Merge pull request #67 from ing-bank/fix/clean-log

Fix/clean log
ing-bank · Apr 9, 2019 · 8209c98 · 8209c98
2 parents 8a2dfc0 + 2280247
commit 8209c98
Show file tree

Hide file tree

Showing 8 changed files with 45 additions and 21 deletions.
diff --git a/build.sbt b/build.sbt
@@ -70,6 +70,7 @@ fork := true
 // Some default options at runtime: the G1 garbage collector, and headless mode.
 javaOptions += "-XX:+UseG1GC"
 javaOptions += "-Djava.awt.headless=true"
+javaOptions += "-Dlogback.configurationFile=/etc/airlock/logback.xml"
 
 dockerExposedPorts := Seq(8080) // should match PROXY_PORT
 dockerCommands     += ExecCmd("ENV", "PROXY_HOST", "0.0.0.0")

diff --git a/src/it/resources/logback.xml b/src/it/resources/logback.xml
@@ -0,0 +1,13 @@
+<configuration debug="false">
+
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+    </encoder>
+  </appender>
+
+  <root level="OFF">
+    <appender-ref ref="STDOUT" />
+  </root>
+
+</configuration>
diff --git a/src/it/scala/com/ing/wbaa/testkit/AirlockFixtures.scala b/src/it/scala/com/ing/wbaa/testkit/AirlockFixtures.scala
@@ -34,7 +34,6 @@ trait AirlockFixtures extends S3SdkHelpers {
   /**
     * Fixture that creates a bucket for a test and deletes it after
     *
-    * @param sdk An Amazon S3 sdk object pointed to a running cluster
     * @param testCode Code that accepts the bucket name that was created
     * @return Assertion
     */
@@ -63,7 +62,6 @@ trait AirlockFixtures extends S3SdkHelpers {
     testCode(testBucket).andThen {
       case _ =>
       cleanBucket(s3Client, testBucket)
-      s3Client.deleteBucket(testBucket)
     }
   }
 

diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml
@@ -35,6 +35,7 @@
   <logger name="com.ing" level="DEBUG" />
   <logger name="org.apache.ranger" level="ERROR" />
   <logger name="org.apache.hadoop" level="ERROR" />
+  <logger name="akka.actor.ActorSystemImpl" level="ERROR" />
   <!-- To enable V2 debug on signature uncomment below section -->
   <!--<logger name="com.amazonaws.services.s3.internal" level="DEBUG" />-->
 

diff --git a/src/main/scala/com/ing/wbaa/airlock/proxy/api/ProxyService.scala b/src/main/scala/com/ing/wbaa/airlock/proxy/api/ProxyService.scala
@@ -52,19 +52,18 @@ trait ProxyService {
           extracts3Request { s3Request =>
             onComplete(areCredentialsActive(s3Request.credential)) {
               case Success(Some(userSTS: User)) =>
-                logger.debug(s"Credentials active for request, user retrieved: $userSTS")
+                logger.info("STS credentials active for request, user retrieved: {}", userSTS)
                 onComplete(processRequestForValidUser(httpRequest, s3Request, userSTS)) {
                   case Success(r) => r
                   case Failure(exception) =>
-                    logger.error(s"An error occurred while checking authentication", exception)
+                    logger.error("An error occurred while processing request for valid user", exception)
                     complete(StatusCodes.Forbidden -> AwsErrorCodes.response(StatusCodes.Forbidden))
                 }
               case Success(None) =>
-                val msg = s"Request not authenticated: $s3Request"
-                logger.warn(msg)
+                logger.warn("STS credentials not active: {}", s3Request)
                 complete(StatusCodes.Forbidden -> AwsErrorCodes.response(StatusCodes.Forbidden))
               case Failure(exception) =>
-                logger.error(s"An error occurred checking authentication with STS service", exception)
+                logger.error("An error occurred when checking credentials with STS service", exception)
                 complete(StatusCodes.InternalServerError -> AwsErrorCodes.response(StatusCodes.InternalServerError))
             }
           }
@@ -80,10 +79,10 @@ trait ProxyService {
       }
     }.map { permittedObjects =>
       if (permittedObjects.nonEmpty && permittedObjects.contains(false)) {
-        logger.debug("An error occurred, one of objects not allowed to be accessed")
+        logger.warn("Multidelete - one of objects not allowed to be accessed")
         complete(StatusCodes.Forbidden -> AwsErrorCodes.response(StatusCodes.Forbidden))
       } else {
-        logger.info(s"User (${userSTS.userName}) successfully authorized for request: $s3Request")
+        logger.info(s"User (${userSTS.userName}) successfully authorized for multidelete request: $s3Request")
         processAuthorizedRequest(httpRequest, s3Request, userSTS)
       }
     }
@@ -100,7 +99,7 @@ trait ProxyService {
 
   private def processRequestForValidUser(httpRequest: HttpRequest, s3Request: S3Request, userSTS: User)(implicit id: RequestId) = {
     if (isUserAuthenticated(httpRequest, userSTS.secretKey)) {
-      logger.debug(s"Request authenticated: $httpRequest")
+      logger.info("Request authenticated: {}", httpRequest)
       if (isUserAuthorizedForRequest(s3Request, userSTS)) {
         val rawQueryString = httpRequest.uri.rawQueryString.getOrElse("")
         val isMultideletePost =
@@ -120,7 +119,7 @@ trait ProxyService {
         Future.successful(complete(StatusCodes.Forbidden -> AwsErrorCodes.response(StatusCodes.Forbidden)))
       }
     } else {
-      logger.warn(s"Request not authenticated: $httpRequest")
+      logger.warn("Request not authenticated: {}", httpRequest)
       Future.successful(complete(StatusCodes.Forbidden -> AwsErrorCodes.response(StatusCodes.Forbidden)))
     }
   }

diff --git a/src/main/scala/com/ing/wbaa/airlock/proxy/api/directive/ProxyDirectives.scala b/src/main/scala/com/ing/wbaa/airlock/proxy/api/directive/ProxyDirectives.scala
@@ -30,7 +30,7 @@ object ProxyDirectives extends LazyLogging {
   private[this] def extractAuthorizationS3(httpHeader: HttpHeader): Option[AwsAccessKey] =
     if (httpHeader.is(AUTHORIZATION_HTTP_HEADER_NAME)) {
       val signerType = httpHeader.value().split(" ").headOption
-      logger.debug(s"Signertype used: $signerType")
+      logger.debug("Signertype used: {}", signerType)
 
       signerType match {
         case Some("AWS4-HMAC-SHA256") =>
@@ -50,18 +50,17 @@ object ProxyDirectives extends LazyLogging {
           accessKey.map(AwsAccessKey)
 
         case _ =>
-          logger.warn(s"The necessary information couldn't be extracted from the authorization header, " +
-            s"this could be caused by a signer type that we don't support yet...: $httpHeader")
+          logger.warn("The necessary information couldn't be extracted from the authorization header, " +
+            s"this could be caused by a signer type that we don't support yet...: {}", httpHeader)
           None
       }
     } else None
 
   val extracts3Request: Directive1[S3Request] =
     extractClientIP tflatMap { case Tuple1(clientIPAddress) =>
-      logger.debug(s"Extracted Client IP: " +
-        s"${clientIPAddress.toOption.map(_.getHostAddress).getOrElse("unknown")}")
+      logger.debug(s"Extracted Client IP: {}", clientIPAddress.toOption.map(_.getHostAddress).getOrElse("unknown"))
       extractHeaderIPs tflatMap { case Tuple1(headerIPs) =>
-        logger.debug(s"Extracted headers IPs: $headerIPs")
+        logger.debug(s"Extracted headers IPs : {}", headerIPs)
         extractRequest tflatMap { case Tuple1(httpRequest) =>
           optionalHeaderValueByName("x-amz-security-token") tflatMap {
             case Tuple1(optionalSessionToken) =>
@@ -102,7 +101,7 @@ object ProxyDirectives extends LazyLogging {
                   httpRequest.entity.contentType.mediaType
                 )
 
-                logger.debug(s"Extracted S3 Request: $s3Request")
+                logger.debug(s"Extracted S3 Request: {}", s3Request)
                 s3Request
               }
           }
@@ -169,7 +168,7 @@ object ProxyDirectives extends LazyLogging {
         case ipv4Regex(ip, _, port) =>
           RemoteAddress(InetAddress.getByName(ip), Option(port).map(_.toInt))
         case _ =>
-          logger.warn(s"Unable to parse IP address ${address}")
+          logger.warn("Unable to parse IP address {}", address)
           RemoteAddress.Unknown
       }
     } getOrElse RemoteAddress.Unknown

diff --git a/src/main/scala/com/ing/wbaa/airlock/proxy/handler/RequestHandlerS3.scala b/src/main/scala/com/ing/wbaa/airlock/proxy/handler/RequestHandlerS3.scala
@@ -53,10 +53,10 @@ trait RequestHandlerS3 extends RadosGatewayHandler with S3Client {
    * @return response from S3
    */
   protected[this] def fireRequestToS3(request: HttpRequest)(implicit id: RequestId): Future[HttpResponse] = {
-    logger.debug(s"Request to send to Ceph: $request")
+    logger.info(s"Request sent to Ceph: {}", request)
     Http()
       .singleRequest(request)
-      .andThen { case Success(r) => logger.debug(s"Received response from Ceph: ${r.status}") }
+      .andThen { case Success(r) => logger.info(s"Received response from Ceph: {}", r.status) }
       .map(r => r.withEntity(r.entity.withoutSizeLimit()))
   }
 }
diff --git a/src/test/resources/logback.xml b/src/test/resources/logback.xml
@@ -0,0 +1,13 @@
+<configuration debug="false">
+
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+    </encoder>
+  </appender>
+
+  <root level="OFF">
+    <appender-ref ref="STDOUT" />
+  </root>
+
+</configuration>