Authentication information in each log event
ctsung opened this issue · 2 comments
Current Implementation
Before processes like diagnosis key upload/download or callback registration begin, a client should be authenticated by EFGS. After the successful authentication, dnString and thumbprint of its certificate are logged. These two are important to the operations/security team as they can track the source countries with them. However, these two attributes are not included in the later logs, but can only be tracked with traceID.
Suggested Enhancement
MDC logger is not 'clear()'ed every time. If one API call, including authentication and the following actions, takes place with the same process (the same process ID) and it can be ensured that there are no other tasks done in parallel in that process, then I guess it's good to go.
Expected Benefits
It will reduce the efforts to track the source countries.
No cleaning MDC is clearly a bug. changing label
After a re-test, upload & download, wait until the batch job is finished as well as intentionally created error situations, every assignment of the dnString and thumbprint was fine. Together with Chun-Te we checked the logs, compared the thumbprints with the certs from the DB and found no discrepancies. For now, no additional clean call in the MDC (EfgsMdc) is necessary. Together we decided to close the issue.