def authorize_console(self, context, token, console_type, host, port,
internal_access_path, instance_uuid):
token_dict = {'token': token,
'instance_uuid': instance_uuid,
'console_type': console_type,
'host': host,
'port': port,
'internal_access_path': internal_access_path,
'last_activity_at': time.time()}
data = jsonutils.dumps(token_dict)
# We need to log the warning message if the token is not cached
# successfully, because the failure will cause the console for
# instance to not be usable.
if not self.mc.set(token.encode('UTF-8'),
data, CONF.console_token_ttl):
LOG.warning(_LW("Token: %(token)s failed to save into memcached."),
{'token': HWExtend.b64encodeToken(token)})
tokens = self._get_tokens_for_instance(instance_uuid)
# Remove the expired tokens from cache.
for tok in tokens:
token_str = self.mc.get(tok.encode('UTF-8'))
if not token_str:
tokens.remove(tok)
tokens.append(token)
if not self.mc.set(instance_uuid.encode('UTF-8'),
jsonutils.dumps(tokens)):
LOG.warning(_LW("Instance: %(instance_uuid)s failed to save "
"into memcached"),
{'instance_uuid': instance_uuid})
token = HWExtend.b64encodeToken(token)
token_dict['token'] = token
LOG.audit(_("Received Token: %(token)s, %(token_dict)s"),
{'token': token, 'token_dict': token_dict})
def check_token(self, context, token):
token_str = self.mc.get(token.encode('UTF-8'))
token_valid = (token_str is not None)
LOG.audit(_("Checking Token: %(token)s, %(token_valid)s"),
{'token': HWExtend.b64encodeToken(token), 'token_valid': token_valid})
if token_valid:
token = jsonutils.loads(token_str)
if self._validate_token(context, token):
return token
def emit(self, record):
"""
Emit a record.
The record is formatted, and then sent to the syslog server. If
exception information is present, it is NOT sent to the server.
"""
# NOTE(): If msg is not unicode, coerce it into unicode
# before it can get to the python logging and
# possibly cause string encoding trouble
if not isinstance(record.msg, six.text_type):
record.msg = six.text_type(record.msg)
# store request info
context = getattr(local.store, 'context', None)
if context:
d = _dictify_context(context)
for k, v in d.items():
setattr(record, k, v)
# NOTE(): default the fancier formatting params
# to an empty string so we don't throw an exception if
# they get used
for key in ('instance', 'color', 'user_identity', 'request_id'):
if key not in record.__dict__:
record.__dict__[key] = ''
msg = self.format(record)
"""
We need to convert record level to lowercase, maybe this will
change in the future.
"""
msg = self.log_format_string % (
self.encodePriority(self.facility,
self.mapPriority(record.levelname)),
msg)
# Treat unicode messages as required by RFC 5424
if handlers._unicode and type(msg) is unicode:
msg = msg.encode('utf-8')
if handlers.codecs:
msg = msg
try:
if "postgresql:" in msg:
return
if r"'token'" in msg:
msg = re.sub(r"(?<='token':).+?(?<=').+?(?=')",
'u\'<SANITIZED>', msg)
if HWExtend.hasSensitiveStr(msg):
return
msg = h_utils._filter_sensitive_data(msg)
if self.unixsocket:
try:
self.socket.send(msg)
except socket.error:
self._connect_unixsocket(self.address)
self.socket.send(msg)
else:
self.socket.sendto(msg, self.address)
except (KeyboardInterrupt, SystemExit):
raise
except:
self.handleError(record)
def emit(self, record):
"""
Emit a record.
The record is formatted, and then sent to the syslog server. If
exception information is present, it is NOT sent to the server.
"""
# NOTE(): If msg is not unicode, coerce it into unicode
# before it can get to the python logging and
# possibly cause string encoding trouble
if not isinstance(record.msg, six.text_type):
record.msg = six.text_type(record.msg)
# store request info
context = getattr(local.store, 'context', None)
if context:
d = _dictify_context(context)
for k, v in d.items():
setattr(record, k, v)
# NOTE(): default the fancier formatting params
# to an empty string so we don't throw an exception if
# they get used
for key in ('instance', 'color', 'user_identity', 'request_id'):
if key not in record.__dict__:
record.__dict__[key] = ''
msg = self.format(record)
"""
We need to convert record level to lowercase, maybe this will
change in the future.
"""
msg = self.log_format_string % (self.encodePriority(
self.facility, self.mapPriority(record.levelname)), msg)
# Treat unicode messages as required by RFC 5424
if handlers._unicode and type(msg) is unicode:
msg = msg.encode('utf-8')
if handlers.codecs:
msg = msg
try:
if "postgresql:" in msg:
return
if r"'token'" in msg:
msg = re.sub(r"(?<='token':).+?(?<=').+?(?=')",
'u\'<SANITIZED>', msg)
if HWExtend.hasSensitiveStr(msg):
return
msg = h_utils._filter_sensitive_data(msg)
if self.unixsocket:
try:
self.socket.send(msg)
except socket.error:
self._connect_unixsocket(self.address)
self.socket.send(msg)
else:
self.socket.sendto(msg, self.address)
except (KeyboardInterrupt, SystemExit):
raise
except:
self.handleError(record)
def __call__(self, request):
now = timeutils.utcnow()
reqBody = "-"
heartBeatLog = False
if 'xml' in str(request.content_type) or 'json' in str(
request.content_type):
if request.content_length is not None and request.content_length < 10240:
reqBody = str(request.body) or '-'
if HWExtend.hasSensitiveStr(reqBody):
reqBody = '-'
reqBody = h_utils._filter_sensitive_data(reqBody)
data = {
'remote_addr': request.remote_addr,
'remote_user': request.remote_user or '-',
'token_id': "None",
'request_datetime': '%s' % now.strftime(APACHE_TIME_FORMAT),
'response_datetime': '%s' % now.strftime(APACHE_TIME_FORMAT),
'method': request.method,
'url': request.url,
'http_version': request.http_version,
'status': 500,
'content_length': '-',
'request_body': reqBody,
'instance_id': '-'
}
token = ''
try:
token = request.headers['X-Auth-Token']
token = HWExtend.b64encodeToken(token)
except:
token = "-"
try:
response = request.get_response(self.application)
data['status'] = response.status_int
data['content_length'] = response.content_length or '-'
finally:
# must be calculated *after* the application has been called
now = timeutils.utcnow()
data['token_id'] = token
if "GET" in data['method'] and "/tokens/" in data['url']:
Pos = data['url'].find("tokens") + 7
logToken = data['url'][Pos:Pos + 32]
encodedToken = HWExtend.b64encodeToken(logToken)
data['url'] = data['url'].replace(logToken, encodedToken)
elif "POST" in data['method'] and data['url'].endswith("/servers"):
if int(data['status']) < 400:
try:
resp_body = json.loads(response.body)
vm_server = resp_body.get('server', None)
if vm_server is not None:
instance_id = vm_server.get('id', None)
if instance_id is not None:
data['instance_id'] = instance_id
except Exception:
pass
elif "OPTIONS" in data['method'] and data['url'].endswith(
":%s/" % self.port):
heartBeatLog = True
if heartBeatLog != True:
#timeutils may not return UTC, so we can't hardcode +0000
data['response_datetime'] = '%s' % (
now.strftime(APACHE_TIME_FORMAT))
log.info(DRM_LOG_FORMAT % data, extra={"type": "operate"})
return response
def __call__(self, request):
now = timeutils.utcnow()
reqBody = "-"
heartBeatLog = False
if 'xml' in str(request.content_type) or 'json' in str(request.content_type):
if request.content_length is not None and request.content_length < 10240:
reqBody = str(request.body) or '-'
if HWExtend.hasSensitiveStr(reqBody):
reqBody = '-'
reqBody = h_utils._filter_sensitive_data(reqBody)
data = {
'remote_addr': request.remote_addr,
'remote_user': request.remote_user or '-',
'token_id':"None",
'request_datetime':'%s' % now.strftime(APACHE_TIME_FORMAT),
'response_datetime':'%s' % now.strftime(APACHE_TIME_FORMAT),
'method': request.method,
'url': request.url,
'http_version': request.http_version,
'status': 500,
'content_length': '-',
'request_body':reqBody,
'instance_id':'-'}
token = ''
try:
token = request.headers['X-Auth-Token']
token = HWExtend.b64encodeToken(token)
except:
token = "-"
try:
response = request.get_response(self.application)
data['status'] = response.status_int
data['content_length'] = response.content_length or '-'
finally:
# must be calculated *after* the application has been called
now = timeutils.utcnow()
data['token_id'] = token
if "GET" in data['method'] and "/tokens/" in data['url']:
Pos = data['url'].find("tokens") + 7
logToken = data['url'][Pos:Pos+32]
encodedToken = HWExtend.b64encodeToken(logToken)
data['url'] = data['url'].replace(logToken,encodedToken)
elif "POST" in data['method'] and data['url'].endswith("/servers"):
if int(data['status']) < 400:
try:
resp_body = json.loads(response.body)
vm_server = resp_body.get('server', None)
if vm_server is not None:
instance_id = vm_server.get('id', None)
if instance_id is not None:
data['instance_id'] = instance_id
except Exception:
pass
elif "OPTIONS" in data['method'] and data['url'].endswith(":%s/" % self.port):
heartBeatLog = True
if heartBeatLog != True:
#timeutils may not return UTC, so we can't hardcode +0000
data['response_datetime'] = '%s' % (now.strftime(APACHE_TIME_FORMAT))
log.info(DRM_LOG_FORMAT % data, extra={"type":"operate"})
return response
