From 6a532111bc4b1c94304d94892a2c25b1e295a91b Mon Sep 17 00:00:00 2001 From: Divya Date: Tue, 11 Aug 2015 13:17:15 +0200 Subject: [PATCH] Add user_id,project_id traits to audit events The ceilometer audit events stored at the ceilometer database currently don't have user_id/project_id associated with them even though this information is available as part of the event message payload. The user_id and project_id information has to be stored as traits so that there's user/project context for each event and these traits are required to apply RBAC-based rules and filters on events. For eg., presence of these traits enable db queries - like get all events for a project/user against events. The audit event definition in the events yaml file already stores payload.initiator.id as initiator_id but the initiator_id trait is not a common trait across all events and thus this trait cannot be used to apply RBAC filter against events.This changeset will thus add user_id and project_id traits to the audit events namely *.http.* and add useri_id and project_id as default traits for all events. DocImpact Change-Id: If4034342c4e60d519f0ec96ae8895dcf78f8ad3b blueprint: events-rbac --- ceilometer/event/converter.py | 6 ++++++ doc/source/events.rst | 2 ++ etc/ceilometer/event_definitions.yaml | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/ceilometer/event/converter.py b/ceilometer/event/converter.py index 7a22ab25..050cc326 100644 --- a/ceilometer/event/converter.py +++ b/ceilometer/event/converter.py @@ -154,6 +154,12 @@ class EventDefinition(object): DEFAULT_TRAITS = dict( service=dict(type='text', fields='publisher_id'), request_id=dict(type='text', fields='_context_request_id'), + project_id=dict(type='text', fields=['payload.tenant_id', + '_context_tenant']), + user_id=dict(type='text', fields=['payload.user_id', + '_context_user_id']), + # TODO(dikonoor):tenant_id is old terminology and should + # be deprecated tenant_id=dict(type='text', fields=['payload.tenant_id', '_context_tenant']), ) diff --git a/doc/source/events.rst b/doc/source/events.rst index 3ea27a31..9091d5ed 100644 --- a/doc/source/events.rst +++ b/doc/source/events.rst @@ -126,6 +126,8 @@ all events if the notification has the relevant data: * service: (All notifications should have this) notification's publisher * tenant_id * request_id +* project_id +* user_id These do not have to be specified in the event definition, they are automatically added, but their definitions can be overridden for a given diff --git a/etc/ceilometer/event_definitions.yaml b/etc/ceilometer/event_definitions.yaml index ed47fe0f..5a1ae7f5 100644 --- a/etc/ceilometer/event_definitions.yaml +++ b/etc/ceilometer/event_definitions.yaml @@ -331,6 +331,10 @@ fields: ['payload.ipsec_site_connection.id', 'payload.id'] - event_type: '*http.*' traits: &http_audit + project_id: + fields: payload.initiator.project_id + user_id: + fields: payload.initiator.id typeURI: fields: payload.typeURI eventType: