X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/289d2cf581b59632369087388f6163f3979c5e86..6e9fcde0422b33d081e2985975e3104eb2434957:/services/api/config/initializers/lograge.rb

diff --git a/services/api/config/initializers/lograge.rb b/services/api/config/initializers/lograge.rb
index cc7150f03a..07dba3aef4 100644
--- a/services/api/config/initializers/lograge.rb
+++ b/services/api/config/initializers/lograge.rb
@@ -10,12 +10,36 @@ Server::Application.configure do
   config.lograge.custom_options = lambda do |event|
     payload = {
       request_id: event.payload[:request_id],
+      client_ipaddr: event.payload[:client_ipaddr],
+      client_auth: event.payload[:client_auth],
     }
     exceptions = %w(controller action format id)
     params = event.payload[:params].except(*exceptions)
+
+    # Omit secret_mounts field if supplied in create/update request
+    # body.
+    [
+      ['container', 'secret_mounts'],
+      ['container_request', 'secret_mounts'],
+    ].each do |resource, field|
+      if params[resource].is_a? Hash
+        params[resource] = params[resource].except(field)
+      end
+    end
+
+    # Redact new_user_token param in /arvados/v1/users/merge
+    # request. Log the auth UUID instead, if the token exists.
+    if params['new_user_token'].is_a? String
+      params['new_user_token_uuid'] =
+        ApiClientAuthorization.
+          where('api_token = ?', params['new_user_token']).
+          first.andand.uuid
+      params['new_user_token'] = '[...]'
+    end
+
     params_s = SafeJSON.dump(params)
-    if params_s.length > Rails.configuration.max_request_log_params_size
-      payload[:params_truncated] = params_s[0..Rails.configuration.max_request_log_params_size] + "[...]"
+    if params_s.length > Rails.configuration.SystemLogs["MaxRequestLogParamsSize"]
+      payload[:params_truncated] = params_s[0..Rails.configuration.SystemLogs["MaxRequestLogParamsSize"]] + "[...]"
     else
       payload[:params] = params
     end