End user logging for audit traceabilty

Changes for Client to support new end user header
and add end user name to logs.

Change-Id: If1a43197c59cac60caca2a517bcf053fa33f82c4
This commit is contained in:
Smruti Soumitra Khuntia 2019-02-20 15:44:41 +05:30
parent f8bc1ccb85
commit 6dd190c9d9
3 changed files with 49 additions and 14 deletions

View File

@ -88,13 +88,19 @@ class BaseResource(object):
resp.status = status_code resp.status = status_code
def log_error(self, ctx, level, msg): def log_error(self, ctx, level, msg):
extra = {'user': 'N/A', 'req_id': 'N/A', 'external_ctx': 'N/A'} extra = {
'user': 'N/A',
'req_id': 'N/A',
'external_ctx': 'N/A',
'end_user': 'N/A',
}
if ctx is not None: if ctx is not None:
extra = { extra = {
'user': ctx.user, 'user': ctx.user,
'req_id': ctx.request_id, 'req_id': ctx.request_id,
'external_ctx': ctx.external_marker, 'external_ctx': ctx.external_marker,
'end_user': ctx.end_user,
} }
self.logger.log(level, msg, extra=extra) self.logger.log(level, msg, extra=extra)
@ -129,6 +135,7 @@ class ArmadaRequestContext(object):
self.authenticated = False self.authenticated = False
self.request_id = str(uuid.uuid4()) self.request_id = str(uuid.uuid4())
self.external_marker = '' self.external_marker = ''
self.end_user = None # Initial User
def set_log_level(self, level): def set_log_level(self, level):
if level in ['error', 'info', 'debug']: if level in ['error', 'info', 'debug']:
@ -152,6 +159,9 @@ class ArmadaRequestContext(object):
def set_external_marker(self, marker): def set_external_marker(self, marker):
self.external_marker = marker self.external_marker = marker
def set_end_user(self, end_user):
self.end_user = end_user
def to_policy_view(self): def to_policy_view(self):
policy_dict = {} policy_dict = {}

View File

@ -81,10 +81,18 @@ class ContextMiddleware(object):
ctx = req.context ctx = req.context
ext_marker = req.get_header('X-Context-Marker') ext_marker = req.get_header('X-Context-Marker')
end_user = req.get_header('X-End-User')
if ext_marker is not None and self.is_valid_uuid(ext_marker): if ext_marker is not None and self.is_valid_uuid(ext_marker):
ctx.set_external_marker(ext_marker) ctx.set_external_marker(ext_marker)
# Set end user from req header in context obj if available
# else set the user as end user.
if end_user is not None:
ctx.set_end_user(end_user)
else:
ctx.set_end_user(ctx.user)
def is_valid_uuid(self, id, version=4): def is_valid_uuid(self, id, version=4):
try: try:
uuid_obj = UUID(id, version=version) uuid_obj = UUID(id, version=version)
@ -115,12 +123,19 @@ class LoggingMiddleware(object):
return return
ctx = req.context ctx = req.context
extra = {
'user': ctx.user, # Get audit logging attributes from context
'req_id': ctx.request_id, user = getattr(ctx, 'user', None)
'external_ctx': ctx.external_marker, req_id = getattr(ctx, 'request_id', None)
} external_ctx = getattr(ctx, 'external_marker', None)
self.logger.info("Request %s %s" % (req.method, req.url), extra=extra) end_user = getattr(ctx, 'end_user', None)
# Log request with audit params
self.logger.info(
"user=%s request_id=%s ext_ctx=%s end_user=%s Request: %s %s %s",
user or '-', req_id or '-', external_ctx or '-', end_user or '-',
req.method, req.uri, req.query_string)
self._log_headers(req.headers) self._log_headers(req.headers)
def process_response(self, req, resp, resource, req_succeeded): def process_response(self, req, resp, resource, req_succeeded):
@ -130,14 +145,21 @@ class LoggingMiddleware(object):
return return
ctx = req.context ctx = req.context
extra = {
'user': ctx.user, # Get audit logging attributes from context
'req_id': ctx.request_id, user = getattr(ctx, 'user', None)
'external_ctx': ctx.external_marker, req_id = getattr(ctx, 'request_id', None)
} external_ctx = getattr(ctx, 'external_marker', None)
end_user = getattr(ctx, 'end_user', None)
resp.append_header('X-Armada-Req', ctx.request_id) resp.append_header('X-Armada-Req', ctx.request_id)
# Log response with audit params
self.logger.info( self.logger.info(
"%s %s - %s" % (req.method, req.uri, resp.status), extra=extra) "user=%s request_id=%s ext_ctx=%s end_user=%s Response: %s %s %s",
user or '-', req_id or '-', external_ctx or '-', end_user or '-',
req.method, req.uri, resp.status)
self.logger.debug("Response body:%s", resp.body) self.logger.debug("Response body:%s", resp.body)
def _log_headers(self, headers): def _log_headers(self, headers):

View File

@ -41,12 +41,14 @@ class ArmadaSession(object):
scheme='http', scheme='http',
token=None, token=None,
marker=None, marker=None,
end_user=None,
timeout=None): timeout=None):
self._session = requests.Session() self._session = requests.Session()
self._session.headers.update({ self._session.headers.update({
'X-Auth-Token': token, 'X-Auth-Token': token,
'X-Context-Marker': marker 'X-Context-Marker': marker,
'X-End-User': end_user,
}) })
self.host = host self.host = host
self.scheme = scheme self.scheme = scheme
@ -62,6 +64,7 @@ class ArmadaSession(object):
timeout) timeout)
self.token = token self.token = token
self.marker = marker self.marker = marker
self.end_user = end_user
self.logger = LOG self.logger = LOG
# TODO Add keystone authentication to produce a token for this session # TODO Add keystone authentication to produce a token for this session