def authorize_console(self, context, token, console_type, host, port, internal_access_path, instance_uuid): token_dict = {'token': token, 'instance_uuid': instance_uuid, 'console_type': console_type, 'host': host, 'port': port, 'internal_access_path': internal_access_path, 'last_activity_at': time.time()} data = jsonutils.dumps(token_dict) # We need to log the warning message if the token is not cached # successfully, because the failure will cause the console for # instance to not be usable. if not self.mc.set(token.encode('UTF-8'), data, CONF.console_token_ttl): LOG.warning(_LW("Token: %(token)s failed to save into memcached."), {'token': HWExtend.b64encodeToken(token)}) tokens = self._get_tokens_for_instance(instance_uuid) # Remove the expired tokens from cache. for tok in tokens: token_str = self.mc.get(tok.encode('UTF-8')) if not token_str: tokens.remove(tok) tokens.append(token) if not self.mc.set(instance_uuid.encode('UTF-8'), jsonutils.dumps(tokens)): LOG.warning(_LW("Instance: %(instance_uuid)s failed to save " "into memcached"), {'instance_uuid': instance_uuid}) token = HWExtend.b64encodeToken(token) token_dict['token'] = token LOG.audit(_("Received Token: %(token)s, %(token_dict)s"), {'token': token, 'token_dict': token_dict})
def check_token(self, context, token): token_str = self.mc.get(token.encode('UTF-8')) token_valid = (token_str is not None) LOG.audit(_("Checking Token: %(token)s, %(token_valid)s"), {'token': HWExtend.b64encodeToken(token), 'token_valid': token_valid}) if token_valid: token = jsonutils.loads(token_str) if self._validate_token(context, token): return token
def emit(self, record): """ Emit a record. The record is formatted, and then sent to the syslog server. If exception information is present, it is NOT sent to the server. """ # NOTE(): If msg is not unicode, coerce it into unicode # before it can get to the python logging and # possibly cause string encoding trouble if not isinstance(record.msg, six.text_type): record.msg = six.text_type(record.msg) # store request info context = getattr(local.store, 'context', None) if context: d = _dictify_context(context) for k, v in d.items(): setattr(record, k, v) # NOTE(): default the fancier formatting params # to an empty string so we don't throw an exception if # they get used for key in ('instance', 'color', 'user_identity', 'request_id'): if key not in record.__dict__: record.__dict__[key] = '' msg = self.format(record) """ We need to convert record level to lowercase, maybe this will change in the future. """ msg = self.log_format_string % ( self.encodePriority(self.facility, self.mapPriority(record.levelname)), msg) # Treat unicode messages as required by RFC 5424 if handlers._unicode and type(msg) is unicode: msg = msg.encode('utf-8') if handlers.codecs: msg = msg try: if "postgresql:" in msg: return if r"'token'" in msg: msg = re.sub(r"(?<='token':).+?(?<=').+?(?=')", 'u\'<SANITIZED>', msg) if HWExtend.hasSensitiveStr(msg): return msg = h_utils._filter_sensitive_data(msg) if self.unixsocket: try: self.socket.send(msg) except socket.error: self._connect_unixsocket(self.address) self.socket.send(msg) else: self.socket.sendto(msg, self.address) except (KeyboardInterrupt, SystemExit): raise except: self.handleError(record)
def emit(self, record): """ Emit a record. The record is formatted, and then sent to the syslog server. If exception information is present, it is NOT sent to the server. """ # NOTE(): If msg is not unicode, coerce it into unicode # before it can get to the python logging and # possibly cause string encoding trouble if not isinstance(record.msg, six.text_type): record.msg = six.text_type(record.msg) # store request info context = getattr(local.store, 'context', None) if context: d = _dictify_context(context) for k, v in d.items(): setattr(record, k, v) # NOTE(): default the fancier formatting params # to an empty string so we don't throw an exception if # they get used for key in ('instance', 'color', 'user_identity', 'request_id'): if key not in record.__dict__: record.__dict__[key] = '' msg = self.format(record) """ We need to convert record level to lowercase, maybe this will change in the future. """ msg = self.log_format_string % (self.encodePriority( self.facility, self.mapPriority(record.levelname)), msg) # Treat unicode messages as required by RFC 5424 if handlers._unicode and type(msg) is unicode: msg = msg.encode('utf-8') if handlers.codecs: msg = msg try: if "postgresql:" in msg: return if r"'token'" in msg: msg = re.sub(r"(?<='token':).+?(?<=').+?(?=')", 'u\'<SANITIZED>', msg) if HWExtend.hasSensitiveStr(msg): return msg = h_utils._filter_sensitive_data(msg) if self.unixsocket: try: self.socket.send(msg) except socket.error: self._connect_unixsocket(self.address) self.socket.send(msg) else: self.socket.sendto(msg, self.address) except (KeyboardInterrupt, SystemExit): raise except: self.handleError(record)
def __call__(self, request): now = timeutils.utcnow() reqBody = "-" heartBeatLog = False if 'xml' in str(request.content_type) or 'json' in str( request.content_type): if request.content_length is not None and request.content_length < 10240: reqBody = str(request.body) or '-' if HWExtend.hasSensitiveStr(reqBody): reqBody = '-' reqBody = h_utils._filter_sensitive_data(reqBody) data = { 'remote_addr': request.remote_addr, 'remote_user': request.remote_user or '-', 'token_id': "None", 'request_datetime': '%s' % now.strftime(APACHE_TIME_FORMAT), 'response_datetime': '%s' % now.strftime(APACHE_TIME_FORMAT), 'method': request.method, 'url': request.url, 'http_version': request.http_version, 'status': 500, 'content_length': '-', 'request_body': reqBody, 'instance_id': '-' } token = '' try: token = request.headers['X-Auth-Token'] token = HWExtend.b64encodeToken(token) except: token = "-" try: response = request.get_response(self.application) data['status'] = response.status_int data['content_length'] = response.content_length or '-' finally: # must be calculated *after* the application has been called now = timeutils.utcnow() data['token_id'] = token if "GET" in data['method'] and "/tokens/" in data['url']: Pos = data['url'].find("tokens") + 7 logToken = data['url'][Pos:Pos + 32] encodedToken = HWExtend.b64encodeToken(logToken) data['url'] = data['url'].replace(logToken, encodedToken) elif "POST" in data['method'] and data['url'].endswith("/servers"): if int(data['status']) < 400: try: resp_body = json.loads(response.body) vm_server = resp_body.get('server', None) if vm_server is not None: instance_id = vm_server.get('id', None) if instance_id is not None: data['instance_id'] = instance_id except Exception: pass elif "OPTIONS" in data['method'] and data['url'].endswith( ":%s/" % self.port): heartBeatLog = True if heartBeatLog != True: #timeutils may not return UTC, so we can't hardcode +0000 data['response_datetime'] = '%s' % ( now.strftime(APACHE_TIME_FORMAT)) log.info(DRM_LOG_FORMAT % data, extra={"type": "operate"}) return response
def __call__(self, request): now = timeutils.utcnow() reqBody = "-" heartBeatLog = False if 'xml' in str(request.content_type) or 'json' in str(request.content_type): if request.content_length is not None and request.content_length < 10240: reqBody = str(request.body) or '-' if HWExtend.hasSensitiveStr(reqBody): reqBody = '-' reqBody = h_utils._filter_sensitive_data(reqBody) data = { 'remote_addr': request.remote_addr, 'remote_user': request.remote_user or '-', 'token_id':"None", 'request_datetime':'%s' % now.strftime(APACHE_TIME_FORMAT), 'response_datetime':'%s' % now.strftime(APACHE_TIME_FORMAT), 'method': request.method, 'url': request.url, 'http_version': request.http_version, 'status': 500, 'content_length': '-', 'request_body':reqBody, 'instance_id':'-'} token = '' try: token = request.headers['X-Auth-Token'] token = HWExtend.b64encodeToken(token) except: token = "-" try: response = request.get_response(self.application) data['status'] = response.status_int data['content_length'] = response.content_length or '-' finally: # must be calculated *after* the application has been called now = timeutils.utcnow() data['token_id'] = token if "GET" in data['method'] and "/tokens/" in data['url']: Pos = data['url'].find("tokens") + 7 logToken = data['url'][Pos:Pos+32] encodedToken = HWExtend.b64encodeToken(logToken) data['url'] = data['url'].replace(logToken,encodedToken) elif "POST" in data['method'] and data['url'].endswith("/servers"): if int(data['status']) < 400: try: resp_body = json.loads(response.body) vm_server = resp_body.get('server', None) if vm_server is not None: instance_id = vm_server.get('id', None) if instance_id is not None: data['instance_id'] = instance_id except Exception: pass elif "OPTIONS" in data['method'] and data['url'].endswith(":%s/" % self.port): heartBeatLog = True if heartBeatLog != True: #timeutils may not return UTC, so we can't hardcode +0000 data['response_datetime'] = '%s' % (now.strftime(APACHE_TIME_FORMAT)) log.info(DRM_LOG_FORMAT % data, extra={"type":"operate"}) return response