Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
StorageClient shouldn't log request\response by default
See original GitHub issueWhich service(blob, file, queue) does this issue concern?
Common code
Which version of the SDK was used? Please provide the output of pip freeze.
Latest
What problem was encountered?
storageclient logs request\response data, including secrets, with INFO logger setting. There are 2 problems with this:
- Possible secrets leak
- Unnecessary items in the logs, distracts users from the important part of the logs.
This information is not logged with INFO level with other Azure Python SDKs
Have you found a mitigation/solution?
Note: for table service, please post the issue here instead: https://github.com/Azure/azure-cosmosdb-python.
Issue Analytics
- State:
- Created 5 years ago
- Comments:13 (6 by maintainers)
Top Results From Across the Web
Class StorageClient (4.1.0) | .NET client library | Google Cloud
Synchronously creates a StorageClient using application default credentials. For any non-default values, please use StorageClientBuilder.
Read more >Use Python Google Storage Client without credentials
The default for a storage client with no parameters is to use environment credentials (e.g. authenticate with the gcloud tools first).
Read more >Monitor and troubleshoot Azure Storage (classic logs & metrics)
This guide shows you how to use features such as Azure Storage Analytics, client-side logging in the Azure Storage Client Library, and other ......
Read more >Storage Client — google-cloud 0.20.0 documentation
Parameters: project (string) – the project which the client acts on behalf of. Will be passed when creating a topic. If not passed,...
Read more >Getting to Know Google Cloud Audit Logs - Splunk
Google turns data access logs off by default, allowing customers to ... inside Google Cloud, exporting a key shouldn't be necessary.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hi @zezha-msft,
I think by “default” I meant configure the root logger at INFO… Sorry for weird phrasing from my side.
I would follow Python recommendations.
To me, REST call data is definitely detailed information… INFO is suitable for long-running calls, just to confirm that it’s expected for this call to take a long time to avoid user impression that script is hanged.
Second reason is it would be great to follow the same approach for all Azure Pythin SDKs and it looks like https://github.com/azure/azure-sdk-for-python/ don’t use INFO log information at all (except some packaging scripts).
To your point with REST logs and “Strings to sign”… One option is to use separate loggers (like
azure.storage.restapi) for these events, that way if user needs just REST calls, he can enable it explicitly.I really appreciate detailed explanation from your side!
Thank you for the clarification with
Authorization! I didn’t dig into the code to figure out where it comes from, but seeingShared keynext to base64 string definitely looks suspicious 😃This is CLEARLY the wrong behavior. Nothing else from azure spams my logs like this. No one cares if this is consistent “storage api” behavior, it’s not consistent azure client behavior. No one outside microsoft cares about your internal organizations.
Turn off all logging by default, just like all the other azure APIs do. Then let people enable it if they want to see it.