Skip to content

custom AccessLogger#9733

Merged
sureshanaparti merged 8 commits intoapache:mainfrom
shapeblue:accessLog
Aug 4, 2025
Merged

custom AccessLogger#9733
sureshanaparti merged 8 commits intoapache:mainfrom
shapeblue:accessLog

Conversation

@DaanHoogland
Copy link
Contributor

@DaanHoogland DaanHoogland commented Sep 26, 2024

Description

This PR...

Fixes: #9512
as it was only partially fixed in #9568. This PR addresses the access.log candor.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • build/CI
  • test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

@codecov
Copy link

codecov bot commented Sep 26, 2024
edited
Loading

Codecov Report

❌ Patch coverage is 58.33333% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.35%. Comparing base (d4229d3) to head (cb21862).
⚠️ Report is 13 commits behind head on main.

Files with missing lines Patch % Lines
...ils/src/main/java/com/cloud/utils/StringUtils.java 58.33% 10 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##              main    #9733       +/-   ##
============================================
+ Coverage     3.63%   17.35%   +13.71%     
- Complexity       0    15187    +15187     
============================================
  Files          441     5883     +5442     
  Lines        36961   524497   +487536     
  Branches      6771    64004    +57233     
============================================
+ Hits          1344    91010    +89666     
- Misses       35457   423202   +387745     
- Partials       160    10285    +10125
Flag Coverage Δ
uitests 3.63% <ø> (ø)
unittests 18.39% <58.33%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@DaanHoogland DaanHoogland marked this pull request as ready for review September 26, 2024 15:46
FelipeM525
FelipeM525 approved these changes Sep 26, 2024
View reviewed changes
Copy link
Contributor

@FelipeM525 FelipeM525 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CLGTM!

@DaanHoogland DaanHoogland added this to the 4.20.1.0 milestone Sep 27, 2024
@DaanHoogland DaanHoogland changed the base branch from main to 4.20 January 29, 2025 14:19
@DaanHoogland DaanHoogland changed the base branch from 4.20 to main January 29, 2025 14:19
@DaanHoogland DaanHoogland modified the milestones: 4.20.1, 4.21.0 Jan 29, 2025
@apache apache deleted a comment from blueorangutan Feb 11, 2025
@apache apache deleted a comment from blueorangutan Feb 11, 2025
@apache apache deleted a comment from blueorangutan Feb 11, 2025
@apache apache deleted a comment from blueorangutan Feb 11, 2025
@apache apache deleted a comment from blueorangutan Feb 11, 2025
@apache apache deleted a comment from blueorangutan Feb 11, 2025
@apache apache deleted a comment from blueorangutan Feb 11, 2025
@apache apache deleted a comment from blueorangutan Feb 11, 2025
@blueorangutan
Copy link

blueorangutan commented Feb 11, 2025

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan
Copy link

blueorangutan commented Feb 11, 2025

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 12408

@DaanHoogland
Copy link
Contributor Author

DaanHoogland commented Feb 11, 2025

@blueorangutan test

@blueorangutan
Copy link

blueorangutan commented Feb 11, 2025

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

@blueorangutan
Copy link

blueorangutan commented Feb 12, 2025

[SF] Trillian test result (tid-12375)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 53233 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9733-t12375-kvm-ol8.zip
Smoke tests completed. 132 look OK, 2 have errors, 7 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File
test_11_isolated_network_with_dynamic_routed_mode Error 2.26 test_ipv4_routing.py
test_12_vpc_and_tier_with_dynamic_routed_mode Error 2.39 test_ipv4_routing.py
test_12_vpc_and_tier_with_dynamic_routed_mode Error 2.39 test_ipv4_routing.py
test_12_start_vm_multiple_volumes_allocated Error 14.89 test_vm_life_cycle.py
all_test_vpc_redundant Skipped --- test_vpc_redundant.py
all_test_vpc_router_nics Skipped --- test_vpc_router_nics.py
all_test_vpc_vpn Skipped --- test_vpc_vpn.py
all_test_webhook_delivery Skipped --- test_webhook_delivery.py
all_test_webhook_lifecycle Skipped --- test_webhook_lifecycle.py
all_test_host_maintenance Skipped --- test_host_maintenance.py
all_test_hostha_kvm Skipped --- test_hostha_kvm.py

@blueorangutan
Copy link

blueorangutan commented Feb 14, 2025

[SF] Trillian test result (tid-12389)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 55402 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9733-t12389-kvm-ol8.zip
Smoke tests completed. 139 look OK, 2 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File
test_11_isolated_network_with_dynamic_routed_mode Error 2.35 test_ipv4_routing.py
test_12_vpc_and_tier_with_dynamic_routed_mode Error 2.48 test_ipv4_routing.py
test_12_vpc_and_tier_with_dynamic_routed_mode Error 2.48 test_ipv4_routing.py
test_12_start_vm_multiple_volumes_allocated Error 17.13 test_vm_life_cycle.py

@sureshanaparti sureshanaparti moved this to In Progress in Apache CloudStack 4.21.0 Jun 5, 2025
@RosiKyu RosiKyu self-assigned this Jul 31, 2025
RosiKyu
RosiKyu suggested changes Aug 1, 2025
View reviewed changes
Copy link
Collaborator

@RosiKyu RosiKyu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The session key sanitization is partially working. Testing showed:

Issue: The regex replaceFirst("") removes sessionkey= entirely, creating malformed URLs:

  • Expected: ?command=listAccounts&sessionkey=&response=json
  • Actual: ?command=listAccounts&response=json&SessionKeyValue

Problems:

  1. Session key values are still exposed in logs (just moved position)
  2. URLs are malformed
image

@DaanHoogland DaanHoogland changed the base branch from main to 4.20 August 1, 2025 09:38
@DaanHoogland DaanHoogland changed the base branch from 4.20 to main August 1, 2025 09:38
@DaanHoogland
Copy link
Contributor Author

DaanHoogland commented Aug 1, 2025

@blueorangutan package

@blueorangutan
Copy link

blueorangutan commented Aug 1, 2025

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan
Copy link

blueorangutan commented Aug 1, 2025

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14505

RosiKyu
RosiKyu approved these changes Aug 4, 2025
View reviewed changes
Copy link
Collaborator

@RosiKyu RosiKyu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Session keys are being completely sanitized from access logs

image

@sureshanaparti sureshanaparti merged commit 9712b4d into apache:main Aug 4, 2025
26 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in Apache CloudStack 4.21.0 Aug 4, 2025
@DaanHoogland DaanHoogland deleted the accessLog branch August 4, 2025 15:16
dhslove pushed a commit to ablecloud-team/ablestack-cloud that referenced this pull request Aug 6, 2025
@DaanHoogland @dhslove
custom AccessLogger (apache#9733)
9bb7976 
* custom AccessLogger

Co-authored-by: Daan Hoogland <dahn@apache.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@FelipeM525 FelipeM525 FelipeM525 approved these changes

@RosiKyu RosiKyu RosiKyu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@RosiKyu RosiKyu

Labels

component:management-server

Projects

No open projects
Apache CloudStack 4.21.0
Status: Done

Milestone

4.21.0

Development

Successfully merging this pull request may close these issues.

Password in plaintext in management and access logs

5 participants

@DaanHoogland @blueorangutan @FelipeM525 @RosiKyu @sureshanaparti