when clicked displays resource details tab and events tab.
Add unit tests cases.
Add functional test cases as required.
Add user and developer document for this feature
Dependencies¶
None
Testing¶
Unit test cases will be written.
Documentation Impact¶
New User and Developer guide will be provided.
References¶
None
