yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1628064] [NEW] Keystone notifications don't have enough data

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Kseniya Tychkova <ktychkova@xxxxxxxxxxxx>
Date: Tue, 27 Sep 2016 11:49:17 -0000
Reply-to: Bug 1628064 <1628064@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Keystone currently supports two notification formats: a Basic Notification, and a Cloud Auditing Data Federation (CADF) Notification.
CADF notifications are more informative but it is still not enough.
Here is an example for "deleted.user" event:
{
    "typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event";,
    "initiator": {
        "typeURI": "service/security/account/user",
        "host": {
            "agent": "ceilometer-polling keystoneauth1/2.12.1,
            "address": "172.18.186.212"
        },
        "user_id": "e5ac866ebfce4595a707efd97c342b36",
        "id": "e5ac866ebfce4595a707efd97c342b36"
    },
    "target": {
        "typeURI": "service/security/account/user",
        "id": "f026aee7-20f7-5a7f-965d-300ec50c4686"
    },
    "observer": {
        "typeURI": "service/security",
        "id": "9275459bf1e84ecb8aaaa135b4239bf6"
    },
    "eventType": "activity",
    "eventTime": "2016-09-23T11:46:27.616983+0000",
    "action": "deleted.user",
    "outcome": "success",
    "id": "bdfdb6c5-f8b8-50f5-b161-c9af3e85a852"
}

User is deleted and here is only id of that user.
OpenStack operators will not be able to understand what user exactly was deleted.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1628064

Title:
  Keystone notifications don't have enough data

Status in OpenStack Identity (keystone):
  New

Bug description:
  Keystone currently supports two notification formats: a Basic Notification, and a Cloud Auditing Data Federation (CADF) Notification.
  CADF notifications are more informative but it is still not enough.
  Here is an example for "deleted.user" event:
  {
      "typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event";,
      "initiator": {
          "typeURI": "service/security/account/user",
          "host": {
              "agent": "ceilometer-polling keystoneauth1/2.12.1,
              "address": "172.18.186.212"
          },
          "user_id": "e5ac866ebfce4595a707efd97c342b36",
          "id": "e5ac866ebfce4595a707efd97c342b36"
      },
      "target": {
          "typeURI": "service/security/account/user",
          "id": "f026aee7-20f7-5a7f-965d-300ec50c4686"
      },
      "observer": {
          "typeURI": "service/security",
          "id": "9275459bf1e84ecb8aaaa135b4239bf6"
      },
      "eventType": "activity",
      "eventTime": "2016-09-23T11:46:27.616983+0000",
      "action": "deleted.user",
      "outcome": "success",
      "id": "bdfdb6c5-f8b8-50f5-b161-c9af3e85a852"
  }

  User is deleted and here is only id of that user.
  OpenStack operators will not be able to understand what user exactly was deleted.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1628064/+subscriptions