Comment 9 for bug 1552795

Just to be clear, we are talking about these three notifications.

keystone/identity/core.py: notifications.Audit.created(self._USER, user['id'], initiator)
keystone/identity/core.py: notifications.Audit.updated(self._USER, user_id, initiator)
keystone/identity/core.py: notifications.Audit.deleted(self._USER, user_id, initiator)

Not authenticate. Not initiator user_id.

These are for Keystone locally managed users. Even for shadow user, this is the local copy so I don't think it will impact federated users.

Though for the deleted event, the lookup user attributes after the fact argument may not hold as user has already been deleted from the backend. Unless we want to dig it up from backend-and-recovery system or something.

I would favor adding username + domain for now, till we have a complete resource lifecycle management framework in place.