X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/bb1d0c7499ad7c8d48c28a611c2d6a99c170265b..3596aff0954f405b06799814585d834502d0d76a:/services/api/config/initializers/lograge.rb

diff --git a/services/api/config/initializers/lograge.rb b/services/api/config/initializers/lograge.rb
index cc7150f03a..ef4e428bff 100644
--- a/services/api/config/initializers/lograge.rb
+++ b/services/api/config/initializers/lograge.rb
@@ -10,9 +10,33 @@ Server::Application.configure do
   config.lograge.custom_options = lambda do |event|
     payload = {
       request_id: event.payload[:request_id],
+      client_ipaddr: event.payload[:client_ipaddr],
+      client_auth: event.payload[:client_auth],
     }
     exceptions = %w(controller action format id)
     params = event.payload[:params].except(*exceptions)
+
+    # Omit secret_mounts field if supplied in create/update request
+    # body.
+    [
+      ['container', 'secret_mounts'],
+      ['container_request', 'secret_mounts'],
+    ].each do |resource, field|
+      if params[resource].is_a? Hash
+        params[resource] = params[resource].except(field)
+      end
+    end
+
+    # Redact new_user_token param in /arvados/v1/users/merge
+    # request. Log the auth UUID instead, if the token exists.
+    if params['new_user_token'].is_a? String
+      params['new_user_token_uuid'] =
+        ApiClientAuthorization.
+          where('api_token = ?', params['new_user_token']).
+          first.andand.uuid
+      params['new_user_token'] = '[...]'
+    end
+
     params_s = SafeJSON.dump(params)
     if params_s.length > Rails.configuration.max_request_log_params_size
       payload[:params_truncated] = params_s[0..Rails.configuration.max_request_log_params_size] + "[...]"