Add system scope information to default user identity string

As part of Secure RBAC work, support for system users(eg. system admin)
is being added. However current default format does not include
the system scope information so we can't determine whether the context
is non-scoped or system-scoped.

This change updates the default logging_user_identity_format so that
system scope is logged by default.

Change-Id: I7982cdb280599fb38362eb837cb527592267b91f

oslo_log/_options.py

@@ -167,8 +167,8 @@ log_opts = [
                help='Prefix each line of exception output with this format. '
                     'Used by oslo_log.formatters.ContextFormatter'),
     cfg.StrOpt('logging_user_identity_format',
-               default='%(user)s %(project)s '
-                       '%(domain)s %(user_domain)s %(project_domain)s',
+               default='%(user)s %(project)s %(domain)s %(system_scope)s '
+                       '%(user_domain)s %(project_domain)s',
                help='Defines the format string for %(user_identity)s that '
                     'is used in logging_context_format_string. '
                     'Used by oslo_log.formatters.ContextFormatter'),

oslo_log/tests/unit/test_log.py

@@ -71,6 +71,7 @@ handlers=
 def _fake_context():
     ctxt = context.RequestContext(user_id="myuser",
                                   user_name="myuser",
+                                  system_scope="myscope",
                                   domain="mydomain",
                                   project_id="mytenant",
                                   project_name="mytenant",
@@ -957,9 +958,9 @@ class ContextFormatterTestCase(LogTestBase):
         ctxt.request_id = '99'
         message = 'test'
         self.log.info(message, context=ctxt)
-        expected = ("HAS CONTEXT [%s %s %s %s %s %s]: %s\n" %
+        expected = ("HAS CONTEXT [%s %s %s %s %s %s %s]: %s\n" %
                     (ctxt.request_id, ctxt.user, ctxt.project_id, ctxt.domain,
-                     ctxt.user_domain, ctxt.project_domain,
+                     ctxt.system_scope, ctxt.user_domain, ctxt.project_domain,
                      str(message)))
         self.assertEqual(expected, self.stream.getvalue())
 
@@ -1254,7 +1255,11 @@ class DomainTestCase(LogTestBase):
         super(DomainTestCase, self).setUp()
         self.config(logging_context_format_string="[%(request_id)s]: "
                                                   "%(user_identity)s "
-                                                  "%(message)s")
+                                                  "%(message)s",
+                    logging_user_identity_format="%(user)s %(project)s "
+                                                 "%(user_domain)s "
+                                                 "%(project_domain)s "
+                                                 "%(domain)s")
         self.mylog = log.getLogger()
         self._add_handler_with_cleanup(self.mylog)
         self._set_log_level_with_cleanup(self.mylog, logging.DEBUG)
@@ -1273,7 +1278,8 @@ class DomainTestCase(LogTestBase):
 
     def test_domain_in_log_msg(self):
         ctxt = _fake_context()
-        user_identity = ctxt.get_logging_values()['user_identity']
+        user_identity = (self.CONF.logging_user_identity_format %
+                         ctxt.get_logging_values())
         self.assertIn(ctxt.domain, user_identity)
         self.assertIn(ctxt.project_domain, user_identity)
         self.assertIn(ctxt.user_domain, user_identity)

releasenotes/notes/add-system_scope-to-logging_user_identity_format-0581ce5070740375.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Default value of the ``[DEFAULT] logging_user_identity_format`` option has
+    been updated and now includes system scope information by default.

requirements.txt

@@ -4,7 +4,7 @@
 
 pbr>=3.1.1 # Apache-2.0
 oslo.config>=5.2.0 # Apache-2.0
-oslo.context>=2.20.0 # Apache-2.0
+oslo.context>=2.21.0 # Apache-2.0
 oslo.i18n>=3.20.0 # Apache-2.0
 oslo.utils>=3.36.0 # Apache-2.0
 oslo.serialization>=2.25.0 # Apache-2.0