Overview
Cloudera CDP Auditing is a web service for interacting with the audit subsystem.
Version information
Version : 0.9.128 (BETA)
License information
License : Apache 2.0
Terms of service : https://www.cloudera.com/legal/commercial-terms-and-conditions.html
URI scheme
Schemes : HTTPS
Consumes
-
application/json
Produces
-
application/json
Paths
Archive audit events.
POST /api/v1/audit/archiveAuditEvents
Description
This is used to trigger immediate audit event archiving based on input criteria. WARNING: This command is experimental and subject to backwards-incompatible change.
Parameters
Type | Name | Schema |
---|---|---|
Body |
input |
Responses
HTTP Code | Description | Schema |
---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Create batches of audit events to be archived.
POST /api/v1/audit/batchEventsForArchiving
Description
Create batches of audit events to be archived. This is an asynchronous operation; use the task ID in the response to get the status of the operation. If automated archiving is configured, then this operation is disabled. NOTE: If an operation is currently in progress, another operation cannot be started.
Parameters
Type | Name | Schema |
---|---|---|
Body |
input |
Responses
HTTP Code | Description | Schema |
---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Configures the audit system for archiving audit events to external cloud storage.
POST /api/v1/audit/configureArchiving
Description
Configures the audit system for archiving audit events to an external cloud storage service, replacing any existing configuration. Also returns the current configuration.
Parameters
Type | Name | Schema |
---|---|---|
Body |
input |
Responses
HTTP Code | Description | Schema |
---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Retrieve the current archiving configuration.
POST /api/v1/audit/getArchivingConfig
Description
Returns the current configuration.
Parameters
Type | Name | Schema |
---|---|---|
Body |
input |
Responses
HTTP Code | Description | Schema |
---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Retrieve the status for an archive process.
POST /api/v1/audit/getArchivingStatus
Description
Returns the current status for the request archive process. WARNING: This command is experimental and subject to backwards-incompatible change.
Parameters
Type | Name | Schema |
---|---|---|
Body |
input |
Responses
HTTP Code | Description | Schema |
---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Get the status of creating batches of audit events to be archived.
POST /api/v1/audit/getBatchEventsForArchivingStatus
Description
Get the status of creating batches of audit events to be archived. If automated archiving is configured, then this operation is disabled.
Parameters
Type | Name | Schema |
---|---|---|
Body |
input |
Responses
HTTP Code | Description | Schema |
---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
List all audit events recorded in a specified time span, and optionally with a specified request ID and/or event source.
POST /api/v1/audit/listEvents
Description
Returns all audit log events that have a timestamp within the provided range (start is inclusive, end is exclusive) and, optionally, with the specified request ID and/or event source.
Parameters
Type | Name | Schema |
---|---|---|
Body |
input |
Responses
HTTP Code | Description | Schema |
---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
List events contained in a single archive batch.
POST /api/v1/audit/listEventsInArchiveBatch
Description
List events contained in a single archive batch. The batch must not be marked as successfully archived already. A batch’s events may be listed multiple times, as long as it is not marked as successfully archived. If automated archiving is configured, then this operation is disabled.
Parameters
Type | Name | Schema |
---|---|---|
Body |
input |
Responses
HTTP Code | Description | Schema |
---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
List outstanding (unarchived) archive batches.
POST /api/v1/audit/listOutstandingArchiveBatches
Description
Lists archive batches that have not yet been marked as successfully archived. Their contents remain available for listing. If automated archiving is configured, then this operation is disabled.
Parameters
Type | Name | Schema |
---|---|---|
Body |
input |
Responses
HTTP Code | Description | Schema |
---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
List recent archive runs.
POST /api/v1/audit/listRecentArchiveRuns
Description
Returns recent archive runs for a specified account.
Parameters
Type | Name | Schema |
---|---|---|
Body |
input |
Responses
HTTP Code | Description | Schema |
---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Mark archive batches as successful.
POST /api/v1/audit/markArchiveBatchesAsSuccessful
Description
Mark archive batches as successful. After a batch is marked as successfully archived, it is not considered outstanding and its events may no longer be listed. If automated archiving is configured, then this operation is disabled.
Parameters
Type | Name | Schema |
---|---|---|
Body |
input |
Responses
HTTP Code | Description | Schema |
---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Definitions
ActorIdentity
Identity information about the actor that initiated an event. Only one of the fields in this message may be set.
Name | Description | Schema |
---|---|---|
actorCrn |
The CRN of the actor who initiated this event. |
string |
actorServiceName |
The name of the service that initiated this event. It must be the name of a service as enumerated in the CRN definition. |
string |
ApiRequestEvent
The model for an API request event, as a part of CdpAuditEvent. These events are triggered by requests to public CDP API services.
Name | Description | Schema |
---|---|---|
apiVersion |
The API version associated with the request. |
string |
mutating |
Whether the request mutates the state of resources. |
boolean |
requestParameters |
The API request parameters. |
string |
responseParameters |
The API response parameters. Only recorded for mutating calls. |
string |
sourceIPAddress |
The source IP address of the requester. |
string |
userAgent |
The user agent that made the API request. |
string |
ApiRequestEventCriteria
Filter criteria for listing API request audit events.
Name | Description | Schema |
---|---|---|
sourceIPAddress |
The source IP address of the requester. |
string |
userAgent |
The user agent that made the API request. |
string |
ArchiveAuditEventsRequest
Request to archive audit events.
Name | Description | Schema |
---|---|---|
fromTimestamp |
The beginning timestamp for the search range (inclusive). |
string (date-time) |
toTimestamp |
The ending timestamp for the search range (exclusive). |
string (date-time) |
ArchiveAuditEventsResponse
Response from archiving audit events.
Name | Description | Schema |
---|---|---|
eventBatches |
The details about the batches of events archived. |
< ArchiveBatch > array |
eventCount |
The number of events archived. |
integer (int64) |
taskId |
The id representing an asynchronous task. |
string |
ArchiveBatch
Information about a batch of audit events that were archived.
Name | Description | Schema |
---|---|---|
accountId |
The account ID for which events were archived. |
string |
archiveId |
The archive ID of the batch. |
string |
archiveTimestamp |
The archive timestamp of the batch. |
integer (int64) |
eventCount |
The number of events archived. A negative number indicates that the count is not available. |
integer (int64) |
ArchiveRun
The public model for an archive run.
Name | Description | Schema |
---|---|---|
accountId |
The account ID for the archive run. |
string |
archiveId |
The archive ID for the batch of events archived by the run. |
string |
archiveTimestamp |
The archive timestamp of the batch. |
string (date-time) |
creationTimestamp |
The creation timestamp of the archive run. |
string (date-time) |
details |
Additional details about the run, such as a stack trace. |
string |
runId |
The run ID for the archive run, which uniquely identifies the run. |
string |
status |
The status of the archive run: CREATED, SUCCEEDED, or FAILED. |
|
summary |
A summary of the outcome of the run. |
string |
ArchiveRunStatus
Archive run status.
CREATED
- Indicates that an archive run has been created but has not yet completed. SUCCEEDED
- Indicates that an archive run completed successfully. FAILED
- Indicates that an archive run failed.
Type : enum (CREATED, SUCCEEDED, FAILED)
ArchivingConfigInfo
Object for holding archiving configuration information for the audit service.
Name | Description | Schema |
---|---|---|
credentialName |
The credential name or CRN to use |
string |
enabled |
Flag to enable/disable the archiving process |
boolean |
storageLocation |
The destination for the logs, e.g. S3 bucket name |
string |
storageRegion |
The region to work with when accessing the logs, e.g. S3 region |
string |
AsyncTaskStatus
Archive task status.
OPEN
- Task is still in progress COMPLETED
- Task has completed successfully FAILED
- Task has failed CANCELED
- Task was canceled TERMINATED
- Task as terminated CONTINUED_AS_NEW
- Task was rerun as a new task TIMED_OUT
- The task has timed out
Type : enum (OPEN, COMPLETED, FAILED, CANCELED, TERMINATED, CONTINUED_AS_NEW, TIMED_OUT)
BatchEventsForArchivingRequest
Request to create batches of audit events for archiving.
Name | Description | Schema |
---|---|---|
fromTimestamp |
The beginning timestamp for the search range. |
string (date-time) |
toTimestamp |
The ending timestamp for the search range. |
string (date-time) |
BatchEventsForArchivingResponse
Response from creating batches of audit events for archiving.
Name | Description | Schema |
---|---|---|
taskId |
The ID of the asynchronous task to monitor. |
string |
CdpAuditEvent
The model for an audit event.
Name | Description | Schema |
---|---|---|
accountId |
Account id in which this event occurred. |
string |
actorIdentity |
The actor who initiated this event. |
|
apiRequestEvent |
Information originating from an API request. |
|
cdpServiceEvent |
Information originating from an event generated by a CDP service. |
|
eventName |
The name of the event. Each source defines all its event names, and a name must be unique for its source. |
string |
eventSource |
The source service of the event. It must be the name of a service as enumerated in the CRN definition. |
string |
id |
UUID for this event. |
string |
interactiveLoginEvent |
Information originating from a login event. |
|
requestId |
Id of the request that initiated this event. Optional. |
string |
resultCode |
Optional result code. |
string |
resultMessage |
Optional result message, a short message (about one sentence) describing the result. |
string |
timestamp |
The Unix timestamp, in milliseconds (UTC), when the event occurred. |
integer (int64) |
version |
The version of the event structure. |
string |
CdpServiceEvent
The model for a service event, as a part of CdpAuditEvent. These events are created by Cloudera CDP services, but are not directly triggered by a request to a public CDP API service.
Name | Description | Schema |
---|---|---|
additionalServiceEventDetails |
Optional JSON that contains additional details for an event and/or a result associated with the event. Each service defines the structure of details for each event. |
string |
detailsVersion |
The schema version of the additional service event details for this service event. Maintained by the service. |
string |
resourceCrns |
The CRNs of the resources operated on. |
< string > array |
CdpServiceEventCriteria
Filter criteria for listing CDP service audit events.
Name | Description | Schema |
---|---|---|
resourceCrn |
The CRN of the resource operated on. |
string |
ConfigureArchivingRequest
Request object for the ConfigureArchiving method.
Name | Description | Schema |
---|---|---|
credentialName |
The credential name or CRN to use |
string |
enabled |
Flag to enable/disable the archiving process |
boolean |
storageLocation |
The destination for the logs, e.g. S3 bucket name |
string |
storageRegion |
The region to work with when accessing the logs, e.g. S3 region |
string |
verifyOnly |
Whether to only verify the configuration, and not update it. |
boolean |
ConfigureArchivingResponse
Response object for the ConfigureArchiving method.
Name | Description | Schema |
---|---|---|
configuration |
The configuration information |
Error
An object returned on an error.
Name | Description | Schema |
---|---|---|
code |
The error code. |
string |
message |
The error message. |
string |
GetArchivingConfigRequest
Request object for the GetArchivingConfig method.
Type : object
GetArchivingConfigResponse
Response object for the GetArchivingConfig method.
Name | Description | Schema |
---|---|---|
configuration |
The configuration information |
GetArchivingStatusRequest
Request to get status for an archive process.
Name | Description | Schema |
---|---|---|
taskId |
The id representing an asynchronous task. |
string |
GetArchivingStatusResponse
Information about a current archive process.
Name | Description | Schema |
---|---|---|
eventBatches |
The details about the batches of events archived. |
< ArchiveBatch > array |
eventCount |
The number of events archived. |
integer (int64) |
status |
The archive status. |
GetBatchEventsForArchivingStatusRequest
Request to get the status of creating batches of audit events to be archived.
Name | Description | Schema |
---|---|---|
taskId |
The ID of the asynchronous task to monitor. |
string |
GetBatchEventsForArchivingStatusResponse
Response from getting the status of creating batches of audit events to be archived.
Name | Description | Schema |
---|---|---|
eventBatches |
The details about the created batches, if the task completed successfully. |
< ArchiveBatch > array |
status |
The task status. |
InteractiveLoginEvent
The model for a login event, as a part of CdpAuditEvent. CDP logs attempts to interactively login to the CDP console. This includes logins using Cloudera SSO and through any federated interactive login events.
Name | Description | Schema |
---|---|---|
accountAdmin |
Whether the user was marked as account admin. Can only be 'true' for users using Cloudera SSO. |
boolean |
email |
The email of the user as provided to CDP. |
string |
filteredInvalidGroups |
The groups that are invalid and filtered (ignored) during the interactive login through non Cloudera SSO IdP. It is a subset of the groups the user belongs to as received in CDP. It can be empty for any of the following reasons: 1) If the account is not entitled for this feature. 2) If the membership sync is off for the IdP used during the interactive login. 3) If all the groups were valid during login through non Cloudera SSO IdP. 4) If the login is performed through Cloudera SSO. 5) If the login fails before filtering invalid groups. |
< string > array |
firstName |
The first name of the user, if provided. |
string |
groups |
A list of group names the user belongs to as received in CDP. Only available for non Cloudera SSO login events. |
< string > array |
identityProviderCrn |
The identity provider CRN used to interactively login. For Cloudera SSO the ID is 'crn:altus:iam:us-west-1:altus:samlProvider:cloudera-sso'. For identity provider connectors the connector’s CRN is used. |
string |
identityProviderSessionId |
The identity provider session ID for this interactive login request. For SAML 2.0 identity federation this is the SessionIndex of the SAML AuthnResponse. (Deprecated: No replacement, as this was never available.) |
string |
identityProviderUserId |
The user ID as indicated by the identity provider. The specific format and type of this identifier is determined by the IdP. For Cloudera SSO this is the email used to login. |
string |
lastName |
The last name of the user, if provided. |
string |
sourceIPAddress |
The source IP address from which the login request came from. |
string |
userCrn |
The CDP user CRN for the user. This may be empty if the login failed. |
string |
InteractiveLoginEventCriteria
Filter criteria for listing interactive login audit events.
Name | Description | Schema |
---|---|---|
email |
The email of the user as provided to CDP. |
string |
firstName |
The first name of the user. |
string |
identityProviderUserId |
The user ID as indicated by the identity provider. The specific format and type of this identifier is determined by the IdP. For Cloudera SSO this is the email used to login. |
string |
lastName |
The last name of the user. |
string |
sourceIPAddress |
The source IP address from which the login request came. |
string |
ListEventsInArchiveBatchRequest
Request to list events contained in a single archive batch.
Name | Description | Schema |
---|---|---|
archiveId |
The archive ID of the batch. |
string |
ListEventsInArchiveBatchResponse
Response from listing events contained in a single archive batch.
Name | Description | Schema |
---|---|---|
auditEvents |
The audit events in the archive batch. |
< CdpAuditEvent > array |
ListEventsRequest
Request object for the ListEvents method.
Name | Description | Schema |
---|---|---|
actorCrn |
The optional actor CRN. If specified, only events with this CRN recorded for the actor identity are returned. |
string |
apiRequestEventCriteria |
Optional additional filtering criteria for listing API request audit events. |
|
cdpServiceEventCriteria |
Optional additional filtering criteria for listing CDP service audit events. |
|
eventName |
The optional event name. If specified, only events with this name are returned. |
string |
eventSource |
The optional source service. If specified, only events associated with this event source are returned. The source must be the name of a service as enumerated in the CRN definition. |
string |
fromTimestamp |
The beginning timestamp for the search range (inclusive). |
string (date-time) |
interactiveLoginEventCriteria |
Optional additional filtering criteria for listing interactive login audit events. |
|
pageSize |
The page size. |
integer (int32) |
pageToken |
The page token. |
string |
requestId |
The optional request ID. If specified, only events associated with this request ID are returned. |
string |
resultCode |
The optional result code. If specified, only events with this result code are returned. Events without a result code are not returned. |
string |
resultMessage |
The optional result message. If specified, only events with this result message are returned. Events without a result message are not returned. |
string |
toTimestamp |
The ending timestamp for the search range (exclusive). |
string (date-time) |
ListEventsResponse
Response object for the ListEvents method.
Name | Description | Schema |
---|---|---|
auditEvents |
The audit events that satisfy the query. |
< CdpAuditEvent > array |
nextPageToken |
The page token for requesting the next page of results. |
string |
ListOutstandingArchiveBatchesRequest
Request to list outstanding archive batches.
Name | Description | Schema |
---|---|---|
fromTimestamp |
The beginning timestamp for the search range (inclusive). |
string (date-time) |
pageSize |
The page size. |
integer (int32) |
pageToken |
The page token. |
string |
toTimestamp |
The ending timestamp for the search range (exclusive). |
string (date-time) |
ListOutstandingArchiveBatchesResponse
The response from listing outstanding archive batches.
Name | Description | Schema |
---|---|---|
eventBatches |
The details about the outstanding batches of events. |
< ArchiveBatch > array |
nextPageToken |
The page token for requesting the next page of results. |
string |
ListRecentArchiveRunsRequest
Request to list recent archive runs.
Name | Description | Schema |
---|---|---|
limit |
The maximum number of archive runs to return. |
integer (int32) |
ListRecentArchiveRunsResponse
The response from listing recent archive runs.
Name | Description | Schema |
---|---|---|
archiveRuns |
The archive runs. |
< ArchiveRun > array |
MarkArchiveBatchesAsSuccessfulRequest
Request to mark archive batches as successful.
Name | Description | Schema |
---|---|---|
archiveIds |
The archive IDs of the batches to mark. |
< string > array |
MarkArchiveBatchesAsSuccessfulResponse
Response from marking archive batches as successful.
Name | Description | Schema |
---|---|---|
archiveIds |
The archive IDs of the batches marked as successful. |
< string > array |
archiveTimestamp |
The archive timestamp marked for each batch. |
string (date-time) |