Hello.

I suggest a new feature for audit.
When a user changes policy or resource via command line, no log remains.
I found logs about hbm through journald on CentOS but there is no log about hbm resource change history.
I think that only Authz logs are available under the current architecture.
When I run hbm resource ls, it directly call a function.

As I know, all commands of docker go through REST api to execute as below.

1. Run docker command via cli.
2. Internally call REST API through unix sock, for example /run/docker.sock.
3. Execute the proper command.

If HBM has the same architecture as docker, all logs are available.
What do you think of implementing REST api to change policy or resources?
Surely I know this change needs big stuff.

Always thanks.

Hi,

Yes, that's part of the roadmap like I did for TSA (but will use unix socket instead of tcp). Also as I mentioned once there will be a central API for managing all hbm instances. That will allow managing hosts, users, resources, policies and apply them to an organization.

Thanks

In my opinion, at least TLS must be supported to remotely manage.