operation_log: Add ignored_urls parameter

Request URLs can be put in ignored_urls in OPERATION_LOG_OPTIONS
in order to ignore them from auditing.

Change-Id: I6673e765fd88bc4230a3b7ced2ee227669136bb2
Closes-Bug: #1688206
This commit is contained in:
Mateusz Kowalski 2017-05-04 10:26:56 +02:00
parent a6cc518d1f
commit 9242e4902e
3 changed files with 12 additions and 6 deletions

View File

@ -1776,6 +1776,7 @@ Default::
{
'mask_fields': ['password'],
'target_methods': ['POST'],
'ignored_urls': ['/js/', '/static/', '^/api/'],
'format': ("[%(domain_name)s] [%(domain_id)s] [%(project_name)s]"
" [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
" [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"
@ -1789,6 +1790,7 @@ This setting controls the behavior of the operation log.
The fields specified in ``mask_fields`` are logged as ``********``.
* ``target_methods`` is a request method which is logged to a operation log.
The valid methods are ``POST``, ``GET``, ``PUT``, ``DELETE``.
* ``ignored_urls`` is a list of request URLs to be hidded from a log.
* ``format`` defines the operation log format.
Currently you can use the following keywords.
The default value contains all keywords.

View File

@ -14,6 +14,7 @@
import json
import logging
import re
from django.conf import settings
from django.contrib import messages as django_messages
@ -65,12 +66,15 @@ class OperationLogMiddleware(object):
" [%(project_id)s] [%(user_name)s] [%(user_id)s]"
" [%(request_scheme)s] [%(referer_url)s] [%(request_url)s]"
" [%(message)s] [%(method)s] [%(http_status)s] [%(param)s]")
_default_ignored_urls = ['/js/', '/static/', '^/api/']
self.target_methods = [x for x in _methods if x in _available_methods]
self.mask_fields = _log_option.get("mask_fields", ['password'])
self.format = _log_option.get("format", _default_format)
self.static_rule = ['/js/', '/static/']
self._logger = logging.getLogger('horizon.operation_log')
ignored_urls = _log_option.get("ignore_urls", _default_ignored_urls)
self._ignored_urls = [re.compile(url) for url in ignored_urls]
def process_response(self, request, response):
"""Log user operation."""
log_format = self._get_log_format(request)
@ -113,11 +117,10 @@ class OperationLogMiddleware(object):
method = request.method.upper()
if not (method in self.target_methods):
return
if method == 'GET':
request_url = urlparse.unquote(request.path)
for rule in self.static_rule:
if rule in request_url:
return
request_url = urlparse.unquote(request.path)
for rule in self.ignored_urls:
if rule.search(request_url):
return
return self.format
def _get_parameters_from_request(self, request, exception=False):

View File

@ -830,6 +830,7 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
#OPERATION_LOG_OPTIONS = {
# 'mask_fields': ['password'],
# 'target_methods': ['POST'],
# 'ignored_urls': ['/js/', '/static/', '^/api/'],
# 'format': ("[%(client_ip)s] [%(domain_name)s]"
# " [%(domain_id)s] [%(project_name)s]"
# " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"