Add logging for all API calls
Bug #624854 reported by
Anthony Lenton
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
Triaged
|
High
|
Unassigned | ||
Bug Description
We would want to know which api user is making which api calls and when. Apache logs aren't enough for this because they don't track the authorization headers provided in the requests, so we'd need to use a custom application log for this. Most important calls are things which causes data changes, we can skip reads. Each log message should consist of:
- If it was an anonymous api call, or the api basic / oauth user that was authorized
- The called method (full url and ws.op GET argument provide this, if that can be retrieved from environment)
- Time at which the call was made
- Method arguments, but without sensitive data (passwords, token secrets, etc).
| Changed in canonical-identity-provider: | |
| milestone: | none → 2.9.0 |
| Changed in canonical-isd-qa: | |
| milestone: | none → canonical-identity-provider+2.9.0 |
| Changed in canonical-identity-provider: | |
| status: | New → Confirmed |
| Changed in canonical-identity-provider: | |
| milestone: | 2.9.0 → 1-commitment |
| Changed in canonical-identity-provider: | |
| milestone: | 1-commitment → for-10.0 |
| Changed in canonical-identity-provider: | |
| importance: | Undecided → Low |
| Changed in canonical-identity-provider: | |
| milestone: | for-10.10 → none |
| importance: | Low → High |
| Changed in canonical-identity-provider: | |
| status: | Confirmed → Triaged |
Revision history for this message
| Stuart Metcalfe (stuartmetcalfe) wrote | #1 |
| description: | updated |
| Changed in canonical-identity-provider: | |
| assignee: | nobody → Gerson Chicareli (chicareligerson-e) |
| Changed in canonical-identity-provider: | |
| assignee: | Gerson Chicareli (chicareligerson-e) → nobody |
To post a comment you must log in.
We didn't get this done for 10.10. Increasing to high priority as logging for accountability will be much more important when we enable write functions on the api.