Add system scope information to default user identity string

As part of Secure RBAC work, support for system users(eg. system admin)
is being added. However current default format does not include
the system scope information so we can't determine whether the context
is non-scoped or system-scoped.

This change updates the default logging_user_identity_format so that
system scope is logged by default.

Change-Id: I7982cdb280599fb38362eb837cb527592267b91f
This commit is contained in:
Takashi Kajinami 2022-04-15 23:47:33 +09:00
parent f31946fd89
commit 7ed065f38d
4 changed files with 18 additions and 7 deletions

View File

@ -167,8 +167,8 @@ log_opts = [
help='Prefix each line of exception output with this format. '
'Used by oslo_log.formatters.ContextFormatter'),
cfg.StrOpt('logging_user_identity_format',
default='%(user)s %(project)s '
'%(domain)s %(user_domain)s %(project_domain)s',
default='%(user)s %(project)s %(domain)s %(system_scope)s '
'%(user_domain)s %(project_domain)s',
help='Defines the format string for %(user_identity)s that '
'is used in logging_context_format_string. '
'Used by oslo_log.formatters.ContextFormatter'),

View File

@ -71,6 +71,7 @@ handlers=
def _fake_context():
ctxt = context.RequestContext(user_id="myuser",
user_name="myuser",
system_scope="myscope",
domain="mydomain",
project_id="mytenant",
project_name="mytenant",
@ -957,9 +958,9 @@ class ContextFormatterTestCase(LogTestBase):
ctxt.request_id = '99'
message = 'test'
self.log.info(message, context=ctxt)
expected = ("HAS CONTEXT [%s %s %s %s %s %s]: %s\n" %
expected = ("HAS CONTEXT [%s %s %s %s %s %s %s]: %s\n" %
(ctxt.request_id, ctxt.user, ctxt.project_id, ctxt.domain,
ctxt.user_domain, ctxt.project_domain,
ctxt.system_scope, ctxt.user_domain, ctxt.project_domain,
str(message)))
self.assertEqual(expected, self.stream.getvalue())
@ -1254,7 +1255,11 @@ class DomainTestCase(LogTestBase):
super(DomainTestCase, self).setUp()
self.config(logging_context_format_string="[%(request_id)s]: "
"%(user_identity)s "
"%(message)s")
"%(message)s",
logging_user_identity_format="%(user)s %(project)s "
"%(user_domain)s "
"%(project_domain)s "
"%(domain)s")
self.mylog = log.getLogger()
self._add_handler_with_cleanup(self.mylog)
self._set_log_level_with_cleanup(self.mylog, logging.DEBUG)
@ -1273,7 +1278,8 @@ class DomainTestCase(LogTestBase):
def test_domain_in_log_msg(self):
ctxt = _fake_context()
user_identity = ctxt.get_logging_values()['user_identity']
user_identity = (self.CONF.logging_user_identity_format %
ctxt.get_logging_values())
self.assertIn(ctxt.domain, user_identity)
self.assertIn(ctxt.project_domain, user_identity)
self.assertIn(ctxt.user_domain, user_identity)

View File

@ -0,0 +1,5 @@
---
upgrade:
- |
Default value of the ``[DEFAULT] logging_user_identity_format`` option has
been updated and now includes system scope information by default.

View File

@ -4,7 +4,7 @@
pbr>=3.1.1 # Apache-2.0
oslo.config>=5.2.0 # Apache-2.0
oslo.context>=2.20.0 # Apache-2.0
oslo.context>=2.21.0 # Apache-2.0
oslo.i18n>=3.20.0 # Apache-2.0
oslo.utils>=3.36.0 # Apache-2.0
oslo.serialization>=2.25.0 # Apache-2.0