keystone.notifications module

Notifications module for OpenStack Identity Service resources.

keystone.notifications.ACTIONS = ('created', 'deleted', 'disabled', 'updated', 'internal')

The actions on resources.

class keystone.notifications.Audit[source]

Bases: object

Namespace for audit notification functions.

This is a namespace object to contain all of the direct notification functions utilized for Manager methods.

classmethod added_to(target_type, target_id, actor_type, actor_id, initiator=None, public=True, reason=None)[source]
classmethod created(resource_type, resource_id, initiator=None, public=True, reason=None)[source]
classmethod deleted(resource_type, resource_id, initiator=None, public=True, reason=None)[source]
classmethod disabled(resource_type, resource_id, initiator=None, public=True, reason=None)[source]
classmethod internal(resource_type, resource_id, reason=None)[source]
classmethod removed_from(target_type, target_id, actor_type, actor_id, initiator=None, public=True, reason=None)[source]
classmethod updated(resource_type, resource_id, initiator=None, public=True, reason=None)[source]
class keystone.notifications.CadfNotificationWrapper(operation)[source]

Bases: object

Send CADF event notifications for various methods.

This function is only used for Authentication events. Its action and event_type are dictated below.

  • action: authenticate

  • event_type: identity.authenticate

Sends CADF notifications for events such as whether an authentication was successful or not.

Parameters:

operation – The authentication related action being performed

class keystone.notifications.CadfRoleAssignmentNotificationWrapper(operation)[source]

Bases: object

Send CADF notifications for role_assignment methods.

This function is only used for role assignment events. Its action and event_type are dictated below.

  • action: created.role_assignment or deleted.role_assignment

  • event_type: identity.role_assignment.created or

    identity.role_assignment.deleted

Sends a CADF notification if the wrapped method does not raise an Exception (such as keystone.exception.NotFound).

Parameters:

operation – one of the values from ACTIONS (created or deleted)

ROLE_ASSIGNMENT = 'role_assignment'
keystone.notifications.build_audit_initiator()[source]

A pyCADF initiator describing the current authenticated context.

keystone.notifications.clear_subscribers()[source]

Empty subscribers dictionary.

This effectively stops notifications since there will be no subscribers to publish to.

keystone.notifications.emit_event

alias of CadfNotificationWrapper

keystone.notifications.invalidate_token_cache_notification(reason)[source]

A specific notification for invalidating the token cache.

Parameters:

reason (string) – The specific reason why the token cache is being invalidated.

keystone.notifications.listener(cls)[source]

A class decorator to declare a class to be a notification listener.

A notification listener must specify the event(s) it is interested in by defining a event_callbacks attribute or property. event_callbacks is a dictionary where the key is the type of event and the value is a dictionary containing a mapping of resource types to callback(s).

ACTIONS contains constants for the currently supported events. There is currently no single place to find constants for the resource types.

Example:

@listener
class Something(object):
    def __init__(self):
        self.event_callbacks = {
            notifications.ACTIONS.created: {
                'user': self._user_created_callback
            },
            notifications.ACTIONS.deleted: {
                'project': [
                    self._project_deleted_callback,
                    self._do_cleanup,
                ]
            },
        }
keystone.notifications.notify_event_callbacks(service, resource_type, operation, payload)[source]

Send a notification to registered extensions.

keystone.notifications.register_event_callback(event, resource_type, callbacks)[source]

Register each callback with the event.

Parameters:

  • event (keystone.notifications.ACTIONS) – Action being registered

  • resource_type (str) – Type of resource being operated on

  • callbacks (list) – Callback items to be registered with event

Raises:

  • ValueError – If event is not a valid ACTION

  • TypeError – If callback is not callable

keystone.notifications.reset_notifier()[source]

Reset the notifications internal state.

This is used only for testing purposes.

keystone.notifications.role_assignment

alias of CadfRoleAssignmentNotificationWrapper

keystone.notifications.send_saml_audit_notification(action, user_id, group_ids, identity_provider, protocol, token_id, outcome)[source]

Send notification to inform observers about SAML events.

Parameters:

  • action (str) – Action being audited

  • user_id (str) – User ID from Keystone token

  • group_ids (list) – List of Group IDs from Keystone token

  • identity_provider (str or None) – ID of the IdP from the Keystone token

  • protocol (str) – Protocol ID for IdP from the Keystone token

  • token_id (str or None) – audit_id from Keystone token

  • outcome (str) – One of pycadf.cadftaxonomy