Feature request; audit log for policy change.

[odg0318]

Hello.

I suggest a new feature for audit. When a user changes policy or resource via command line, no log remains. I found logs about hbm through journald on CentOS but there is no log about hbm resource change history. I think that only Authz logs are available under the current architecture. When I run hbm resource ls, it directly call a function.

As I know, all commands of docker go through REST api to execute as below.

1. Run docker command via cli.
2. Internally call REST API through unix sock, for example /run/docker.sock.
3. Execute the proper command.

If HBM has the same architecture as docker, all logs are available. What do you think of implementing REST api to change policy or resources? Surely I know this change needs big stuff.

Always thanks.

[ghost]

Hi,

Yes, that's part of the roadmap like I did for TSA (but will use unix socket instead of tcp). Also as I mentioned once there will be a central API for managing all hbm instances. That will allow managing hosts, users, resources, policies and apply them to an organization.

Thanks

[odg0318]

In my opinion, at least TLS must be supported to remotely manage.