edx_django_utils.logging.internal package#
Submodules#
edx_django_utils.logging.internal.filters module#
Django-based logging filters
- class edx_django_utils.logging.internal.filters.RemoteIpFilter(name='')#
Bases:
logging.Filter
A logging filter that adds the remote IP to the logging context
- filter(record)#
Determine if the specified record is to be logged.
Is the specified record to be logged? Returns 0 for no, nonzero for yes. If deemed appropriate, the record may be modified in-place.
- class edx_django_utils.logging.internal.filters.UserIdFilter(name='')#
Bases:
logging.Filter
A logging filter that adds userid to the logging context
- filter(record)#
Determine if the specified record is to be logged.
Is the specified record to be logged? Returns 0 for no, nonzero for yes. If deemed appropriate, the record may be modified in-place.
edx_django_utils.logging.internal.log_sensitive module#
Utilities for logging sensitive debug information such as authentication tokens.
Usage:
Generate keys using
log-sensitive gen-keys
Follow the instructions it prints out, and pay close attention to the warning at the end of the output
When logging sensitive information, use like so:
logger.info( "Received invalid auth token %s in Authorization header", encrypt_for_log(token, getattr(settings, 'YOUR_DEBUG_PUBLIC_KEY', None)) )
This will log a message like:
Received invalid auth token [encrypted: ZXI...fFo=|IYS...1KA==] in Authorization header
If you need to decrypt one of these messages, save the encrypted portion to file, retrieve the securely held private key, and run
log-sensitive decrypt --help
for instructions.
- edx_django_utils.logging.internal.log_sensitive.decrypt_log_message(encrypted_message, reader_private_key_b64)#
Decrypt a message using the private key that has been stored somewhere secure and not on the server.
- edx_django_utils.logging.internal.log_sensitive.encrypt_for_log(message, reader_public_key_b64)#
Encrypt a message so that it can be logged using the given public key, but only read by someone possessing the matching private key. The public key is provided in base64.
A separate keypair should be used for each recipient or purpose.
Returns a string <sender public key> “|” <ciphertext> wrapped in some framing text “[encrypted: …]”; the inner string can be decrypted with decrypt_log_message.
For ease of use, key may be None or empty; a warning message will be returned instead of data, encrypted or otherwise.
- edx_django_utils.logging.internal.log_sensitive.generate_reader_keys()#
Utility method for generating a public/private keypair for use with these logging functions.