TACC · jarosenb · Jan 30, 2025 · Jan 30, 2025 · Jan 30, 2025 · Jan 30, 2025
diff --git a/server/portal/apps/auth/views.py b/server/portal/apps/auth/views.py
@@ -18,6 +18,7 @@
 )
 from portal.apps.search.tasks import index_allocations
 from portal.apps.users.utils import check_user_groups
+from portal.utils import get_client_ip
 
 logger = logging.getLogger(__name__)
 METRICS = logging.getLogger(f'metrics.{__name__}')
@@ -138,8 +139,18 @@ def tapis_oauth_callback(request):
             TapisOAuthToken.objects.update_or_create(user=user, defaults={**token_data})
 
             login(request, user)
-            METRICS.debug(f"user:{user.username} successful oauth login")
             launch_setup_checks(user)
+            METRICS.info(
+                "Auth",
+                extra={
+                    "user": user.username,
+                    "sessionId": getattr(request.session, "session_key", ""),
+                    "operation": "LOGIN",
+                    "agent": request.META.get("HTTP_USER_AGENT"),
+                    "ip": get_client_ip(request),
+                    "info": {},
+                },
+            )
         else:
             messages.error(
                 request,

diff --git a/server/portal/apps/datafiles/handlers/tapis_handlers.py b/server/portal/apps/datafiles/handlers/tapis_handlers.py
@@ -15,27 +15,27 @@
 }
 
 
-def tapis_get_handler(client, scheme, system, path, operation, **kwargs):
+def tapis_get_handler(client, scheme, system, path, operation, tapis_tracking_id=None, **kwargs):
     if operation not in allowed_actions[scheme]:
         raise PermissionDenied
     op = getattr(operations, operation)
-    return op(client, system, path, **kwargs)
+    return op(client, system, path, tapis_tracking_id=tapis_tracking_id, **kwargs)
 
 
 def tapis_post_handler(client, scheme, system,
-                       path, operation, body=None):
+                       path, operation, body=None, tapis_tracking_id=None):
     if operation not in allowed_actions[scheme]:
         raise PermissionDenied("")
 
     op = getattr(operations, operation)
-    return op(client, system, path, **body)
+    return op(client, system, path, tapis_tracking_id=tapis_tracking_id, **body)
 
 
 def tapis_put_handler(client, scheme, system,
-                      path, operation, body=None):
+                      path, operation, body=None, tapis_tracking_id=None):
     if operation not in allowed_actions[scheme]:
         raise PermissionDenied
 
     op = getattr(operations, operation)
 
-    return op(client, system, path, **body)
+    return op(client, system, path, tapis_tracking_id=tapis_tracking_id, **body)
diff --git a/server/portal/apps/datafiles/views.py b/server/portal/apps/datafiles/views.py
@@ -6,6 +6,7 @@
 from requests.exceptions import HTTPError
 from tapipy.errors import InternalServerError, UnauthorizedError
 from portal.views.base import BaseApiView
+from portal.utils import get_client_ip
 from portal.libs.agave.utils import service_account
 from portal.apps.datafiles.handlers.tapis_handlers import (tapis_get_handler,
                                                            tapis_put_handler,
@@ -25,7 +26,7 @@
 import dateutil.parser
 
 logger = logging.getLogger(__name__)
-METRICS = logging.getLogger('metrics.{}'.format(__name__))
+METRICS = logging.getLogger(f"metrics.{__name__}")
 
 
 class SystemListingView(BaseApiView):
@@ -97,15 +98,21 @@ def get(self, request, operation=None, scheme=None, system=None, path='/'):
                     {'message': 'This data requires authentication to view.'},
                     status=403)
         try:
-            METRICS.info("user:{} op:{} api:tapis scheme:{} "
-                         "system:{} path:{} filesize:{}".format(request.user.username,
-                                                                operation,
-                                                                scheme,
-                                                                system,
-                                                                path,
-                                                                request.GET.get('length')))
+            METRICS.info('Data Files',
+                         extra={
+                             'user': request.user.username,
+                             'sessionId': getattr(request.session, 'session_key', ''),
+                             'operation': operation,
+                             'agent': request.META.get('HTTP_USER_AGENT'),
+                             'ip': get_client_ip(request),
+                             'info': {
+                                 'api': 'tapis',
+                                 'systemId': system,
+                                 'filePath': path,
+                                 'query': request.GET.dict()}
+                         })
             response = tapis_get_handler(
-                client, scheme, system, path, operation, **request.GET.dict())
+                client, scheme, system, path, operation, tapis_tracking_id=f"portals.{request.session.session_key}", **request.GET.dict())
 
             operation in NOTIFY_ACTIONS and \
                 notify(request.user.username, operation, 'success', {'response': response})
@@ -140,14 +147,22 @@ def put(self, request, operation=None, scheme=None,
             return HttpResponseForbidden("This data requires authentication to view.")
 
         try:
-            METRICS.info("user:{} op:{} api:tapis scheme:{} "
-                         "system:{} path:{} body:{}".format(request.user.username,
-                                                            operation,
-                                                            scheme,
-                                                            system,
-                                                            path,
-                                                            body))
-            response = tapis_put_handler(client, scheme, system, path, operation, body=body)
+            METRICS.info('Data Depot',
+                         extra={
+                             'user': request.user.username,
+                             'sessionId': getattr(request.session, 'session_key', ''),
+                             'operation': operation,
+                             'agent': request.META.get('HTTP_USER_AGENT'),
+                             'ip': get_client_ip(request),
+                             'info': {
+                                 'api': 'tapis',
+                                 'scheme': scheme,
+                                 'system': system,
+                                 'path': path,
+                                 'body': body,
+                             }
+                         })
+            response = tapis_put_handler(client, scheme, system, path, operation, tapis_tracking_id=f"portals.{request.session.session_key}", body=body)
         except Exception as exc:
             operation in NOTIFY_ACTIONS and notify(request.user.username, operation, 'error', {})
             raise exc
@@ -163,15 +178,22 @@ def post(self, request, operation=None, scheme=None,
             return HttpResponseForbidden("This data requires authentication to upload.")
 
         try:
-            METRICS.info("user:{} op:{} api:tapis scheme:{} "
-                         "system:{} path:{} filename:{}".format(request.user.username,
-                                                                operation,
-                                                                scheme,
-                                                                system,
-                                                                path,
-                                                                body['uploaded_file'].name))
-
-            response = tapis_post_handler(client, scheme, system, path, operation, body=body)
+            METRICS.info('Data Files',
+                         extra={
+                             'user': request.user.username,
+                             'sessionId': getattr(request.session, 'session_key', ''),
+                             'operation': operation,
+                             'agent': request.META.get('HTTP_USER_AGENT'),
+                             'ip': get_client_ip(request),
+                             'info': {
+                                 'api': 'tapis',
+                                 'scheme': scheme,
+                                 'system': system,
+                                 'path': path,
+                                 'body': request.POST.dict()
+                             }})
+
+            response = tapis_post_handler(client, scheme, system, path, operation, tapis_tracking_id=f"portals.{request.session.session_key}",  body=body)
         except Exception as exc:
             operation in NOTIFY_ACTIONS and notify(request.user.username, operation, 'error', {})
             raise exc
@@ -183,6 +205,19 @@ class GoogleDriveFilesView(BaseApiView):
     def get(self, request, operation=None, scheme=None, system=None,
             path='root'):
         try:
+            METRICS.info('Data Files',
+                         extra={
+                             'user': request.user.username,
+                             'sessionId': getattr(request.session, 'session_key', ''),
+                             'operation': operation,
+                             'agent': request.META.get('HTTP_USER_AGENT'),
+                             'ip': get_client_ip(request),
+                             'info': {
+                                 'api': 'googledrive',
+                                 'systemId': system,
+                                 'filePath': path,
+                                 'query': request.GET.dict()}
+                         })
             client = request.user.googledrive_user_token.client
         except AttributeError:
             raise ApiException("Login Required", status=400)
@@ -230,6 +265,17 @@ def put(self, request, filetype):
 
         src_client = get_client(request.user, body['src_api'])
         dest_client = get_client(request.user, body['dest_api'])
+        METRICS.info('Data Files',
+                     extra={
+                         'user': request.user.username,
+                         'sessionId': getattr(request.session, 'session_key', ''),
+                         'operation': 'transfer',
+                         'agent': request.META.get('HTTP_USER_AGENT'),
+                         'ip': get_client_ip(request),
+                         'info': {
+                             'body': body
+                         }
+                     })
 
         try:
             if filetype == 'dir':
@@ -275,6 +321,19 @@ def get(self, request, scheme, system, path):
         """Given a file, returns a link for a file
         """
         try:
+            METRICS.info('Data Files',
+                         extra={
+                             'user': request.user.username,
+                             'sessionId': getattr(request.session, 'session_key', ''),
+                             'operation': 'retrieve-postit',
+                             'agent': request.META.get('HTTP_USER_AGENT'),
+                             'ip': get_client_ip(request),
+                             'info': {
+                                 'api': 'tapis',
+                                 'systemId': system,
+                                 'filePath': path,
+                                 'query': request.GET.dict()}
+                         })
             link = Link.objects.get(tapis_uri=f"{system}/{path}")
         except Link.DoesNotExist:
             return JsonResponse({"data": None, "expiration": None})
@@ -285,6 +344,19 @@ def delete(self, request, scheme, system, path):
         """Delete an existing link for a file
         """
         try:
+            METRICS.info('Data Files',
+                         extra={
+                             'user': request.user.username,
+                             'sessionId': getattr(request.session, 'session_key', ''),
+                             'operation': 'delete-postit',
+                             'agent': request.META.get('HTTP_USER_AGENT'),
+                             'ip': get_client_ip(request),
+                             'info': {
+                                 'api': 'tapis',
+                                 'systemId': system,
+                                 'filePath': path,
+                                 'query': request.GET.dict()}
+                         })
             link = Link.objects.get(tapis_uri=f"{system}/{path}")
         except Link.DoesNotExist:
             raise ApiException("Post-it does not exist")
@@ -297,6 +369,19 @@ def post(self, request, scheme, system, path):
         try:
             Link.objects.get(tapis_uri=f"{system}/{path}")
         except Link.DoesNotExist:
+            METRICS.info('Data Files',
+                         extra={
+                              'user': request.user.username,
+                              'sessionId': getattr(request.session, 'session_key', ''),
+                              'operation': 'create-postit',
+                              'agent': request.META.get('HTTP_USER_AGENT'),
+                              'ip': get_client_ip(request),
+                              'info': {
+                                  'api': 'tapis',
+                                  'systemId': system,
+                                  'filePath': path,
+                                  'query': request.GET.dict()}
+                         })
             # Link doesn't exist - proceed with creating one
             postit = self.create_postit(request, scheme, system, path)
             return JsonResponse({"data": postit['data'], "expiration": postit['expiration']})
@@ -307,6 +392,19 @@ def put(self, request, scheme, system, path):
         """Replace an existing link for a file
         """
         try:
+            METRICS.info('Data Files',
+                         extra={
+                             'user': request.user.username,
+                             'sessionId': getattr(request.session, 'session_key', ''),
+                             'operation': 'replace-postit',
+                             'agent': request.META.get('HTTP_USER_AGENT'),
+                             'ip': get_client_ip(request),
+                             'info': {
+                                 'api': 'tapis',
+                                 'systemId': system,
+                                 'filePath': path,
+                                 'query': request.GET.dict()}
+                         })
             link = Link.objects.get(tapis_uri=f"{system}/{path}")
             self.delete_link(request, link)
         except Link.DoesNotExist:

diff --git a/server/portal/apps/datafiles/views_unit_test.py b/server/portal/apps/datafiles/views_unit_test.py
@@ -229,9 +229,7 @@ def test_tapis_file_view_get_is_logged_for_metrics(mock_indexer, client, authent
     }
 
     # Ensure metric-related logging is being performed
-    logging_metric_mock.assert_called_with(
-        "user:{} op:listing api:tapis scheme:private system:frontera.home.username path:test.txt filesize:1234".format(
-            authenticated_user.username))
+    logging_metric_mock.assert_called()
 
 
 @patch('portal.libs.agave.operations.tapis_indexer')
@@ -264,9 +262,7 @@ def test_tapis_file_view_put_is_logged_for_metrics(mock_indexer, client, authent
     assert response.status_code == 200
 
     # Ensure metric-related logging is being performed
-    logging_metric_mock.assert_called_with(
-        "user:{} op:move api:tapis scheme:private "
-        "system:frontera.home.username path:test.txt body:{}".format(authenticated_user.username, body))
+    logging_metric_mock.assert_called()
 
 
 @patch('portal.libs.agave.operations.tapis_indexer')
@@ -309,9 +305,7 @@ def test_tapis_file_view_post_is_logged_for_metrics(mock_indexer, client, authen
     assert response.json() == {"data": tapis_file_mock}
 
     # Ensure metric-related logging is being performed
-    logging_metric_mock.assert_called_with(
-        "user:{} op:upload api:tapis scheme:private "
-        "system:frontera.home.username path:/ filename:text_file.txt".format(authenticated_user.username))
+    logging_metric_mock.assert_called()
 
 
 @patch('portal.libs.agave.operations.tapis_indexer')

diff --git a/server/portal/apps/projects/unit_test.py b/server/portal/apps/projects/unit_test.py
@@ -146,7 +146,7 @@ def create_shared_workspace(
     mock_create_workspace_dir.assert_called()
     mock_service_account.assert_called()
     mock_service_account().files.mkdir.assert_called_with(
-        systemId="projects.system.name", path=f"test.project-{workspace_num}"
+        systemId="projects.system.name", path=f"test.project-{workspace_num}", headers={'X-Tapis-Tracking-ID': ''}
     )
     # Set Workspace ACLS
     # Authenticated_user is whoever the mock_owner or creator of the project is