Filtered the auth key in api.log

[Kuldip-Nanda]

Now attaching ProviderSdkLogger to api.log as we will like to filter out the auth_key before printing the log. Please see below, the snippet from the generated api.log file :

[----] I, [2020-09-30T12:35:29.786119 #2846:2731200]  INFO -- : MIQ(Api::ProvidersController.log_request) Parameters:   
  {"action"=>"update", "controller"=>"api/providers", "format"=>"json", "body"=>{"action"=>"verify_credentials", "resource"=>
{"authentications"=>{"default"=>{"auth_key"=>"FILTERED"}}, "uid_ems"=>"473f85b4-c4ba-4425-b495-d26c77365c91", 
"type"=>"ManageIQ::Providers::IbmCloud::PowerVirtualServers::CloudManager", "zone_id"=>"2"}}}

and here the the complete api.log
api.log

[agrare]

Oh this is the main api.log, I think we filter this already we might just need to add auth_key to the list of things to filter

I tried adding an AWS provider and notice it already has "password"=>"[FILTERED]"

[----] I, [2020-10-01T10:49:32.256020 #30126:b0fb8]  INFO -- : MIQ(Api::ProvidersController.log_request) Request:        {:method=>:post, :action=>"create", :fullpath=>"/api/providers", :url=>"http://localhost:3000/api/providers", :base=>"http://localhost:3000", :path=>"/api/providers", :prefix=>"/api", :version=>"4.3.0-pre", :api_prefix=>"http://localhost:3000/api", :collection=>"providers", :c_suffix=>nil, :collection_id=>nil, :subcollection=>nil, :subcollection_id=>nil}
[----] I, [2020-10-01T10:49:32.256314 #30126:b0fb8]  INFO -- : MIQ(Api::ProvidersController.log_request) Parameters:     {"action"=>"create", "controller"=>"api/providers", "format"=>"json", "body"=>{"name"=>"AWS EC2", "zone_id"=>"2", "provider_region"=>"us-east-1", "endpoints"=>[{"role"=>"default"}], "authentications"=>[{"authtype"=>"default", "userid"=>"AKIAJFZW23L2X766QINQ", "password"=>"[FILTERED]"}], "type"=>"ManageIQ::Providers::Amazon::CloudManager", "ddf"=>true}

[agrare]

@Kuldip-Nanda try adding :auth_key to https://github.com/ManageIQ/manageiq/blob/master/config/application.rb#L63 and see if that takes care of your issue

[chessbyte]

it already shows {"auth_key"=>"FILTERED"} in the OP

Or is the log in the OP after the changes in this PR?

[agrare]

it already shows {"auth_key"=>"FILTERED"} in the OP

I think he manually edited that, because otherwise it would have shown [FILTERED] with brackets. When I added an IBM Cloud provider I did see the key in clear text in the api.log

[Kuldip-Nanda]

it already shows {"auth_key"=>"FILTERED"} in the OP

I think he manually edited that, because otherwise it would have shown [FILTERED] with brackets. When I added an IBM Cloud provider I did see the key in clear text in the api.log

I did not make any changes in https://github.com/ManageIQ/manageiq/blob/master/config/application.rb#L63. The only changes I made were in lib/vmdb/loggers.rb and lib/vmdb/loggers/provider_sdk_logger.r.

I can add https://github.com/ManageIQ/manageiq/blob/master/config/application.rb#L63 and check if it will solve the issue.

[miq-bot]

Checked commit Kuldip-Nanda@5d8088b with ruby 2.6.3, rubocop 0.69.0, haml-lint 0.28.0, and yamllint
1 file checked, 0 offenses detected
Everything looks fine. 🍪

[Kuldip-Nanda]

I have rechecked and this is from the api.log snippet:
[----] I, [2020-10-02T15:36:17.527405 #84032:2577e14] INFO -- : MIQ(Api::ProvidersController.log_request) Parameters: {"action"=>"update", "controller"=>"api/providers", "format"=>"json", "body"=>{"action"=>"verify_credentials", "resource"=>{"authentications" =>{"default"=>{"auth_key"=>"[FILTERED]"}}, "uid_ems"=>"473f85b4-c4ba-4425-b495-d26c77365c91", "type"=>"ManageIQ::Providers::IbmCloud::PowerVirtualServers::CloudManager", "zone_id"=>"2"}}}