Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend Security Logs with Storage Lifecycle Events #2797

Open
SilinPavel opened this issue Aug 26, 2022 · 0 comments
Open

Extend Security Logs with Storage Lifecycle Events #2797

SilinPavel opened this issue Aug 26, 2022 · 0 comments
Assignees
@SilinPavel
Labels
kind/enhancement New feature or request state/draft Draft issues, that are lacking description or not ready for the implementation

Comments

@SilinPavel
Copy link
Member

SilinPavel commented Aug 26, 2022
edited
Loading

Related to #2721 #2759

Overview

All actions related to Storage Lifecycle Policy should be logged within Security Logs for good traceability:

  • Lifecycle Archiving rules
    • Lifecycle Rule creation
    • Lifecycle Rule changes
    • Lifecycle Rule deletion
    • Lifecycle Rule prolongation for specific path
    • Lifecycle Rule execution for specific path
  • Lifecycle Restoring actions
    • Lifecycle restore action creation
    • Lifecycle restore action status update

Main concept points

  • New security log 'topic' Storage Lifecycle should be introduced.
  • Existed solution should be reused as much as possible.

Technical details

API server changes

While such events as:

  • Lifecycle Archiving rules
    • Lifecycle Rule creation
    • Lifecycle Rule changes
    • Lifecycle Rule deletion
    • Lifecycle Rule prolongation for specific path
  • Lifecycle Restoring actions
    • Lifecycle restore action creation

can be handled in API server and be appended to api security log,
only thing that we need to do here is to appropriately log all necessary events in api server code.

storage-lifecycle-service changes

To be able to process the next events:

  • Lifecycle Archiving rules
    • Lifecycle Rule notification for specific path
    • Lifecycle Rule execution for specific path
  • Lifecycle Restoring actions
    • Lifecycle restore action status update

We need to expand logging for such events along with providing a ways to collect such logs and push it to elasticsearch

In this case approach, that used for edge service could be good match:

  • Collect all special logs to separate location
  • use elastic filebeat agent to automatically push it to elastic
@SilinPavel SilinPavel added kind/enhancement New feature or request state/draft Draft issues, that are lacking description or not ready for the implementation labels Aug 26, 2022
@NShaforostov NShaforostov mentioned this issue Aug 26, 2022
Open
@SilinPavel SilinPavel self-assigned this Sep 6, 2022
@SilinPavel SilinPavel mentioned this issue Sep 13, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SilinPavel SilinPavel

Labels
kind/enhancement New feature or request state/draft Draft issues, that are lacking description or not ready for the implementation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SilinPavel