Keystone notifications don't have enough data
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
Keystone currently supports two notification formats: a Basic Notification, and a Cloud Auditing Data Federation (CADF) Notification.
CADF notifications are more informative but it is still not enough.
Here is an example for "deleted.user" event:
{
"typeURI": "http://
"initiator": {
"typeURI": "service/
"host": {
},
"user_id": "e5ac866ebfce45
"id": "e5ac866ebfce45
},
"target": {
"typeURI": "service/
"id": "f026aee7-
},
"observer": {
"typeURI": "service/security",
"id": "9275459bf1e84e
},
"eventType": "activity",
"eventTime": "2016-09-
"action": "deleted.user",
"outcome": "success",
"id": "bdfdb6c5-
}
User is deleted and here is only id of that user.
OpenStack operators will not be able to understand what user exactly was deleted.
We have 2 other bugs about this issue: https:/ /bugs.launchpad .net/keystone/ +bug/1552795 and https:/ /bugs.launchpad .net/keystone/ +bug/1572619
If we're going to make this change, we should *uniformly* include the names of all resources that have names (rather than treat projects as being special): domains, users, roles, groups, etc.
Lance attempted to capture some of the discussion we had on this topic at the summit in Austin: http:// lbragstad. com/improving- auditing- in-keystone/