dependency-track
dependency-track copied to clipboard
DependencyTrack
add project name and group to bomupload logs
Description
Currently there is no logs printed to display which group is creating the new project when uploading a bom using curl.
This change finds the group associated with the api-key and prints it in the logs along with the project name.
Addressed Issue
closes #3642
Checklist
- [x] I have read and understand the contributing guidelines
- [ ] This PR fixes a defect, and I have provided tests to verify that the fix is effective
- [x] This PR implements an enhancement, and I have provided tests to verify that it works as intended
- [ ] This PR introduces changes to the database model, and I have added corresponding update logic
- [ ] This PR introduces new or alters existing behavior, and I have updated the documentation accordingly
Coverage summary from Codacy
See diff coverage on Codacy
| Coverage variation | Diff coverage |
|---|---|
| :white_check_mark: +1.09% (target: -1.00%) | :x: 0.00% (target: 70.00%) |
Coverage variation details
| Coverable lines | Covered lines | Coverage | |
|---|---|---|---|
| Common ancestor commit (fd82e584258149b412dc5f0f2fa0eb643234e8c2) | 22052 | 16503 | 74.84% |
| Head commit (0610497195399ece1e38a95cad92c8e3aead0d59) | 22060 (+8) | 16750 (+247) | 75.93% (+1.09%) |
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>
Diff coverage details
| Coverable lines | Covered lines | Diff coverage | |
|---|---|---|---|
| Pull request (#3690) | 2 | 0 | 0.00% |
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%
See your quality gate settings Change summary preferences
Codacy will stop sending the deprecated coverage status from June 5th, 2024. Learn more
![codacy-production[bot] avatar](https://avatars.githubusercontent.com/in/56611?v=4 "Published by a pub.dev verified publisher"){kind=small}
I like this specific addition, but on a larger scale it might be better to setup a proper MDC so we can log the User or Team Principal for all log messages? (If the Alpine logging wrapper supports that or can be removed)
https://medium.com/javarevisited/mapped-diagnostic-context-mdc-6447b598736d
@valentijnscholten (If the Alpine logging wrapper supports that or can be removed)
It does, and I added the MDC context to the default logback config in v4.11. The new BOM processing task makes use of MDC already, and we're planning to adopt it in more areas:
https://github.com/DependencyTrack/dependency-track/blob/db58e69558845a53e3342c0e749d8abf5376e6ab/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java#L147-L153
For Alpine specifically, I recently added RequestIdFilter which adds a requestId field to the MDC.
We could do the same for AuthenticationFilter. That way, all logging statement past the authentication stage would include the principal's name automatically.
@nscuro I'd need to get permission to contribute to Alpine, so feel free to close this PR if thats the preferred approach