Only log application/json content type
This is a combination of 2 commits. The first commit's message is: Prevent MemoryError when logging response bodies Response bodies are loaded into memory prior to being logged. Loading huge response bodies may result in a MemoryError. This patch proposes that only JSON and TEXT responses be logged, i.e when the Content-Type header is application/json or application/text. Responses that do not include or have a different Content-Type header will have their body omitted. Closes-bug: 1616105 Change-Id: I93b6fff73368c4f58bdebf8566c4948b50980cee (cherry picked from commitf345559a06
) This is the 2nd commit message: Only log application/json in session to start When whitelisting content types to debug print from session we chose application/json and application/text. application/text is not a real mime type, text is typically text/plain. Rather than guess at mime types only print application/json to start with, but make it easy for additional types to be added later. Change-Id: Ica5fee076cdab8b1d5167161d28af7313fad9477 Related-Bug: 1616105 (cherry-picked from:d73fd3ee84
)
This commit is contained in:
parent
d85763defc
commit
13054e8b6d
|
@ -43,6 +43,11 @@ DEFAULT_USER_AGENT = 'keystoneauth1/%s %s %s/%s' % (
|
|||
keystoneauth1.__version__, requests.utils.default_user_agent(),
|
||||
platform.python_implementation(), platform.python_version())
|
||||
|
||||
# NOTE(jamielennox): Clients will likely want to print more than json. Please
|
||||
# propose a patch if you have a content type you think is reasonable to print
|
||||
# here and we'll add it to the list as required.
|
||||
_LOG_CONTENT_TYPES = set(['application/json'])
|
||||
|
||||
_logger = utils.get_logger(__name__)
|
||||
|
||||
|
||||
|
@ -260,7 +265,19 @@ class Session(object):
|
|||
if not headers:
|
||||
headers = response.headers
|
||||
if not text:
|
||||
text = self._remove_service_catalog(response.text)
|
||||
# NOTE(samueldmq): If the response does not provide enough info
|
||||
# about the content type to decide whether it is useful and
|
||||
# safe to log it or not, just do not log the body. Trying to
|
||||
# read the response body anyways may result on reading a long
|
||||
# stream of bytes and getting an unexpected MemoryError. See
|
||||
# bug 1616105 for further details.
|
||||
content_type = response.headers.get('content-type', None)
|
||||
if content_type in _LOG_CONTENT_TYPES:
|
||||
text = self._remove_service_catalog(response.text)
|
||||
else:
|
||||
text = ('Omitted, Content-Type is set to %s. Only '
|
||||
'%s responses have their bodies logged.')
|
||||
text = text % (content_type, ', '.join(_LOG_CONTENT_TYPES))
|
||||
if json:
|
||||
text = self._json.encode(json)
|
||||
|
||||
|
|
|
@ -145,13 +145,14 @@ class SessionTests(utils.TestCase):
|
|||
in order to redact secure headers while debug is true.
|
||||
"""
|
||||
session = client_session.Session(verify=False)
|
||||
headers = {'HEADERA': 'HEADERVALB'}
|
||||
headers = {'HEADERA': 'HEADERVALB',
|
||||
'Content-Type': 'application/json'}
|
||||
security_headers = {'Authorization': uuid.uuid4().hex,
|
||||
'X-Auth-Token': uuid.uuid4().hex,
|
||||
'X-Subject-Token': uuid.uuid4().hex,
|
||||
'X-Service-Token': uuid.uuid4().hex}
|
||||
body = 'BODYRESPONSE'
|
||||
data = 'BODYDATA'
|
||||
body = '{"a": "b"}'
|
||||
data = '{"c": "d"}'
|
||||
all_headers = dict(
|
||||
itertools.chain(headers.items(), security_headers.items()))
|
||||
self.stub_url('POST', text=body, headers=all_headers)
|
||||
|
@ -179,13 +180,48 @@ class SessionTests(utils.TestCase):
|
|||
"""Test that output is logged even for failed requests"""
|
||||
|
||||
session = client_session.Session()
|
||||
body = uuid.uuid4().hex
|
||||
body = {uuid.uuid4().hex: uuid.uuid4().hex}
|
||||
|
||||
self.stub_url('GET', text=body, status_code=400)
|
||||
self.stub_url('GET', json=body, status_code=400,
|
||||
headers={'Content-Type': 'application/json'})
|
||||
resp = session.get(self.TEST_URL, raise_exc=False)
|
||||
|
||||
self.assertEqual(resp.status_code, 400)
|
||||
self.assertIn(list(body.keys())[0], self.logger.output)
|
||||
self.assertIn(list(body.values())[0], self.logger.output)
|
||||
|
||||
def test_logging_body_only_for_specified_content_types(self):
|
||||
"""Verify response body is only logged in specific content types.
|
||||
|
||||
Response bodies are logged only when the response's Content-Type header
|
||||
is set to application/json. This prevents us to get an unexpected
|
||||
MemoryError when reading arbitrary responses, such as streams.
|
||||
"""
|
||||
OMITTED_BODY = ('Omitted, Content-Type is set to %s. Only '
|
||||
'application/json responses have their bodies logged.')
|
||||
session = client_session.Session(verify=False)
|
||||
|
||||
# Content-Type is not set
|
||||
body = json.dumps({'token': {'id': '...'}})
|
||||
self.stub_url('POST', text=body)
|
||||
session.post(self.TEST_URL)
|
||||
self.assertNotIn(body, self.logger.output)
|
||||
self.assertIn(OMITTED_BODY % None, self.logger.output)
|
||||
|
||||
# Content-Type is set to text/xml
|
||||
body = '<token><id>...</id></token>'
|
||||
self.stub_url('POST', text=body, headers={'Content-Type': 'text/xml'})
|
||||
session.post(self.TEST_URL)
|
||||
self.assertNotIn(body, self.logger.output)
|
||||
self.assertIn(OMITTED_BODY % 'text/xml', self.logger.output)
|
||||
|
||||
# Content-Type is set to application/json
|
||||
body = json.dumps({'token': {'id': '...'}})
|
||||
self.stub_url('POST', text=body,
|
||||
headers={'Content-Type': 'application/json'})
|
||||
session.post(self.TEST_URL)
|
||||
self.assertIn(body, self.logger.output)
|
||||
self.assertNotIn(OMITTED_BODY % 'application/json', self.logger.output)
|
||||
|
||||
def test_logging_cacerts(self):
|
||||
path_to_certs = '/path/to/certs'
|
||||
|
@ -693,22 +729,24 @@ class SessionAuthTests(utils.TestCase):
|
|||
|
||||
auth = AuthPlugin()
|
||||
sess = client_session.Session(auth=auth)
|
||||
response = uuid.uuid4().hex
|
||||
response = {uuid.uuid4().hex: uuid.uuid4().hex}
|
||||
|
||||
self.stub_url('GET',
|
||||
text=response,
|
||||
headers={'Content-Type': 'text/html'})
|
||||
json=response,
|
||||
headers={'Content-Type': 'application/json'})
|
||||
|
||||
resp = sess.get(self.TEST_URL, logger=logger)
|
||||
|
||||
self.assertEqual(response, resp.text)
|
||||
self.assertEqual(response, resp.json())
|
||||
output = io.getvalue()
|
||||
|
||||
self.assertIn(self.TEST_URL, output)
|
||||
self.assertIn(response, output)
|
||||
self.assertIn(list(response.keys())[0], output)
|
||||
self.assertIn(list(response.values())[0], output)
|
||||
|
||||
self.assertNotIn(self.TEST_URL, self.logger.output)
|
||||
self.assertNotIn(response, self.logger.output)
|
||||
self.assertNotIn(list(response.keys())[0], self.logger.output)
|
||||
self.assertNotIn(list(response.values())[0], self.logger.output)
|
||||
|
||||
|
||||
class AdapterTest(utils.TestCase):
|
||||
|
@ -883,21 +921,23 @@ class AdapterTest(utils.TestCase):
|
|||
sess = client_session.Session(auth=auth)
|
||||
adpt = adapter.Adapter(sess, auth=auth, logger=logger)
|
||||
|
||||
response = uuid.uuid4().hex
|
||||
response = {uuid.uuid4().hex: uuid.uuid4().hex}
|
||||
|
||||
self.stub_url('GET', text=response,
|
||||
headers={'Content-Type': 'text/html'})
|
||||
self.stub_url('GET', json=response,
|
||||
headers={'Content-Type': 'application/json'})
|
||||
|
||||
resp = adpt.get(self.TEST_URL, logger=logger)
|
||||
|
||||
self.assertEqual(response, resp.text)
|
||||
self.assertEqual(response, resp.json())
|
||||
output = io.getvalue()
|
||||
|
||||
self.assertIn(self.TEST_URL, output)
|
||||
self.assertIn(response, output)
|
||||
self.assertIn(list(response.keys())[0], output)
|
||||
self.assertIn(list(response.values())[0], output)
|
||||
|
||||
self.assertNotIn(self.TEST_URL, self.logger.output)
|
||||
self.assertNotIn(response, self.logger.output)
|
||||
self.assertNotIn(list(response.keys())[0], self.logger.output)
|
||||
self.assertNotIn(list(response.values())[0], self.logger.output)
|
||||
|
||||
def test_unknown_connection_error(self):
|
||||
self.stub_url('GET', exc=requests.exceptions.RequestException)
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
fixes:
|
||||
- >
|
||||
[`bug 1616105 <https://bugs.launchpad.net/keystoneauth/+bug/1616105>`_]
|
||||
Only log the response body when the ``Content-Type`` header is set to
|
||||
``application/json``. This avoids logging large binary objects (such as
|
||||
images). Other ``Content-Type`` will not be logged. Additional
|
||||
``Content-Type`` strings can be added as required.
|
Loading…
Reference in New Issue