Fix inconsistency in CADF initiator name field
For CADF messages, keystone stores the initiator username in the 'initiator.username' field, and keystonemiddleware stores it in the 'initiator.name' field[1]. CADF specs[2] says it should be initiator:name, so make it consistent. Keep the initiator.username field so as not to break existing deployments. [1] https://opendev.org/openstack/keystonemiddleware/src/branch/stable/2023.2/keystonemiddleware/audit/_api.py#L290 [2] https://www.dmtf.org/sites/default/files/standards/documents/DSP2038_1.1.0.pdf#page=14 Closes-Bug: #2063321 Change-Id: I69d662dd3c0e70d2a614655b62dd9655c438fc0b
This commit is contained in:
Jake Yip
@@ -833,6 +833,8 @@ def _add_username_to_initiator(initiator):
|
||||
return initiator
|
||||
try:
|
||||
user_ref = PROVIDERS.identity_api.get_user(initiator.user_id)
|
||||
# NOTE(jake): name should be used, username kept for compatibility
|
||||
initiator.name = user_ref['name']
|
||||
initiator.username = user_ref['name']
|
||||
except (exception.UserNotFound, AttributeError):
|
||||
# Either user not found or no user_id, move along
|
||||
|
||||
@@ -1156,7 +1156,7 @@ class CadfNotificationsWrapperTestCase(test_v3.RestfulTestCase):
|
||||
'typeURI': 'service/security/account/user',
|
||||
'host': {'address': 'localhost'},
|
||||
'id': 'openstack:0a90d95d-582c-4efb-9cbc-e2ca7ca9c341',
|
||||
'username': u'admin'
|
||||
'name': 'admin'
|
||||
},
|
||||
'target': {
|
||||
'typeURI': 'service/security/account/user',
|
||||
@@ -1211,6 +1211,7 @@ class CadfNotificationsWrapperTestCase(test_v3.RestfulTestCase):
|
||||
self.assertEqual(len(self._notifications), 1)
|
||||
note = self._notifications.pop()
|
||||
initiator = note['initiator']
|
||||
self.assertEqual(self.user['name'], initiator.name)
|
||||
self.assertEqual(self.user['name'], initiator.username)
|
||||
|
||||
def test_v3_authenticate_user_name_and_domain_id(self):
|
||||
|
||||
Reference in New Issue
Block a user