Re: [Pki-devel] [PATCH] pki-cfu-0116-Ticket-1006-Audit-logging-for-TPS-REST-operations.patch
Looks fine:
What was done:
1. Creating some convenience functions to do the actual auditing.
2. Making sure we have auditing for the calls where things are changed
such as configuration /profile changes, or changing a token's state.
3. Making sure there are audit messages for the various error conditions caught
in exceptions.
I also took a look at a bunch of samples and they look good.
I did not spend days making sure every possible case it covered, but the code
and the framework looks good. Any holes will be discovered later.
ACK
----- Original Message -----
From: "Christina Fu" <cfu(a)redhat.com>
To: "pki-devel" <pki-devel(a)redhat.com>
Sent: Thursday, 24 March, 2016 4:32:56 PM
Subject: [Pki-devel] [PATCH]
pki-cfu-0116-Ticket-1006-Audit-logging-for-TPS-REST-operations.patch
Attached please find the patch for ticket 1006:
https://fedorahosted.org/pki/ticket/1006 Audit logging for TPS REST
operations
Most of the work is on
1. finding the right places to place the audit calls
2. deciding on what should be audited: since all read operations are
captured by AUTZ, the REST operations audited are only write operations
3. deciding on the audit events that should be provided for the operations
4. making needed information available at the places where auditing is
happening
thanks
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel