Overview

Cloudera CDP Auditing is a web service for interacting with the audit subsystem.

Version information

Version : 0.9.128 (BETA)

License information

URI scheme

Schemes : HTTPS

Consumes

  • application/json

Produces

  • application/json

Paths

Archive audit events.

POST /api/v1/audit/archiveAuditEvents

Description

This is used to trigger immediate audit event archiving based on input criteria. WARNING: This command is experimental and subject to backwards-incompatible change.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Create batches of audit events to be archived.

POST /api/v1/audit/batchEventsForArchiving

Description

Create batches of audit events to be archived. This is an asynchronous operation; use the task ID in the response to get the status of the operation. If automated archiving is configured, then this operation is disabled. NOTE: If an operation is currently in progress, another operation cannot be started.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Configures the audit system for archiving audit events to external cloud storage.

POST /api/v1/audit/configureArchiving

Description

Configures the audit system for archiving audit events to an external cloud storage service, replacing any existing configuration. Also returns the current configuration.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Retrieve the current archiving configuration.

POST /api/v1/audit/getArchivingConfig

Description

Returns the current configuration.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Retrieve the status for an archive process.

POST /api/v1/audit/getArchivingStatus

Description

Returns the current status for the request archive process. WARNING: This command is experimental and subject to backwards-incompatible change.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Get the status of creating batches of audit events to be archived.

POST /api/v1/audit/getBatchEventsForArchivingStatus

Description

Get the status of creating batches of audit events to be archived. If automated archiving is configured, then this operation is disabled.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

List all audit events recorded in a specified time span, and optionally with a specified request ID and/or event source.

POST /api/v1/audit/listEvents

Description

Returns all audit log events that have a timestamp within the provided range (start is inclusive, end is exclusive) and, optionally, with the specified request ID and/or event source.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

List events contained in a single archive batch.

POST /api/v1/audit/listEventsInArchiveBatch

Description

List events contained in a single archive batch. The batch must not be marked as successfully archived already. A batch’s events may be listed multiple times, as long as it is not marked as successfully archived. If automated archiving is configured, then this operation is disabled.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

List outstanding (unarchived) archive batches.

POST /api/v1/audit/listOutstandingArchiveBatches

Description

Lists archive batches that have not yet been marked as successfully archived. Their contents remain available for listing. If automated archiving is configured, then this operation is disabled.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

List recent archive runs.

POST /api/v1/audit/listRecentArchiveRuns

Description

Returns recent archive runs for a specified account.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Mark archive batches as successful.

POST /api/v1/audit/markArchiveBatchesAsSuccessful

Description

Mark archive batches as successful. After a batch is marked as successfully archived, it is not considered outstanding and its events may no longer be listed. If automated archiving is configured, then this operation is disabled.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Definitions

ActorIdentity

Identity information about the actor that initiated an event. Only one of the fields in this message may be set.

Name Description Schema

actorCrn
optional

The CRN of the actor who initiated this event.

string

actorServiceName
optional

The name of the service that initiated this event. It must be the name of a service as enumerated in the CRN definition.

string

ApiRequestEvent

The model for an API request event, as a part of CdpAuditEvent. These events are triggered by requests to public CDP API services.

Name Description Schema

apiVersion
optional

The API version associated with the request.

string

mutating
optional

Whether the request mutates the state of resources.

boolean

requestParameters
optional

The API request parameters.

string

responseParameters
optional

The API response parameters. Only recorded for mutating calls.

string

sourceIPAddress
optional

The source IP address of the requester.

string

userAgent
optional

The user agent that made the API request.

string

ApiRequestEventCriteria

Filter criteria for listing API request audit events.

Name Description Schema

sourceIPAddress
optional

The source IP address of the requester.

string

userAgent
optional

The user agent that made the API request.

string

ArchiveAuditEventsRequest

Request to archive audit events.

Name Description Schema

fromTimestamp
required

The beginning timestamp for the search range (inclusive).

string (date-time)

toTimestamp
required

The ending timestamp for the search range (exclusive).

string (date-time)

ArchiveAuditEventsResponse

Response from archiving audit events.

Name Description Schema

eventBatches
optional

The details about the batches of events archived.

< ArchiveBatch > array

eventCount
optional

The number of events archived.

integer (int64)

taskId
optional

The id representing an asynchronous task.

string

ArchiveBatch

Information about a batch of audit events that were archived.

Name Description Schema

accountId
optional

The account ID for which events were archived.

string

archiveId
optional

The archive ID of the batch.

string

archiveTimestamp
optional

The archive timestamp of the batch.

integer (int64)

eventCount
optional

The number of events archived. A negative number indicates that the count is not available.

integer (int64)

ArchiveRun

The public model for an archive run.

Name Description Schema

accountId
optional

The account ID for the archive run.

string

archiveId
optional

The archive ID for the batch of events archived by the run.

string

archiveTimestamp
optional

The archive timestamp of the batch.

string (date-time)

creationTimestamp
optional

The creation timestamp of the archive run.

string (date-time)

details
optional

Additional details about the run, such as a stack trace.

string

runId
optional

The run ID for the archive run, which uniquely identifies the run.

string

status
optional

The status of the archive run: CREATED, SUCCEEDED, or FAILED.

summary
optional

A summary of the outcome of the run.

string

ArchiveRunStatus

Archive run status. CREATED - Indicates that an archive run has been created but has not yet completed. SUCCEEDED - Indicates that an archive run completed successfully. FAILED - Indicates that an archive run failed.

Type : enum (CREATED, SUCCEEDED, FAILED)

ArchivingConfigInfo

Object for holding archiving configuration information for the audit service.

Name Description Schema

credentialName
optional

The credential name or CRN to use

string

enabled
optional

Flag to enable/disable the archiving process

boolean

storageLocation
optional

The destination for the logs, e.g. S3 bucket name

string

storageRegion
optional

The region to work with when accessing the logs, e.g. S3 region

string

AsyncTaskStatus

Archive task status. OPEN - Task is still in progress COMPLETED - Task has completed successfully FAILED - Task has failed CANCELED - Task was canceled TERMINATED - Task as terminated CONTINUED_AS_NEW - Task was rerun as a new task TIMED_OUT - The task has timed out

Type : enum (OPEN, COMPLETED, FAILED, CANCELED, TERMINATED, CONTINUED_AS_NEW, TIMED_OUT)

BatchEventsForArchivingRequest

Request to create batches of audit events for archiving.

Name Description Schema

fromTimestamp
required

The beginning timestamp for the search range.

string (date-time)

toTimestamp
required

The ending timestamp for the search range.

string (date-time)

BatchEventsForArchivingResponse

Response from creating batches of audit events for archiving.

Name Description Schema

taskId
optional

The ID of the asynchronous task to monitor.

string

CdpAuditEvent

The model for an audit event.

Name Description Schema

accountId
required

Account id in which this event occurred.

string

actorIdentity
required

The actor who initiated this event.

apiRequestEvent
optional

Information originating from an API request.

cdpServiceEvent
optional

Information originating from an event generated by a CDP service.

eventName
required

The name of the event. Each source defines all its event names, and a name must be unique for its source.

string

eventSource
required

The source service of the event. It must be the name of a service as enumerated in the CRN definition.

string

id
required

UUID for this event.

string

interactiveLoginEvent
optional

Information originating from a login event.

requestId
optional

Id of the request that initiated this event. Optional.

string

resultCode
optional

Optional result code.

string

resultMessage
optional

Optional result message, a short message (about one sentence) describing the result.

string

timestamp
required

The Unix timestamp, in milliseconds (UTC), when the event occurred.

integer (int64)

version
required

The version of the event structure.

string

CdpServiceEvent

The model for a service event, as a part of CdpAuditEvent. These events are created by Cloudera CDP services, but are not directly triggered by a request to a public CDP API service.

Name Description Schema

additionalServiceEventDetails
optional

Optional JSON that contains additional details for an event and/or a result associated with the event. Each service defines the structure of details for each event.

string

detailsVersion
optional

The schema version of the additional service event details for this service event. Maintained by the service.

string

resourceCrns
optional

The CRNs of the resources operated on.

< string > array

CdpServiceEventCriteria

Filter criteria for listing CDP service audit events.

Name Description Schema

resourceCrn
optional

The CRN of the resource operated on.

string

ConfigureArchivingRequest

Request object for the ConfigureArchiving method.

Name Description Schema

credentialName
required

The credential name or CRN to use

string

enabled
required

Flag to enable/disable the archiving process

boolean

storageLocation
required

The destination for the logs, e.g. S3 bucket name

string

storageRegion
optional

The region to work with when accessing the logs, e.g. S3 region

string

verifyOnly
optional

Whether to only verify the configuration, and not update it.

boolean

ConfigureArchivingResponse

Response object for the ConfigureArchiving method.

Name Description Schema

configuration
optional

The configuration information

Error

An object returned on an error.

Name Description Schema

code
optional

The error code.

string

message
optional

The error message.

string

GetArchivingConfigRequest

Request object for the GetArchivingConfig method.

Type : object

GetArchivingConfigResponse

Response object for the GetArchivingConfig method.

Name Description Schema

configuration
optional

The configuration information

GetArchivingStatusRequest

Request to get status for an archive process.

Name Description Schema

taskId
required

The id representing an asynchronous task.

string

GetArchivingStatusResponse

Information about a current archive process.

Name Description Schema

eventBatches
optional

The details about the batches of events archived.

< ArchiveBatch > array

eventCount
optional

The number of events archived.

integer (int64)

status
optional

The archive status.

GetBatchEventsForArchivingStatusRequest

Request to get the status of creating batches of audit events to be archived.

Name Description Schema

taskId
optional

The ID of the asynchronous task to monitor.

string

GetBatchEventsForArchivingStatusResponse

Response from getting the status of creating batches of audit events to be archived.

Name Description Schema

eventBatches
optional

The details about the created batches, if the task completed successfully.

< ArchiveBatch > array

status
optional

The task status.

InteractiveLoginEvent

The model for a login event, as a part of CdpAuditEvent. CDP logs attempts to interactively login to the CDP console. This includes logins using Cloudera SSO and through any federated interactive login events.

Name Description Schema

accountAdmin
optional

Whether the user was marked as account admin. Can only be 'true' for users using Cloudera SSO.

boolean

email
required

The email of the user as provided to CDP.

string

filteredInvalidGroups
optional

The groups that are invalid and filtered (ignored) during the interactive login through non Cloudera SSO IdP. It is a subset of the groups the user belongs to as received in CDP. It can be empty for any of the following reasons: 1) If the account is not entitled for this feature. 2) If the membership sync is off for the IdP used during the interactive login. 3) If all the groups were valid during login through non Cloudera SSO IdP. 4) If the login is performed through Cloudera SSO. 5) If the login fails before filtering invalid groups.

< string > array

firstName
optional

The first name of the user, if provided.

string

groups
optional

A list of group names the user belongs to as received in CDP. Only available for non Cloudera SSO login events.

< string > array

identityProviderCrn
required

The identity provider CRN used to interactively login. For Cloudera SSO the ID is 'crn:altus:iam:us-west-1:altus:samlProvider:cloudera-sso'. For identity provider connectors the connector’s CRN is used.

string

identityProviderSessionId
required

The identity provider session ID for this interactive login request. For SAML 2.0 identity federation this is the SessionIndex of the SAML AuthnResponse. (Deprecated: No replacement, as this was never available.)

string

identityProviderUserId
required

The user ID as indicated by the identity provider. The specific format and type of this identifier is determined by the IdP. For Cloudera SSO this is the email used to login.

string

lastName
optional

The last name of the user, if provided.

string

sourceIPAddress
optional

The source IP address from which the login request came from.

string

userCrn
optional

The CDP user CRN for the user. This may be empty if the login failed.

string

InteractiveLoginEventCriteria

Filter criteria for listing interactive login audit events.

Name Description Schema

email
optional

The email of the user as provided to CDP.

string

firstName
optional

The first name of the user.

string

identityProviderUserId
optional

The user ID as indicated by the identity provider. The specific format and type of this identifier is determined by the IdP. For Cloudera SSO this is the email used to login.

string

lastName
optional

The last name of the user.

string

sourceIPAddress
optional

The source IP address from which the login request came.

string

ListEventsInArchiveBatchRequest

Request to list events contained in a single archive batch.

Name Description Schema

archiveId
required

The archive ID of the batch.

string

ListEventsInArchiveBatchResponse

Response from listing events contained in a single archive batch.

Name Description Schema

auditEvents
optional

The audit events in the archive batch.

< CdpAuditEvent > array

ListEventsRequest

Request object for the ListEvents method.

Name Description Schema

actorCrn
optional

The optional actor CRN. If specified, only events with this CRN recorded for the actor identity are returned.

string

apiRequestEventCriteria
optional

Optional additional filtering criteria for listing API request audit events.

cdpServiceEventCriteria
optional

Optional additional filtering criteria for listing CDP service audit events.

eventName
optional

The optional event name. If specified, only events with this name are returned.

string

eventSource
optional

The optional source service. If specified, only events associated with this event source are returned. The source must be the name of a service as enumerated in the CRN definition.

string

fromTimestamp
required

The beginning timestamp for the search range (inclusive).

string (date-time)

interactiveLoginEventCriteria
optional

Optional additional filtering criteria for listing interactive login audit events.

pageSize
optional

The page size.
Minimum value : 20
Maximum value : 50

integer (int32)

pageToken
optional

The page token.

string

requestId
optional

The optional request ID. If specified, only events associated with this request ID are returned.

string

resultCode
optional

The optional result code. If specified, only events with this result code are returned. Events without a result code are not returned.

string

resultMessage
optional

The optional result message. If specified, only events with this result message are returned. Events without a result message are not returned.

string

toTimestamp
required

The ending timestamp for the search range (exclusive).

string (date-time)

ListEventsResponse

Response object for the ListEvents method.

Name Description Schema

auditEvents
optional

The audit events that satisfy the query.

< CdpAuditEvent > array

nextPageToken
optional

The page token for requesting the next page of results.

string

ListOutstandingArchiveBatchesRequest

Request to list outstanding archive batches.

Name Description Schema

fromTimestamp
optional

The beginning timestamp for the search range (inclusive).

string (date-time)

pageSize
optional

The page size.
Minimum value : 20
Maximum value : 100

integer (int32)

pageToken
optional

The page token.

string

toTimestamp
optional

The ending timestamp for the search range (exclusive).

string (date-time)

ListOutstandingArchiveBatchesResponse

The response from listing outstanding archive batches.

Name Description Schema

eventBatches
optional

The details about the outstanding batches of events.

< ArchiveBatch > array

nextPageToken
optional

The page token for requesting the next page of results.

string

ListRecentArchiveRunsRequest

Request to list recent archive runs.

Name Description Schema

limit
optional

The maximum number of archive runs to return.

integer (int32)

ListRecentArchiveRunsResponse

The response from listing recent archive runs.

Name Description Schema

archiveRuns
optional

The archive runs.

< ArchiveRun > array

MarkArchiveBatchesAsSuccessfulRequest

Request to mark archive batches as successful.

Name Description Schema

archiveIds
optional

The archive IDs of the batches to mark.

< string > array

MarkArchiveBatchesAsSuccessfulResponse

Response from marking archive batches as successful.

Name Description Schema

archiveIds
optional

The archive IDs of the batches marked as successful.

< string > array

archiveTimestamp
optional

The archive timestamp marked for each batch.

string (date-time)


Copyright © 2024 Cloudera, Inc. All rights reserved.