Capture specific environment variables on write (#721)

* Capture specific environment variables on write * Make get_extra_audit_log_values more defensive * Linting --------- Co-authored-by: Michael Franklin <illusional@users.noreply.github.com>
populationgenomics · Apr 3, 2024 · 5574143 · 5574143
1 parent 5ae45a8
commit 5574143
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 0 deletions.
diff --git a/api/utils/db.py b/api/utils/db.py
@@ -1,3 +1,4 @@
+import json
 import logging
 from os import getenv
 
@@ -29,6 +30,19 @@ def get_ar_guid(request: Request) -> str | None:
     return request.headers.get('sm-ar-guid')
 
 
+def get_extra_audit_log_values(request: Request) -> dict | None:
+    """Get a JSON encoded dictionary from the 'sm-extra-values' header if it exists"""
+    headers = request.headers.get('sm-extra-values')
+    if not headers:
+        return None
+
+    try:
+        return json.loads(headers)
+    except json.JSONDecodeError:
+        logging.error(f'Could not parse sm-extra-values: {headers}')
+        return None
+
+
 def get_on_behalf_of(request: Request) -> str | None:
     """
     Get sm-on-behalf-of if there are requests that were performed on behalf of
@@ -69,12 +83,16 @@ async def dependable_get_write_project_connection(
     request: Request,
     author: str = Depends(authenticate),
     ar_guid: str = Depends(get_ar_guid),
+    extra_values: dict | None = Depends(get_extra_audit_log_values),
     on_behalf_of: str | None = Depends(get_on_behalf_of),
 ) -> Connection:
     """FastAPI handler for getting connection WITH project"""
     meta = {'path': request.url.path}
     if request.client:
         meta['ip'] = request.client.host
+    if extra_values:
+        meta.update(extra_values)
+
     return await ProjectPermissionsTable.get_project_connection(
         project_name=project,
         author=author,
@@ -89,27 +107,37 @@ async def dependable_get_readonly_project_connection(
     project: str,
     author: str = Depends(authenticate),
     ar_guid: str = Depends(get_ar_guid),
+    extra_values: dict | None = Depends(get_extra_audit_log_values),
 ) -> Connection:
     """FastAPI handler for getting connection WITH project"""
+    meta = {}
+    if extra_values:
+        meta.update(extra_values)
+
     return await ProjectPermissionsTable.get_project_connection(
         project_name=project,
         author=author,
         readonly=True,
         on_behalf_of=None,
         ar_guid=ar_guid,
+        meta=meta,
     )
 
 
 async def dependable_get_connection(
     request: Request,
     author: str = Depends(authenticate),
     ar_guid: str = Depends(get_ar_guid),
+    extra_values: dict | None = Depends(get_extra_audit_log_values),
 ):
     """FastAPI handler for getting connection withOUT project"""
     meta = {'path': request.url.path}
     if request.client:
         meta['ip'] = request.client.host
 
+    if extra_values:
+        meta.update(extra_values)
+
     return await SMConnections.get_connection_no_project(
         author, ar_guid=ar_guid, meta=meta
     )

diff --git a/openapi-templates/api_client.mustache b/openapi-templates/api_client.mustache
@@ -35,6 +35,21 @@ from {{packageName}}.model_utils import (
     validate_and_convert_types
 )
 
+def get_select_env_values():
+    env_values = {
+        'HAIL_ATTEMPT_ID': 'HAIL_ATTEMPT_ID',
+        'HAIL_BATCH_ID': 'HAIL_BATCH_ID',
+        'HAIL_JOB_ID': 'HAIL_JOB_ID',
+    }
+
+    as_map = {}
+    for env_key, dict_key in env_values.items():
+        value = os.getenv(env_key)
+        if value:
+            as_map[dict_key] = value
+
+    return as_map
+
 
 class ApiClient(object):
     """Generic API client for OpenAPI client library builds.
@@ -74,6 +89,10 @@ class ApiClient(object):
             self.default_headers['sm-ar-guid'] = ar_guid
         if header_name is not None:
             self.default_headers[header_name] = header_value
+        extra_values = get_select_env_values()
+        if extra_values:
+            self.default_headers['sm-extra-values'] = json.dumps(extra_values)
+
         self.cookie = cookie
         # Set default User-Agent.
         self.user_agent = '{{{httpUserAgent}}}{{^httpUserAgent}}OpenAPI-Generator/{{{packageVersion}}}/python{{/httpUserAgent}}'