Browse Source

End user logging for audit traceabilty

Changes for Client to support new end user header
and add end user name to logs.

Change-Id: Iea1e42eafa573960735415ce337a1558b864edfc
Smruti Soumitra Khuntia 1 month ago
parent
commit
d12aa27712

+ 8
- 1
python/drydock_provisioner/control/base.py View File

@@ -71,13 +71,15 @@ class BaseResource(object):
71 71
         resp.status = status_code
72 72
 
73 73
     def log_error(self, ctx, level, msg):
74
-        extra = {'user': 'N/A', 'req_id': 'N/A', 'external_ctx': 'N/A'}
74
+        extra = {'user': 'N/A', 'req_id': 'N/A', 'external_ctx': 'N/A',
75
+                 'end_user': 'N/A'}
75 76
 
76 77
         if ctx is not None:
77 78
             extra = {
78 79
                 'user': ctx.user,
79 80
                 'req_id': ctx.request_id,
80 81
                 'external_ctx': ctx.external_marker,
82
+                'end_user': ctx.end_user,
81 83
             }
82 84
 
83 85
         self.logger.log(level, msg, extra=extra)
@@ -130,6 +132,7 @@ class DrydockRequestContext(object):
130 132
         self.request_id = str(uuid.uuid4())
131 133
         self.external_marker = ''
132 134
         self.policy_engine = None
135
+        self.end_user = None  # Initial User
133 136
 
134 137
     @classmethod
135 138
     def from_dict(cls, d):
@@ -160,6 +163,7 @@ class DrydockRequestContext(object):
160 163
             'authenticated': self.authenticated,
161 164
             'request_id': self.request_id,
162 165
             'external_marker': self.external_marker,
166
+            'end_user': self.end_user,
163 167
         }
164 168
 
165 169
     def set_log_level(self, level):
@@ -187,6 +191,9 @@ class DrydockRequestContext(object):
187 191
     def set_policy_engine(self, engine):
188 192
         self.policy_engine = engine
189 193
 
194
+    def set_end_user(self, end_user):
195
+        self.end_user = end_user
196
+
190 197
     def to_policy_view(self):
191 198
         policy_dict = {}
192 199
 

+ 10
- 0
python/drydock_provisioner/control/middleware.py View File

@@ -87,10 +87,18 @@ class ContextMiddleware(object):
87 87
         ctx = req.context
88 88
 
89 89
         ext_marker = req.get_header('X-Context-Marker')
90
+        end_user = req.get_header('X-End-User')
90 91
 
91 92
         if ext_marker is not None and self.marker_re.fullmatch(ext_marker):
92 93
             ctx.set_external_marker(ext_marker)
93 94
 
95
+        # Set end user from req header in context obj if available
96
+        # else set the user as end user.
97
+        if end_user is not None:
98
+            ctx.set_end_user(end_user)
99
+        else:
100
+            ctx.set_end_user(ctx.user)
101
+
94 102
 
95 103
 class LoggingMiddleware(object):
96 104
     def __init__(self):
@@ -101,6 +109,7 @@ class LoggingMiddleware(object):
101 109
             'user': req.context.user,
102 110
             'req_id': req.context.request_id,
103 111
             'external_ctx': req.context.external_marker,
112
+            'end_user': req.context.end_user,
104 113
         }
105 114
         self.logger.info(
106 115
             "Request: %s %s %s" % (req.method, req.uri, req.query_string),
@@ -112,6 +121,7 @@ class LoggingMiddleware(object):
112 121
             'user': ctx.user,
113 122
             'req_id': ctx.request_id,
114 123
             'external_ctx': ctx.external_marker,
124
+            'end_user': ctx.end_user,
115 125
         }
116 126
         resp.append_header('X-Drydock-Req', ctx.request_id)
117 127
         self.logger.info(

+ 2
- 1
python/drydock_provisioner/drydock.py View File

@@ -63,7 +63,8 @@ def start_drydock(enable_keystone=True):
63 63
         config.config_mgr.conf.logging.control_logger_name)
64 64
     logger.propagate = False
65 65
     formatter = logging.Formatter(
66
-        '%(asctime)s - %(levelname)s - %(user)s - %(req_id)s - %(external_ctx)s - %(message)s'
66
+        "%(asctime)s - %(levelname)s - %(user)s - %(req_id)s"
67
+        " - %(external_ctx)s - %(end_user)s - %(message)s"
67 68
     )
68 69
 
69 70
     ch = logging.StreamHandler()

+ 5
- 0
python/drydock_provisioner/drydock_client/session.py View File

@@ -39,6 +39,7 @@ class DrydockSession(object):
39 39
                  scheme='http',
40 40
                  auth_gen=None,
41 41
                  marker=None,
42
+                 end_user=None,
42 43
                  timeout=None):
43 44
         self.logger = logging.getLogger(__name__)
44 45
         self.__session = requests.Session()
@@ -47,8 +48,12 @@ class DrydockSession(object):
47 48
         self.set_auth()
48 49
 
49 50
         self.marker = marker
51
+        self.end_user = end_user
50 52
         self.__session.headers.update({'X-Context-Marker': marker})
51 53
 
54
+        if end_user:
55
+            self.__session.headers.update({'X-End-User': end_user})
56
+
52 57
         self.host = host
53 58
         self.scheme = scheme
54 59
 

+ 2
- 1
python/tests/conftest.py View File

@@ -123,7 +123,8 @@ def setup_logging():
123 123
     logger = logging.getLogger('drydock.control')
124 124
     logger.propagate = False
125 125
     formatter = logging.Formatter(
126
-        '%(asctime)s - %(levelname)s - %(user)s - %(req_id)s - %(external_ctx)s - %(message)s'
126
+        "%(asctime)s - %(levelname)s - %(user)s - %(req_id)s"
127
+        " - %(external_ctx)s - %(end_user)s - %(message)s"
127 128
     )
128 129
 
129 130
     ch = logging.StreamHandler()

Loading…
Cancel
Save