From a0c67b860b3c5ff6f5fbb0e406dcbc3fd7aa9f88 Mon Sep 17 00:00:00 2001 From: Tobias Diaz Date: Tue, 23 Aug 2016 17:13:24 +0200 Subject: Only log application/json content type This is a combination of 2 commits. The first commit's message is: Prevent MemoryError when logging response bodies Response bodies are loaded into memory prior to being logged. Loading huge response bodies may result in a MemoryError. This patch proposes that only JSON and TEXT responses be logged, i.e when the Content-Type header is application/json or application/text. Responses that do not include or have a different Content-Type header will have their body omitted. This is a sort of backport of the fix for keystoneauth sessions, see I93b6fff73368c4f58bdebf8566c4948b50980cee Co-Authored-By: Samuel de Medeiros Queiroz Closes-bug: 1616105 Change-Id: I8f43eee3a0b35041c6cf672e476f8151cf2f8d14 (cherry-picked from: 3e56e0d7e5e1a76d806a3bc1f6d5ef9070f95771) Only log application/json in session to start When whitelisting content types to debug print from session we chose application/json and application/text. application/text is not a real mime type, text is typically text/plain. Rather than guess at mime types only print application/json to start with, but make it easy for additional types to be added later. Adapted from keystoneauth: Ica5fee076cdab8b1d5167161d28af7313fad9477 Related-Bug: 1616105 Change-Id: Ieaa8fb3ea8d25e09b89498f23b70b18c0f6153f1 (cherry-picked from: 51d16fa344829aadf454faf5e0c4535a8f96a7c8) --- keystoneclient/session.py | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'keystoneclient/session.py') diff --git a/keystoneclient/session.py b/keystoneclient/session.py index 43d04bd..5207952 100644 --- a/keystoneclient/session.py +++ b/keystoneclient/session.py @@ -37,6 +37,11 @@ osprofiler_web = importutils.try_import("osprofiler.web") USER_AGENT = 'python-keystoneclient' +# NOTE(jamielennox): Clients will likely want to print more than json. Please +# propose a patch if you have a content type you think is reasonable to print +# here and we'll add it to the list as required. +_LOG_CONTENT_TYPES = set(['application/json']) + _logger = logging.getLogger(__name__) @@ -221,7 +226,18 @@ class Session(object): if not logger.isEnabledFor(logging.DEBUG): return - text = _remove_service_catalog(response.text) + # NOTE(samueldmq): If the response does not provide enough info about + # the content type to decide whether it is useful and safe to log it + # or not, just do not log the body. Trying to# read the response body + # anyways may result on reading a long stream of bytes and getting an + # unexpected MemoryError. See bug 1616105 for further details. + content_type = response.headers.get('content-type', None) + if content_type in _LOG_CONTENT_TYPES: + text = _remove_service_catalog(response.text) + else: + text = ('Omitted, Content-Type is set to %s. Only ' + '%s responses have their bodies logged.') + text = text % (content_type, ', '.join(_LOG_CONTENT_TYPES)) string_parts = [ 'RESP:', @@ -229,9 +245,7 @@ class Session(object): ] for header in six.iteritems(response.headers): string_parts.append('%s: %s' % self._process_header(header)) - if text: - string_parts.append('\nRESP BODY: %s\n' % - strutils.mask_password(text)) + string_parts.append('\nRESP BODY: %s\n' % strutils.mask_password(text)) logger.debug(' '.join(string_parts)) -- cgit v1.2.1