api: Don't log common changes to API tokens.

The last_used_* attributes are updated very often.  Logging those
changes would probably make the logs less useful.

diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index fca57dce8f4d0eb3331c05d442e9fe0fa94f399a..38a90d5c136aade3a355e5eb91ea1a02b58b5083 100644 (file)
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -20,6 +20,9 @@ class ApiClientAuthorization < ArvadosModel
     t.add :scopes
   end
 
+  UNLOGGED_ATTRIBUTES = ['last_used_at', 'last_used_by_ip_address',
+                         'updated_at']
+
   def assign_random_api_token
     self.api_token ||= rand(2**256).to_s(36)
   end
@@ -71,4 +74,8 @@ class ApiClientAuthorization < ArvadosModel
      not self.user_id_changed? and
      not self.owner_uuid_changed?)
   end
+
+  def log_update
+    super unless (changed - UNLOGGED_ATTRIBUTES).empty?
+  end
 end

diff --git a/services/api/test/unit/log_test.rb b/services/api/test/unit/log_test.rb
index 0939c28f9c6e2e77baf75ccea2a39eb16ffb94a0..39b45a326f0bab86b796882e7576ca24ea92721b 100644 (file)
--- a/services/api/test/unit/log_test.rb
+++ b/services/api/test/unit/log_test.rb
@@ -184,4 +184,19 @@ class LogTest < ActiveSupport::TestCase
       end
     end
   end
+
+  test "don't log changes only to ApiClientAuthorization.last_used_*" do
+    set_user_from_auth :admin_trustedclient
+    auth = api_client_authorizations(:spectator)
+    start_log_count = get_logs_about(auth).size
+    auth.last_used_at = Time.now
+    auth.last_used_by_ip_address = '::1'
+    auth.save!
+    assert_equal(start_log_count, get_logs_about(auth).size,
+                 "log count changed after 'using' ApiClientAuthorization")
+    auth.created_by_ip_address = '::1'
+    auth.save!
+    assert_equal(start_log_count + 1, get_logs_about(auth).size,
+                 "no log after changed stable ApiClientAuthorization attribute")
+  end
 end