Audit and Metrics issueshttps://community.opengroup.org/osdu/platform/deployment-and-operations/audit-and-metrics/-/issues2022-05-23T16:18:13Zhttps://community.opengroup.org/osdu/platform/deployment-and-operations/audit-and-metrics/-/issues/40GCP Endpoints Authentication/Authorization2022-05-23T16:18:13ZSiarhei Khaletski (EPAM)GCP Endpoints Authentication/Authorization# Context
GCP/EPAM team has finished onboarding of the service.
Now all endpoints of the service are open to the world. In our view, it is not secure to provide an access to the information about GCP environment/metrics.
We noticed `a...# Context
GCP/EPAM team has finished onboarding of the service.
Now all endpoints of the service are open to the world. In our view, it is not secure to provide an access to the information about GCP environment/metrics.
We noticed `auth.py` module but it seems like not completed. From security perspective it requires to pay additional attention to security concerns.
# Issue
The MR !14 has some drawbacks, namely there were used `username`, `password`, `secret` properties to manage token validation (look at URI on screenshot above).
![Screen_Shot_2022-03-09_at_2.21.43_PM](/uploads/7fa7900c9dac811e89ce6bbd3ac4bdaa/Screen_Shot_2022-03-09_at_2.21.43_PM.png)
For GPC we can't use external system to receive the `x-access-token`.
# Expected Behavior
All GCP endpoints require `access_token` (not `id_token`) for user authentication and authorization.
The token should be received from `https://oauth2.googleapis.com/token` Google Oauth Endpoint.
On the code level `google.oauth` package can be used for the token validation.
# Improvement Proposal
Potentially, all user access rights for `Audit & Metrics` service can be managed by `OSDU Entitlements service`.M11 - Release 0.14Srinivasan RamamoorthiSrinivasan Ramamoorthihttps://community.opengroup.org/osdu/platform/deployment-and-operations/audit-and-metrics/-/issues/36Data Entitlement KPIs2021-08-26T16:23:14ZStephen Whitley (Invited Expert)Data Entitlement KPIs## Description
A set of KPIs that provide insight into entitlments
## Scope
## How to measure
- \# Legal Tags
- number of Records for each Legal Tag
- \# Data Groups
- number of Records for each Data Group
- \# Policies (futur...## Description
A set of KPIs that provide insight into entitlments
## Scope
## How to measure
- \# Legal Tags
- number of Records for each Legal Tag
- \# Data Groups
- number of Records for each Data Group
- \# Policies (future)
- number of Records for each PolicyMohd Asad ShaikhMohd Asad Shaikhhttps://community.opengroup.org/osdu/platform/deployment-and-operations/audit-and-metrics/-/issues/24Denied User Access2021-08-04T15:30:08ZStephen Whitley (Invited Expert)Denied User Access## Description
Number of denied user requests.
Comments, since authorization validation is delegated to the IdP, this is not a direct measurement if captured from the OSDU Services
## Scope
IDP, Services
## How Measured
Number of l...## Description
Number of denied user requests.
Comments, since authorization validation is delegated to the IdP, this is not a direct measurement if captured from the OSDU Services
## Scope
IDP, Services
## How Measured
Number of login requests followed by a successful access to an OSDU Service
## Where Measured
- IdP logs
- Entitlement Service