keystonemiddleware

Audit Middleware driver config issue with Nova, Neutron

Bug #1544840 reported by Arun Kant
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
keystonemiddleware
Fix Released
Wishlist
Arun Kant

Bug Description

Audit middleware is using oslo messaging library to send audit events to messaging queue or to logs. For this, it requires notification driver identifier to send audit events to correct destination.

This audit middleware can be easily added to openstack services paste pipeline where the application is not using oslo messaging notifications feature.

In case service is already using oslo messaging notification feature, then adding auditing support using this middleware can become issue. The issue is that service and audit middleware both are using same configuration for its notification driver which means both service notifications and audit events are going to land into same notification destinations (queue or/and log).

This makes audit middleware inflexible to use as deployment may want to write audit events to log files but still want its service related notifications to messaging queue or vice versa. Even if we use multiple values approach by setting both 'messaging' and 'log', still there is issue of sending unwanted notifications in log and messaging side.

If audit middleware has it own configuration section for driver and topic, then it will be easier to integrate audit middleware for services already using oslo messaging notification e.g. nova (notifications for ceilometer) and neutron (notifications to l3, dhcp_agent)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystonemiddleware (master)

Fix proposed to branch: master
Review: https://review.openstack.org/279828

Changed in keystonemiddleware:
assignee: nobody → Arun Kant (arunkant-uws)
status: New → In Progress
David Stanek (dstanek)
Changed in keystonemiddleware:
importance: Undecided → Wishlist
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystonemiddleware (master)

Reviewed: https://review.openstack.org/279828
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=c813c35214b44ebd135d89ea43bf55d3d327a11c
Submitter: Jenkins
Branch: master

commit c813c35214b44ebd135d89ea43bf55d3d327a11c
Author: Arun Kant <email address hidden>
Date: Fri Feb 12 16:41:19 2016 -0800

    Adding audit middleware specific notification driver conf

    Now oslo messaging notifier can use driver information from audit
    middleware specific conf section. This allows audit to have different
    driver and transport usage from existing standard oslo messaging
    configuration. If audit middleware section is not defined, then existing
    logic is used which identifies driver from shared common oslo messaging
    notification conf section.

    Adjusted code and tests to recent oslo messaging notifier topic to
    topics arg change. And recent request.context change.

    Change-Id: Ia9ce654d3903efd0fd7893347e44ee27a765c745
    Closes-Bug: 1544840

Changed in keystonemiddleware:
status: In Progress → Fix Released
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/keystonemiddleware 4.5.0

This issue was fixed in the openstack/keystonemiddleware 4.5.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.