[prev in list] [next in list] [prev in thread] [next in thread]
List: forgerock-openidm-commit
Subject: [CommitOpenIDM] [5375] trunk/src/main/docbkx/integrators-guide: CR-7091 (OPENIDM-2999) Sync audit is
From: anonymous () forgerock ! org
Date: 2015-05-29 9:32:15
Message-ID: 20150529093215.E57EC3F8DD () sources ! internal ! forgerock ! com
[Download RAW message or body]
[Attachment #2 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[5375] trunk/src/main/docbkx/integrators-guide: CR-7091 (OPENIDM-2999) Sync \
audit is not documented in the Audit chapter</title> </head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: \
verdana,arial,helvetica,sans-serif; font-size: 10pt; } #msg dl a { font-weight: \
bold} #msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: \
bold; } #msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: \
6px; } #logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em \
0; } #logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg \
h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; } \
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; \
} #logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: \
-1.5em; padding-left: 1.5em; } #logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em \
1em 0 1em; background: white;} #logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid \
#fa0; border-bottom: 1px solid #fa0; background: #fff; } #logmsg table th { \
text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted \
#fa0; } #logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: \
0.2em 0.5em; } #logmsg table thead th { text-align: center; border-bottom: 1px solid \
#fa0; } #logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: \
6px; } #patch { width: 100%; }
#patch h4 {font-family: \
verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, \
#patch .copfile {border:1px solid #ccc;margin:10px 0;} #patch ins \
{background:#dfd;text-decoration:none;display:block;padding:0 10px;} #patch del \
{background:#fdd;text-decoration:none;display:block;padding:0 10px;} #patch .lines, \
.info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a \
href="http://sources.forgerock.org/changelog/openidm/?cs=5375">5375</a></dd> \
<dt>Author</dt> <dd>lana</dd> <dt>Date</dt> <dd>2015-05-29 10:32:15 +0100 (Fri, 29 \
May 2015)</dd> </dl>
<h3>Log Message</h3>
<pre>CR-7091 (<a href="https://bugster.forgerock.org/jira/browse/OPENIDM-2999">OPENIDM-2999</a>) \
Sync audit is not documented in the Audit chapter</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcmaindocbkxintegratorsguideappendixrestxml">trunk/src/main/docbkx/integrators-guide/appendix-rest.xml</a></li>
<li><a href="#trunksrcmaindocbkxintegratorsguidechapauditingxml">trunk/src/main/docbkx/integrators-guide/chap-auditing.xml</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcmaindocbkxintegratorsguideappendixrestxml"></a>
<div class="modfile"><h4>Modified: \
trunk/src/main/docbkx/integrators-guide/appendix-rest.xml (5374 => 5375)</h4> <pre \
class="diff"><span> <span class="info">--- \
trunk/src/main/docbkx/integrators-guide/appendix-rest.xml 2015-05-28 22:45:47 UTC \
(rev 5374)
+++ trunk/src/main/docbkx/integrators-guide/appendix-rest.xml 2015-05-29 09:32:15 UTC \
(rev 5375) </span><span class="lines">@@ -20,7 +20,7 @@
</span><span class="cx"> !
</span><span class="cx"> ! CCPL HEADER END
</span><span class="cx"> !
</span><del>- ! Copyright 2011-2014 ForgeRock AS
</del><ins>+ ! Copyright 2011-2015 ForgeRock AS
</ins><span class="cx"> !
</span><span class="cx"> -->
</span><span class="cx"> <appendix xml:id='appendix-rest'
</span><span class="lines">@@ -1719,6 +1719,16 @@
</span><span class="cx"> <entry>Queries the reconciliation audit log \
for a specific reconciliation situation</entry> </span><span class="cx"> \
</row> </span><span class="cx"> <row>
</span><ins>+ <entry>/openidm/audit/sync</entry>
+ <entry>GET</entry>
+ <entry>Displays the synchronization audit log</entry>
+ </row>
+ <row>
+ <entry>/openidm/audit/sync/<replaceable>id</replaceable></entry>
+ <entry>GET</entry>
+ <entry>Reads a specific synchronization audit log entry</entry>
+ </row>
+ <row>
</ins><span class="cx"> <entry>/openidm/audit/activity</entry>
</span><span class="cx"> <entry>GET</entry>
</span><span class="cx"> <entry>Displays the activity log</entry>
</span></span></pre></div>
<a id="trunksrcmaindocbkxintegratorsguidechapauditingxml"></a>
<div class="modfile"><h4>Modified: \
trunk/src/main/docbkx/integrators-guide/chap-auditing.xml (5374 => 5375)</h4> <pre \
class="diff"><span> <span class="info">--- \
trunk/src/main/docbkx/integrators-guide/chap-auditing.xml 2015-05-28 22:45:47 UTC \
(rev 5374)
+++ trunk/src/main/docbkx/integrators-guide/chap-auditing.xml 2015-05-29 09:32:15 UTC \
(rev 5375) </span><span class="lines">@@ -55,21 +55,26 @@
</span><span class="cx"> <title>Audit Log Types</title>
</span><span class="cx">
</span><span class="cx"> <variablelist>
</span><del>- <para>This section describes the types of audit log OpenIDM \
provides.</para> </del><ins>+ <para>
+ OpenIDM provides the following types of audit log:
+ </para>
</ins><span class="cx"> <varlistentry>
</span><span class="cx"> <term>Access Log</term>
</span><span class="cx"> <listitem>
</span><del>- <para>OpenIDM writes messages concerning access to the REST \
API in this
- log.</para>
</del><ins>+ <para>
+ OpenIDM writes messages concerning access to the REST API in this log.
+ </para>
</ins><span class="cx"> <para>Default file: \
<filename>openidm/audit/access.csv</filename></para> </span><span \
class="cx"> </listitem> </span><span class="cx"> </varlistentry>
</span><span class="cx"> <varlistentry>
</span><span class="cx"> <term>Activity Log</term>
</span><span class="cx"> <listitem>
</span><del>- <para>OpenIDM logs operations on internal (managed) and \
external (system)
- objects to this log type.</para>
</del><span class="cx"> <para>
</span><ins>+ OpenIDM logs operations on internal (managed) and external \
(system) + objects to this log.
+ </para>
+ <para>
</ins><span class="cx"> Entries in the activity log contain identifiers, both \
for the action that </span><span class="cx"> triggered the activity, and also \
for the original caller and the </span><span class="cx"> relationships between \
related actions. </span><span class="lines">@@ -80,14 +85,27 @@
</span><span class="cx"> <varlistentry>
</span><span class="cx"> <term>Reconciliation Log</term>
</span><span class="cx"> <listitem>
</span><del>- <para>OpenIDM logs the results of a reconciliation run, \
including
- situations and the resulting actions taken to this log type. The activity
- log contains details about the actions, where log entries display parent
- activity identifiers,
- <literal>recon/<replaceable>reconID</replaceable></literal>.</para>
</del><ins>+ <para>
+ OpenIDM logs the results of a reconciliation run to this log (including
+ situations and the resulting actions taken). The activity log contains
+ details about the actions, where log entries display parent activity
+ identifiers, <literal>recon/<replaceable>reconID</replaceable></literal>.
+ </para>
</ins><span class="cx"> <para>Default file: \
<filename>openidm/audit/recon.csv</filename></para> </span><span \
class="cx"> </listitem> </span><span class="cx"> </varlistentry>
</span><ins>+ <varlistentry>
+ <term>Synchronization Log</term>
+ <listitem>
+ <para>
+ OpenIDM logs the results of automatic synchronization operations (LiveSync
+ and implicit synchronization) to this log, including situations and the
+ actions taken on each object. The activity log contains additional detail
+ about the actions.
+ </para>
+ <para>Default file: \
<filename>openidm/audit/sync.csv</filename></para> + \
</listitem> + </varlistentry>
</ins><span class="cx"> </variablelist>
</span><span class="cx">
</span><span class="cx"> <para>Where an action happens related to a higher \
level business </span><span class="lines">@@ -313,7 +331,7 @@
</span><span class="cx">
</span><span class="cx"> <variablelist xml:id="audit-recon-fields">
</span><span class="cx"> <title>Reconciliation Log Fields</title>
</span><del>- <para>Reconciliation messages include the following \
information:</para> </del><ins>+ <para>Reconciliation log messages \
include the following information:</para> </ins><span class="cx"> \
<varlistentry> </span><span class="cx"> \
<term><literal>"_id"</literal></term> </span><span \
class="cx"> <listitem> </span><span class="lines">@@ -327,10 +345,11 @@
</span><span class="cx"> \
<term><literal>"action"</literal></term> \
</span><span class="cx"> <listitem> </span><span class="cx"> \
<para> </span><del>- Synchronization action, such as \
<literal>"CREATE"</literal>. See the
- section on <link xlink:href="integrators-guide#sync-actions"
- xlink:role="http://docbook.org/xlink/role/olink"><citetitle>Actions</citetitle></link>
- for a list of possible actions.
</del><ins>+ Synchronization action, such as \
<literal>"CREATE"</literal>. For more + information, see \
the section that describes the <link + \
xlink:href="integrators-guide#sync-actions" + \
xlink:role="http://docbook.org/xlink/role/olink"><citetitle>Synchronization
+ Actions</citetitle></link>.
</ins><span class="cx"> </para>
</span><span class="cx"> </listitem>
</span><span class="cx"> </varlistentry>
</span><span class="lines">@@ -443,10 +462,11 @@
</span><span class="cx"> <varlistentry>
</span><span class="cx"> \
<term><literal>"situation"</literal></term> \
</span><span class="cx"> <listitem> </span><del>- <para>The \
situation encountered. See
- the section describing <link \
xlink:href="integrators-guide#sync-situations"
- xlink:role="http://docbook.org/xlink/role/olink">synchronization
- situations</link> for a list.</para>
</del><ins>+ <para>
+ The situation encountered. For more information, see the section that
+ describes <link xlink:href="integrators-guide#sync-situations"
+ xlink:role="http://docbook.org/xlink/role/olink">synchronization
+ situations</link>.</para>
</ins><span class="cx"> </listitem>
</span><span class="cx"> </varlistentry>
</span><span class="cx"> <varlistentry>
</span><span class="lines">@@ -485,6 +505,161 @@
</span><span class="cx"> </listitem>
</span><span class="cx"> </varlistentry>
</span><span class="cx"> </variablelist>
</span><ins>+
+ <variablelist xml:id="audit-sync-fields">
+ <title>Synchronization Log Fields</title>
+ <para>Synchronization log messages include the following \
information:</para> + <varlistentry>
+ <term><literal>"_id"</literal></term>
+ <listitem>
+ <para>
+ UUID for the message object, such as
+ <literal>"9349accd-b3ee-451c-8e87-0412efdac627"</literal>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"action"</literal></term>
+ <listitem>
+ <para>
+ Synchronization action, such as \
<literal>"CREATE"</literal>. For more + information, see \
the section that describes <link xlink:show="new" + \
xlink:href="integrators-guide#sync-actions" + \
xlink:role="http://docbook.org/xlink/role/olink"><citetitle>Synchronization
+ Actions</citetitle></link>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"actionID"</literal></term>
+ <listitem>
+ <para>
+ The unique ID assigned to the action.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"exception"</literal></term>
+ <listitem>
+ <para>
+ The stack trace of the exception, if any.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"linkQualifier"</literal></term>
+ <listitem>
+ <para>
+ The link qualifier applied to the action. Link qualifiers enable you to
+ manage one to many relationships in mappings. For more information about
+ link qualifiers, see <link xlink:show="new"
+ xlink:href="integrators-guide#mapping-link-qualifiers"
+ xlink:role="http://docbook.org/xlink/role/olink"><citetitle>Using
+ Link Qualifiers in a Mapping</citetitle></link>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"mapping"</literal></term>
+ <listitem>
+ <para>
+ The name of the mapping used for the synchronization operation (defined in
+ <filename>conf/sync.json</filename>, for example
+ <literal>"systemLdapAccounts_managedUser"</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"message"</literal></term>
+ <listitem>
+ <para>
+ Human readable text about the synchronization action that was taken.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"messageDetail"</literal></term>
+ <listitem>
+ <para>
+ When script exceptions are encountered during a synchronization operation,
+ the error details can be stored in this property.
+ </para>
+ <para>
+ For script exception details to be pulled in, the script exception must
+ take the following format:
+ </para>
+ <programlisting>
+ "throw {
+ 'openidmCode' : <replaceable>HTTP error code</replaceable>,
+ 'message' : <replaceable>error message</replaceable>,
+ 'detail' : {
+ <replaceable>details</replaceable>
+ }
+ };"
+ </programlisting>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"rootActionId"</literal></term>
+ <listitem>
+ <para>
+ UUID of the root cause for the activity. This matches a corresponding
+ <literal>"rootActionId"</literal> in an activity \
message. + </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"situation"</literal></term>
+ <listitem>
+ <para>
+ The situation encountered for each object. For more information, see the
+ section that describes the <link
+ xlink:href="integrators-guide#sync-situations"
+ xlink:role="http://docbook.org/xlink/role/olink">synchronization
+ situations</link>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"sourceObjectId"</literal></term>
+ <listitem>
+ <para>
+ The object identifier on the source system, such as
+ <literal>"system/ldap/account/uid=bjensen,ou=People,dc=example,dc=com"</literal>
+ or <literal>"managed/user/bjensen"</literal> (depending \
on the resource + that is configured as the source in the mapping).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"status"</literal></term>
+ <listitem>
+ <para>
+ The result of the synchronization operation, such as
+ <literal>"SUCCESS"</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"targetObjectId"</literal></term>
+ <listitem>
+ <para>
+ The object identifier on the target system, such as
+ <literal>"uid=bjensen,ou=People,dc=example,dc=com"</literal> \
or + <literal>"managed/user/bjensen"</literal> (depending \
on the resource + configured as the target in the mapping).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>"timestamp"</literal></term>
+ <listitem>
+ <para>
+ The time that OpenIDM logged the message, in UTC format, for example
+ <literal>"2015-05-28T13:48:00.160Z"</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</ins><span class="cx"> </section>
</span><span class="cx">
</span><span class="cx"> <section xml:id="audit-configuration">
</span><span class="lines">@@ -1022,10 +1197,10 @@
</span><span class="cx"> You can create a script for filtering. As it does for \
other scripts, OpenIDM </span><span class="cx"> makes the create request and the \
context objects available to the script. </span><span class="cx"> Before the audit \
record is written, it can be accessed as a </span><del>- \
<literal>request.content</literal> object. For guidance, see the \
Integrator's
- Guide appendix on <link \
xlink:role="http://docbook.org/xlink/role/olink/" </del><ins>+ \
<literal>request.content</literal> object. For guidance, see the <link \
+ xlink:role="http://docbook.org/xlink/role/olink/" </ins><span \
class="cx"> xlink:show="new" \
xlink:href="integrators-guide#scripting-configuration"> </span><del>- \
<citetitle>Scripting Configuration</citetitle></link>. </del><ins>+ \
<citetitle>Scripting Configuration</citetitle></link> appendix. \
</ins><span class="cx"> </para> </span><span class="cx">
</span><span class="cx"> <para>
</span></span></pre>
</div>
</div>
<div id="footer">Copyright (c) by ForgeRock. All rights reserved.</div>
</body>
</html>
_______________________________________________
CommitOpenIDM mailing list
CommitOpenIDM@forgerock.org
https://lists.forgerock.org/mailman/listinfo/commitopenidm
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic