keystone.notifications module¶

Notifications module for OpenStack Identity Service resources.

keystone.notifications.ACTIONS = NotificationActions(created='created', deleted='deleted', disabled='disabled', updated='updated', internal='internal')¶

The actions on resources.

class keystone.notifications.Audit[source]¶

Bases: object

Namespace for audit notification functions.

This is a namespace object to contain all of the direct notification functions utilized for Manager methods.

classmethod added_to(target_type, target_id, actor_type, actor_id, initiator=None, public=True, reason=None)[source]¶

classmethod created(resource_type, resource_id, initiator=None, public=True, reason=None)[source]¶

classmethod deleted(resource_type, resource_id, initiator=None, public=True, reason=None)[source]¶

classmethod disabled(resource_type, resource_id, initiator=None, public=True, reason=None)[source]¶

classmethod internal(resource_type, resource_id, reason=None)[source]¶

classmethod removed_from(target_type, target_id, actor_type, actor_id, initiator=None, public=True, reason=None)[source]¶

classmethod updated(resource_type, resource_id, initiator=None, public=True, reason=None)[source]¶

class keystone.notifications.CadfNotificationWrapper(operation)[source]¶

Bases: object

Send CADF event notifications for various methods.

This function is only used for Authentication events. Its action and event_type are dictated below.

• action: authenticate

• event_type: identity.authenticate

Sends CADF notifications for events such as whether an authentication was successful or not.

Parameters:

operation – The authentication related action being performed

class keystone.notifications.CadfRoleAssignmentNotificationWrapper(operation)[source]¶

Bases: object

Send CADF notifications for role_assignment methods.

This function is only used for role assignment events. Its action and event_type are dictated below.

• action: created.role_assignment or deleted.role_assignment

• event_type: identity.role_assignment.created or

  identity.role_assignment.deleted

Sends a CADF notification if the wrapped method does not raise an Exception (such as keystone.exception.NotFound).

Parameters:

operation – one of the values from ACTIONS (created or deleted)

ROLE_ASSIGNMENT = 'role_assignment'¶

keystone.notifications.build_audit_initiator()[source]¶

A pyCADF initiator describing the current authenticated context.

keystone.notifications.clear_subscribers()[source]¶

Empty subscribers dictionary.

This effectively stops notifications since there will be no subscribers to publish to.

keystone.notifications.emit_event¶

alias of CadfNotificationWrapper

keystone.notifications.invalidate_token_cache_notification(reason)[source]¶

A specific notification for invalidating the token cache.

Parameters:

reason (string) – The specific reason why the token cache is being invalidated.

keystone.notifications.listener(cls)[source]¶

A class decorator to declare a class to be a notification listener.

A notification listener must specify the event(s) it is interested in by defining a event_callbacks attribute or property. event_callbacks is a dictionary where the key is the type of event and the value is a dictionary containing a mapping of resource types to callback(s).

ACTIONS contains constants for the currently supported events. There is currently no single place to find constants for the resource types.

Example:

@listener
class Something(object):

    def __init__(self):
        self.event_callbacks = {
            notifications.ACTIONS.created: {
                'user': self._user_created_callback,
            },
            notifications.ACTIONS.deleted: {
                'project': [
                    self._project_deleted_callback,
                    self._do_cleanup,
                ]
            },
        }

keystone.notifications.notify_event_callbacks(service, resource_type, operation, payload)[source]¶

Send a notification to registered extensions.

keystone.notifications.register_event_callback(event, resource_type, callbacks)[source]¶

Register each callback with the event.

Parameters:

• event (keystone.notifications.ACTIONS) – Action being registered

• resource_type (str) – Type of resource being operated on

• callbacks (list) – Callback items to be registered with event

Raises:

• ValueError – If event is not a valid ACTION

• TypeError – If callback is not callable

keystone.notifications.reset_notifier()[source]¶

Reset the notifications internal state.

This is used only for testing purposes.

keystone.notifications.role_assignment¶

alias of CadfRoleAssignmentNotificationWrapper

keystone.notifications.send_saml_audit_notification(action, user_id, group_ids, identity_provider, protocol, token_id, outcome)[source]¶

Send notification to inform observers about SAML events.

Parameters:

• action (str) – Action being audited

• user_id (str) – User ID from Keystone token

• group_ids (list) – List of Group IDs from Keystone token

• identity_provider (str or None) – ID of the IdP from the Keystone token

• protocol (str) – Protocol ID for IdP from the Keystone token

• token_id (str or None) – audit_id from Keystone token

• outcome (str) – One of pycadf.cadftaxonomy