From 9242e4902ec7470f2819fa84ad964adbcdcf5eb2 Mon Sep 17 00:00:00 2001 From: Mateusz Kowalski Date: Thu, 4 May 2017 10:26:56 +0200 Subject: [PATCH] operation_log: Add ignored_urls parameter Request URLs can be put in ignored_urls in OPERATION_LOG_OPTIONS in order to ignore them from auditing. Change-Id: I6673e765fd88bc4230a3b7ced2ee227669136bb2 Closes-Bug: #1688206 --- doc/source/install/settings.rst | 2 ++ horizon/middleware/operation_log.py | 15 +++++++++------ .../local/local_settings.py.example | 1 + 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/doc/source/install/settings.rst b/doc/source/install/settings.rst index eaf3abb869..d6cf8b5f9c 100644 --- a/doc/source/install/settings.rst +++ b/doc/source/install/settings.rst @@ -1776,6 +1776,7 @@ Default:: { 'mask_fields': ['password'], 'target_methods': ['POST'], + 'ignored_urls': ['/js/', '/static/', '^/api/'], 'format': ("[%(domain_name)s] [%(domain_id)s] [%(project_name)s]" " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]" " [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]" @@ -1789,6 +1790,7 @@ This setting controls the behavior of the operation log. The fields specified in ``mask_fields`` are logged as ``********``. * ``target_methods`` is a request method which is logged to a operation log. The valid methods are ``POST``, ``GET``, ``PUT``, ``DELETE``. +* ``ignored_urls`` is a list of request URLs to be hidded from a log. * ``format`` defines the operation log format. Currently you can use the following keywords. The default value contains all keywords. diff --git a/horizon/middleware/operation_log.py b/horizon/middleware/operation_log.py index 189f8475a1..a31000f54b 100644 --- a/horizon/middleware/operation_log.py +++ b/horizon/middleware/operation_log.py @@ -14,6 +14,7 @@ import json import logging +import re from django.conf import settings from django.contrib import messages as django_messages @@ -65,12 +66,15 @@ class OperationLogMiddleware(object): " [%(project_id)s] [%(user_name)s] [%(user_id)s]" " [%(request_scheme)s] [%(referer_url)s] [%(request_url)s]" " [%(message)s] [%(method)s] [%(http_status)s] [%(param)s]") + _default_ignored_urls = ['/js/', '/static/', '^/api/'] self.target_methods = [x for x in _methods if x in _available_methods] self.mask_fields = _log_option.get("mask_fields", ['password']) self.format = _log_option.get("format", _default_format) - self.static_rule = ['/js/', '/static/'] self._logger = logging.getLogger('horizon.operation_log') + ignored_urls = _log_option.get("ignore_urls", _default_ignored_urls) + self._ignored_urls = [re.compile(url) for url in ignored_urls] + def process_response(self, request, response): """Log user operation.""" log_format = self._get_log_format(request) @@ -113,11 +117,10 @@ class OperationLogMiddleware(object): method = request.method.upper() if not (method in self.target_methods): return - if method == 'GET': - request_url = urlparse.unquote(request.path) - for rule in self.static_rule: - if rule in request_url: - return + request_url = urlparse.unquote(request.path) + for rule in self.ignored_urls: + if rule.search(request_url): + return return self.format def _get_parameters_from_request(self, request, exception=False): diff --git a/openstack_dashboard/local/local_settings.py.example b/openstack_dashboard/local/local_settings.py.example index 3e3d448084..ee89d83807 100644 --- a/openstack_dashboard/local/local_settings.py.example +++ b/openstack_dashboard/local/local_settings.py.example @@ -830,6 +830,7 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES', #OPERATION_LOG_OPTIONS = { # 'mask_fields': ['password'], # 'target_methods': ['POST'], +# 'ignored_urls': ['/js/', '/static/', '^/api/'], # 'format': ("[%(client_ip)s] [%(domain_name)s]" # " [%(domain_id)s] [%(project_name)s]" # " [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"