From 544c11a0ca2026f19f1413c3f24b11060e434cbe Mon Sep 17 00:00:00 2001 From: notque Date: Fri, 18 Apr 2025 18:36:09 -0700 Subject: [PATCH 1/2] Remove X precending unmapped TypeURIs --- auditmiddleware/_api.py | 1 - 1 file changed, 1 deletion(-) diff --git a/auditmiddleware/_api.py b/auditmiddleware/_api.py index 19fef55..9e81634 100644 --- a/auditmiddleware/_api.py +++ b/auditmiddleware/_api.py @@ -380,7 +380,6 @@ def register_resource(self, parent_type_uri, token): res_name = token.replace('_', '-') if res_name.startswith('os-'): res_name = res_name[3:] - res_name = 'X' + res_name res_dict = {'api_name': token} sub_res_spec, _ = self._build_res_spec(res_name, parent_type_uri, From b9017e1654dd94d20c2158ef517f30668aaccf22 Mon Sep 17 00:00:00 2001 From: Nathan Oyler Date: Wed, 23 Apr 2025 14:42:27 -0700 Subject: [PATCH 2/2] docs, tests for removal of X in typeuri for unknown resources --- README.md | 6 +++--- auditmiddleware/tests/unit/test_audit_filter.py | 10 ++++------ 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 0335ad2..304fdf2 100644 --- a/README.md +++ b/README.md @@ -200,7 +200,7 @@ Usually all custom actions should be listed in the mapping because otherwise the The mapping of actions is complex: For payload-encoded actions a default-mapping will be applied which determines the primary action (e.g. `update`) from the HTTP method and adds the action name from the payload (e.g. `update/myaction`). - For path-encoded actions you can reach a similar behaviour with a generic rule of the form `":*": ""` (e.g. `"POST:*": "read"`). You can refer to the actual action name in the path via `*` (e.g. `"POST:*": "update/*"`). If the right side of the rule is `null, the `entire request will be suppressed, so that no event is emitted (e.g. `"POST:*": null`). + For path-encoded actions you can reach a similar behaviour with a generic rule of the form `":*": ""` (e.g. `"POST:*": "read"`). You can refer to the actual action name in the path via `*` (e.g. `"POST:*": "update/*"`). If the right side of the rule is `null`, the entire request will be suppressed, so that no event is emitted (e.g. `"POST:*": null`). If there is no rule matching the path suffix, it will be interpreted as a _key_, not as an action. That means that the action will be determined from the HTTP method only and an attachment with the name `key` and the name of the key as `content` will be added to the event. @@ -269,9 +269,9 @@ In our example this looks like this: Undeclared Resources -------------------- -Resources that are not declared in the mapping file will be reported as _unknown_ in the operational logs. Still the middleware tries to create events for them based on heuristics. They can be recognized by the `X` prefix in the resource name. +Resources that are not declared in the mapping file will be reported as _unknown_ in the operational logs. Still the middleware tries to create events for them based on heuristics. -When those X-resources show up, the mapping file should be extended with an appropriate resource definition. The reason is that the heuristics to discover and map undeclared resources are not covering all kinds of requests. There are ambiguities. +When those unknown resoucre log messages show up, the mapping file should be extended with an appropriate resource definition. The reason is that the heuristics to discover and map undeclared resources are not covering all kinds of requests. There are ambiguities. Developing Audit Middleware =========================== diff --git a/auditmiddleware/tests/unit/test_audit_filter.py b/auditmiddleware/tests/unit/test_audit_filter.py index d5c0ab8..34adf74 100644 --- a/auditmiddleware/tests/unit/test_audit_filter.py +++ b/auditmiddleware/tests/unit/test_audit_filter.py @@ -548,8 +548,7 @@ def test_post_undefined_action_generic(self): def test_post_resource_undeclared(self): """Test that resource paths w/o mapping are still causing events. - Those events can be spotted by the "X" prefixing the resource - name derived from the URL path. + Those events can be spotted by log messages in the api container. """ rid = str(uuid.uuid4().hex) rname = "myname" @@ -560,13 +559,12 @@ def test_post_resource_undeclared(self): event = self.build_event(request, response) self.check_event(request, response, event, taxonomy.ACTION_CREATE, - "compute/Xyetunknown", rid, rname) + "compute/yetunknown", rid, rname) def test_put_resource_undeclared(self): """Test that resource paths w/o mapping are still causing events. - Those events can be spotted by the "X" prefixing the resource - name derived from the URL path. + Those events can be spotted by log messages in the api container. """ rid = str(uuid.uuid4().hex) rid2 = str(uuid.uuid4().hex) @@ -577,7 +575,7 @@ def test_put_resource_undeclared(self): event = self.build_event(request, response) self.check_event(request, response, event, taxonomy.ACTION_UPDATE, - "compute/Xyetunknown/Xuchild", rid2) + "compute/yetunknown/uchild", rid2) def test_post_action_no_response(self): """Test events are created for POST actions with no response payload.