X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=osm_nbi%2Fauth.py;h=ec33b1c9ac8a534b952e379c0cf360ee264754f8;hb=refs%2Fchanges%2F20%2F13320%2F3;hp=0b3264fb37ecd6bc9355373e506befa963ca5004;hpb=4cd875d2a38488b5e717258d548eeb8e557ec9a8;p=osm%2FNBI.git diff --git a/osm_nbi/auth.py b/osm_nbi/auth.py index 0b3264f..ec33b1c 100644 --- a/osm_nbi/auth.py +++ b/osm_nbi/auth.py @@ -44,6 +44,7 @@ from osm_nbi.authconn import AuthException, AuthconnException, AuthExceptionUnau from osm_nbi.authconn_keystone import AuthconnKeystone from osm_nbi.authconn_internal import AuthconnInternal from osm_nbi.authconn_tacacs import AuthconnTacacs +from osm_nbi.utils import cef_event, cef_event_builder from osm_common import dbmemory, dbmongo, msglocal, msgkafka from osm_common.dbbase import DbException from osm_nbi.validation import is_valid_uuid @@ -88,6 +89,7 @@ class Authenticator: self.valid_query_string = valid_query_string self.system_admin_role_id = None # system_role id self.test_project_id = None # test_project_id + self.cef_logger = None def start(self, config): """ @@ -98,6 +100,7 @@ class Authenticator: :param config: dictionary containing the relevant parameters for this object. """ self.config = config + self.cef_logger = cef_event_builder(config["authentication"]) try: if not self.db: @@ -505,6 +508,18 @@ class Authenticator: item_id, ) self.logger.info("RBAC_auth: {}".format(RBAC_auth)) + if RBAC_auth: + cef_event( + self.cef_logger, + { + "name": "System Access", + "sourceUserName": token_info.get("username"), + "message": "Accessing account with system privileges, Project={}".format( + token_info.get("project_name") + ), + }, + ) + self.logger.info("{}".format(self.cef_logger)) token_info["allow_show_user_project_role"] = RBAC_auth return token_info