CADF Notifications are missing user name in initiator object
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Undecided
|
Gage Hugo |
Bug Description
When enabling CADF notifications, each event notification contains an initiator object, this object contains an id, typeuri, project_id, etc. This notification is useful for auditors to determine who has authenticated and/or what action a user has performed.
The various examples in the OpenStack CADF standard[0] show a user name as part of the initiator, however most notifications only contain the user_id. For deployments that contain non-local users, this only provides a UUID as the user_id, and it is not immediately clear which user performed an action. Additional work has to be done, either manually or via an alerting process to query each user_id against keystone to determine which user performed what action.
To better conform to the standard[0], keystone should be including usernames as part of the initiator object.
[0] https:/
summary: |
- CADF Notifications are missing user name in initiator + CADF Notifications are missing user name in initiator object |
Changed in keystone: | |
assignee: | nobody → Gage Hugo (gagehugo) |
status: | New → In Progress |
Reviewed: https:/ /review. opendev. org/699013 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=95edaaab06c 6da761411ef97bc 2545d86d579215
Committed: https:/
Submitter: Zuul
Branch: master
commit 95edaaab06c6da7 61411ef97bc2545 d86d579215
Author: Gage Hugo <email address hidden>
Date: Fri Dec 13 14:25:28 2019 -0600
Always have username in CADF initiator
The current initiator object for CADF notifications does not include
the username of the user who initiated the action, which leads to
issues when using an LDAP backend and not having a direct way to
map a username to a user id.
This change makes it so that the initiator object for CADF
notifications always contains the username for a user as well
as the user id. This follows along with the CADF standard
for OpenStack[0].
[0] https:/ /www.dmtf. org/sites/ default/ files/standards /documents/ DSP2038_ 1.1.0.pdf# page=12
Closes-Bug: #1856904
Change-Id: I833e6e0d7792ac f49f816050ad7a6 3e8ea4f702f