Merge pull request ceph#61388 from AliMasarweh/wip-alimasa-bucket-logging-log-info

AliMasarweh · web-flow · commit b0350bf929b0 · 2025-01-21T17:45:08.000+02:00
RGW\logging: added missing fields

Reviewed-by: yuvalif&lt;ylifshit@redhat.com&gt;
diff --git a/src/rgw/rgw_asio_frontend.cc b/src/rgw/rgw_asio_frontend.cc
@@ -323,6 +323,16 @@ void handle_connection(boost::asio::io_context& context,
                                   rgw::io::add_conlen_controlling(
                                     &real_client))));
       RGWRestfulIO client(cct, &real_client_io);
+      // getting ssl_cipher and tls_version
+      if(is_ssl) {
+        ceph_assert(typeid(Stream) == typeid(boost::asio::ssl::stream<tcp::socket&>));
+        const SSL * native_handle = reinterpret_cast<const SSL *>(stream.native_handle());
+        const auto ssl_cipher = SSL_CIPHER_get_name(SSL_get_current_cipher(native_handle));
+        const auto tls_version = SSL_get_version(native_handle);
+        auto& client_env = client.get_env();
+        client_env.set("SSL_CIPHER", ssl_cipher);
+        client_env.set("TLS_VERSION", tls_version);
+      }
       optional_yield y = null_yield;
       if (cct->_conf->rgw_beast_enable_async) {
         y = optional_yield{yield};
diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc
@@ -1741,4 +1741,30 @@ std::string get_canonical_method(const DoutPrefixProvider *dpp, RGWOpType op_typ
 
   return info.method;
 }
+
+void get_aws_version_and_auth_type(const req_state* s, string& aws_version, string& auth_type)
+{
+  const char* http_auth = s->info.env->get("HTTP_AUTHORIZATION");
+  if (http_auth && http_auth[0]) {
+    auth_type = "AuthHeader";
+    /* Authorization in Header */
+    if (!strncmp(http_auth, AWS4_HMAC_SHA256_STR,
+                 strlen(AWS4_HMAC_SHA256_STR))) {
+      /* AWS v4 */
+      aws_version = "SigV4";
+    } else if (!strncmp(http_auth, "AWS ", 4)) {
+      /* AWS v2 */
+      aws_version = "SigV2";
+    }
+  } else {
+    auth_type = "QueryString";
+    if (s->info.args.get("x-amz-algorithm") == AWS4_HMAC_SHA256_STR) {
+      /* AWS v4 */
+      aws_version = "SigV4";
+    } else if (!s->info.args.get("AWSAccessKeyId").empty()) {
+      /* AWS v2 */
+      aws_version = "SigV2";
+    }
+  }
+}
 } // namespace rgw::auth::s3
diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h
@@ -746,6 +746,8 @@ get_v2_signature(CephContext*,
                  const AWSEngine::VersionAbstractor::string_to_sign_t& string_to_sign);
 
 std::string get_canonical_method(const DoutPrefixProvider *dpp, RGWOpType op_type, const req_info& info);
+
+void get_aws_version_and_auth_type(const req_state* s, string& aws_version, string& auth_type);
 } /* namespace s3 */
 } /* namespace auth */
 } /* namespace rgw */
diff --git a/src/rgw/rgw_bucket_logging.cc b/src/rgw/rgw_bucket_logging.cc
@@ -8,6 +8,7 @@
 #include "rgw_xml.h"
 #include "rgw_sal.h"
 #include "rgw_op.h"
+#include "rgw_auth_s3.h"
 
 #define dout_subsys ceph_subsys_rgw
 
@@ -481,13 +482,18 @@ int log_record(rgw::sal::Driver* driver,
     bucket_name = full_bucket_name(s->bucket);
   }
 
+  using namespace rgw::auth::s3;
+  string aws_version("-");
+  string auth_type("-");
+  rgw::auth::s3::get_aws_version_and_auth_type(s, aws_version, auth_type);
+
   switch (conf.logging_type) {
     case LoggingType::Standard:
-      record = fmt::format("{} {} [{:%d/%b/%Y:%H:%M:%S %z}] {} {} {} {} {} \"{} {}{}{} HTTP/1.1\" {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {}",
+      record = fmt::format("{} {} [{:%d/%b/%Y:%H:%M:%S %z}] {} {} {} {} {} \"{} {}{}{} HTTP/1.1\" {} {} {} {} {} {} {} \"{}\" {} {} {} {} {} {} {} {} {}",
         dash_if_empty(bucket_owner),
         dash_if_empty(bucket_name),
         t,
-        "-", // no requester IP
+        s->info.env->get("REMOTE_ADDR", "-"),
         dash_if_empty(user_or_account),
         dash_if_empty(s->req_id),
         op_name,
@@ -502,15 +508,15 @@ int log_record(rgw::sal::Driver* driver,
         dash_if_zero(size),
         "-", // no total time when logging record
         std::chrono::duration_cast<std::chrono::milliseconds>(s->time_elapsed()),
-        "-", // TODO: referer
-        "-", // TODO: user agent
+        s->info.env->get("HTTP_REFERER", "-"),
+        s->info.env->get("HTTP_USER_AGENT", "-"),
         dash_if_empty_or_null(obj, obj->get_instance()),
         s->info.x_meta_map.contains("x-amz-id-2") ? s->info.x_meta_map.at("x-amz-id-2") : "-",
-        "-", // TODO: Signature Version (SigV2 or SigV4)
-        "-", // TODO: SSL cipher. e.g. "ECDHE-RSA-AES128-GCM-SHA256"
-        "-", // TODO: Auth type. e.g. "AuthHeader"
+        aws_version,
+        s->info.env->get("SSL_CIPHER", "-"),
+        auth_type,
         dash_if_empty(fqdn),
-        "-", // TODO: TLS version. e.g. "TLSv1.2" or "TLSv1.3"
+        s->info.env->get("TLS_VERSION", "-"),
         "-", // no access point ARN
         (s->has_acl_header) ? "Yes" : "-");
       break;
