From c95ff658139df1e631766078240e965da22d19e8 Mon Sep 17 00:00:00 2001 From: Patrick Dowler Date: Fri, 9 Feb 2024 12:14:15 -0800 Subject: [PATCH] cadc-log: hard code cadc-log.properties config file --- cadc-log/README.md | 90 +++++----- cadc-log/build.gradle | 5 +- cadc-log/scripts/cadc-log-set | 91 ++++++++++ cadc-log/scripts/cadcLogSet | 159 ------------------ .../ca/nrc/cadc/log/LogControlServlet.java | 19 +-- 5 files changed, 146 insertions(+), 218 deletions(-) create mode 100755 cadc-log/scripts/cadc-log-set delete mode 100755 cadc-log/scripts/cadcLogSet diff --git a/cadc-log/README.md b/cadc-log/README.md index 53ffea5e..2c0fd32a 100644 --- a/cadc-log/README.md +++ b/cadc-log/README.md @@ -1,10 +1,49 @@ # cadc-log -The `cadc-log` library provides a single servlet to initialize logging using -the log4j framework. The idea is to include this servlet in the web.xml with -`load-on-startup` of 1 (first) and configure standard logging there. +The `cadc-log` library provides a single servlet to initialize logging using the log4j framework. -It is highly recommended that the default log level in web.xml be at `info` level. +## REST API +Services may include `servlet-mapping` so that HTTP GET and POST requests can +be sent to the log control endpoint. All services in OpenCADC use `/logControl` +for consistency but this is not required. Permission to access the log control +endpoint are configured with a `cadc-log.properties` file at runtime. + +## cadc-log.properties (optional) + +This file can be added to service config to grant perrmission to use the LogControlServlet at runtime. +```properties +user = {X509 distinguished name} +user = {X509 distinguished name} + +group = {IVOA GMS group identifier} +group = {IVOA GMS group identifier} +``` +Both the `user` and `group` properties are optional and support multiple values. The specified +users are granted permission to view (GET) and change (POST) log levels in the running service. + +## log control REST API + +This is a very simple explanation; TODO: document with OpenAI so it can be included in service API docs. + +view current log levels: `GET {base URL}/logControl` + +change current log levels to debug: `POST level=DEBUG {base URL}/logControl` + +change log levels back to info: `POST level=INFO {base URL}/logControl` + +change log to debug for a specific package (prefix): `POST level=DEBUG&package=ca.nrc.cadc.auth {base URL}/logControl` + +The `package` parameter can add new packages to the logging config that were not included by the service. These +packages become "tracked" and are subject to later log level changes that change the level for all packages. If +the caller does not want that package to be tracked, they can include `notrack=1` to prevent and retain manual +control. + +All changes to logging (level and tracked packages are lost if the service is restarted. + +## developer usage +Developers include this servlet in the web.xml with `load-on-startup` of 1 (first) +and configure standard logging there. It is highly recommended that the default log +level in web.xml be at `info` level. Example: ```xml @@ -18,51 +57,22 @@ Example: logLevelPackages - + ca.nrc.cadc.auth ca.nrc.cadc.net ca.nrc.cadc.vosi - ca.nrc.cadc.db - - - logAccessGroup - ivo://cadc.nrc.ca/gms?CADC - - - groupAuthorizer - ca.nrc.cadc.ac.client.GroupAuthorizer - - - - logControlProperties - example-logControl.properties - 1 + + + + logControl + /logControl + ``` The servlet will configure a default logging at `warn` level and the specified packages at `info` level. -The LogControlServlet supports GET and POST requests to view and change the current log levels and/or -configured packages. This requires permission using either of the optional init params in the example -above. The latter runtime configuration of permissions is preferred because then configuration ends -up in the config dir instead of hard coded inside the application (war file). - -## example-logControl.properties -This file allows granting permission to use the LogControlServlet at runtime. -```properties -user = {X509 distinguished name} -user = {X509 distinguished name} - -group = {IVOA GMS group identifier} -group = {IVOA GMS group identifier} -``` -Both the `user` and `group` properties are optional and support multiple values. The simplest example -used at CADC is: -```properties -group = ivo://cadc.nrc.ca/gms?CADC -``` -which allows members of the CADC staff group to view and change log levels. diff --git a/cadc-log/build.gradle b/cadc-log/build.gradle index 54533b69..b8e4b60a 100644 --- a/cadc-log/build.gradle +++ b/cadc-log/build.gradle @@ -14,7 +14,7 @@ sourceCompatibility = 1.8 group = 'org.opencadc' -version = '1.1.7' +version = '1.2.0' description = 'OpenCADC Logging Init server library' def git_url = 'https://github.com/opencadc/core' @@ -24,9 +24,6 @@ dependencies { compile 'org.opencadc:cadc-util:[1.6,2.0)' compile 'org.opencadc:cadc-gms:[1.0,2.0)' compile 'org.opencadc:cadc-cdp:[1.3,2.0)' - - testCompile 'junit:junit:4.13' - testCompile 'org.easymock:easymock:3.6' } apply from: '../opencadc.gradle' diff --git a/cadc-log/scripts/cadc-log-set b/cadc-log/scripts/cadc-log-set new file mode 100755 index 00000000..21dec41f --- /dev/null +++ b/cadc-log/scripts/cadc-log-set @@ -0,0 +1,91 @@ +#!/bin/bash + +## dynamically set the log level of a web service +CURL="curl -v --cert $HOME/.ssl/cadcproxy.pem" +#CURL="curl -n" + +function usage() { + echo "usage cadc-log-set --get " + echo " cadc-log-set --set [ [notrack]]" + echo "" + echo " --get : get current log config" + echo " --set : set log config" + echo " URL : URL to the LogControl resource (e.g. https://localhost/srv/logControl)" + echo " level : ERROR, WARN, INFO, DEBUG" + echo " package : (optional) package name (default: all currently configured packages get the specified level)" + echo " notrack : (optional) disable further tracking of this package" + echo "" + echo "Examples:" + echo "" + echo "1. increase log level of all configured packages to DEBUG:" + echo " cadcLogSet --set https://myServer/myApp/myLogControlServlet DEBUG" + echo "" + echo "2. increase log level of a specific package to DEBUG (adds it to list of configured packages):" + echo " cadcLogSet --set https://myServer/myApp/myLogControlServlet DEBUG my.package" + echo "" + echo "3. change log level of a specific package but not add it to list as in Example 1 and 2:" + echo " cadcLogSet --set https://myServer/myApp/myLogControlServlet INFO some.other.package notrack" + echo "" + echo "4. enable the Profiler class (recommend: notrack):" + echo " cadcLogSet --set https://myServer/myApp/myLogControlServlet INFO ca.nrc.cadc.profiler notrack" + echo "" + echo "5. disable the Profiler class (recommend: notrack):" + echo " cadcLogSet --set https://myServer/myApp/myLogControlServlet ERROR ca.nrc.cadc.profiler notrack" +} + +## command-line args +ACTION=$1 +URL=$2 +LEVEL=$3 +PKG=$4 +DNT=$5 + +if [ -z $ACTION ]; then + usage + exit 1 +fi + +if [ -z $URL ]; then + echo "error: missing URL" + usage + exit 1 +fi + +if [ $ACTION == "--get" ]; then + if [ ! -z $LEVEL ]; then + echo "error: extra arguments not usable by --get: $LEVEL $PKG" + usage + exit 1 + fi +elif [ $ACTION == "--set" ]; then + if [ -z $LEVEL ]; then + echo "error: missing level" + usage + exit 1 + fi + + CONTENT="level=$LEVEL" + + if [ ! -z $PKG ]; then + CONTENT="${CONTENT}&package=${PKG}" + if [ ! -z $DNT ]; then + if [ $DNT == "notrack" ]; then + CONTENT="${CONTENT}¬rack=1" + fi + fi + fi +else + usage + exit 1 +fi + + +## end: command-line args + +if [ $ACTION == "--get" ]; then + $CURL $URL + exit $? +elif [ $ACTION == "--set" ]; then + $CURL -d "${CONTENT}" $URL + exit $? +fi diff --git a/cadc-log/scripts/cadcLogSet b/cadc-log/scripts/cadcLogSet deleted file mode 100755 index 9405cc83..00000000 --- a/cadc-log/scripts/cadcLogSet +++ /dev/null @@ -1,159 +0,0 @@ -#!/bin/bash -# -#*********************************************************************** -#****************** CANADIAN ASTRONOMY DATA CENTRE ******************* -#************* CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************** -# -# (c) 2016. (c) 2016. -# Government of Canada Gouvernement du Canada -# National Research Council Conseil national de recherches -# Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6 -# All rights reserved Tous droits réservés -# -# NRC disclaims any warranties, Le CNRC dénie toute garantie -# expressed, implied, or énoncée, implicite ou légale, -# statutory, of any kind with de quelque nature que ce -# respect to the software, soit, concernant le logiciel, -# including without limitation y compris sans restriction -# any warranty of merchantability toute garantie de valeur -# or fitness for a particular marchande ou de pertinence -# purpose. NRC shall not be pour un usage particulier. -# liable in any event for any Le CNRC ne pourra en aucun cas -# damages, whether direct or être tenu responsable de tout -# indirect, special or general, dommage, direct ou indirect, -# consequential or incidental, particulier ou général, -# arising from the use of the accessoire ou fortuit, résultant -# software. Neither the name de l'utilisation du logiciel. Ni -# of the National Research le nom du Conseil National de -# Council of Canada nor the Recherches du Canada ni les noms -# names of its contributors may de ses participants ne peuvent -# be used to endorse or promote être utilisés pour approuver ou -# products derived from this promouvoir les produits dérivés -# software without specific prior de ce logiciel sans autorisation -# written permission. préalable et particulière -# par écrit. -# -# This file is part of the Ce fichier fait partie du projet -# OpenCADC project. OpenCADC. -# -# OpenCADC is free software: OpenCADC est un logiciel libre ; -# you can redistribute it and/or vous pouvez le redistribuer ou le -# modify it under the terms of modifier suivant les termes de -# the GNU Affero General Public la “GNU Affero General Public -# License as published by the License” telle que publiée -# Free Software Foundation, par la Free Software Foundation -# either version 3 of the : soit la version 3 de cette -# License, or (at your option) licence, soit (à votre gré) -# any later version. toute version ultérieure. -# -# OpenCADC is distributed in the OpenCADC est distribué -# hope that it will be useful, dans l’espoir qu’il vous -# but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE -# without even the implied GARANTIE : sans même la garantie -# warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ -# or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF -# PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence -# General Public License for Générale Publique GNU Affero -# more details. pour plus de détails. -# -# You should have received Vous devriez avoir reçu une -# a copy of the GNU Affero copie de la Licence Générale -# General Public License along Publique GNU Affero avec -# with OpenCADC. If not, see OpenCADC ; si ce n’est -# . pas le cas, consultez : -# . -# -# $Revision: 5 $ -# -#*********************************************************************** -# - -## dynamically set the log level of a web service - -CURL="curl --netrc" - -function usage() { - echo "usage cadcSetLog --get " - echo " cadcLogSet --set [ [notrack]]" - echo "" - echo " --get : get current log config" - echo " --set : set log config" - echo " URL : URL to the LogControl resource (e.g. http://localhost/srv/logControl)" - echo " level : ERROR, WARN, INFO, DEBUG" - echo " package : (optional) package name (default: all currently configured packages get the specified level)" - echo " notrack : (optional) disable further tracking of this package" - echo "" - echo "Examples:" - echo "" - echo "1. increase log level of all configured packages to DEBUG:" - echo " cadcLogSet --set http://myServer/myApp/myLogControlServlet DEBUG" - echo "" - echo "2. increase log level of a specific package to DEBUG (adds it to list of configured packages):" - echo " cadcLogSet --set http://myServer/myApp/myLogControlServlet DEBUG my.package" - echo "" - echo "3. change log level of a specific package but not add it to list as in Example 1 and 2:" - echo " cadcLogSet --set http://myServer/myApp/myLogControlServlet INFO some.other.package notrack" - echo "" - echo "4. enable the Profiler class (recommend: notrack):" - echo " cadcLogSet --set http://myServer/myApp/myLogControlServlet INFO ca.nrc.cadc.profiler notrack" - echo "" - echo "5. disable the Profiler class (recommend: notrack):" - echo " cadcLogSet --set http://myServer/myApp/myLogControlServlet ERROR ca.nrc.cadc.profiler notrack" -} - -## command-line args -ACTION=$1 -URL=$2 -LEVEL=$3 -PKG=$4 -DNT=$5 - -if [ -z $ACTION ]; then - usage - exit 1 -fi - -if [ -z $URL ]; then - echo "error: missing URL" - usage - exit 1 -fi - -if [ $ACTION == "--get" ]; then - if [ ! -z $LEVEL ]; then - echo "error: extra arguments not usable by --get: $LEVEL $PKG" - usage - exit 1 - fi -elif [ $ACTION == "--set" ]; then - if [ -z $LEVEL ]; then - echo "error: missing level" - usage - exit 1 - fi - - CONTENT="level=$LEVEL" - - if [ ! -z $PKG ]; then - CONTENT="${CONTENT}&package=${PKG}" - if [ ! -z $DNT ]; then - if [ $DNT == "notrack" ]; then - CONTENT="${CONTENT}¬rack=1" - fi - fi - fi -else - usage - exit 1 -fi - - -## end: command-line args - -if [ $ACTION == "--get" ]; then - $CURL $URL - exit $? -elif [ $ACTION == "--set" ]; then - $CURL -d "${CONTENT}" $URL - exit $? -fi diff --git a/cadc-log/src/main/java/ca/nrc/cadc/log/LogControlServlet.java b/cadc-log/src/main/java/ca/nrc/cadc/log/LogControlServlet.java index 950b6512..12dcf1d1 100644 --- a/cadc-log/src/main/java/ca/nrc/cadc/log/LogControlServlet.java +++ b/cadc-log/src/main/java/ca/nrc/cadc/log/LogControlServlet.java @@ -3,7 +3,7 @@ ******************* CANADIAN ASTRONOMY DATA CENTRE ******************* ************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************** * -* (c) 2022. (c) 2022. +* (c) 2024. (c) 2024. * Government of Canada Gouvernement du Canada * National Research Council Conseil national de recherches * Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6 @@ -162,10 +162,7 @@ public class LogControlServlet extends HttpServlet { private static final String LOG_LEVEL_PARAM = "logLevel"; private static final String PACKAGES_PARAM = "logLevelPackages"; - private static final String GROUP_PARAM = "logAccessGroup"; - private static final String GROUP_AUTHORIZER = "groupAuthorizer"; - - private static final String LOG_CONTROL_PROPERTIES = "logControlProperties"; + private static final String LOG_CONTROL_CONFIG = "cadc-log.properties"; static final String USER_DNS_PROPERTY = "user"; static final String GROUP_URIS_PROPERTY = "group"; static final String USERNAME_PROPERTY = "username"; @@ -236,13 +233,6 @@ public void init(final ServletConfig config) throws ServletException { } } - // get the access group and group authorizer - accessGroup = config.getInitParameter(GROUP_PARAM); - authorizerClassName = config.getInitParameter(GROUP_AUTHORIZER); - - // get the logControl properties file for this service if it exists - logControlProperties = config.getInitParameter(LOG_CONTROL_PROPERTIES); - // these are here to help detect problems with logging setup logger.warn("init complete"); logger.info("init: YOU SHOULD NEVER SEE THIS MESSAGE -- " + thisPkg + " should not be included in " + PACKAGES_PARAM); @@ -629,10 +619,9 @@ Set getAuthorizedGroupUris(MultiValuedProperties mvp) { */ private MultiValuedProperties getLogControlProperties() { - if (logControlProperties != null) { - PropertiesReader reader = new PropertiesReader(logControlProperties); + PropertiesReader reader = new PropertiesReader(LOG_CONTROL_CONFIG); + if (reader.canRead()) { return reader.getAllProperties(); - } // empty return new MultiValuedProperties();