This patch will allow certain notifications for events in
Keystone to be opted out. Opting out may be a desired way of
doing this since most keystone deployers will likely like
to by default have all audit traces.
Change-Id: I86caf6e5f25cdd76121881813167c2144bf1d051
Closes-Bug: 1519210
For role assignment notifications there were two notifications
being emitted. We deprecated the original notification event_type
in Kilo and can now remove it in Mitaka. Also update a reference
of the old event_type in the notification docs.
implements bp removed-as-of-mitaka
Change-Id: I42e68d2b95014fb7500a709de6ecbd8e5f93bac4
Hopefully make the docs more clear on the two types of
notifications that keystone emits. Provide several examples
of the new CADF events.
partially implements bp: cadf-everywhere
Change-Id: I5c34b1ffffb594bd0f13fe0763439a64c03a48f2
Update docs with an example audit notification for role assignment
creation.
implements bp role-assignment-notifications
Change-Id: I70b54eaae989df0e793d9e7a6aa0df4c50891b60
The endpoint policy extension will need to ensure stale
associations are removed on deletion of these entities. Delete
events are already generated for endpoints. For completeness,
create and update notifcations for these entities have also
been implemented.
Partially implements: bp endpoint-policy
Change-Id: I5de15459f5b577955056ecc166b450963e85bbc9
Currently, the documentation only shows the payload of a CADF
authentication event. We should show the other non-payload info
so as to be consistent with the other notification examples.
Change-Id: I878a71c4b99bb8e9e080be852cb139909030dfd9
These recommendations represent the outcome of the Keystone/Barbican
cross-project discussion regarding:
https://review.openstack.org/#/c/99658/
This discussion occurred at the keystone hackathon for Juno.
Change-Id: Ib67c85a9f900ef0a6a346cdbf3280b3a8f977ad7
Added documentation that states that Keystone has added audit
notification support for operations like authentication using
the DMTF Cloud Auditing Data Federation (CADF) standard.
Change-Id: I63858d14f1b628597251c8980eae6a4fe626e83f
In the notification docs, we never explicitly say that notification are
always set at the INFO level. This priority level is not configurable
by the end user through the keystone.conf and this change documents that
behavior in the event_notifications.rst docs.
Change-Id: I293db2b69a73a1b56fe0539e183ea13b87ce639a
Use the existing notifications wrapper to send notifications when a
trust is created or deleted. There is no need to send a notification on
a trust update since trusts are immutable. This change adds
trusts to the event_notifications.rst documentation.
Change-Id: I777ad4594ce9b93c36af675ac677cfa61524a3e7
blueprint: trust-notifications
Currently, we only issue notifications for projects, users and
domains. This patch will add support to issue notifications for
groups and roles. Notifications will be sent on create, update
and delete.
I've also updated tests to include tests for projects and users.
DocImpact
Change-Id: I23eac9afb2a227e5739dc25395705597a92eb23c
fixes: bug 1231220
In addition to adding a mention about 'project' notifications, I rewrote
a few bits of the notifications docs to make it easier to add new
resource types as we implement them (you only have to add them to the
list, rather than revising a bunch of disparate paragraphs).
blueprint notifications
Change-Id: I4792e5dd368d5404c252d6c7c8dc8813af7509d8