Need more data added for RBAC policy notifications
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
For the Searchlight project, we are receiving notifications for the RBAC policy commands.
rbac-create
rbac-delete
The payload for rbac_policy.
The payload for rbac_policy.
{
"event_type": "rbac_policy.
"payload":
{ "rbac_policy_id": "d7491be9-
}
Since the RBAC policy is being deleted, we cannot query the details of the policy through the Neutron API using the policy ID. Doing so results in a race condition where the majority of the time the policy has already been deleted.
This means we need to store the details of the policy upon rbac_policy.
We would like a change to the rbac_policy.
{
"event_type": "rbac_policy.
"payload":
{ "target_tenant": "admin", "tenant_id": "c4b424b17cc04c
}
At a bare minimum, we would need "tenant_id", "object_id" and "id" to be returned.
Changed in neutron: | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
tags: | added: access-control rfe |
It's actually not clear to me why it does not happen in a (similar) way that you expect. At least my reading of _delete() implementation in neutron/ api/v2/ base.py suggests that the payload should contain more than just an ID even for delete.end notifications.
Do we by chance see the same stripped payload for other resources? If so, it could be as well some general bug and not a feature request.