keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

keystone.notifications Namespace Reference

Classes

class  _CatalogHelperObj
 
class  Audit
 
class  CadfNotificationWrapper
 
class  CadfRoleAssignmentNotificationWrapper
 

Functions

def build_audit_initiator ()
 
def invalidate_token_cache_notification (reason)
 
def _get_callback_info (callback)
 
def register_event_callback (event, resource_type, callbacks)
 
def listener (cls)
 
def notify_event_callbacks (service, resource_type, operation, payload)
 
def _get_notifier ()
 
def clear_subscribers ()
 
def reset_notifier ()
 
def _create_cadf_payload (operation, resource_type, resource_id, outcome, initiator, reason=None)
 
def _send_notification (operation, resource_type, resource_id, initiator=None, actor_dict=None, public=True)
 
def _get_request_audit_info (context, user_id=None)
 
def send_saml_audit_notification (action, user_id, group_ids, identity_provider, protocol, token_id, outcome)
 
def _send_audit_notification (action, initiator, outcome, target, event_type, reason=None, **kwargs)
 
def _check_notification_opt_out (event_type, outcome)
 
def _add_username_to_initiator (initiator)
 

Variables

 _CATALOG_HELPER_OBJ = None
 
 LOG = log.getLogger(__name__)
 
 _ACTIONS
 
 ACTIONS
 
dictionary CADF_TYPE_MAP
 
string SAML_AUDIT_TYPE = 'http://docs.oasis-open.org/security/saml/v2.0'
 
dictionary _SUBSCRIBERS = {}
 
 _notifier = None
 
string SERVICE = 'identity'
 
 PROVIDERS = provider_api.ProviderAPIs
 
string ROOT_DOMAIN = '<<keystone.domain.root>>'
 
 CONF = keystone.conf.CONF
 
string INVALIDATE_TOKEN_CACHE = 'invalidate_token_cache'
 
string PERSIST_REVOCATION_EVENT_FOR_USER = 'persist_revocation_event_for_user'
 
string REMOVE_APP_CREDS_FOR_USER = 'remove_application_credentials_for_user'
 
string DOMAIN_DELETED = 'domain_deleted'
 
 emit_event = CadfNotificationWrapper
 
 role_assignment = CadfRoleAssignmentNotificationWrapper
 
 __init__
 

Function Documentation

◆ _add_username_to_initiator()

def keystone.notifications._add_username_to_initiator (   initiator)
private
Add the username to the initiator if missing.

Definition at line 828 of file notifications.py.

Referenced by keystone.notifications.CadfNotificationWrapper.__call__(), and keystone.notifications._get_request_audit_info().

◆ _check_notification_opt_out()

def keystone.notifications._check_notification_opt_out (   event_type,
  outcome 
)
private
Check if a particular event_type has been opted-out of.

This method checks to see if an event should be sent to the messaging
service. Any event specified in the opt-out list will not be transmitted.

:param event_type: This is the meter name that Ceilometer uses to poll
    events. For example: identity.user.created, or
    identity.authenticate.success, or identity.role_assignment.created
:param outcome: The CADF outcome (taxonomy.OUTCOME_PENDING,
    taxonomy.OUTCOME_SUCCESS, taxonomy.OUTCOME_FAILURE)

Definition at line 801 of file notifications.py.

Referenced by keystone.notifications._send_notification().

◆ _create_cadf_payload()

def keystone.notifications._create_cadf_payload (   operation,
  resource_type,
  resource_id,
  outcome,
  initiator,
  reason = None 
)
private
Prepare data for CADF audit notifier.

Transform the arguments into content to be consumed by the function that
emits CADF events (_send_audit_notification). Specifically the
``resource_type`` (role, user, etc) must be transformed into a CADF
keyword, such as: ``data/security/role``. The ``resource_id`` is added as a
top level value for the ``resource_info`` key. Lastly, the ``operation`` is
used to create the CADF ``action``, and the ``event_type`` name.

As per the CADF specification, the ``action`` must start with create,
update, delete, etc... i.e.: created.user or deleted.role

However the ``event_type`` is an OpenStack-ism that is typically of the
form project.resource.operation. i.e.: identity.project.updated

:param operation: operation being performed (created, updated, or deleted)
:param resource_type: type of resource being operated on (role, user, etc)
:param resource_id: ID of resource being operated on
:param outcome: outcomes of the operation (SUCCESS, FAILURE, etc)
:param initiator: CADF representation of the user that created the request
:param reason: pycadf object containing the response code and
               message description

Definition at line 403 of file notifications.py.

References keystone.notifications._send_audit_notification().

Referenced by keystone.notifications.Audit._emit().

◆ _get_callback_info()

def keystone.notifications._get_callback_info (   callback)
private
Return list containing callback's module and name.

If the callback is a bound instance method also return the class name.

:param callback: Function to call
:type callback: function
:returns: List containing parent module, (optional class,) function name
:rtype: list

Definition at line 240 of file notifications.py.

Referenced by keystone.notifications.register_event_callback().

◆ _get_notifier()

def keystone.notifications._get_notifier ( )
private
Return a notifier object.

If _notifier is None it means that a notifier object has not been set.
If _notifier is False it means that a notifier has previously failed to
construct.
Otherwise it is a constructed Notifier object.

Definition at line 361 of file notifications.py.

Referenced by keystone.notifications._send_notification().

◆ _get_request_audit_info()

def keystone.notifications._get_request_audit_info (   context,
  user_id = None 
)
private
Collect audit information about the request used for CADF.

:param context: Request context
:param user_id: Optional user ID, alternatively collected from context
:returns: Auditing data about the request
:rtype: :class:`pycadf.Resource`

Definition at line 502 of file notifications.py.

References keystone.notifications._add_username_to_initiator().

◆ _send_audit_notification()

def keystone.notifications._send_audit_notification (   action,
  initiator,
  outcome,
  target,
  event_type,
  reason = None,
**  kwargs 
)
private
Send CADF notification to inform observers about the affected resource.

This method logs an exception when sending the notification fails.

:param action: CADF action being audited (e.g., 'authenticate')
:param initiator: CADF resource representing the initiator
:param outcome: The CADF outcome (taxonomy.OUTCOME_PENDING,
    taxonomy.OUTCOME_SUCCESS, taxonomy.OUTCOME_FAILURE)
:param target: CADF resource representing the target
:param event_type: An OpenStack-ism, typically this is the meter name that
    Ceilometer uses to poll events.
:param kwargs: Any additional arguments passed in will be added as
    key-value pairs to the CADF event.
:param reason: Reason for the notification which contains the response
    code and message description

Definition at line 737 of file notifications.py.

Referenced by keystone.notifications.CadfNotificationWrapper.__call__(), keystone.notifications.CadfRoleAssignmentNotificationWrapper.__call__(), keystone.notifications._create_cadf_payload(), and keystone.notifications.send_saml_audit_notification().

◆ _send_notification()

def keystone.notifications._send_notification (   operation,
  resource_type,
  resource_id,
  initiator = None,
  actor_dict = None,
  public = True 
)
private
Send notification to inform observers about the affected resource.

This method doesn't raise an exception when sending the notification fails.

:param operation: operation being performed (created, updated, or deleted)
:param resource_type: type of resource being operated on
:param resource_id: ID of resource being operated on
:param initiator: representation of the user that created the request
:param actor_dict: a dictionary containing the actor's ID and type
:param public:  if True (default), the event will be sent
                to the notifier API.
                if False, the event will only be sent via
                notify_event_callbacks to in process listeners.

Definition at line 450 of file notifications.py.

References keystone.notifications._check_notification_opt_out(), keystone.notifications._get_notifier(), and keystone.notifications.notify_event_callbacks().

Referenced by keystone.notifications.Audit._emit().

◆ build_audit_initiator()

def keystone.notifications.build_audit_initiator ( )
A pyCADF initiator describing the current authenticated context.

Definition at line 91 of file notifications.py.

Referenced by keystone.notifications.CadfNotificationWrapper.__call__(), and keystone.notifications.send_saml_audit_notification().

◆ clear_subscribers()

def keystone.notifications.clear_subscribers ( )
Empty subscribers dictionary.

This effectively stops notifications since there will be no subscribers
to publish to.

Definition at line 384 of file notifications.py.

◆ invalidate_token_cache_notification()

def keystone.notifications.invalidate_token_cache_notification (   reason)
A specific notification for invalidating the token cache.

:param reason: The specific reason why the token cache is being
               invalidated.
:type reason: string

Definition at line 214 of file notifications.py.

◆ listener()

def keystone.notifications.listener (   cls)
A class decorator to declare a class to be a notification listener.

A notification listener must specify the event(s) it is interested in by
defining a ``event_callbacks`` attribute or property. ``event_callbacks``
is a dictionary where the key is the type of event and the value is a
dictionary containing a mapping of resource types to callback(s).

:data:`.ACTIONS` contains constants for the currently
supported events. There is currently no single place to find constants for
the resource types.

Example::

    @listener
    class Something(object):

        def __init__(self):
            self.event_callbacks = {
                notifications.ACTIONS.created: {
                    'user': self._user_created_callback,
                },
                notifications.ACTIONS.deleted: {
                    'project': [
                        self._project_deleted_callback,
                        self._do_cleanup,
                    ]
                },
            }

Definition at line 298 of file notifications.py.

References keystone.notifications.register_event_callback().

◆ notify_event_callbacks()

def keystone.notifications.notify_event_callbacks (   service,
  resource_type,
  operation,
  payload 
)
Send a notification to registered extensions.

Definition at line 345 of file notifications.py.

Referenced by keystone.notifications._send_notification().

◆ register_event_callback()

def keystone.notifications.register_event_callback (   event,
  resource_type,
  callbacks 
)
Register each callback with the event.

:param event: Action being registered
:type event: keystone.notifications.ACTIONS
:param resource_type: Type of resource being operated on
:type resource_type: str
:param callbacks: Callback items to be registered with event
:type callbacks: list
:raises ValueError: If event is not a valid ACTION
:raises TypeError: If callback is not callable

Definition at line 260 of file notifications.py.

References keystone.i18n._, and keystone.notifications._get_callback_info().

Referenced by keystone.notifications.listener().

◆ reset_notifier()

def keystone.notifications.reset_notifier ( )
Reset the notifications internal state.

This is used only for testing purposes.

Definition at line 393 of file notifications.py.

◆ send_saml_audit_notification()

def keystone.notifications.send_saml_audit_notification (   action,
  user_id,
  group_ids,
  identity_provider,
  protocol,
  token_id,
  outcome 
)
Send notification to inform observers about SAML events.

:param action: Action being audited
:type action: str
:param user_id: User ID from Keystone token
:type user_id: str
:param group_ids: List of Group IDs from Keystone token
:type group_ids: list
:param identity_provider: ID of the IdP from the Keystone token
:type identity_provider: str or None
:param protocol: Protocol ID for IdP from the Keystone token
:type protocol: str
:param token_id: audit_id from Keystone token
:type token_id: str or None
:param outcome: One of :class:`pycadf.cadftaxonomy`
:type outcome: str

Definition at line 699 of file notifications.py.

References keystone.notifications._send_audit_notification(), and keystone.notifications.build_audit_initiator().

Variable Documentation

◆ __init__

keystone.notifications.__init__
private

Definition at line 341 of file notifications.py.

◆ _ACTIONS

keystone.notifications._ACTIONS
private
Initial value:
1 = collections.namedtuple(
2  'NotificationActions',
3  'created, deleted, disabled, updated, internal')

Definition at line 48 of file notifications.py.

◆ _CATALOG_HELPER_OBJ

keystone.notifications._CATALOG_HELPER_OBJ = None
private

Definition at line 43 of file notifications.py.

◆ _notifier

keystone.notifications._notifier = None
private

Definition at line 75 of file notifications.py.

◆ _SUBSCRIBERS

dictionary keystone.notifications._SUBSCRIBERS = {}
private

Definition at line 74 of file notifications.py.

◆ ACTIONS

keystone.notifications.ACTIONS
Initial value:
1 = _ACTIONS(created='created', deleted='deleted', disabled='disabled',
2  updated='updated', internal='internal')

Definition at line 51 of file notifications.py.

◆ CADF_TYPE_MAP

dictionary keystone.notifications.CADF_TYPE_MAP
Initial value:
1 = {
2  'group': taxonomy.SECURITY_GROUP,
3  'project': taxonomy.SECURITY_PROJECT,
4  'role': taxonomy.SECURITY_ROLE,
5  'user': taxonomy.SECURITY_ACCOUNT_USER,
6  'domain': taxonomy.SECURITY_DOMAIN,
7  'region': taxonomy.SECURITY_REGION,
8  'endpoint': taxonomy.SECURITY_ENDPOINT,
9  'service': taxonomy.SECURITY_SERVICE,
10  'policy': taxonomy.SECURITY_POLICY,
11  'OS-TRUST:trust': taxonomy.SECURITY_TRUST,
12  'OS-OAUTH1:access_token': taxonomy.SECURITY_CREDENTIAL,
13  'OS-OAUTH1:request_token': taxonomy.SECURITY_CREDENTIAL,
14  'OS-OAUTH1:consumer': taxonomy.SECURITY_ACCOUNT,
15  'application_credential': taxonomy.SECURITY_CREDENTIAL,
16 }

Definition at line 55 of file notifications.py.

◆ CONF

keystone.notifications.CONF = keystone.conf.CONF

Definition at line 81 of file notifications.py.

◆ DOMAIN_DELETED

string keystone.notifications.DOMAIN_DELETED = 'domain_deleted'

Definition at line 88 of file notifications.py.

◆ emit_event

keystone.notifications.emit_event = CadfNotificationWrapper

Definition at line 842 of file notifications.py.

◆ INVALIDATE_TOKEN_CACHE

string keystone.notifications.INVALIDATE_TOKEN_CACHE = 'invalidate_token_cache'

Definition at line 85 of file notifications.py.

◆ LOG

keystone.notifications.LOG = log.getLogger(__name__)

Definition at line 45 of file notifications.py.

◆ PERSIST_REVOCATION_EVENT_FOR_USER

string keystone.notifications.PERSIST_REVOCATION_EVENT_FOR_USER = 'persist_revocation_event_for_user'

Definition at line 86 of file notifications.py.

◆ PROVIDERS

keystone.notifications.PROVIDERS = provider_api.ProviderAPIs

Definition at line 77 of file notifications.py.

◆ REMOVE_APP_CREDS_FOR_USER

string keystone.notifications.REMOVE_APP_CREDS_FOR_USER = 'remove_application_credentials_for_user'

Definition at line 87 of file notifications.py.

◆ role_assignment

keystone.notifications.role_assignment = CadfRoleAssignmentNotificationWrapper

Definition at line 845 of file notifications.py.

◆ ROOT_DOMAIN

string keystone.notifications.ROOT_DOMAIN = '<<keystone.domain.root>>'

Definition at line 79 of file notifications.py.

◆ SAML_AUDIT_TYPE

string keystone.notifications.SAML_AUDIT_TYPE = 'http://docs.oasis-open.org/security/saml/v2.0'

Definition at line 72 of file notifications.py.

◆ SERVICE

string keystone.notifications.SERVICE = 'identity'

Definition at line 76 of file notifications.py.

keystone.notifications._ACTIONS
_ACTIONS
Definition: notifications.py:48