operation_log: Add ignored_urls parameter
Request URLs can be put in ignored_urls in OPERATION_LOG_OPTIONS in order to ignore them from auditing. Change-Id: I6673e765fd88bc4230a3b7ced2ee227669136bb2 Closes-Bug: #1688206
This commit is contained in:
parent
a6cc518d1f
commit
9242e4902e
@ -1776,6 +1776,7 @@ Default::
|
||||
{
|
||||
'mask_fields': ['password'],
|
||||
'target_methods': ['POST'],
|
||||
'ignored_urls': ['/js/', '/static/', '^/api/'],
|
||||
'format': ("[%(domain_name)s] [%(domain_id)s] [%(project_name)s]"
|
||||
" [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
|
||||
" [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"
|
||||
@ -1789,6 +1790,7 @@ This setting controls the behavior of the operation log.
|
||||
The fields specified in ``mask_fields`` are logged as ``********``.
|
||||
* ``target_methods`` is a request method which is logged to a operation log.
|
||||
The valid methods are ``POST``, ``GET``, ``PUT``, ``DELETE``.
|
||||
* ``ignored_urls`` is a list of request URLs to be hidded from a log.
|
||||
* ``format`` defines the operation log format.
|
||||
Currently you can use the following keywords.
|
||||
The default value contains all keywords.
|
||||
|
@ -14,6 +14,7 @@
|
||||
|
||||
import json
|
||||
import logging
|
||||
import re
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib import messages as django_messages
|
||||
@ -65,12 +66,15 @@ class OperationLogMiddleware(object):
|
||||
" [%(project_id)s] [%(user_name)s] [%(user_id)s]"
|
||||
" [%(request_scheme)s] [%(referer_url)s] [%(request_url)s]"
|
||||
" [%(message)s] [%(method)s] [%(http_status)s] [%(param)s]")
|
||||
_default_ignored_urls = ['/js/', '/static/', '^/api/']
|
||||
self.target_methods = [x for x in _methods if x in _available_methods]
|
||||
self.mask_fields = _log_option.get("mask_fields", ['password'])
|
||||
self.format = _log_option.get("format", _default_format)
|
||||
self.static_rule = ['/js/', '/static/']
|
||||
self._logger = logging.getLogger('horizon.operation_log')
|
||||
|
||||
ignored_urls = _log_option.get("ignore_urls", _default_ignored_urls)
|
||||
self._ignored_urls = [re.compile(url) for url in ignored_urls]
|
||||
|
||||
def process_response(self, request, response):
|
||||
"""Log user operation."""
|
||||
log_format = self._get_log_format(request)
|
||||
@ -113,11 +117,10 @@ class OperationLogMiddleware(object):
|
||||
method = request.method.upper()
|
||||
if not (method in self.target_methods):
|
||||
return
|
||||
if method == 'GET':
|
||||
request_url = urlparse.unquote(request.path)
|
||||
for rule in self.static_rule:
|
||||
if rule in request_url:
|
||||
return
|
||||
request_url = urlparse.unquote(request.path)
|
||||
for rule in self.ignored_urls:
|
||||
if rule.search(request_url):
|
||||
return
|
||||
return self.format
|
||||
|
||||
def _get_parameters_from_request(self, request, exception=False):
|
||||
|
@ -830,6 +830,7 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
|
||||
#OPERATION_LOG_OPTIONS = {
|
||||
# 'mask_fields': ['password'],
|
||||
# 'target_methods': ['POST'],
|
||||
# 'ignored_urls': ['/js/', '/static/', '^/api/'],
|
||||
# 'format': ("[%(client_ip)s] [%(domain_name)s]"
|
||||
# " [%(domain_id)s] [%(project_name)s]"
|
||||
# " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
|
||||
|
Loading…
Reference in New Issue
Block a user