[openstack-dev] [Solum] Oslo Context and SecurityContext

Adrian Otto adrian.otto at rackspace.com
Mon Jan 27 22:53:56 UTC 2014


On Jan 27, 2014, at 2:39 PM, Paul Montgomery <paul.montgomery at RACKSPACE.COM>
 wrote:

> Solum community,
> 
> I created several different approaches for community consideration
> regarding Solum context, logging and data confidentiality.  Two of these
> approaches are documented here:
> 
> https://wiki.openstack.org/wiki/Solum/Logging
> 
> A) Plain Oslo Log/Config/Context is in the "Example of Oslo Log and Oslo
> Context" section.
> 
> B) A hybrid Oslo Log/Config/Context but SecurityContext inherits the
> RequestContext class and adds some confidentiality functions is in the
> "Example of Oslo Log and Oslo Context Combined with SecurityContext"
> section.
> 
> None of this code is production ready or tested by any means.  Please just
> examine the general architecture before I polish too much.
> 
> I hope that this is enough information for us to agree on a path A or B.
> I honestly am not tied to either path very tightly but it is time that we
> reach a final decision on this topic IMO.
> 
> Thoughts?

I have a strong preference for using the SecurityContext approach. The main reason for my preference is outlined in the Pro/Con sections of the Wiki page. With the "A" approach, leakage of confidential information mint happen with *any* future addition of a logging call, a discipline which may be forgotten, or overlooked during future code reviews. The "B" approach handles the classification of data not when logging, but when placing the data into the SecurityContext. This is much safer from a long term maintenance perspective.

Adrian


More information about the OpenStack-dev mailing list