proxy-logging: create field for access_user_id
Added the new field to be able to log the access key during the s3api calls, while reserving the field to be filled with auth relevant information in case of other middlewares. Added respective code to the tempauth and keystone middlewares. Since s3api creates a copy of the environ dict for the downstream request object when translating the s3req.to_swift_req the environ dict that is seen/modifed in other mw module is not the same instance seen in proxy-logging - using mutable objects get transfered into the swift_req.environ. Change the assert in test_proxy_logging from "the last field" to the index 21 in the interests of maintainability. Also added some regression tests for object, bucket and s3 v4 apis and updated the documentation with the details about the new field. Signed-off-by: Vitaly Bordyug <vbordug@gmail.com> Change-Id: I0ce4e92458e2b05a4848cc7675604c1aa2b64d64
This commit is contained in:
Vitaly Bordyug
committed by
Matthew Oliver
parent
e75e93f11c
commit
32eaab20b1
11 changed files with 186 additions and 7 deletions
@@ -34,6 +34,7 @@ The default log format is::
{status_int} {referer} {user_agent} {auth_token} {bytes_recvd}
{bytes_sent} {client_etag} {transaction_id} {headers} {request_time}
{source} {log_info} {start_time} {end_time} {policy_index}
{access_user_id}
Some keywords, signaled by the (anonymizable) flag, can be anonymized by
using the transformer 'anonymized'. The data are applied the hashing method of
@@ -99,6 +100,12 @@ pid PID of the process emitting the log line.
wire_status_int The status sent to the client, which may be different than
the logged response code if there was an error during the
body of the request or a disconnect.
access_user_id The user ID for logging. Middlewares should set
environ['swift.access_logging']['user_id'] to identify the user
for logging purposes. For S3 API requests, this contains the S3
access key ID. Other auth middlewares should set user-specific
identifiers. For requests without auth middleware support, this
field will be "-".
=================== ==========================================================
In one log line, all of the above fields are space-separated and url-encoded.
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.