Rudimentary API request logging

Closes OSIDB-2514

apps/exploits/api.py

@@ -16,6 +16,7 @@
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
+from osidb.api_views import RudimentaryUserPathLoggingMixin
 from osidb.models import Flaw, PsModule
 
 from .constants import REPORT_EXPLOIT_SOURCES
@@ -31,7 +32,7 @@
 )
 
 
-class ExploitsCollect(APIView):
+class ExploitsCollect(RudimentaryUserPathLoggingMixin, APIView):
     """
     API endpoint for re-collecting exploit data.
 
@@ -63,7 +64,7 @@ def put(self, request):
         return Response({"result_cisa": result_cisa})
 
 
-class ExploitsStatus(APIView):
+class ExploitsStatus(RudimentaryUserPathLoggingMixin, APIView):
     """
     API endpoint for getting basic information about exploits in the database.
 
@@ -105,7 +106,7 @@ def get(self, request):
         )
 
 
-class ExploitsCVEMap(APIView):
+class ExploitsCVEMap(RudimentaryUserPathLoggingMixin, APIView):
     """
     API endpoint for getting simple exploits information mapped to impacted CVEs.
 
@@ -157,7 +158,7 @@ def get(self, request):
         )
 
 
-class ExploitsReportDate(APIView):
+class ExploitsReportDate(RudimentaryUserPathLoggingMixin, APIView):
     """
     API endpoint for getting date based report for Incident Response.
 
@@ -249,7 +250,7 @@ def get(self, request, date=None):
         return Response(result)
 
 
-class ExploitsReportPending(APIView):
+class ExploitsReportPending(RudimentaryUserPathLoggingMixin, APIView):
     """
     API endpoint for getting a report of pending actions for Incident Response.
 
@@ -299,7 +300,7 @@ def get(self, request):
         )
 
 
-class ExploitsReportExplanations(APIView):
+class ExploitsReportExplanations(RudimentaryUserPathLoggingMixin, APIView):
     """
     API endpoint for getting a report of all CVEs with exploit and their status
     for Incident Response.
@@ -348,7 +349,7 @@ def get(self, request):
         )
 
 
-class ExploitsReportData(ListAPIView):
+class ExploitsReportData(RudimentaryUserPathLoggingMixin, ListAPIView):
     """Export only the data required to generate the exploits report"""
 
     serializer_class = ExploitOnlyReportDataSerializer
@@ -363,7 +364,7 @@ class ExploitsReportData(ListAPIView):
     )
 
 
-class ExploitsFlawData(ListAPIView):
+class ExploitsFlawData(RudimentaryUserPathLoggingMixin, ListAPIView):
     """Flaw, affect, and tracker data for Exploits"""
 
     serializer_class = FlawReportDataSerializer
@@ -375,7 +376,7 @@ class ExploitsFlawData(ListAPIView):
     )
 
 
-class EPSSRelevant(ListAPIView):
+class EPSSRelevant(RudimentaryUserPathLoggingMixin, ListAPIView):
     """
     API endpoint for getting list of Red Hat relevant CVEs with their EPSS score.
     """
@@ -384,7 +385,7 @@ class EPSSRelevant(ListAPIView):
     queryset = EPSS.objects.exclude(flaw=None)
 
 
-class SupportedProducts(ListAPIView):
+class SupportedProducts(RudimentaryUserPathLoggingMixin, ListAPIView):
     """
     API endpoint for getting a list of all supported products.
     """

apps/trackers/api.py

@@ -4,14 +4,15 @@
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
+from osidb.api_views import RudimentaryUserPathLoggingMixin
 from osidb.mixins import ACLMixin
 from osidb.models import Affect, PsModule
 
 from .product_definition_handlers.base import ProductDefinitionRules
 from .serializer import FlawUUIDListSerializer, TrackerSuggestionSerializer
 
 
-class TrackerFileSuggestionView(APIView):
+class TrackerFileSuggestionView(RudimentaryUserPathLoggingMixin, APIView):
     @extend_schema(
         request=FlawUUIDListSerializer,
         description="Given a list of flaws, generates a list of suggested trackers to file.",

apps/workflows/api.py

@@ -12,7 +12,7 @@
 from rest_framework.viewsets import ModelViewSet
 
 from apps.taskman.service import JiraTaskmanQuerier
-from osidb.api_views import get_valid_http_methods
+from osidb.api_views import RudimentaryUserPathLoggingMixin, get_valid_http_methods
 
 from .exceptions import WorkflowsException
 from .helpers import get_flaw_or_404, str2bool
@@ -26,7 +26,7 @@
 logger = logging.getLogger(__name__)
 
 
-class index(APIView):
+class index(RudimentaryUserPathLoggingMixin, APIView):
     """index API endpoint"""
 
     def get(self, request, *args, **kwargs):
@@ -42,7 +42,7 @@ def get(self, request, *args, **kwargs):
 
 
 # TODO do we need this when Workflows is baked into OSIDB service ?
-class healthy(APIView):
+class healthy(RudimentaryUserPathLoggingMixin, APIView):
     """unauthenticated health check API endpoint"""
 
     permission_classes = [AllowAny]
@@ -55,7 +55,7 @@ def get(self, request, *args, **kwargs):
         return Response()
 
 
-class adjust(APIView):
+class adjust(RudimentaryUserPathLoggingMixin, APIView):
     """workflow adjustion API endpoint"""
 
     http_method_names = get_valid_http_methods(ModelViewSet)
@@ -81,7 +81,7 @@ def post(self, request, pk):
         )
 
 
-class promote(APIView):
+class promote(RudimentaryUserPathLoggingMixin, APIView):
     """workflow promote API endpoint"""
 
     http_method_names = get_valid_http_methods(ModelViewSet)
@@ -131,7 +131,7 @@ def post(self, request, flaw_id):
             return Response({"errors": str(e)}, status=status.HTTP_409_CONFLICT)
 
 
-class reject(APIView):
+class reject(RudimentaryUserPathLoggingMixin, APIView):
     """workflow reject API endpoint"""
 
     http_method_names = get_valid_http_methods(ModelViewSet)
@@ -188,7 +188,7 @@ def post(self, request, flaw_id):
             return Response({"errors": str(e)}, status=status.HTTP_409_CONFLICT)
 
 
-class classification(APIView):
+class classification(RudimentaryUserPathLoggingMixin, APIView):
     """workflow classification API endpoint"""
 
     @extend_schema(
@@ -237,7 +237,7 @@ def get(self, request, pk):
         return Response(response)
 
 
-class workflows(APIView):
+class workflows(RudimentaryUserPathLoggingMixin, APIView):
     """workflow info API endpoint"""
 
     def get(self, request, *args, **kwargs):

collectors/framework/api.py

@@ -8,12 +8,14 @@
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
+from osidb.api_views import RudimentaryUserPathLoggingMixin
+
 from .models import CollectorFramework
 
 logger = logging.getLogger(__name__)
 
 
-class index(APIView):
+class index(RudimentaryUserPathLoggingMixin, APIView):
     """index API endpoint"""
 
     @extend_schema(
@@ -38,7 +40,7 @@ def get(self, request, *args, **kwargs):
         )
 
 
-class healthy(APIView):
+class healthy(RudimentaryUserPathLoggingMixin, APIView):
     """unauthenticated collector health check API endpoint"""
 
     permission_classes = [AllowAny]
@@ -51,7 +53,7 @@ def get(self, request, *args, **kwargs):
         return Response()
 
 
-class status(APIView):
+class status(RudimentaryUserPathLoggingMixin, APIView):
     """collector status API endpoint"""
 
     @extend_schema(

config/settings.py

@@ -204,6 +204,7 @@
         },
         "celery": {"handlers": ["celery"], "level": "INFO", "propagate": True},
         "osidb": {"level": "WARNING", "handlers": ["console"], "propagate": False},
+        "api_req": {"level": "INFO", "handlers": ["console"], "propagate": False},
         "django_auth_ldap": {"level": "WARNING", "handlers": ["console"]},
         # app loggers
         **{

config/settings_prod.py

@@ -147,7 +147,7 @@
                     "backupCount": LOG_FILE_COUNT,
                 },
                 "console": {
-                    "level": "WARNING",
+                    "level": "INFO",
                     "class": "logging.handlers.RotatingFileHandler",
                     "formatter": "verbose",
                     "filename": "/var/log/prod-django.log",

docs/CHANGELOG.md

@@ -32,6 +32,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add major_incident_start_dt field (OSIDB-2728)
 - Add empty value to workflow_state (OSIDB-2881)
 - Generate Jira tracker "components" field (OSIDB-2988)
+- Rudimentary API request logging (OSIDB-2514)
 
 ### Changed
 - Make workflows API RESTful (OSIDB-1716)