Browse Source

Merge "End user logging for audit traceabilty"

Zuul 1 week ago
parent
commit
af8a9ffd08
3 changed files with 49 additions and 14 deletions
  1. 11
    1
      armada/api/__init__.py
  2. 34
    12
      armada/api/middleware.py
  3. 4
    1
      armada/common/session.py

+ 11
- 1
armada/api/__init__.py View File

@@ -88,13 +88,19 @@ class BaseResource(object):
88 88
         resp.status = status_code
89 89
 
90 90
     def log_error(self, ctx, level, msg):
91
-        extra = {'user': 'N/A', 'req_id': 'N/A', 'external_ctx': 'N/A'}
91
+        extra = {
92
+            'user': 'N/A',
93
+            'req_id': 'N/A',
94
+            'external_ctx': 'N/A',
95
+            'end_user': 'N/A',
96
+        }
92 97
 
93 98
         if ctx is not None:
94 99
             extra = {
95 100
                 'user': ctx.user,
96 101
                 'req_id': ctx.request_id,
97 102
                 'external_ctx': ctx.external_marker,
103
+                'end_user': ctx.end_user,
98 104
             }
99 105
 
100 106
         self.logger.log(level, msg, extra=extra)
@@ -129,6 +135,7 @@ class ArmadaRequestContext(object):
129 135
         self.authenticated = False
130 136
         self.request_id = str(uuid.uuid4())
131 137
         self.external_marker = ''
138
+        self.end_user = None  # Initial User
132 139
 
133 140
     def set_log_level(self, level):
134 141
         if level in ['error', 'info', 'debug']:
@@ -152,6 +159,9 @@ class ArmadaRequestContext(object):
152 159
     def set_external_marker(self, marker):
153 160
         self.external_marker = marker
154 161
 
162
+    def set_end_user(self, end_user):
163
+        self.end_user = end_user
164
+
155 165
     def to_policy_view(self):
156 166
         policy_dict = {}
157 167
 

+ 34
- 12
armada/api/middleware.py View File

@@ -81,10 +81,18 @@ class ContextMiddleware(object):
81 81
         ctx = req.context
82 82
 
83 83
         ext_marker = req.get_header('X-Context-Marker')
84
+        end_user = req.get_header('X-End-User')
84 85
 
85 86
         if ext_marker is not None and self.is_valid_uuid(ext_marker):
86 87
             ctx.set_external_marker(ext_marker)
87 88
 
89
+        # Set end user from req header in context obj if available
90
+        # else set the user as end user.
91
+        if end_user is not None:
92
+            ctx.set_end_user(end_user)
93
+        else:
94
+            ctx.set_end_user(ctx.user)
95
+
88 96
     def is_valid_uuid(self, id, version=4):
89 97
         try:
90 98
             uuid_obj = UUID(id, version=version)
@@ -115,12 +123,19 @@ class LoggingMiddleware(object):
115 123
             return
116 124
 
117 125
         ctx = req.context
118
-        extra = {
119
-            'user': ctx.user,
120
-            'req_id': ctx.request_id,
121
-            'external_ctx': ctx.external_marker,
122
-        }
123
-        self.logger.info("Request %s %s" % (req.method, req.url), extra=extra)
126
+
127
+        # Get audit logging attributes from context
128
+        user = getattr(ctx, 'user', None)
129
+        req_id = getattr(ctx, 'request_id', None)
130
+        external_ctx = getattr(ctx, 'external_marker', None)
131
+        end_user = getattr(ctx, 'end_user', None)
132
+
133
+        # Log request with audit params
134
+        self.logger.info(
135
+            "user=%s request_id=%s ext_ctx=%s end_user=%s Request: %s %s %s",
136
+            user or '-', req_id or '-', external_ctx or '-', end_user or '-',
137
+            req.method, req.uri, req.query_string)
138
+
124 139
         self._log_headers(req.headers)
125 140
 
126 141
     def process_response(self, req, resp, resource, req_succeeded):
@@ -130,14 +145,21 @@ class LoggingMiddleware(object):
130 145
             return
131 146
 
132 147
         ctx = req.context
133
-        extra = {
134
-            'user': ctx.user,
135
-            'req_id': ctx.request_id,
136
-            'external_ctx': ctx.external_marker,
137
-        }
148
+
149
+        # Get audit logging attributes from context
150
+        user = getattr(ctx, 'user', None)
151
+        req_id = getattr(ctx, 'request_id', None)
152
+        external_ctx = getattr(ctx, 'external_marker', None)
153
+        end_user = getattr(ctx, 'end_user', None)
154
+
138 155
         resp.append_header('X-Armada-Req', ctx.request_id)
156
+
157
+        # Log response with audit params
139 158
         self.logger.info(
140
-            "%s %s - %s" % (req.method, req.uri, resp.status), extra=extra)
159
+            "user=%s request_id=%s ext_ctx=%s end_user=%s Response: %s %s %s",
160
+            user or '-', req_id or '-', external_ctx or '-', end_user or '-',
161
+            req.method, req.uri, resp.status)
162
+
141 163
         self.logger.debug("Response body:%s", resp.body)
142 164
 
143 165
     def _log_headers(self, headers):

+ 4
- 1
armada/common/session.py View File

@@ -41,12 +41,14 @@ class ArmadaSession(object):
41 41
                  scheme='http',
42 42
                  token=None,
43 43
                  marker=None,
44
+                 end_user=None,
44 45
                  timeout=None):
45 46
 
46 47
         self._session = requests.Session()
47 48
         self._session.headers.update({
48 49
             'X-Auth-Token': token,
49
-            'X-Context-Marker': marker
50
+            'X-Context-Marker': marker,
51
+            'X-End-User': end_user,
50 52
         })
51 53
         self.host = host
52 54
         self.scheme = scheme
@@ -62,6 +64,7 @@ class ArmadaSession(object):
62 64
                                                                  timeout)
63 65
         self.token = token
64 66
         self.marker = marker
67
+        self.end_user = end_user
65 68
         self.logger = LOG
66 69
 
67 70
     # TODO Add keystone authentication to produce a token for this session

Loading…
Cancel
Save