2018-07-06 23:07:47 |
Gage Hugo |
bug |
|
|
added bug |
2018-07-07 01:57:25 |
Gage Hugo |
summary |
identity.authenticate CADF initiator id is random |
CADF identity.authenticate event initiator id is random UUID |
|
2018-07-07 12:42:29 |
Dave Chen |
keystone: importance |
Undecided |
Medium |
|
2018-07-07 12:42:29 |
Dave Chen |
keystone: status |
New |
Confirmed |
|
2018-07-27 16:08:01 |
Gage Hugo |
description |
When enabling CADF notifications and clearing the notification_opt_out setting[0] (which cause keystone to be more chatty with notifications) in order to audit identity.authenticate events, keystone (sometimes) emits a notification for the identity.authentication event where the initiator's ID is a random UUID that doesn't match up to a user.
An example of this is shown below, where keystone only has one user (admin). The config values for enabling CADF notifications were set here:
DEFAULT:
notification_format: cadf
notification_opt_out: ""
oslo_messaging_notifications:
driver: messagingv2
ubuntu@zbook:~$ openstack --os-cloud openstack_helm token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-07-07T10:55:00+0000 |
| id | gAAAAABbP_NE7uqaSEN6dDR4sEDB5N0EvOA085lp82_puZmDxeVV16ulJ_4wCp_FR7suulqGyOf078kXWabvbL8jn45pBS95qRHfJeHDYZtf-mDsjFWm22YaiwqYnSUImz3Y2HsCD9ps_oJgwc2BHQUHHIYCiQeWQ-XmkzEvlc6tqQwflWFhHoM |
| project_id | f9e2428b6863443f85bcbb11ac6c300e |
| user_id | 37d3c436d45347529926a4887607d01b |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 0 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"c4180ddc9500419898d6dd89086c1a0a\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:55:00.205671\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"936c1487-eff3-59cc-b424-096cff3cd6e9\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"932768de-4bf4-5c83-88cc-11f33f39cba9\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:55:00.205401+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"bf658c41-24b5-5075-9aee-64e6b3db92cc\"}, \"message_id\": \"b1026bd5-c0d2-48af-adec-dc44c2e1a46b\"}", "oslo.version": "2.0"} | 1054 | string | False |
ubuntu@zbook:~$ openstack --os-cloud openstack_helm user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 37d3c436d45347529926a4887607d01b | admin |
+----------------------------------+-------+
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 1 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"c0fa7577c07a4de39013f41b33185489\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:56:45.534129\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"129bfaf0-a8e3-579b-9030-0a5917547b46\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"f67acddd-78df-58f1-be93-dcb196e44a9e\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:56:45.533872+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"50468200-4b87-5a8a-b855-d25e8721ccea\"}, \"message_id\": \"cd9fe069-c0f6-4d3e-af65-f288cbb90f41\"}", "oslo.version": "2.0"} | 1054 | string | False |
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 0 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"e13c4eb09440496cb80b2297a61c12b8\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:56:45.572963\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"38cee0b3-9b7f-5905-95f1-fa6cf61a637d\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"3c9cdad0-a0f4-5151-ab44-da09add4be49\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:56:45.572690+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"1b0d8ade-f94a-517c-a9f6-fb3df0a2c8c1\"}, \"message_id\": \"c8a55a89-908c-49c0-a0b2-9002fccecb03\"}", "oslo.version": "2.0"} | 1054 | string | False |
[0] https://github.com/openstack/keystone/blob/master/keystone/conf/default.py#L221 |
When enabling CADF notifications and clearing the notification_opt_out setting[0] (which cause keystone to be more chatty with notifications) in order to audit identity.authenticate events, keystone emits a notification for the identity.authentication event where the initiator's ID is a random UUID that doesn't match up to a user. This was noticed when users would log into horizon and from the audit notification, it could not be determined which user was logging in.
An example of this is shown below, where keystone only has one user (admin). The config values for enabling CADF notifications were set here:
DEFAULT:
notification_format: cadf
notification_opt_out: ""
oslo_messaging_notifications:
driver: messagingv2
ubuntu@zbook:~$ openstack --os-cloud openstack_helm token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-07-07T10:55:00+0000 |
| id | gAAAAABbP_NE7uqaSEN6dDR4sEDB5N0EvOA085lp82_puZmDxeVV16ulJ_4wCp_FR7suulqGyOf078kXWabvbL8jn45pBS95qRHfJeHDYZtf-mDsjFWm22YaiwqYnSUImz3Y2HsCD9ps_oJgwc2BHQUHHIYCiQeWQ-XmkzEvlc6tqQwflWFhHoM |
| project_id | f9e2428b6863443f85bcbb11ac6c300e |
| user_id | 37d3c436d45347529926a4887607d01b |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 0 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"c4180ddc9500419898d6dd89086c1a0a\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:55:00.205671\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"936c1487-eff3-59cc-b424-096cff3cd6e9\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"932768de-4bf4-5c83-88cc-11f33f39cba9\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:55:00.205401+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"bf658c41-24b5-5075-9aee-64e6b3db92cc\"}, \"message_id\": \"b1026bd5-c0d2-48af-adec-dc44c2e1a46b\"}", "oslo.version": "2.0"} | 1054 | string | False |
ubuntu@zbook:~$ openstack --os-cloud openstack_helm user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 37d3c436d45347529926a4887607d01b | admin |
+----------------------------------+-------+
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 1 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"c0fa7577c07a4de39013f41b33185489\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:56:45.534129\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"129bfaf0-a8e3-579b-9030-0a5917547b46\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"f67acddd-78df-58f1-be93-dcb196e44a9e\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:56:45.533872+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"50468200-4b87-5a8a-b855-d25e8721ccea\"}, \"message_id\": \"cd9fe069-c0f6-4d3e-af65-f288cbb90f41\"}", "oslo.version": "2.0"} | 1054 | string | False |
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 0 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"e13c4eb09440496cb80b2297a61c12b8\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:56:45.572963\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"38cee0b3-9b7f-5905-95f1-fa6cf61a637d\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"3c9cdad0-a0f4-5151-ab44-da09add4be49\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:56:45.572690+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"1b0d8ade-f94a-517c-a9f6-fb3df0a2c8c1\"}, \"message_id\": \"c8a55a89-908c-49c0-a0b2-9002fccecb03\"}", "oslo.version": "2.0"} | 1054 | string | False |
[0] https://github.com/openstack/keystone/blob/master/keystone/conf/default.py#L221 |
|
2018-08-01 21:35:53 |
Gage Hugo |
description |
When enabling CADF notifications and clearing the notification_opt_out setting[0] (which cause keystone to be more chatty with notifications) in order to audit identity.authenticate events, keystone emits a notification for the identity.authentication event where the initiator's ID is a random UUID that doesn't match up to a user. This was noticed when users would log into horizon and from the audit notification, it could not be determined which user was logging in.
An example of this is shown below, where keystone only has one user (admin). The config values for enabling CADF notifications were set here:
DEFAULT:
notification_format: cadf
notification_opt_out: ""
oslo_messaging_notifications:
driver: messagingv2
ubuntu@zbook:~$ openstack --os-cloud openstack_helm token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-07-07T10:55:00+0000 |
| id | gAAAAABbP_NE7uqaSEN6dDR4sEDB5N0EvOA085lp82_puZmDxeVV16ulJ_4wCp_FR7suulqGyOf078kXWabvbL8jn45pBS95qRHfJeHDYZtf-mDsjFWm22YaiwqYnSUImz3Y2HsCD9ps_oJgwc2BHQUHHIYCiQeWQ-XmkzEvlc6tqQwflWFhHoM |
| project_id | f9e2428b6863443f85bcbb11ac6c300e |
| user_id | 37d3c436d45347529926a4887607d01b |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 0 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"c4180ddc9500419898d6dd89086c1a0a\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:55:00.205671\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"936c1487-eff3-59cc-b424-096cff3cd6e9\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"932768de-4bf4-5c83-88cc-11f33f39cba9\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:55:00.205401+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"bf658c41-24b5-5075-9aee-64e6b3db92cc\"}, \"message_id\": \"b1026bd5-c0d2-48af-adec-dc44c2e1a46b\"}", "oslo.version": "2.0"} | 1054 | string | False |
ubuntu@zbook:~$ openstack --os-cloud openstack_helm user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 37d3c436d45347529926a4887607d01b | admin |
+----------------------------------+-------+
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 1 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"c0fa7577c07a4de39013f41b33185489\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:56:45.534129\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"129bfaf0-a8e3-579b-9030-0a5917547b46\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"f67acddd-78df-58f1-be93-dcb196e44a9e\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:56:45.533872+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"50468200-4b87-5a8a-b855-d25e8721ccea\"}, \"message_id\": \"cd9fe069-c0f6-4d3e-af65-f288cbb90f41\"}", "oslo.version": "2.0"} | 1054 | string | False |
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 0 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"e13c4eb09440496cb80b2297a61c12b8\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:56:45.572963\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"38cee0b3-9b7f-5905-95f1-fa6cf61a637d\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"3c9cdad0-a0f4-5151-ab44-da09add4be49\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:56:45.572690+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"1b0d8ade-f94a-517c-a9f6-fb3df0a2c8c1\"}, \"message_id\": \"c8a55a89-908c-49c0-a0b2-9002fccecb03\"}", "oslo.version": "2.0"} | 1054 | string | False |
[0] https://github.com/openstack/keystone/blob/master/keystone/conf/default.py#L221 |
When enabling CADF notifications and clearing the notification_opt_out setting[0] (which cause keystone to be more chatty with notifications) in order to audit identity.authenticate events, keystone emits a notification for the identity.authentication event where the initiator's ID is a random UUID that doesn't match up to a user. Normally the initiator's ID is the ID of the user who performed the operation[1]. This was noticed when users would log into horizon and from the audit notification, it could not be determined which user was logging in.
An example of this is shown below, where keystone only has one user (admin). The config values for enabling CADF notifications were set here:
DEFAULT:
notification_format: cadf
notification_opt_out: ""
oslo_messaging_notifications:
driver: messagingv2
ubuntu@zbook:~$ openstack --os-cloud openstack_helm token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-07-07T10:55:00+0000 |
| id | gAAAAABbP_NE7uqaSEN6dDR4sEDB5N0EvOA085lp82_puZmDxeVV16ulJ_4wCp_FR7suulqGyOf078kXWabvbL8jn45pBS95qRHfJeHDYZtf-mDsjFWm22YaiwqYnSUImz3Y2HsCD9ps_oJgwc2BHQUHHIYCiQeWQ-XmkzEvlc6tqQwflWFhHoM |
| project_id | f9e2428b6863443f85bcbb11ac6c300e |
| user_id | 37d3c436d45347529926a4887607d01b |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 0 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"c4180ddc9500419898d6dd89086c1a0a\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:55:00.205671\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"936c1487-eff3-59cc-b424-096cff3cd6e9\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"932768de-4bf4-5c83-88cc-11f33f39cba9\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:55:00.205401+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"bf658c41-24b5-5075-9aee-64e6b3db92cc\"}, \"message_id\": \"b1026bd5-c0d2-48af-adec-dc44c2e1a46b\"}", "oslo.version": "2.0"} | 1054 | string | False |
ubuntu@zbook:~$ openstack --os-cloud openstack_helm user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 37d3c436d45347529926a4887607d01b | admin |
+----------------------------------+-------+
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 1 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"c0fa7577c07a4de39013f41b33185489\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:56:45.534129\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"129bfaf0-a8e3-579b-9030-0a5917547b46\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"f67acddd-78df-58f1-be93-dcb196e44a9e\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:56:45.533872+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"50468200-4b87-5a8a-b855-d25e8721ccea\"}, \"message_id\": \"cd9fe069-c0f6-4d3e-af65-f288cbb90f41\"}", "oslo.version": "2.0"} | 1054 | string | False |
ubuntu@zbook:~$ python rabbitmqadmin --host=[redacted] --port=15672 --vhost="keystone" --username=superuser --password=123456 get queue=notifications.info ackmode=ack_requeue_false | tail -n +4 | head -n +1
| notifications.info | keystone | 0 | {"oslo.message": "{\"priority\": \"INFO\", \"_unique_id\": \"e13c4eb09440496cb80b2297a61c12b8\", \"event_type\": \"identity.authenticate\", \"timestamp\": \"2018-07-06 22:56:45.572963\", \"publisher_id\": \"identity.keystone-api-7d5c6cff4-g9dvd\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"initiator\": {\"typeURI\": \"service/security/account/user\", \"host\": {\"agent\": \"osc-lib/1.10.0 keystoneauth1/3.7.0 python-requests/2.18.4 CPython/2.7.12\", \"address\": \"[redacted]\"}, \"id\": \"38cee0b3-9b7f-5905-95f1-fa6cf61a637d\"}, \"target\": {\"typeURI\": \"service/security/account/user\", \"id\": \"3c9cdad0-a0f4-5151-ab44-da09add4be49\"}, \"observer\": {\"typeURI\": \"service/security\", \"id\": \"9e53891b98b84bb898c0419e16426eca\"}, \"eventType\": \"activity\", \"eventTime\": \"2018-07-06T22:56:45.572690+0000\", \"action\": \"authenticate\", \"outcome\": \"success\", \"id\": \"1b0d8ade-f94a-517c-a9f6-fb3df0a2c8c1\"}, \"message_id\": \"c8a55a89-908c-49c0-a0b2-9002fccecb03\"}", "oslo.version": "2.0"} | 1054 | string | False |
[0] https://github.com/openstack/keystone/blob/master/keystone/conf/default.py#L221
[1] https://docs.openstack.org/keystone/latest/advanced-topics/event_notifications.html#auditing-with-cadf |
|
2018-08-01 21:40:05 |
OpenStack Infra |
keystone: status |
Confirmed |
In Progress |
|
2018-08-10 02:52:34 |
OpenStack Infra |
keystone: status |
In Progress |
Fix Released |
|
2019-01-28 20:52:56 |
Lance Bragstad |
keystone: milestone |
|
rocky-rc1 |
|
2019-03-20 10:46:41 |
OpenStack Infra |
tags |
|
in-stable-queens |
|
2019-03-20 10:58:36 |
OpenStack Infra |
tags |
in-stable-queens |
in-stable-queens in-stable-rocky |
|
2021-04-20 19:46:39 |
Nathanael Burton |
bug |
|
|
added subscriber Nathanael Burton |
2021-04-20 19:46:57 |
Nathanael Burton |
removed subscriber Nathanael Burton |
|
|
|