2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 03:19:48 +00:00

Reduce verbosity of audit log

There are a number of pretty innocuous requests that
need not be individually tracked.  For such requests,
we'll abstain from putting it into the log.
This commit is contained in:
Jarrod Johnson 2016-04-08 16:51:32 -04:00
parent f8b878b5f4
commit 22509946c0

View File

@ -194,6 +194,25 @@ def _get_query_dict(env, reqbody, reqtype):
qdict = nqdict
return qdict
def _should_skip_authlog(env):
if ('/console/session' in env['PATH_INFO'] or
'/shell/sessions/' in env['PATH_INFO']):
# we should only log starting of a console
return True
if '/sessions/current/async' in env['PATH_INFO']:
# this is effectively invisible
return True
if (env['REQUEST_METHOD'] == 'GET' and
('/sensors/' in env['PATH_INFO'] or
'/health/' in env['PATH_INFO'] or
'/power/state' in env['PATH_INFO'] or
'/nodes/' == env['PATH_INFO'] or
'/sessions/current/info' == env['PATH_INFO'] or
(env['PATH_INFO'].startswith('/noderange/') and
env['PATH_INFO'].endswith('/nodes/')))):
# these are pretty innocuous, and noisy to log.
return True
return False
def _authorize_request(env, operation):
"""Grant/Deny access based on data from wsgi env
@ -241,9 +260,7 @@ def _authorize_request(env, operation):
cookie['confluentsessionid']['secure'] = 1
cookie['confluentsessionid']['httponly'] = 1
cookie['confluentsessionid']['path'] = '/'
skiplog = False
if '/console/session' in env['PATH_INFO']:
skiplog = True
skiplog = _should_skip_authlog(env)
if authdata:
auditmsg = {
'user': name,