operation_log: Add ignored_urls parameter

Request URLs can be put in ignored_urls in OPERATION_LOG_OPTIONS in order to ignore them from auditing. Change-Id: I6673e765fd88bc4230a3b7ced2ee227669136bb2 Closes-Bug: #1688206
2017-05-04 10:26:56 +02:00 · 2017-05-04 10:26:56 +02:00 · 9242e4902e
commit 9242e4902e
parent a6cc518d1f
3 changed files with 12 additions and 6 deletions
--- a/doc/source/install/settings.rst
+++ b/doc/source/install/settings.rst
@ -1776,6 +1776,7 @@ Default::
        {
         'mask_fields': ['password'],
         'target_methods': ['POST'],
+         'ignored_urls': ['/js/', '/static/', '^/api/'],
         'format': ("[%(domain_name)s] [%(domain_id)s] [%(project_name)s]"
             " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
             " [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"
@ -1789,6 +1790,7 @@ This setting controls the behavior of the operation log.
  The fields specified in ``mask_fields`` are logged as ``********``.
 * ``target_methods`` is a request method which is logged to a operation log.
  The valid methods are ``POST``, ``GET``, ``PUT``, ``DELETE``.
+* ``ignored_urls`` is a list of request URLs to be hidded from a log.
 * ``format`` defines the operation log format.
  Currently you can use the following keywords.
  The default value contains all keywords.
--- a/horizon/middleware/operation_log.py
+++ b/horizon/middleware/operation_log.py
@ -14,6 +14,7 @@

 import json
 import logging
+import re

 from django.conf import settings
 from django.contrib import messages as django_messages
@ -65,12 +66,15 @@ class OperationLogMiddleware(object):
            " [%(project_id)s] [%(user_name)s] [%(user_id)s]"
            " [%(request_scheme)s] [%(referer_url)s] [%(request_url)s]"
            " [%(message)s] [%(method)s] [%(http_status)s] [%(param)s]")
+        _default_ignored_urls = ['/js/', '/static/', '^/api/']
        self.target_methods = [x for x in _methods if x in _available_methods]
        self.mask_fields = _log_option.get("mask_fields", ['password'])
        self.format = _log_option.get("format", _default_format)
-        self.static_rule = ['/js/', '/static/']
        self._logger = logging.getLogger('horizon.operation_log')

+        ignored_urls = _log_option.get("ignore_urls", _default_ignored_urls)
+        self._ignored_urls = [re.compile(url) for url in ignored_urls]
+
    def process_response(self, request, response):
        """Log user operation."""
        log_format = self._get_log_format(request)
@ -113,11 +117,10 @@ class OperationLogMiddleware(object):
        method = request.method.upper()
        if not (method in self.target_methods):
            return
-        if method == 'GET':
-            request_url = urlparse.unquote(request.path)
-            for rule in self.static_rule:
-                if rule in request_url:
-                    return
+        request_url = urlparse.unquote(request.path)
+        for rule in self.ignored_urls:
+            if rule.search(request_url):
+                return
        return self.format

    def _get_parameters_from_request(self, request, exception=False):
--- a/openstack_dashboard/local/local_settings.py.example
+++ b/openstack_dashboard/local/local_settings.py.example
@ -830,6 +830,7 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
 #OPERATION_LOG_OPTIONS = {
 #    'mask_fields': ['password'],
 #    'target_methods': ['POST'],
+#    'ignored_urls': ['/js/', '/static/', '^/api/'],
 #    'format': ("[%(client_ip)s] [%(domain_name)s]"
 #        " [%(domain_id)s] [%(project_name)s]"
 #        " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"