X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/374a802e502d044973fd21ca68d2f6ab707bd770..70d97b98ddf977505069795ef08236fb439b18e1:/services/api/config/initializers/lograge.rb

diff --git a/services/api/config/initializers/lograge.rb b/services/api/config/initializers/lograge.rb
index 4b1aea9e70..9c0f766915 100644
--- a/services/api/config/initializers/lograge.rb
+++ b/services/api/config/initializers/lograge.rb
@@ -1,14 +1,64 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+require 'safe_json'
+
 Server::Application.configure do
   config.lograge.enabled = true
   config.lograge.formatter = Lograge::Formatters::Logstash.new
   config.lograge.custom_options = lambda do |event|
+    payload = {
+      ClusterID: Rails.configuration.ClusterID,
+      request_id: event.payload[:request_id],
+      client_ipaddr: event.payload[:client_ipaddr],
+      client_auth: event.payload[:client_auth],
+    }
+
+    # Lograge adds exceptions not being rescued to event.payload, but we're
+    # catching all errors on ApplicationController so we look for backtraces
+    # elsewhere.
+    if !Thread.current[:backtrace].nil?
+      payload.merge!(
+        {
+          exception: Thread.current[:exception],
+          exception_backtrace: Thread.current[:backtrace],
+        }
+      )
+      Thread.current[:exception] = nil
+      Thread.current[:backtrace] = nil
+    end
+
     exceptions = %w(controller action format id)
     params = event.payload[:params].except(*exceptions)
-    params_s = Oj.dump(params)
-    if params_s.length > Rails.configuration.max_request_log_params_size
-      { params_truncated: params_s[0..Rails.configuration.max_request_log_params_size] + "[...]" }
+
+    # Omit secret_mounts field if supplied in create/update request
+    # body.
+    [
+      ['container', 'secret_mounts'],
+      ['container_request', 'secret_mounts'],
+    ].each do |resource, field|
+      if params[resource].is_a? Hash
+        params[resource] = params[resource].except(field)
+      end
+    end
+
+    # Redact new_user_token param in /arvados/v1/users/merge
+    # request. Log the auth UUID instead, if the token exists.
+    if params['new_user_token'].is_a? String
+      params['new_user_token_uuid'] =
+        ApiClientAuthorization.
+          where('api_token = ?', params['new_user_token']).
+          first.andand.uuid
+      params['new_user_token'] = '[...]'
+    end
+
+    params_s = SafeJSON.dump(params)
+    if params_s.length > Rails.configuration.SystemLogs["MaxRequestLogParamsSize"]
+      payload[:params_truncated] = params_s[0..Rails.configuration.SystemLogs["MaxRequestLogParamsSize"]] + "[...]"
     else
-      { params: params }
+      payload[:params] = params
     end
+    payload
   end
 end