feature: add support for log messages formatting #976
Conversation
ix5
added
server
|
This feature looks interesting, but I have a few thoughts:
|
|
Thanks for reviewing this.
Bye 👋 EDIT 25/12/2023 : Rebased and amended to take |
|
Hey ! Any chance to get this merged before next release ? 🙂 |
|
Left some review comments inline. Please also add a few tests, our coverage should increase, not decrease with time. I'm also partial to changing the default log format to include timestamps. That needs to be communicated, of course. As for this:
It's not necessarily about an attacker already having gained access to the config file, but rather an inexperienced admin changing the defaults (perhaps by including the user-submitted text verbatim in the logs) and thus opening themselves up to vulnerabilities. |
| @@ -118,6 +119,13 @@ log-file | |||
|
|
|||
| Default: (empty) | |||
|
|
|||
| log-format | |||
| Format string for console messages logged to file (see Python | |||
There was a problem hiding this comment.
- Please be more clear that
log-fileneeds to be enabled for this to work - Please list all available fields and what they do here
There was a problem hiding this comment.
- Please be more clear that
log-fileneeds to be enabled for this to work
I've added something.
- Please list all available fields and what they do here
There are way too many, I've opted for a proper link to upstream documentation.
The only code that is modified is the entry point, which isn't actually tested at all.
The default log format is not changed. This patch allows changing it.
I've added another note to the documentation to emphasize that setting this option is not harmless. Thanks, bye 👋 |
|
Hello @jelmer 👋
If I may, as commented, this patch does not change current behavior (to address "reasonable defaults") and is actually 2-line long (to address "minimal").
Having logs with proper timestamps is required by law in some countries to answer legal requests (to address "enough support") and I'd love to add a test case to ensure standard library works as expected, if Isso entrypoint were actually tested at all. Bye 🙏 |
|
I think that's an argument for improving the default log format rather than making the log format configurable. The change isn't minimal, because we now have |
|
Hello @jelmer
You will find the branch rebased and updated in order to change the default log format (changelog has been modified accordingly).
We don't necessarily have to : if an administrator replaces the (now default) log format by another somewhat broken, Python logging library will emit tracebacks (prefixed by Bye 👋 |
Hello @jelmer 👋 As I said, many other configuration options (as Bye 🙏 |
|
The fact that not everything is tested (although @ix5 has made massive strides improving overall test coverage) isn't a good reason for not adding tests for new features (and reducing our overall test coverage). It would be good to test that invalid log settings don't cause isso to crash, but another thing to test would simply be that the option actually works (i.e. that the log format is actually applied when setting the options). If you look at some of the other PRs open against isso, they all come with tests. |
I fully agree (see my previous message). If Isso entry point were actually tested, I would have extended it according to this "feature".
I guess such tests got their place in standard library (do they already exist ?). The option actually works, as it runs in production for me since 2023-11-08.
Indeed, they don't modify/target the entry point. |
|
The utility of this change is still nebulous to me. I'd be open to changing isso's default log format (to file, that is, gunicorn already differs anyway) to expose more fields or be better readable. IMO, we haven't made any promises to users regarding the format (stability) of logs so far so a change wouldn't hurt anyone. I hate to see the collective effort wasted on discussing this PR and really don't want to dissuade the author from contributing to this (or other) projects. He surely won't be too happy with the next paragraph and I can see why they'd feel upset. However, with the author repeatedly refusing to accept maintainer feedback regarding tests I don't see a path forward for this PR and am going to close this. If jelmer feels differently he may reopen. |
|
Hello @ix5 and thanks for taking a decision 🙏
This has been addressed above (TL; DR : legal issues regarding metadata ; In the end, is there a software out there writing logs lacking of a proper timestamp ?).
👍 I really wonder though how this would "dissuade" me from contributing to OSS. Projects usually approve my patches, not this one, and that's unfortunate (after 6 months, 2 rebases/reworks + 20 messages). But you are the maintainers so you decide.
... even accepting that entry point and If some users/administrators happen to get to the bottom of this endless discussion, I'll be maintaining the patch here, while Isso does not support this feature (as I am legally required to do so). Thanks, bye 👋 |
This change propagates the log format formerly only for werkzeug to all isso logs. Having date and time information as well as the loglevel should satisfy most users instead of the more complicated solution in isso-comments#976
Checklist
CHANGES.rstbecause this is a user-facing change or an important bugfixWhat changes does this Pull Request introduce?
Add ability to configure log messages format through configuration.
Why is this necessary?
%(asctime)scan be interesting to add to timestamp log messages.EDIT : also see #343