keystone.notifications module

Notifications module for OpenStack Identity Service resources.

keystone.notifications.ACTIONS = NotificationActions(created='created', deleted='deleted', disabled='disabled', updated='updated', internal='internal')

The actions on resources.

class keystone.notifications.Audit[source]

Bases: object

Namespace for audit notification functions.

This is a namespace object to contain all of the direct notification functions utilized for Manager methods.

classmethod added_to(target_type, target_id, actor_type, actor_id, initiator=None, public=True, reason=None)[source]
classmethod created(resource_type, resource_id, initiator=None, public=True, reason=None)[source]
classmethod deleted(resource_type, resource_id, initiator=None, public=True, reason=None)[source]
classmethod disabled(resource_type, resource_id, initiator=None, public=True, reason=None)[source]
classmethod internal(resource_type, resource_id, reason=None)[source]
classmethod removed_from(target_type, target_id, actor_type, actor_id, initiator=None, public=True, reason=None)[source]
classmethod updated(resource_type, resource_id, initiator=None, public=True, reason=None)[source]
class keystone.notifications.CadfNotificationWrapper(operation)[source]

Bases: object

Send CADF event notifications for various methods.

This function is only used for Authentication events. Its action and event_type are dictated below.

  • action: authenticate

  • event_type: identity.authenticate

Sends CADF notifications for events such as whether an authentication was successful or not.


operation – The authentication related action being performed

class keystone.notifications.CadfRoleAssignmentNotificationWrapper(operation)[source]

Bases: object

Send CADF notifications for role_assignment methods.

This function is only used for role assignment events. Its action and event_type are dictated below.

  • action: created.role_assignment or deleted.role_assignment

  • event_type: identity.role_assignment.created or


Sends a CADF notification if the wrapped method does not raise an Exception (such as keystone.exception.NotFound).


operation – one of the values from ACTIONS (created or deleted)

ROLE_ASSIGNMENT = 'role_assignment'

A pyCADF initiator describing the current authenticated context.


Empty subscribers dictionary.

This effectively stops notifications since there will be no subscribers to publish to.


alias of keystone.notifications.CadfNotificationWrapper


A specific notification for invalidating the token cache.


reason (string) – The specific reason why the token cache is being invalidated.


A class decorator to declare a class to be a notification listener.

A notification listener must specify the event(s) it is interested in by defining a event_callbacks attribute or property. event_callbacks is a dictionary where the key is the type of event and the value is a dictionary containing a mapping of resource types to callback(s).

ACTIONS contains constants for the currently supported events. There is currently no single place to find constants for the resource types.


class Something(object):

    def __init__(self):
        self.event_callbacks = {
            notifications.ACTIONS.created: {
                'user': self._user_created_callback,
            notifications.ACTIONS.deleted: {
                'project': [
keystone.notifications.notify_event_callbacks(service, resource_type, operation, payload)[source]

Send a notification to registered extensions.

keystone.notifications.register_event_callback(event, resource_type, callbacks)[source]

Register each callback with the event.

  • event (keystone.notifications.ACTIONS) – Action being registered

  • resource_type (str) – Type of resource being operated on

  • callbacks (list) – Callback items to be registered with event

  • ValueError – If event is not a valid ACTION

  • TypeError – If callback is not callable


Reset the notifications internal state.

This is used only for testing purposes.


alias of keystone.notifications.CadfRoleAssignmentNotificationWrapper

keystone.notifications.send_saml_audit_notification(action, user_id, group_ids, identity_provider, protocol, token_id, outcome)[source]

Send notification to inform observers about SAML events.

  • action (str) – Action being audited

  • user_id (str) – User ID from Keystone token

  • group_ids (list) – List of Group IDs from Keystone token

  • identity_provider (str or None) – ID of the IdP from the Keystone token

  • protocol (str) – Protocol ID for IdP from the Keystone token

  • token_id (str or None) – audit_id from Keystone token

  • outcome (str) – One of pycadf.cadftaxonomy