diff options
Diffstat (limited to 'custodia/log.py')
-rw-r--r-- | custodia/log.py | 63 |
1 files changed, 50 insertions, 13 deletions
diff --git a/custodia/log.py b/custodia/log.py index 947af75..a9a0345 100644 --- a/custodia/log.py +++ b/custodia/log.py @@ -7,9 +7,16 @@ custodia_logger = logging.getLogger('custodia') custodia_logger.addHandler(logging.NullHandler()) -LOGGING_FORMAT = "%(asctime)s - %(name)s - %(levelname)s - %(message)s" -LOGGING_AUDITFORMAT = "%(asctime)s %(message)s" -LOGGING_DATEFORMAT = "%Y-%m-%h %H:%M:%S" +LOGGING_FORMAT = "%(asctime)s - %(origin)-32s - %(message)s" +LOGGING_DATEFORMAT = "%Y-%m-%d %H:%M:%S" + + +class OriginContextFilter(logging.Filter): + def filter(self, record): + if not hasattr(record, 'origin'): + record.origin = record.name.split('.')[-1] + + return True def setup_logging(debug=False, auditlog='custodia.audit.log'): @@ -20,18 +27,27 @@ def setup_logging(debug=False, auditlog='custodia.audit.log'): default_fmt = logging.Formatter(LOGGING_FORMAT, LOGGING_DATEFORMAT) stream_hdlr = logging.StreamHandler(sys.stderr) stream_hdlr.setFormatter(default_fmt) + stream_hdlr.addFilter(OriginContextFilter()) root_logger.addHandler(stream_hdlr) custodia_logger = logging.getLogger('custodia') if debug: custodia_logger.setLevel(logging.DEBUG) custodia_logger.debug('Custodia debug logger enabled') + # If the global debug is enabled, turn debug on in all custodia. + # loggers + logdict = logging.Logger.manager.loggerDict + for name, obj in logdict.items(): + if not isinstance(obj, logging.Logger): + continue + if name.startswith('custodia.'): + obj.setLevel(logging.DEBUG) else: custodia_logger.setLevel(logging.INFO) audit_logger = logging.getLogger('custodia.audit') if len(audit_logger.handlers) == 0: - audit_fmt = logging.Formatter(LOGGING_AUDITFORMAT, LOGGING_DATEFORMAT) + audit_fmt = logging.Formatter(LOGGING_FORMAT, LOGGING_DATEFORMAT) audit_hdrl = logging.FileHandler(auditlog) audit_hdrl.setFormatter(audit_fmt) audit_logger.addHandler(audit_hdrl) @@ -63,10 +79,10 @@ AUDIT_MESSAGES = [ "DENIED: '%(client)s' deleted key '%(key)s'", # AUDIT_DEL_DENIED "AUDIT FAILURE 7", "AUDIT FAILURE 8", - "PASS(%(tag)s): '%(cli)s' authenticated as '%(name)s'", # SVC_AUTH_PASS - "FAIL(%(tag)s): '%(cli)s' authenticated as '%(name)s'", # SVC_AUTH_FAIL - "PASS(%(tag)s): '%(cli)s' authorized for '%(name)s'", # SVC_AUTHZ_PASS - "FAIL(%(tag)s): '%(cli)s' authorized for '%(name)s'", # SVC_AUTHZ_FAIL + "PASS: '%(cli)s' authenticated as '%(name)s'", # SVC_AUTH_PASS + "FAIL: '%(cli)s' authenticated as '%(name)s'", # SVC_AUTH_FAIL + "PASS: '%(cli)s' authorized for '%(name)s'", # SVC_AUTHZ_PASS + "FAIL: '%(cli)s' authorized for '%(name)s'", # SVC_AUTHZ_FAIL "AUDIT FAILURE 13", ] @@ -75,18 +91,39 @@ class AuditLog(object): def __init__(self, logger): self.logger = logger - def key_access(self, action, client, keyname): + def key_access(self, origin, action, client, keyname): if action <= AUDIT_NONE or action >= AUDIT_LAST: action = AUDIT_NONE msg = AUDIT_MESSAGES[action] args = {'client': client, 'key': keyname} - self.logger.info(msg, args) + self.logger.info(msg, args, extra={'origin': origin}) - def svc_access(self, action, client, tag, name): + def svc_access(self, origin, action, client, name): if action <= AUDIT_SVC_NONE or action >= AUDIT_SVC_LAST: action = AUDIT_NONE msg = AUDIT_MESSAGES[action] - args = {'cli': client, 'tag': tag, 'name': name} - self.logger.info(msg, args) + args = {'cli': client, 'name': name} + self.logger.info(msg, args, extra={'origin': origin}) auditlog = AuditLog(logging.getLogger('custodia.audit')) + + +class CustodiaPlugin(object): + + def __init__(self, config=None): + self.config = config if config is not None else dict() + self._auditlog = auditlog + self.origin = self.config.get('facility_name', self.__class__.__name__) + l = logging.getLogger( + 'custodia.plugins.%s' % self.__class__.__name__) + self.logger = logging.LoggerAdapter(l, {'origin': self.origin}) + if self.config.get('debug', 'false').lower() == 'true': + l.setLevel(logging.DEBUG) + else: + l.setLevel(logging.INFO) + + def audit_key_access(self, *args, **kwargs): + self._auditlog.key_access(self.origin, *args, **kwargs) + + def audit_svc_access(self, *args, **kwargs): + self._auditlog.svc_access(self.origin, *args, **kwargs) |