Module netapp_ontap.resources.s3_audit
Copyright © 2023 NetApp Inc. All rights reserved.
This file has been automatically generated based on the ONTAP REST API documentation.
Overview
S3 events auditing is a security measure that enables you to track and log certain S3 events on storage virtual machines (SVMs). You can track potential security problems and provides evidence of any security breaches.
Examples
Creating an S3 audit entry with log rotation size and log retention count
To create an S3 audit entry with log rotation size and log retention count, use the following API. Note the return_records=true query parameter is used to obtain the newly created entry in the response.
from netapp_ontap import HostConnection
from netapp_ontap.resources import S3Audit
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = S3Audit("ec650e97-156e-11e9-abcb-005056bbd0bf")
resource.enabled = True
resource.events = {"data": False, "management": False}
resource.log = {
"format": "json",
"retention": {"count": 10},
"rotation": {"size": 2048000},
}
resource.log_path = "/"
resource.post(hydrate=True)
print(resource)
S3Audit(
{
"log_path": "/",
"log": {
"retention": {"duration": "0s", "count": 10},
"rotation": {"size": 2048000},
"format": "json",
},
"svm": {"name": "vs1", "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf"},
"events": {"data": False, "management": False},
"enabled": True,
}
)
Creating an S3 audit entry with log rotation schedule and log retention duration
To create an S3 audit entry with log rotation schedule and log retention duration, use the following API. Note that the return_records=true query parameter is used to obtain the newly created entry in the response.
from netapp_ontap import HostConnection
from netapp_ontap.resources import S3Audit
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = S3Audit("a8d64674-13fc-11e9-87b1-005056a7ae7e")
resource.enabled = False
resource.events = {"data": True, "management": True}
resource.log = {
"format": "json",
"retention": {"duration": "P4DT12H30M5S"},
"rotation": {
"schedule": {
"days": [1, 5, 10, 15],
"hours": [0, 1, 6, 12, 18, 23],
"minutes": [10, 15, 30, 45, 59],
"months": [0],
"weekdays": [0, 2, 5],
}
},
}
resource.log_path = "/"
resource.post(hydrate=True)
print(resource)
S3Audit(
{
"log_path": "/",
"log": {
"retention": {"duration": "P4DT12H30M5S", "count": 0},
"rotation": {
"schedule": {
"months": [0],
"minutes": [10, 15, 30, 45, 59],
"weekdays": [0, 2, 5],
"days": [1, 5, 10, 15],
"hours": [0, 1, 6, 12, 18, 23],
}
},
"format": "json",
},
"svm": {"name": "vs3", "uuid": "a8d64674-13fc-11e9-87b1-005056a7ae7e"},
"events": {"data": True, "management": True},
"enabled": True,
}
)
Retrieving an S3 audit configuration for all SVMs in the cluster
from netapp_ontap import HostConnection
from netapp_ontap.resources import S3Audit
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = S3Audit("*")
resource.get(fields="*", return_timeout=15)
print(resource)
[
S3Audit(
{
"log_path": "/",
"log": {
"retention": {"duration": "0s", "count": 10},
"rotation": {"size": 2048000},
"format": "json",
},
"svm": {"name": "vs1", "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf"},
"events": {"data": False, "management": False},
"enabled": True,
}
),
S3Audit(
{
"log_path": "/",
"log": {
"retention": {"duration": "P4DT12H30M5S", "count": 0},
"rotation": {
"schedule": {
"months": [0],
"minutes": [10, 15, 30, 45, 59],
"weekdays": [0, 2, 5],
"days": [1, 5, 10, 15],
"hours": [0, 1, 6, 12, 18, 23],
}
},
"format": "json",
},
"svm": {"name": "vs3", "uuid": "a8d64674-13fc-11e9-87b1-005056a7ae7e"},
"events": {"data": True, "management": True},
"enabled": True,
}
),
]
Retrieving specific entries with event list as data and management event for an SVM
The configuration returned is identified by the events in the list of S3 audit configurations of an SVM.
from netapp_ontap import HostConnection
from netapp_ontap.resources import S3Audit
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = S3Audit("*")
resource.get(
return_timeout=15, **{"events.data": "true", "events.management": "true"}
)
print(resource)
[
S3Audit(
{
"svm": {"name": "vs1", "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf"},
"events": {"data": True, "management": True},
}
),
S3Audit(
{
"svm": {"name": "vs3", "uuid": "a8d64674-13fc-11e9-87b1-005056a7ae7e"},
"events": {"data": True, "management": True},
}
),
]
Retrieving a specific S3 audit configuration of an SVM
The configuration returned is identified by the UUID of its SVM.
from netapp_ontap import HostConnection
from netapp_ontap.resources import S3Audit
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = S3Audit("ec650e97-156e-11e9-abcb-005056bbd0bf")
resource.get()
print(resource)
S3Audit(
{
"log_path": "/",
"log": {
"retention": {"duration": "0s", "count": 10},
"rotation": {"size": 2048000},
"format": "json",
},
"svm": {"name": "vs1", "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf"},
"events": {"data": False, "management": False},
"enabled": True,
}
)
Updating a specific S3 audit configuration of an SVM
The configuration is identified by the UUID of its SVM and the provided information is updated.
from netapp_ontap import HostConnection
from netapp_ontap.resources import S3Audit
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = S3Audit("ec650e97-156e-11e9-abcb-005056bbd0bf")
resource.enabled = False
resource.patch()
Deleting a specific S3 audit configuration of an SVM
The entry to be deleted is identified by the UUID of its SVM.
from netapp_ontap import HostConnection
from netapp_ontap.resources import S3Audit
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = S3Audit("ec650e97-156e-11e9-abcb-005056bbd0bf")
resource.delete()
Classes
class S3Audit (*args, **kwargs)
-
Auditing for NAS events is a security measure that enables you to track and log certain S3 events on SVMs.
Initialize the instance of the resource.
Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:
MyResource(name='foo').name == 'foo'
Args
*args
- Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
- each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.
Ancestors
Methods
def delete (self, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Deletes an S3 audit configuration.
Related ONTAP commands
vserver object-store-server audit disable
vserver object-store-server audit delete
Learn more
Send a deletion request to the host for this object.
Args
body
- The body of the delete request. This could be a Resource instance or a dictionary object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def get (self, **kwargs) -> NetAppResponse
-
Retrieves S3 audit configurations.
Related ONTAP commands
vserver object-store-server audit show
Learn more
Fetch the details of the object from the host.
Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def patch (self, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Updates an S3 audit configuration for an SVM.
Important notes
events
- Not specifying either data or management is equivalent to setting it to false.
Related ONTAP commands
vserver object-store-server audit modify
Learn more
Send the difference in the object's state to the host as a modification request.
Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def post (self, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Creates an S3 audit configuration.
Required properties
log_path
- Path in the owning SVM namespace that is used to store audit logs.
Default property values
If not specified in POST, the following default property values are assigned: *
enabled
- true *events.data
- true *events.management
- false *log.format
- json *log.retention.count
- 0 *log.retention.duration
- PT0S *log.rotation.size
- 100MB *log.rotation.now
- falseRelated ONTAP commands
vserver object-store-server audit create
vserver object-store-server audit enable
Learn more
Send this object to the host as a creation request.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Inherited members
class S3AuditSchema (*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)
-
The fields of the S3Audit object
Ancestors
- netapp_ontap.resource.ResourceSchema
- marshmallow.schema.Schema
- marshmallow.base.SchemaABC
Class variables
-
enabled: bool GET POST PATCH
-
Specifies whether or not auditing is enabled on the SVM.
-
events: S3AuditEvents GET POST PATCH
-
The events field of the s3_audit.
-
log: S3Log GET POST PATCH
-
The log field of the s3_audit.
-
log_path: str GET POST PATCH
-
The audit log destination path where consolidated audit logs are stored.
-
svm: Svm GET POST
-
The svm field of the s3_audit.