Skip to content

add filter for logging principal of incoming requests #3649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: 7.7.x
Choose a base branch
from
Open

add filter for logging principal of incoming requests #3649

wants to merge 6 commits into from

Conversation

djibodu
Copy link
Contributor

@djibodu djibodu commented Mar 28, 2025
edited
Loading

What

Add filter to locally log principal of user sending incoming request.
Example log: [2025-04-01 15:37:05,444] INFO [6c95ca51-f2ec-497b-ac48-d27eea303cdf] Resource association log - (Principal, schemaHash): (u-dummy, a236344d3b2bbe2cc09439868bfc7168) (io.confluent.kafka.schemaregistry.storage.KafkaSchemaRegistry:2646)

Checklist

  • Contains customer facing changes? Including API/behavior changes
  • Is this change gated behind feature flag(s)?
    • List the LD flags needed to be set to enable this change
  • Did you add sufficient unit test and/or integration test coverage for this PR?
    • If not, please explain why it is not required
  • Does this change require modifying existing system tests or adding new system tests?
    • If so, include tracking information for the system test changes

References

JIRA:

Test & Review

Open questions / Follow-ups

@djibodu djibodu requested a review from a team as a code owner March 28, 2025 20:29
@confluent-cla-assistant
Copy link

🎉 All Contributor License Agreements have been signed. Ready to merge.
Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.

@sonarqube-confluent

This comment has been minimized.

Sign in to view
@airlock-confluentinc airlock-confluentinc bot force-pushed the log-principal-sr-request branch 2 times, most recently from 457a732 to 13c77dc Compare April 1, 2025 14:15
@airlock-confluentinc airlock-confluentinc bot force-pushed the log-principal-sr-request branch from 13c77dc to b4d68a5 Compare April 1, 2025 14:17
@sonarqube-confluent

This comment has been minimized.

Sign in to view
@sonarqube-confluent

This comment has been minimized.

Sign in to view
1 similar comment
@sonarqube-confluent

This comment has been minimized.

Sign in to view
@sonarqube-confluent

This comment has been minimized.

Sign in to view
@sonarqube-confluent

This comment has been minimized.

Sign in to view
MSeal
MSeal reviewed Apr 2, 2025
View reviewed changes
Copy link

@MSeal MSeal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we put an example log message for this PR? I'd like to see what the message looks like to review for feedback as well if possible. Also that's a lot of SonarCube alerts in this repo, hoping you have a techdebt item to resolve or ignore that particular empty body rule for the repo?

core/src/main/java/io/confluent/kafka/schemaregistry/rest/SchemaRegistryRestApplication.java
@@ -59,6 +62,10 @@ public SchemaRegistryRestApplication(Properties props) throws RestConfigExceptio
@Override
protected void configurePreResourceHandling(ServletContextHandler context) {
super.configurePreResourceHandling(context);
PrincipalLoggingFilter principalLoggingFilter = new PrincipalLoggingFilter();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does this pull out the user_id field from the REQUEST types? I am not super familiar with this code base to know what this does implicitly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all requests that come into SR will pass through this request filter, which will set the principal user (unique identifier for the request sender) in a principalContext. this is needed because the logs are populated at the service level, not at the request level - so we keep it in a principalContext which can be read when the actual CRUD SR calls happen. I have also added a sample log to the PR description - let me know if you want it reformatted another way

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it, yeah I wasn't sure which id or reference the principalContext would use by default. This and the example log message clarify that, thanks!

@sonarqube-confluent
Copy link

Failed

  • 49.70% Coverage on New Code (is less than 80.00%)

Analysis Details

227 Issues

  • Bug 8 Bugs
  • Vulnerability 1 Vulnerability
  • Code Smell 218 Code Smells

Coverage and Duplications

  • Coverage 49.70% Coverage (73.40% Estimated after merge)
  • Duplications No duplication information (2.20% Estimated after merge)

Project ID: schema-registry

View in SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MSeal MSeal MSeal left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@djibodu @MSeal