Add feature to log operation history of users to Horizon

Registered by Kenji Ishii on 2016-01-08

Summary
=======
To propose adding new feature regarding operation history of users to Horizon.

Motivation
========
In Horizon, a user can manage virtual resources. Usually many people do simultaneously.
When some problem occurred on OpenStack (E.g when some people operated same resources at same time),
an administrator want to know a user who operated, the time when the user operated and the things what the user did.
However at the moment, there is no method to know it.
Therefore even if administrators would like to find the user which did a particular operation (for example, request from a user), they can not do it.
This feature will make possible it.

In addition, by processing log information, this feature can provides audit information for an operator and operation history information for a tenant.
This feature brings about improvement of traceability in Horizon.

Description
=========
This feature is using with Django's middleware and this mechanism is based on python logging.

All operations on Horizon are logged to an external file (it mean, this log file differ from horizon.log).
 - E.g login to Horizon, show a overview, show a user list, create a instances and so on.

This log includes information below and a delimiter between attributes is a single space.
  <project name>
  <project id>
  <user name>
  <user id>
  <referer url>
  <request url>
  <message>
  <method>
  <http status>
  <parameters>

And this feature is configurable by the administrator.
 - Output method selectable(it mean, we can log only POST method, GET method or both of them.)
 - Particular word can be masked with this setting. (for example if you set a word 'password',
   value of key 'password' is masked '*******' in POST parameters)

There are no effects to existing function.

UX
===
It is log sample below(in the case of updating default quota by an admin).

2016-01-02 00:16:00,830 24869 INFO horizon.middleware.OperationLogMiddleware admin 8126797ee78b4d419fa970db03fd8c1f admin 0af655a2384d 4391bc78087b451ba0b6 /dashboard/admin/defaults/ /dashboard/admin/defaults/update_defaults [success: Default quotas updated.] POST 2 00 [["injected_file_content_bytes", "10240"], ["metadata_items", "128"], ["volumes", "10"], ["gigabytes", "1000"], ["snapshots", "1 0"], ["ram", "51200"], ["floating_ips", "10"], ["key_pairs", "100"], ["instances", "10"], ["security_group_rules", "20"], ["injecte d_files", "5"], ["cores", "20"], ["csrfmiddlewaretoken", "FlFEww47UtOI0prggPPMv5ZoF2rjsOvb"], ["injected_file_path_bytes", "255"], ["security_groups", "10"]]

Testing
======
Login to Horizon, and do some operate on it.
And then, all operation which are done above are logged to "operation.log".

Outside Dependencies
==================

N/A

Requirements Update Required
========================
N/A

Doc Impact
=========

This feature has some settings.

Blueprint information

Status:
Complete
Approver:
Rob Cresswell
Priority:
Low
Drafter:
Kenji Ishii
Direction:
Approved
Assignee:
Kenji Ishii
Definition:
Approved
Series goal:
Accepted for 10.0.0-newton
Implementation:
Implemented
Milestone target:
milestone icon newton-1
Started by
Kenji Ishii on 2016-01-27
Completed by
Kenji Ishii on 2016-06-08

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/operation-history-log,n,z

Addressed by: https://review.openstack.org/272935
    Add feature to log an operation of users to Horizon

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.