|
| 1 | +Policy Controls |
| 2 | +=============== |
| 3 | + |
| 4 | +Use policy controls when different endpoints need different logging, masking, |
| 5 | +persistence, or signal/export behavior. Policies are optional. When no policy |
| 6 | +is configured, DRF API Logger keeps its current defaults. |
| 7 | + |
| 8 | +Endpoint Skip |
| 9 | +------------- |
| 10 | + |
| 11 | +Skip noisy or sensitive endpoints before a log entry or signal export is |
| 12 | +produced: |
| 13 | + |
| 14 | +.. code-block:: python |
| 15 | +
|
| 16 | + DRF_API_LOGGER_POLICY = { |
| 17 | + "rules": [ |
| 18 | + { |
| 19 | + "url_name": "health_check", |
| 20 | + "log": False, |
| 21 | + "reason": "skip_health_check", |
| 22 | + }, |
| 23 | + ], |
| 24 | + } |
| 25 | +
|
| 26 | +When ``log`` is ``False``, the middleware still returns the normal API response |
| 27 | +but does not queue a database row and does not emit ``API_LOGGER_SIGNAL`` for |
| 28 | +that request. |
| 29 | + |
| 30 | +Payload Minimization |
| 31 | +-------------------- |
| 32 | + |
| 33 | +Keep request metadata while removing headers and bodies for sensitive routes: |
| 34 | + |
| 35 | +.. code-block:: python |
| 36 | +
|
| 37 | + DRF_API_LOGGER_POLICY = { |
| 38 | + "rules": [ |
| 39 | + { |
| 40 | + "route": "api/payments/", |
| 41 | + "headers": False, |
| 42 | + "request_body": False, |
| 43 | + "response_body": False, |
| 44 | + "reason": "payment_metadata_only", |
| 45 | + }, |
| 46 | + ], |
| 47 | + } |
| 48 | +
|
| 49 | +This preserves method, URL, status code, client IP, execution time, and |
| 50 | +timestamp while storing empty header/body/response fields. |
| 51 | + |
| 52 | +Endpoint-Specific Masking |
| 53 | +------------------------- |
| 54 | + |
| 55 | +Add extra mask keys for one endpoint without changing global settings: |
| 56 | + |
| 57 | +.. code-block:: python |
| 58 | +
|
| 59 | + DRF_API_LOGGER_POLICY = { |
| 60 | + "rules": [ |
| 61 | + { |
| 62 | + "url_name": "payment_create", |
| 63 | + "mask_keys": ["card_number", "payment_token"], |
| 64 | + "reason": "payment_masking", |
| 65 | + }, |
| 66 | + ], |
| 67 | + } |
| 68 | +
|
| 69 | +Policy mask keys are applied before database persistence and before signal |
| 70 | +emission. They do not mutate ``DRF_API_LOGGER_EXCLUDE_KEYS``. |
| 71 | + |
| 72 | +Signal And Export Gate |
| 73 | +---------------------- |
| 74 | + |
| 75 | +Signal listeners are commonly used as export hooks. Disable signal emission for |
| 76 | +events that should remain local to database logging: |
| 77 | + |
| 78 | +.. code-block:: python |
| 79 | +
|
| 80 | + DRF_API_LOGGER_POLICY = { |
| 81 | + "rules": [ |
| 82 | + { |
| 83 | + "namespace": "internal", |
| 84 | + "methods": ["POST"], |
| 85 | + "status_classes": ["2xx"], |
| 86 | + "signal": False, |
| 87 | + "reason": "do_not_export_internal_success", |
| 88 | + }, |
| 89 | + ], |
| 90 | + } |
| 91 | +
|
| 92 | +When ``signal`` is ``False``, ``API_LOGGER_SIGNAL.listen`` is not called for the |
| 93 | +matching request. |
| 94 | + |
| 95 | +Callable Policy |
| 96 | +--------------- |
| 97 | + |
| 98 | +Use a callable when declarative rules are not enough: |
| 99 | + |
| 100 | +.. code-block:: python |
| 101 | +
|
| 102 | + DRF_API_LOGGER_POLICY_FUNC = "myapp.logging.api_logger_policy" |
| 103 | +
|
| 104 | + def api_logger_policy(context): |
| 105 | + if context["url_name"] == "health_check": |
| 106 | + return {"log": False, "reason": "skip_health_check"} |
| 107 | + if context["status_class"] == "5xx": |
| 108 | + return {"signal": True, "reason": "export_errors"} |
| 109 | + return {"log": True} |
| 110 | +
|
| 111 | +The context includes ``path``, ``method``, ``status_code``, ``status_class``, |
| 112 | +``route``, ``url_name``, ``namespace``, ``app_name``, ``view_name``, |
| 113 | +``correlation``, and ``low_cardinality``. |
| 114 | + |
| 115 | +Safe Failure Behavior |
| 116 | +--------------------- |
| 117 | + |
| 118 | +If policy evaluation raises an exception, DRF API Logger fails closed for |
| 119 | +payloads: |
| 120 | + |
| 121 | +- Headers, request body, and response body are stripped. |
| 122 | +- The stored ``api`` value uses the request path instead of the full URL with |
| 123 | + query string. |
| 124 | +- Signal emission is disabled for that event. |
| 125 | +- Database logging may continue with safe metadata when database logging is |
| 126 | + enabled. |
| 127 | +- Exception text is not stored or emitted. |
| 128 | + |
| 129 | +Safety Rules |
| 130 | +------------ |
| 131 | + |
| 132 | +- Do not put secrets, credentials, cookies, tokens, direct user identities, or |
| 133 | + regulated identifiers in policy reasons. |
| 134 | +- Prefer ``url_name``, ``route``, ``namespace``, ``method``, ``status_code``, |
| 135 | + and ``status_class`` for deterministic matching. |
| 136 | +- Use ``mask_keys`` for endpoint-specific identifiers that should not be stored |
| 137 | + or exported. |
| 138 | +- Use ``signal: False`` when signal listeners export to external systems and a |
| 139 | + request should remain local. |
| 140 | +- Keep policy callables bounded; they run on the request path. |
0 commit comments