From e17dae8fb41544ad15d5b9b418f211959c419d51 Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Mon, 14 Jul 2014 14:07:45 -0500 Subject: [PATCH] project disabled/deleted notification recommendations These recommendations represent the outcome of the Keystone/Barbican cross-project discussion regarding: https://review.openstack.org/#/c/99658/ This discussion occurred at the keystone hackathon for Juno. Change-Id: Ib67c85a9f900ef0a6a346cdbf3280b3a8f977ad7 --- doc/source/event_notifications.rst | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/doc/source/event_notifications.rst b/doc/source/event_notifications.rst index d045329fa2..89b2b53a43 100644 --- a/doc/source/event_notifications.rst +++ b/doc/source/event_notifications.rst @@ -66,7 +66,7 @@ notification will be sent. Information about the error is handled through normal exception paths. Notification Example -^^^^^^^^^^^^^^^^^^^^ +-------------------- This is an example of a notification sent for a newly created user:: @@ -81,6 +81,21 @@ This is an example of a notification sent for a newly created user:: "timestamp": "2013-08-29 19:03:45.960280" } +Recommendations for consumers +----------------------------- + +One of the most important notifications that Keystone emits is for project +deletions (``event_type`` = ``identity.project.deleted``). This event should +indicate to the rest of OpenStack that all resources (such as virtual machines) +associated with the project should be deleted. + +Projects can also have update events (``event_type`` = +``identity.project.updated``), wherein the project has been disabled. Keystone +ensures this has an immediate impact on the accessibility of the project's +resources by revoking tokens with authorization on the project, but should +**not** have a direct impact on the projects resources (in other words, virtual +machines should **not** be deleted). + Auditing with CADF ==================