Merge branch 'Ricky-N-feature/dataProxyAuditLog'

conf/defaults.ini

@@ -113,6 +113,12 @@ cookie_secure = false
 session_life_time = 86400
 gc_interval_time = 86400
 
+#################################### Data proxy ###########################
+[dataproxy]
+
+# This enables data proxy logging, default is false
+logging = false
+
 #################################### Analytics ###########################
 [analytics]
 # Server reporting, sends usage counters to stats.grafana.org every 24 hours.

conf/sample.ini

@@ -49,6 +49,9 @@
 # Log web requests
 ;router_logging = false
 
+# This enables query request audit logging, output at warn level, default is false
+;data_proxy_logging = false
+
 # the path relative working path
 ;static_root_path = public
 
@@ -104,6 +107,13 @@
 # Session life time, default is 86400
 ;session_life_time = 86400
 
+#################################### Data proxy ###########################
+[dataproxy]
+
+# This enables data proxy logging, default is false
+;logging = false
+
+
 #################################### Analytics ####################################
 [analytics]
 # Server reporting, sends usage counters to stats.grafana.org every 24 hours.

docs/sources/http_api/admin.md

@@ -143,6 +143,7 @@ with Grafana admin permission.
         "protocol":"http",
         "root_url":"%(protocol)s://%(domain)s:%(http_port)s/",
         "router_logging":"true",
+        "data_proxy_logging":"true",
         "static_root_path":"public"
       },
       "session":{

pkg/api/dataproxy.go

@@ -1,6 +1,8 @@
 package api
 
 import (
+	"bytes"
+	"io/ioutil"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
@@ -8,6 +10,7 @@ import (
 
 	"github.com/grafana/grafana/pkg/api/cloudwatch"
 	"github.com/grafana/grafana/pkg/bus"
+	"github.com/grafana/grafana/pkg/log"
 	"github.com/grafana/grafana/pkg/metrics"
 	"github.com/grafana/grafana/pkg/middleware"
 	m "github.com/grafana/grafana/pkg/models"
@@ -15,6 +18,10 @@ import (
 	"github.com/grafana/grafana/pkg/util"
 )
 
+var (
+	dataproxyLogger log.Logger = log.New("data-proxy-log")
+)
+
 func NewReverseProxy(ds *m.DataSource, proxyPath string, targetUrl *url.URL) *httputil.ReverseProxy {
 	director := func(req *http.Request) {
 		req.URL.Scheme = targetUrl.Scheme
@@ -121,6 +128,32 @@ func ProxyDataSourceRequest(c *middleware.Context) {
 		c.JsonApiErr(400, "Unable to load TLS certificate", err)
 		return
 	}
+
+	logProxyRequest(ds.Type, c)
 	proxy.ServeHTTP(c.Resp, c.Req.Request)
 	c.Resp.Header().Del("Set-Cookie")
 }
+
+func logProxyRequest(dataSourceType string, c *middleware.Context) {
+	if !setting.DataProxyLogging {
+		return
+	}
+
+	var body string
+	if c.Req.Request.Body != nil {
+		buffer, err := ioutil.ReadAll(c.Req.Request.Body)
+		if err == nil {
+			c.Req.Request.Body = ioutil.NopCloser(bytes.NewBuffer(buffer))
+			body = string(buffer)
+		}
+	}
+
+	dataproxyLogger.Info("Proxying incoming request",
+		"userid", c.UserId,
+		"orgid", c.OrgId,
+		"username", c.Login,
+		"datasource", dataSourceType,
+		"uri", c.Req.RequestURI,
+		"method", c.Req.Request.Method,
+		"body", body)
+}

pkg/setting/setting.go

@@ -66,6 +66,7 @@ var (
 	SshPort            int
 	CertFile, KeyFile  string
 	RouterLogging      bool
+	DataProxyLogging   bool
 	StaticRootPath     string
 	EnableGzip         bool
 	EnforceDomain      bool
@@ -491,6 +492,7 @@ func NewConfigContext(args *CommandLineArgs) error {
 	HttpAddr = server.Key("http_addr").MustString(DEFAULT_HTTP_ADDR)
 	HttpPort = server.Key("http_port").MustString("3000")
 	RouterLogging = server.Key("router_logging").MustBool(false)
+
 	EnableGzip = server.Key("enable_gzip").MustBool(false)
 	EnforceDomain = server.Key("enforce_domain").MustBool(false)
 	StaticRootPath = makeAbsolute(server.Key("static_root_path").String(), HomePath)
@@ -499,6 +501,10 @@ func NewConfigContext(args *CommandLineArgs) error {
 		return err
 	}
 
+	// read data proxy settings
+	dataproxy := Cfg.Section("dataproxy")
+	DataProxyLogging = dataproxy.Key("logging").MustBool(false)
+
 	// read security settings
 	security := Cfg.Section("security")
 	SecretKey = security.Key("secret_key").String()