← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #96010

[Bug 2063321] Re: CADF initiator name / username field is inconsistent

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/c/openstack/keystone/+/916880
Committed: https://opendev.org/openstack/keystone/commit/9f35c9b2901cf75c103d90f46c8cc88f83814783
Submitter: "Zuul (22348)"
Branch:    master

commit 9f35c9b2901cf75c103d90f46c8cc88f83814783
Author: Jake Yip <jake.yip@xxxxxxxxxxx>
Date:   Wed Apr 24 19:58:54 2024 +1000

    Fix inconsistency in CADF initiator name field
    
    For CADF messages, keystone stores the initiator username in the
    'initiator.username' field, and keystonemiddleware stores it in the
    'initiator.name' field[1].
    
    CADF specs[2] says it should be initiator:name, so make it consistent.
    
    Keep the initiator.username field so as not to break existing
    deployments.
    
    [1] https://opendev.org/openstack/keystonemiddleware/src/branch/stable/2023.2/keystonemiddleware/audit/_api.py#L290
    [2] https://www.dmtf.org/sites/default/files/standards/documents/DSP2038_1.1.0.pdf#page=14
    
    Closes-Bug: #2063321
    
    Change-Id: I69d662dd3c0e70d2a614655b62dd9655c438fc0b


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2063321

Title:
  CADF initiator name / username field is inconsistent

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  The CADF notification generated by keystone and keystone middleware is
  inconsistent. Specifically, the field for initiator's username is
  `initiator.username` in keystone, and `initiator.name` in
  keystonemiddleware.

  It would be good for both keystone and keystonemiddleware to have the
  same field, so we can grok for the relevant data consistently.

  More information:

  In Change I833e6e0d7792acf49f816050ad7a63e8ea4f702f, the username of
  the initiator was added to the `initiator.username` field. However,
  this is inconsistent with keystonemiddleware, which calls it
  `initiator.name`[2]. It is also different from the specs, which states
  it should be `initiator:name`[3].

  [1] https://review.opendev.org/c/openstack/keystone/+/699013

  [2]
  https://opendev.org/openstack/keystonemiddleware/src/branch/stable/2023.2/keystonemiddleware/audit/_api.py#L290

  [3]
  https://www.dmtf.org/sites/default/files/standards/documents/DSP2038_1.1.0.pdf

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2063321/+subscriptions

References

  Thread PreviousDate PreviousThread Next