Enable CADF events in Keystone and introduce enable_cadf_notifications

Change-Id: I0a40867ae65011fbfd53308b9d7f42d10435f5fa
Closes-bug: #1607905

ansible/group_vars/all.yml

@@ -239,9 +239,10 @@ enable_neutron: "yes"
 enable_nova: "yes"
 enable_rabbitmq: "yes"
 
-# Additional optional OpenStack services are specified here
+# Additional optional OpenStack features and services are specified here
 enable_aodh: "no"
 enable_barbican: "no"
+enable_cadf_notifications: "no"
 enable_ceilometer: "no"
 enable_central_logging: "no"
 enable_ceph: "no"

ansible/roles/keystone/templates/keystone.conf.j2

@@ -1,5 +1,8 @@
 [DEFAULT]
 debug = {{ keystone_logging_debug }}
+{% if enable_cadf_notifications %}
+notification_format = cadf
+{% endif %}
 
 # NOTE(elemoine) log_dir alone does not work for Keystone
 log_file = /var/log/kolla/keystone/keystone.log
@@ -39,3 +42,9 @@ memcache_servers = {{ memcached_servers }}
 {% else %}
 memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
 {%- endif %}
+
+{% if enable_cadf_notifications %}
+[oslo_messaging_notifications]
+driver = messagingv2
+transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+{% endif %}

releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - Add support for CADF event notifications. This standard provides
+    auditing capabilities for compliance with security, operational,
+    and business processes and supports normalized and categorized
+    event data for federation and aggregation.