From 8f6bd4e73539e89ef556a1a8f1f33936ec24f3a4 Mon Sep 17 00:00:00 2001
From: Christian Berendt <berendt@betacloud-solutions.de>
Date: Fri, 29 Jul 2016 20:23:13 +0200
Subject: [PATCH] Enable CADF events in Keystone and introduce
 enable_cadf_notifications

Change-Id: I0a40867ae65011fbfd53308b9d7f42d10435f5fa
Closes-bug: #1607905
---
 ansible/group_vars/all.yml                               | 3 ++-
 ansible/roles/keystone/templates/keystone.conf.j2        | 9 +++++++++
 .../notes/cadf-notifications-6c102c16090688d5.yaml       | 6 ++++++
 3 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 5a28a8962e..b7b461d2e6 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -239,9 +239,10 @@ enable_neutron: "yes"
 enable_nova: "yes"
 enable_rabbitmq: "yes"
 
-# Additional optional OpenStack services are specified here
+# Additional optional OpenStack features and services are specified here
 enable_aodh: "no"
 enable_barbican: "no"
+enable_cadf_notifications: "no"
 enable_ceilometer: "no"
 enable_central_logging: "no"
 enable_ceph: "no"
diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2
index fa10133695..a9bba9a2a4 100644
--- a/ansible/roles/keystone/templates/keystone.conf.j2
+++ b/ansible/roles/keystone/templates/keystone.conf.j2
@@ -1,5 +1,8 @@
 [DEFAULT]
 debug = {{ keystone_logging_debug }}
+{% if enable_cadf_notifications %}
+notification_format = cadf
+{% endif %}
 
 # NOTE(elemoine) log_dir alone does not work for Keystone
 log_file = /var/log/kolla/keystone/keystone.log
@@ -39,3 +42,9 @@ memcache_servers = {{ memcached_servers }}
 {% else %}
 memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
 {%- endif %}
+
+{% if enable_cadf_notifications %}
+[oslo_messaging_notifications]
+driver = messagingv2
+transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
+{% endif %}
diff --git a/releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml b/releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml
new file mode 100644
index 0000000000..cf807edd7b
--- /dev/null
+++ b/releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - Add support for CADF event notifications. This standard provides
+    auditing capabilities for compliance with security, operational,
+    and business processes and supports normalized and categorized
+    event data for federation and aggregation.