OpenStack Identity (keystone)

Add project name to the project deleted notification event

Bug #1572619 reported by Todd Johnson on 2016-04-20

This bug report is a duplicate of: Bug #1552795: enhance notification for user events with user name. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	In Progress	Medium	Ryosuke Mizuno

Bug Description

I have some code that cleans up openstack resources when a project is deleted by listening for the identity.project.deleted notification event. This event payload only includes the project id. It would be nice if it also included the project name. I send an email to the admin with resources that are cleaned up and it would be nicer to have the project name as well as the id. Since the project has already been deleted by the time i receive the event, i can't go back to keystone to get the project name.

Tags:

Steve Martinelli (stevemar) on 2016-04-20

tags:	added: notifications
Changed in keystone:
importance:	Undecided → Medium

Revision history for this message

Guang Yee (guang-yee) wrote on 2016-04-20:

So we had this argument in the past. Quite a few of those in fact, about conveying names in generate, in the notification message payload. As I recall, the counter arguments were

1. names are mutable, and
2. as resources are being deleted, new resources can take on the same name, and
3. the only thing we can guarantee that is globally unique is the resource ID.

I am a proponent of adding name to notification payload. Reasons are

1. a notification is really a snapshot of an event that happened in Keystone, and
2. they will be aggregated by Security Incident and Event Monitoring (SEIM), and
3. as indicated above, operational workflow is depending on it

So I say lets do this.

Nick Klenke (nk2527) on 2016-04-20

Changed in keystone:
assignee:	nobody → Nick Klenke (nk2527)
status:	New → In Progress

Nick Klenke (nk2527) on 2016-05-18

Changed in keystone:
assignee:	Nick Klenke (nk2527) → nobody
status:	In Progress → New

Ryosuke Mizuno (r-mizuno) on 2016-05-20

Changed in keystone:
assignee:	nobody → Ryosuke Mizuno (r-mizuno)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-05-24: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/320299

Changed in keystone:
status:	New → In Progress

Revision history for this message

Dolph Mathews (dolph) wrote on 2016-06-14:

If we're going to make this change, we should *uniformly* include the names of all resources that have names (rather than treat projects as being special): domains, users, roles, groups, etc.

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2016-06-14:

I attempted to capture some of the discussion we had on this topic at the summit in Austin [0].

[0] http://lbragstad.com/improving-auditing-in-keystone/

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-14: Change abandoned on keystone (master)

Change abandoned by Steve Martinelli (<email address hidden>) on branch: master
Review: https://review.openstack.org/320299
Reason: no change in 5 months, and lots of overlap with https://review.openstack.org/#/c/288643/, lets use that one instead

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1552795 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.