Keystone notifications don't have enough data
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Keystone currently supports two notification formats: a Basic Notification, and a Cloud Auditing Data Federation (CADF) Notification.
CADF notifications are more informative but it is still not enough.
Here is an example for "deleted.user" event:
{
"typeURI": "http://
"initiator": {
"typeURI": "service/
"host": {
},
"user_id": "e5ac866ebfce45
"id": "e5ac866ebfce45
},
"target": {
"typeURI": "service/
"id": "f026aee7-
},
"observer": {
"typeURI": "service/security",
"id": "9275459bf1e84e
},
"eventType": "activity",
"eventTime": "2016-09-
"action": "deleted.user",
"outcome": "success",
"id": "bdfdb6c5-
}
User is deleted and here is only id of that user.
OpenStack operators will not be able to understand what user exactly was deleted.
| Steve Martinelli (stevemar) wrote | #1 |
| Steve Martinelli (stevemar) wrote | #2 |
| Steve Martinelli (stevemar) wrote | #3 |
We have 2 other bugs about this issue: https:/
If we're going to make this change, we should *uniformly* include the names of all resources that have names (rather than treat projects as being special): domains, users, roles, groups, etc.
Lance attempted to capture some of the discussion we had on this topic at the summit in Austin: http://