feat: added a flag for disabling the use of SecurityLogging service

docs/source/AdministratorGuide/Configuration/ConfReference/Systems/Framework/Services/SecurityLogging/index.rst

@@ -1,7 +1,8 @@
 Systems / Framework / <INSTANCE> / Service / SecurityLogging - Sub-subsection
 =============================================================================
 
-SecurityLogging service is used by all server to log all connections.
+SecurityLogging service can be used by all services to log all connections, for security-related purpose.
+It can be disabled globally via flag ``/Operations/<VO>/<Setup|Deaults>/EnableSecurityLogging, or per-service.
 
 +-----------------+------------------------------------------+---------------------------------+
 | **Name**        | **Description**                          | **Example**                     |

docs/source/AdministratorGuide/Configuration/ConfReference/Systems/Framework/Services/index.rst

@@ -28,6 +28,9 @@ presented in the following table:
 +---------------------------------------------------------------------------+--------------------------------+
 | *Authorization/Default*    | Define to who is required the authorization  | Default = all                  |
 +---------------------------------------------------------------------------+--------------------------------+
+| *EnableSecurityLogging*    | This flag is used to disable the use of      | EnableSecurityLogging = False  |
+|                            | the SecurityLogging service                  |                                |
++---------------------------------------------------------------------------+--------------------------------+
 | *EnableActivityMonitoring* | This flag is used to enable ES               | EnableActivityMonitoring = yes |
 |                            | based monitoring for agents and services     |                                |
 +----------------------------+----------------------------------------------+--------------------------------+

src/DIRAC/Core/DISET/private/Service.py

@@ -110,6 +110,9 @@ def initialize(self):
             "validNames": self._validNames,
             "csPaths": [PathFinder.getServiceSection(svcName) for svcName in self._validNames],
         }
+        self.securityLogging = Operations().getValue("EnableSecurityLogging", True) and getServiceOption(
+            self._serviceInfoDict, "EnableSecurityLogging", True
+        )
         # Initialize Monitoring
         # This is a flag used to check whether "EnableActivityMonitoring" is enabled or not from the config file.
         self.activityMonitoring = Operations().getValue("EnableActivityMonitoring", False) or getServiceOption(
@@ -512,16 +515,17 @@ def _authorizeProposal(self, actionTuple, trid, credDict):
             return S_ERROR("Client disconnected")
         sourceAddress = tr.getRemoteAddress()
         identity = self._createIdentityString(credDict)
-        Service.SVC_SECLOG_CLIENT.addMessage(
-            result["OK"],
-            sourceAddress[0],
-            sourceAddress[1],
-            identity,
-            self._cfg.getHostname(),
-            self._cfg.getPort(),
-            self._name,
-            "/".join(actionTuple),
-        )
+        if self.securityLogging:
+            Service.SVC_SECLOG_CLIENT.addMessage(
+                result["OK"],
+                sourceAddress[0],
+                sourceAddress[1],
+                identity,
+                self._cfg.getHostname(),
+                self._cfg.getPort(),
+                self._name,
+                "/".join(actionTuple),
+            )
         return result
 
     def _instantiateHandler(self, trid, proposalTuple=None):

src/DIRAC/FrameworkSystem/Service/SecurityLoggingHandler.py

@@ -1,4 +1,7 @@
 """ Handler for logging in security.log.csv files
+
+    This service is kept for installations that are not using ES-based logs management
+    (see https://dirac.readthedocs.io/en/latest/AdministratorGuide/ServerInstallations/centralizedLogging.html)
 """
 from __future__ import absolute_import
 from __future__ import division