CLDSRV-780: update ServerAccessLogger to follow json schema

Author: leif-scality

lib/api/bucketGet.js

@@ -292,10 +292,18 @@ function bucketGet(authInfo, request, log, callback) {
         log.addDefaultFields({
             action: 'ListObjectsV2',
         });
+        if (request.serverAccessLog) {
+            // eslint-disable-next-line no-param-reassign
+            request.serverAccessLog.analyticsAction = 'ListObjectsV2';
+        }
     } else if (params.versions !== undefined) {
         log.addDefaultFields({
             action: 'ListObjectVersions',
         });
+        if (request.serverAccessLog) {
+            // eslint-disable-next-line no-param-reassign
+            request.serverAccessLog.analyticsAction = 'ListObjectVersions';
+        }
     }
     log.debug('processing request', { method: 'bucketGet' });
     const encoding = params['encoding-type'];

lib/utilities/serverAccessLogger.js

@@ -182,74 +182,75 @@ function getRemoteIPFromRequest(request) {
 }
 
 function getOperation(req) {
+    // https://stackoverflow.com/questions/42707878/amazon-s3-logs-operation-definition
     const methodToResType = Object.freeze({
         'bucketDelete': 'BUCKET',
-        'bucketDeleteCors': 'BUCKET',
-        'bucketDeleteEncryption': 'BUCKET',
-        'bucketDeleteWebsite': 'BUCKET',
+        'bucketDeleteCors': 'CORS',
+        'bucketDeleteEncryption': 'ENCRYPTION',
+        'bucketDeleteWebsite': 'WEBSITE',
         'bucketGet': 'BUCKET',
-        'bucketGetACL': 'BUCKET',
-        'bucketGetCors': 'BUCKET',
-        'bucketGetObjectLock': 'BUCKET',
+        'bucketGetACL': 'ACL',
+        'bucketGetCors': 'CORS',
+        'bucketGetObjectLock': 'OBJECT',
         'bucketGetVersioning': 'VERSIONING',
-        'bucketGetWebsite': 'BUCKET',
-        'bucketGetLocation': 'BUCKET',
-        'bucketGetEncryption': 'BUCKET',
+        'bucketGetWebsite': 'WEBSITE',
+        'bucketGetLocation': 'LOCATION',
+        'bucketGetEncryption': 'ENCRYPTION',
         'bucketHead': 'BUCKET',
         'bucketPut': 'BUCKET',
-        'bucketPutACL': 'BUCKET',
-        'bucketPutCors': 'BUCKET',
+        'bucketPutACL': 'ACL',
+        'bucketPutCors': 'CORS',
         'bucketPutVersioning': 'VERSIONING',
-        'bucketPutTagging': 'BUCKET',
-        'bucketDeleteTagging': 'BUCKET',
-        'bucketGetTagging': 'BUCKET',
-        'bucketPutWebsite': 'BUCKET',
-        'bucketPutReplication': 'BUCKET',
-        'bucketGetReplication': 'BUCKET',
-        'bucketDeleteReplication': 'BUCKET',
-        'bucketDeleteQuota': 'BUCKET',
-        'bucketPutLifecycle': 'BUCKET',
-        'bucketUpdateQuota': 'BUCKET',
-        'bucketGetLifecycle': 'BUCKET',
-        'bucketDeleteLifecycle': 'BUCKET',
+        'bucketPutTagging': 'TAGGING',
+        'bucketDeleteTagging': 'TAGGING',
+        'bucketGetTagging': 'TAGGING',
+        'bucketPutWebsite': 'WEBSITE',
+        'bucketPutReplication': 'REPLICATION',
+        'bucketGetReplication': 'REPLICATION',
+        'bucketDeleteReplication': 'REPLICATION',
+        'bucketDeleteQuota': 'QUOTA',
+        'bucketPutLifecycle': 'LIFECYCLE',
+        'bucketUpdateQuota': 'QUOTA',
+        'bucketGetLifecycle': 'LIFECYCLE',
+        'bucketDeleteLifecycle': 'LIFECYCLE',
         'bucketPutPolicy': 'BUCKETPOLICY',
         'bucketGetPolicy': 'BUCKETPOLICY',
-        'bucketGetQuota': 'BUCKET',
+        'bucketGetQuota': 'QUOTA',
         'bucketDeletePolicy': 'BUCKETPOLICY',
-        'bucketPutObjectLock': 'BUCKET',
-        'bucketPutNotification': 'BUCKET',
-        'bucketGetNotification': 'BUCKET',
-        'bucketPutEncryption': 'BUCKET',
+        'bucketPutObjectLock': 'OBJECTLOCK',
+        'bucketPutNotification': 'NOTIFICATION',
+        'bucketGetNotification': 'NOTIFICATION',
+        'bucketPutEncryption': 'ENCRYPTION',
         'bucketPutLogging': 'LOGGING_STATUS',
         'bucketGetLogging': 'LOGGING_STATUS',
         // 'corsPreflight': '',
-        'completeMultipartUpload': 'OBJECT',
-        'initiateMultipartUpload': 'OBJECT',
-        'listMultipartUploads': 'OBJECT',
-        'listParts': 'OBJECT',
+        'completeMultipartUpload': 'UPLOAD',
+        'initiateMultipartUpload': 'UPLOAD',
+        'listMultipartUploads': 'UPLOADS',
+        'listParts': 'UPLOAD',
         'metadataSearch': 'OBJECT',
         'multiObjectDelete': 'OBJECT',
-        'multipartDelete': 'OBJECT',
+        'multipartDelete': 'UPLOAD',
         'objectDelete': 'OBJECT',
-        'objectDeleteTagging': 'OBJECT',
+        'objectDeleteTagging': 'TAGGING',
         'objectGet': 'OBJECT',
-        'objectGetACL': 'OBJECT',
-        'objectGetLegalHold': 'OBJECT',
-        'objectGetRetention': 'OBJECT',
-        'objectGetTagging': 'OBJECT',
-        'objectCopy': 'OBJECT',
+        'objectGetACL': 'ACL',
+        'objectGetLegalHold': 'LEGAL_HOLD',
+        'objectGetRetention': 'RETENTION',
+        'objectGetTagging': 'TAGGING',
+        'objectCopy': 'COPY',
         'objectHead': 'OBJECT',
         'objectPut': 'OBJECT',
-        'objectPutACL': 'OBJECT',
-        'objectPutLegalHold': 'OBJECT',
-        'objectPutTagging': 'OBJECT',
-        'objectPutPart': 'OBJECT',
-        'objectPutCopyPart': 'OBJECT',
-        'objectPutRetention': 'OBJECT',
+        'objectPutACL': 'ACL',
+        'objectPutLegalHold': 'LEGAL_HOLD',
+        'objectPutTagging': 'TAGGING',
+        'objectPutPart': 'PART',
+        'objectPutCopyPart': 'COPY',
+        'objectPutRetention': 'RETENTION',
         'objectRestore': 'OBJECT',
-        // 'serviceGet': '',
-        // 'websiteGet': '',
-        // 'websiteHead': '',
+        'serviceGet': 'SERVICE', // ListBuckets
+        'websiteGet': 'WEBSITE',
+        'websiteHead': 'WEBSITE',
     });
 
     return `REST.${req.method}.${methodToResType[req.apiMethod] ? methodToResType[req.apiMethod] : 'UNKNOWN'}`;
@@ -301,7 +302,7 @@ function getObjectSize(request, response) {
             return null;
         }
 
-        return len;
+        return Number(len);
     }
 
     if (request && objectSizePutMethods[request.apiMethod]) {
@@ -310,7 +311,7 @@ function getObjectSize(request, response) {
             return null;
         }
 
-        return len;
+        return Number(len);
     }
 
     return null;
@@ -387,58 +388,58 @@ function logServerAccess(req, res) {
         pid: process.pid,
 
         // Analytics
-        action: params.analyticsAction || null,
-        accountName: params.analyticsAccountName || null,
+        action: params.analyticsAction === undefined ? null : params.analyticsAction,
+        accountName: params.analyticsAccountName === undefined ? null : params.analyticsAccountName,
         accountDisplayName: authInfo ? authInfo.getAccountDisplayName() : null,
-        userName: params.analyticsUserName || null,
-        clientPort: req.socket.remotePort || null,
-        httpMethod: req.method || null,
-        bytesDeleted: params.analyticsBytesDeleted || params.analyticsBytesDeleted === 0 ? 0 : null,
-        bytesReceived: req.parsedContentLength || 0,
-        bodyLength: parseInt(req.headers['content-length'], 10) || 0,
-        contentLength: req.parsedContentLength || 0,
+        userName: params.analyticsUserName === undefined ? null : params.analyticsUserName,
+        clientPort: req.socket.remotePort === undefined ? null : req.socket.remotePort,
+        httpMethod: req.method === undefined ? null : req.method,
+        bytesDeleted: params.analyticsBytesDeleted === undefined ? null : params.analyticsBytesDeleted,
+        bytesReceived: req.parsedContentLength === undefined ? null : req.parsedContentLength,
+        bodyLength: req.headers['content-length'] === undefined ? null : parseInt(req.headers['content-length'], 10),
+        contentLength: req.parsedContentLength === undefined ? null : req.parsedContentLength,
         // eslint-disable-next-line camelcase
         elapsed_ms: calculateElapsedMS(params.startTime, params.onCloseEndTime),
-        httpURL: req.url || null,
+        httpURL: req.url === undefined ? null : req.url,
 
         // AWS access server logs fields https://docs.aws.amazon.com/AmazonS3/latest/userguide/LogFormat.html
         startTime: timestampToDateTime643(params.startTimeUnixMS), // AWS "Time" field
         requester: getRequester(authInfo),
         operation: getOperation(req),
         requestURI: getURI(req),
-        errorCode: errorCode || null,
+        errorCode: errorCode === undefined ? null : errorCode,
         objectSize: getObjectSize(req, res),
         totalTime: calculateTotalTime(params.startTime, params.onFinishEndTime),
         turnAroundTime: calculateTurnAroundTime(params.startTurnAroundTime, endTurnAroundTime),
-        referer: req.headers.referer || null,
-        userAgent: req.headers['user-agent'] || null,
-        versionID: req.query ? req.query.versionId || null : null,
+        referer: req.headers.referer === undefined ? null : req.headers.referer,
+        userAgent: req.headers['user-agent'] === undefined ? null : req.headers['user-agent'],
+        versionID: !req.query ? null : req.query.versionId === undefined ? null : req.query.versionId,
         signatureVersion: authInfo ? authInfo.getAuthVersion() : null,
         cipherSuite: req.socket.encrypted ? req.socket.getCipher()['standardName'] : null,
         authenticationType: authInfo ? authInfo.getAuthType() : null,
-        hostHeader: req.headers.host || null,
+        hostHeader: req.headers.host === undefined ? null : req.headers.host,
         tlsVersion: req.socket.encrypted ? req.socket.getCipher()['version'] : null,
         aclRequired: null,       // TODO: CLDSRV-774
         // hostID: null,         // NOT IMPLEMENTED
         // accessPointARN: null, // NOT IMPLEMENTED
 
         // Shared between AWS access server logs and Analytics logs
-        bucketOwner: params.bucketOwner || null,
-        bucketName: params.bucketName || null,  // AWS "Bucket" field
+        bucketOwner: params.bucketOwner === undefined ? null : params.bucketOwner,
+        bucketName: params.bucketName === undefined ? null : params.bucketName, // AWS "Bucket" field
         // eslint-disable-next-line camelcase
-        req_id: requestID || null,              // AWS "Request ID" field
+        req_id: requestID === undefined ? null : requestID, // AWS "Request ID" field
         bytesSent: getBytesSent(res, bytesSent),
         clientIP: getRemoteIPFromRequest(req),  // AWS 'Remote IP' field
-        httpCode: res.statusCode || null,       // AWS "HTTP Status" field
-        objectKey: params.objectKey || null,    // AWS "Key" field
+        httpCode: res.statusCode === undefined ? null : res.statusCode, // AWS "HTTP Status" field
+        objectKey: params.objectKey === undefined ? null : params.objectKey, // AWS "Key" field
 
         // Scality server access logs extra fields
         logFormatVersion: SERVER_ACCESS_LOG_FORMAT_VERSION,
         loggingEnabled: params.enabled,
         loggingTargetBucket: params.loggingEnabled ? params.loggingEnabled.TargetBucket : null,
         loggingTargetPrefix: params.loggingEnabled ? params.loggingEnabled.TargetPrefix : null,
         awsAccessKeyID: authInfo ? authInfo.getAccessKey() : null,
-        raftSessionID: params.raftSessionID || null,
+        raftSessionID: params.raftSessionID === undefined ? null : params.raftSessionID,
     })}\n`);
 }
 

schema/server_access_log.schema.json

@@ -149,8 +149,8 @@
             "type": ["string", "null"]
         },
         "bucketName": {
-            "description": "Represents the AWS server access log 'Bucket' field.",
-            "type": "string"
+            "description": "Represents the AWS server access log 'Bucket' field. Null for ListBuckets",
+            "type": ["string", "null"]
         },
         "req_id": {
             "description": "Represents the AWS server access log 'Request ID' field. Matches the req_id of the stdout logs.",

tests/unit/utils/serverAccessLogger.js

@@ -180,10 +180,10 @@ describe('serverAccessLogger utility functions', () => {
             assert.strictEqual(result, 'REST.GET.LOGGING_STATUS');
         });
 
-        it('should return REST.POST.OBJECT for completeMultipartUpload', () => {
+        it('should return REST.POST.UPLOAD for completeMultipartUpload', () => {
             const req = { method: 'POST', apiMethod: 'completeMultipartUpload' };
             const result = getOperation(req);
-            assert.strictEqual(result, 'REST.POST.OBJECT');
+            assert.strictEqual(result, 'REST.POST.UPLOAD');
         });
 
         it('should return REST.method.UNKNOWN for unknown apiMethod', () => {
@@ -328,7 +328,7 @@ describe('serverAccessLogger utility functions', () => {
                 getHeader: name => name === 'Content-Length' ? '12345' : null,
             };
             const result = getObjectSize(request, response);
-            assert.strictEqual(result, '12345');
+            assert.strictEqual(result, 12345);
         });
 
         it('should return Content-Length from request for objectPut', () => {
@@ -340,7 +340,7 @@ describe('serverAccessLogger utility functions', () => {
                 getHeader: () => null,
             };
             const result = getObjectSize(request, response);
-            assert.strictEqual(result, '54321');
+            assert.strictEqual(result, 54321);
         });
 
         it('should return Content-Length from request for objectPutPart', () => {
@@ -352,7 +352,7 @@ describe('serverAccessLogger utility functions', () => {
                 getHeader: () => null,
             };
             const result = getObjectSize(request, response);
-            assert.strictEqual(result, '67890');
+            assert.strictEqual(result, 67890);
         });
 
         it('should handle Content-Length of 0 for objectGet', () => {
@@ -361,7 +361,7 @@ describe('serverAccessLogger utility functions', () => {
                 getHeader: name => name === 'Content-Length' ? '0' : null,
             };
             const result = getObjectSize(request, response);
-            assert.strictEqual(result, '0');
+            assert.strictEqual(result, 0);
         });
 
         it('should handle Content-Length of number 0 for objectGet', () => {
@@ -382,7 +382,7 @@ describe('serverAccessLogger utility functions', () => {
                 getHeader: () => null,
             };
             const result = getObjectSize(request, response);
-            assert.strictEqual(result, '0');
+            assert.strictEqual(result, 0);
         });
 
         it('should handle Content-Length of number 0 for objectPut', () => {
@@ -821,7 +821,7 @@ describe('serverAccessLogger utility functions', () => {
             assert.strictEqual(loggedData.operation, 'REST.GET.OBJECT');
             assert.strictEqual(loggedData.requestURI, 'GET /test-bucket/test-key.txt HTTP/1.1');
             assert.strictEqual(loggedData.errorCode, null);
-            assert.strictEqual(loggedData.objectSize, '2048');
+            assert.strictEqual(loggedData.objectSize, 2048);
             assert.strictEqual(loggedData.totalTime, '9');
             assert.strictEqual(loggedData.turnAroundTime, '1');
             assert.strictEqual(loggedData.referer, 'https://example.com');
@@ -992,7 +992,7 @@ describe('serverAccessLogger utility functions', () => {
             assert.strictEqual(mockLogger.write.callCount, 1);
             const loggedData = JSON.parse(mockLogger.write.firstCall.args[0].trim());
             assert.strictEqual(loggedData.operation, 'REST.PUT.OBJECT');
-            assert.strictEqual(loggedData.objectSize, '5000');
+            assert.strictEqual(loggedData.objectSize, 5000);
             assert.strictEqual(loggedData.bytesReceived, 5000);
             assert.strictEqual(loggedData.totalTime, '2');
         });