proxy_logging config: unit tests and doc pointers

Add unit tests to verify the precedence of access_log_ and log_
prefixes to options.

Add pointers from proxy_logging sections in other sample config files
to the proxy-server.conf-sample file.

Change-Id: Id18176d3790fd187e304f0e33e3f74a94dc5305c
This commit is contained in:
Alistair Coles 2024-07-16 10:42:21 +01:00
parent 7c12870068
commit d555755423
5 changed files with 102 additions and 45 deletions

View File

@ -89,6 +89,7 @@ use = egg:swift#memcache
[filter:proxy-logging] [filter:proxy-logging]
use = egg:swift#proxy_logging use = egg:swift#proxy_logging
# See proxy-server.conf-sample for options
[filter:catch_errors] [filter:catch_errors]
use = egg:swift#catch_errors use = egg:swift#catch_errors

View File

@ -44,6 +44,7 @@ use = egg:swift#memcache
[filter:proxy-logging] [filter:proxy-logging]
use = egg:swift#proxy_logging use = egg:swift#proxy_logging
# See proxy-server.conf-sample for options
[filter:catch_errors] [filter:catch_errors]
use = egg:swift#catch_errors use = egg:swift#catch_errors

View File

@ -129,41 +129,4 @@ use = egg:swift#catch_errors
[filter:proxy-logging] [filter:proxy-logging]
use = egg:swift#proxy_logging use = egg:swift#proxy_logging
# If not set, logging directives from [DEFAULT] without "access_" will be used # See proxy-server.conf-sample for options
# access_log_name = swift
# access_log_facility = LOG_LOCAL0
# access_log_level = INFO
# access_log_address = /dev/log
#
# If set, access_log_udp_host will override access_log_address
# access_log_udp_host =
# access_log_udp_port = 514
#
# You can use log_statsd_* from [DEFAULT] or override them here:
# access_log_statsd_host =
# access_log_statsd_port = 8125
# access_log_statsd_default_sample_rate = 1.0
# access_log_statsd_sample_rate_factor = 1.0
# access_log_statsd_metric_prefix =
# access_log_headers = false
#
# If access_log_headers is True and access_log_headers_only is set only
# these headers are logged. Multiple headers can be defined as comma separated
# list like this: access_log_headers_only = Host, X-Object-Meta-Mtime
# access_log_headers_only =
#
# By default, the X-Auth-Token is logged. To obscure the value,
# set reveal_sensitive_prefix to the number of characters to log.
# For example, if set to 12, only the first 12 characters of the
# token appear in the log. An unauthorized access of the log file
# won't allow unauthorized usage of the token. However, the first
# 12 or so characters is unique enough that you can trace/debug
# token usage. Set to 0 to suppress the token completely (replaced
# by '...' in the log).
# Note: reveal_sensitive_prefix will not affect the value
# logged with access_log_headers=True.
# reveal_sensitive_prefix = 16
#
# What HTTP methods are allowed for StatsD logging (comma-sep); request methods
# not in this list will have "BAD_METHOD" for the <verb> portion of the metric.
# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS

View File

@ -980,6 +980,11 @@ use = egg:swift#etag_quoter
use = egg:swift#list_endpoints use = egg:swift#list_endpoints
# list_endpoints_path = /endpoints/ # list_endpoints_path = /endpoints/
# Note: The double proxy-logging in the pipeline is not a mistake. The
# left-most proxy-logging is there to log requests that were handled in
# middleware and never made it through to the right-most middleware (and
# proxy server). Double logging is prevented for normal requests. See
# proxy-logging docs.
[filter:proxy-logging] [filter:proxy-logging]
use = egg:swift#proxy_logging use = egg:swift#proxy_logging
# If not set, logging directives from [DEFAULT] without "access_" will be used # If not set, logging directives from [DEFAULT] without "access_" will be used
@ -1026,12 +1031,6 @@ use = egg:swift#proxy_logging
# not in this list will have "BAD_METHOD" for the <verb> portion of the metric. # not in this list will have "BAD_METHOD" for the <verb> portion of the metric.
# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS # log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS
# #
# Note: The double proxy-logging in the pipeline is not a mistake. The
# left-most proxy-logging is there to log requests that were handled in
# middleware and never made it through to the right-most middleware (and
# proxy server). Double logging is prevented for normal requests. See
# proxy-logging docs.
#
# Hashing algorithm for log anonymization. Must be one of algorithms supported # Hashing algorithm for log anonymization. Must be one of algorithms supported
# by Python's hashlib. # by Python's hashlib.
# log_anonymization_method = MD5 # log_anonymization_method = MD5

View File

@ -12,6 +12,7 @@
# implied. # implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
import logging
import mock import mock
import time import time
@ -30,7 +31,7 @@ from swift.common.registry import register_sensitive_header, \
from swift.common.swob import Request, Response, HTTPServiceUnavailable from swift.common.swob import Request, Response, HTTPServiceUnavailable
from swift.common import constraints, registry from swift.common import constraints, registry
from swift.common.storage_policy import StoragePolicy from swift.common.storage_policy import StoragePolicy
from test.debug_logger import debug_logger from test.debug_logger import debug_logger, FakeStatsdClient
from test.unit import patch_policies from test.unit import patch_policies
from test.unit.common.middleware.helpers import FakeAppThatExcepts, FakeSwift from test.unit.common.middleware.helpers import FakeAppThatExcepts, FakeSwift
@ -169,6 +170,98 @@ class TestProxyLogging(unittest.TestCase):
('host', 8125)), ('host', 8125)),
app.access_logger.statsd_client.sendto_calls) app.access_logger.statsd_client.sendto_calls)
def test_init_statsd_options_log_prefix(self):
conf = {
'log_headers': 'no',
'log_statsd_valid_http_methods': 'GET',
'log_facility': 'LOG_LOCAL7',
'log_name': 'bob',
'log_level': 'DEBUG',
'log_udp_host': 'example.com',
'log_udp_port': '3456',
'log_statsd_host': 'example.com',
'log_statsd_port': '1234',
'log_statsd_default_sample_rate': 10,
'log_statsd_sample_rate_factor': .04,
'log_statsd_metric_prefix': 'foo',
}
with mock.patch('swift.common.statsd_client.StatsdClient',
FakeStatsdClient):
app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), conf)
self.assertFalse(app.log_hdrs)
self.assertEqual(['GET'], app.valid_methods)
log_adapter = app.access_logger
self.assertEqual('proxy-access', log_adapter.name)
self.assertEqual('bob', app.access_logger.server)
self.assertEqual(logging.DEBUG, log_adapter.logger.level)
self.assertEqual(('example.com', 3456),
log_adapter.logger.handlers[0].address)
self.assertEqual(SysLogHandler.LOG_LOCAL7,
log_adapter.logger.handlers[0].facility)
statsd_client = app.access_logger.logger.statsd_client
self.assertIsInstance(statsd_client, FakeStatsdClient)
with mock.patch.object(statsd_client, 'random', return_value=0):
statsd_client.increment('baz')
self.assertEqual(
[(b'foo.proxy-server.baz:1|c|@0.4', ('example.com', 1234))],
statsd_client.sendto_calls)
def test_init_statsd_options_access_log_prefix(self):
# verify that access_log_ prefix has precedence over log_
conf = {
'access_log_route': 'my-proxy-access',
'access_log_headers': 'yes',
'access_log_statsd_valid_http_methods': 'GET, HEAD',
'access_log_facility': 'LOG_LOCAL6',
'access_log_name': 'alice',
'access_log_level': 'WARN',
'access_log_udp_host': 'access.com',
'access_log_udp_port': '6789',
'log_headers': 'no',
'log_statsd_valid_http_methods': 'GET',
'log_facility': 'LOG_LOCAL7',
'log_name': 'bob',
'log_level': 'DEBUG',
'log_udp_host': 'example.com',
'log_udp_port': '3456',
'access_log_statsd_host': 'access.com',
'access_log_statsd_port': '5678',
'access_log_statsd_default_sample_rate': 20,
'access_log_statsd_sample_rate_factor': .03,
'access_log_statsd_metric_prefix': 'access_foo',
'log_statsd_host': 'example.com',
'log_statsd_port': '1234',
'log_statsd_default_sample_rate': 10,
'log_statsd_sample_rate_factor': .04,
'log_statsd_metric_prefix': 'foo',
}
with mock.patch('swift.common.statsd_client.StatsdClient',
FakeStatsdClient):
app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), conf)
self.assertTrue(app.log_hdrs)
self.assertEqual(['GET', 'HEAD'], app.valid_methods)
log_adapter = app.access_logger
self.assertEqual('my-proxy-access', log_adapter.name)
self.assertEqual('alice', app.access_logger.server)
self.assertEqual(logging.WARN, log_adapter.logger.level)
self.assertEqual(('access.com', 6789),
log_adapter.logger.handlers[0].address)
self.assertEqual(SysLogHandler.LOG_LOCAL6,
log_adapter.logger.handlers[0].facility)
statsd_client = app.access_logger.logger.statsd_client
self.assertIsInstance(statsd_client, FakeStatsdClient)
with mock.patch.object(statsd_client, 'random', return_value=0):
statsd_client.increment('baz')
self.assertEqual(
[(b'access_foo.proxy-server.baz:1|c|@0.6', ('access.com', 5678))],
statsd_client.sendto_calls)
def test_logger_statsd_prefix(self): def test_logger_statsd_prefix(self):
app = proxy_logging.ProxyLoggingMiddleware( app = proxy_logging.ProxyLoggingMiddleware(
FakeApp(), {'log_statsd_host': 'example.com'}) FakeApp(), {'log_statsd_host': 'example.com'})