Merge "Enable CADF notification format by default"

2016-11-22 13:16:11 +00:00 · 2016-11-22 13:16:11 +00:00 · 7871fbcab1
commit 7871fbcab1
parent ec9e5b2b26 165e5a98f0
3 changed files with 27 additions and 8 deletions
--- a/keystone/conf/default.py
+++ b/keystone/conf/default.py
@ -202,7 +202,7 @@ will default to using the server's host name.

 notification_format = cfg.StrOpt(
    'notification_format',
-    default='basic',
+    default='cadf',
    choices=['basic', 'cadf'],
    help=utils.fmt("""
 Define the notification format for identity service events. A `basic`
@ -215,14 +215,18 @@ auditing use cases.

 notification_opt_out = cfg.MultiStrOpt(
    'notification_opt_out',
-    default=[],
+    default=["identity.authenticate.success",
+             "identity.authenticate.pending",
+             "identity.authenticate.failed"],
    help=utils.fmt("""
-If left undefined, keystone will emit notifications for all types of events.
-You can reduce the number of notifications keystone emits by using this option
-to enumerate notification topics that should be suppressed. Values are expected
-to be in the form `identity.<resource_type>.<operation>`. This field can be set
-multiple times in order to opt-out of multiple notification topics. For
-example:
+You can reduce the number of notifications keystone emits by explicitly
+opting out. Keystone will not emit notifications that match the patterns
+expressed in this list. Values are expected to be in the form of
+`identity.<resource_type>.<operation>`. By default, all notifications
+related to authentication are automatically suppressed. This field can be
+set multiple times in order to opt-out of multiple notification topics. For
+example, the following suppresses notifications describing user creation or
+successful authentication events:
 notification_opt_out=identity.user.create
 notification_opt_out=identity.authenticate.success
 """))
--- a/keystone/tests/unit/common/test_notifications.py
+++ b/keystone/tests/unit/common/test_notifications.py
@ -122,6 +122,9 @@ class NotificationsTestCase(unit.BaseTestCase):
        resource_type = EXP_RESOURCE_TYPE
        operation = CREATED_OPERATION

+        conf = self.useFixture(config_fixture.Config(CONF))
+        conf.config(notification_format='basic')
+
        # NOTE(ldbragst): Even though notifications._send_notification doesn't
        # contain logic that creates cases, this is supposed to test that
        # context is always empty and that we ensure the resource ID of the
--- a/releasenotes/notes/enable-cadf-notification-format-by-default-f938267e1ec54071.yaml
+++ b/releasenotes/notes/enable-cadf-notification-format-by-default-f938267e1ec54071.yaml
@ -0,0 +1,12 @@
+---
+fixes:
+  - Changed the default notification from ``basic`` to ``cadf``.
+  - Added ``identity.authenticate.success``, ``identity.authenticate.pending``
+    and ``identity.authenticate.failed`` as default for
+    ``notification_opt_out``.
+upgrade:
+  - The default setting for ``notification_opt_out`` is changed to include
+    ``identity.authenticate.success``, ``identity.authenticate.pending`` and
+    ``identity.authenticate.failed``. If a deployment relies on these
+    notifications, then override the default ``notification_opt_out`` setting
+    by explicitly specifying the notifications to suppress.