Audit
Connect provides a mechanism to audit the state of the Fabric Services System against the state of the Connect service. The state of these two components can become disconnected due to fabric deviations, general disconnects in the Kubernetes cluster, or manual intervention.
To recover from these scenarios, Connect introduces the audit mechanism.
To create an audit request, send a POST request including at least the deploymentID to be audited. By default, the scope of the audit will be CONNECT_ONLY. To change the scope, you need to provide the scope in the POST request.
Connect supports the following audit scopes:
- CONNECT_ONLY: The audit examines the full relationship between Connect and the Fabric Services System.
- ERROR_ONLY: The audit examines only Connect resources that are in an ERROR state. Resources can enter an ERROR state when Connect cannot create or update their equivalent on the Fabric Services System due to unforeseen circumstances. Note that this kind of audit will not detect DANGLING_RESOURCE deviations on the Fabric Services System.
REQUEST: POST http://localhost/rest/connect/api/v1/admin/audits
{"deploymentId": "422199394960411946"}
RESPONSE:
{
"id": "422199984495070506",
"enqueueTime": "2022-08-22T17:00:01.005355194+02:00",
"endTime": "0001-01-01T00:00:00Z",
"status": "InProgress",
"failureReason": "",
"dryRun": false,
"report": [],
"deploymentId": "422199394960411946",
"scope": "CONNECT_ONLY",
"totalNumberOfDiscrepancies": 0,
"totalNumberOfSuccessfulDiscrepancies": 0,
"totalNumberOfFailedDiscrepancies": 0
}
REQUEST: GET http://localhost/rest/connect/api/v1/admin/audits/422199984495070506
RESPONSE:
{
"id": "422199984495070506",
"enqueueTime": "2022-08-22T15:00:01.005Z",
"endTime": "2022-08-22T15:00:01.578Z",
"status": "Success",
"failureReason": "",
"dryRun": false,
"report": [],
"deploymentId": "422199394960411946",
"scope": "CONNECT_ONLY",
"totalNumberOfDiscrepancies": 0,
"totalNumberOfSuccessfulDiscrepancies": 0,
"totalNumberOfFailedDiscrepancies": 0
}
-
EnqueueTime
andEndtime
allow you to monitor job execution time. -
Status
indicates whether the audit was successful, errored, or is still in progress. -
failureReason
is only populated when the audit is in an error state, indicating which error occurred during the audit. -
dryRun
is an optional boolean, indicating that only a report must be printed instead of executing the audit actions. -
Report
is a list of actions taken by the audit. -
Report
entries can be of type:MISSING_RESOURCE
: the Fabric Services System is missing a resource that is configured in Connect. To correct this, re-create the Fabric Services System resource.DANGLING_RESOURCE
: Connect is no longer aware of a resource that is configured in the Fabric Services System. To correct this, delete the Fabric Services System resource.MISCONFIGURED_RESOURCE
: Connect has a different configuration than the Fabric Services System. To correct this, update the Fabric Services System resource.EVPN_UNDEPLOYED:
Connect detected that one of the tenants/EVPNs it manages is not deployed correctly.