no create time for project

What do you use the creation time for?

The request is logged when you create the project. You can get the creation time and a unique request ID from the logs. Does that meet your needs?

although through the log we can get the create time, it is hard to get a audit report through the regular project rest api. To get the create time, we have to dump the large quantity of logs which can make trouble in tow ways. One hand the log will not be constraint so it might be lost, the difficulty on getting the property will make the advanced operation impossible like sorting the project created from a to b. So, i do think adding project create time is quite necessary.

Creating a project also emits a CADF notification which can be consumed by things like ceilometer:

https://docs.openstack.org/keystone/latest/admin/event_notifications.html

This is designed specifically for auditing and doesn't require scanning the logs.

++ on CADF notifications, which have an "eventTime" field which would specify in this case the time the project was created and by which user.

There's even an example for project create:

https://docs.openstack.org/keystone/latest/admin/event_notifications.html#example-notification-project-create

I believe the default notification driver is rabbitmq and it's thrown into the "notifications.info" queue.

It turns out we already have a backlog spec for implementing this:

http://specs.openstack.org/openstack/keystone-specs/specs/keystone/backlog/model-timestamps.html

but I'm not sure we want to commit to it, given that we do have CADF notifications for this purpose.

XiaojueGuan, can you give us more information about whether the CADF notifications are sufficient for your use case, and if not, why not?