From d6f91c9214e8a1936ef05351a391d910df54e343 Mon Sep 17 00:00:00 2001 From: Alex VanTol Date: Fri, 15 Dec 2023 12:53:37 -0600 Subject: [PATCH 1/4] chore(logs): improve signed URL data metrics log by adding client_id from token --- fence/blueprints/data/indexd.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/fence/blueprints/data/indexd.py b/fence/blueprints/data/indexd.py index 93cf60525..abe368f21 100755 --- a/fence/blueprints/data/indexd.py +++ b/fence/blueprints/data/indexd.py @@ -162,13 +162,14 @@ def get_signed_url_for_file( _log_signed_url_data_info( indexed_file=indexed_file, user_sub=flask.g.audit_data.get("sub", ""), + client_id=_get_client_id(), requested_protocol=requested_protocol ) return {"url": signed_url} -def _log_signed_url_data_info(indexed_file, user_sub, requested_protocol): +def _log_signed_url_data_info(indexed_file, user_sub, client_id, requested_protocol): size_in_kibibytes = (indexed_file.index_document.get("size") or 0) / 1024 acl = indexed_file.index_document.get("acl") authz = indexed_file.index_document.get("authz") @@ -192,10 +193,21 @@ def _log_signed_url_data_info(indexed_file, user_sub, requested_protocol): break logger.info( - f"Signed URL Generated. size_in_kibibytes={size_in_kibibytes} acl={acl} authz={authz} bucket={bucket} user_sub={user_sub}" + f"Signed URL Generated. size_in_kibibytes={size_in_kibibytes} " + f"acl={acl} authz={authz} bucket={bucket} user_sub={user_sub} client_id={client_id}" ) +def _get_client_id(): + client_id = "" + + try: + client_id = current_token.get("azp") or "" + except Exception as exc: + pass + + return client_id + def prepare_presigned_url_audit_log(protocol, indexed_file): """ Store in `flask.g.audit_data` the data needed to record an audit log. From b16a9f55d6c9488a07e9cc6028f36e0f74872392 Mon Sep 17 00:00:00 2001 From: Alexander VanTol Date: Tue, 19 Dec 2023 14:34:22 -0600 Subject: [PATCH 2/4] Update indexd.py --- fence/blueprints/data/indexd.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fence/blueprints/data/indexd.py b/fence/blueprints/data/indexd.py index abe368f21..35ebce65a 100755 --- a/fence/blueprints/data/indexd.py +++ b/fence/blueprints/data/indexd.py @@ -199,10 +199,10 @@ def _log_signed_url_data_info(indexed_file, user_sub, client_id, requested_proto def _get_client_id(): - client_id = "" + client_id = "Unknown Client" try: - client_id = current_token.get("azp") or "" + client_id = current_token.get("azp") or "Unknown Client" except Exception as exc: pass From 837baf6f91c3fc3b41bb1a616158f6f2a2194846 Mon Sep 17 00:00:00 2001 From: Alexander VanTol Date: Tue, 2 Jan 2024 09:12:33 -0600 Subject: [PATCH 3/4] Update indexd.py --- fence/blueprints/data/indexd.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fence/blueprints/data/indexd.py b/fence/blueprints/data/indexd.py index 35ebce65a..e05657774 100755 --- a/fence/blueprints/data/indexd.py +++ b/fence/blueprints/data/indexd.py @@ -82,7 +82,7 @@ def get_signed_url_for_file( r_pays_project = flask.request.args.get("userProject", None) db_session = db_session or current_app.scoped_session() - # default to signing the url + # default to signing the URL force_signed_url = True no_force_sign_param = flask.request.args.get("no_force_sign") if no_force_sign_param and no_force_sign_param.lower() == "true": From e73f76e1f348da21e703d96fd2af448e41e6eaef Mon Sep 17 00:00:00 2001 From: Alexander VanTol Date: Wed, 17 Jan 2024 10:05:47 -0600 Subject: [PATCH 4/4] Update indexd.py --- fence/blueprints/data/indexd.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fence/blueprints/data/indexd.py b/fence/blueprints/data/indexd.py index e05657774..37e614897 100755 --- a/fence/blueprints/data/indexd.py +++ b/fence/blueprints/data/indexd.py @@ -435,7 +435,7 @@ class IndexedFile(object): also be cleaner). Args: - file_id (str): GUID for the file. + file_id (str): GUID for the file """ def __init__(self, file_id):