Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Make health endpoints access logging configurable #1934

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 16 additions & 2 deletions cmd/daemon/serve.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,14 @@ func ServePublic(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args
for _, mw := range modifiers.mwf {
n.UseFunc(mw)
}
n.Use(reqlog.NewMiddlewareFromLogger(l, "public#"+c.SelfPublicURL(nil).String()))
publicLogger := reqlog.NewMiddlewareFromLogger(
l,
"public#"+c.SelfPublicURL(nil).String(),
)
if r.Config(ctx).DisablePublicHealthRequestLog() {
publicLogger.ExcludePaths(healthx.AliveCheckPath, healthx.ReadyCheckPath)
}
n.Use(publicLogger)
n.Use(sqa(ctx, cmd, r))
n.Use(r.PrometheusManager())

Expand Down Expand Up @@ -141,7 +148,14 @@ func ServeAdmin(r driver.Registry, wg *sync.WaitGroup, cmd *cobra.Command, args
for _, mw := range modifiers.mwf {
n.UseFunc(mw)
}
n.Use(reqlog.NewMiddlewareFromLogger(l, "admin#"+c.SelfPublicURL(nil).String()))
adminLogger := reqlog.NewMiddlewareFromLogger(
l,
"admin#"+c.SelfPublicURL(nil).String(),
)
if r.Config(ctx).DisableAdminHealthRequestLog() {
adminLogger.ExcludePaths(healthx.AliveCheckPath, healthx.ReadyCheckPath)
}
n.Use(adminLogger)
n.Use(sqa(ctx, cmd, r))
n.Use(r.PrometheusManager())

Expand Down
10 changes: 10 additions & 0 deletions driver/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ const (
ViperKeySecretsDefault = "secrets.default"
ViperKeySecretsCookie = "secrets.cookie"
ViperKeySecretsCipher = "secrets.cipher"
ViperKeyDisablePublicHealthRequestLog = "serve.public.request_log.disable_for_health"
ViperKeyPublicBaseURL = "serve.public.base_url"
ViperKeyPublicDomainAliases = "serve.public.domain_aliases"
ViperKeyPublicPort = "serve.public.port"
Expand All @@ -75,6 +76,7 @@ const (
ViperKeyPublicTLSKeyBase64 = "serve.public.tls.key.base64"
ViperKeyPublicTLSCertPath = "serve.public.tls.cert.path"
ViperKeyPublicTLSKeyPath = "serve.public.tls.key.path"
ViperKeyDisableAdminHealthRequestLog = "serve.admin.request_log.disable_for_health"
ViperKeyAdminBaseURL = "serve.admin.base_url"
ViperKeyAdminPort = "serve.admin.port"
ViperKeyAdminHost = "serve.admin.host"
Expand Down Expand Up @@ -697,6 +699,10 @@ func (p *Config) baseURL(keyURL, keyHost, keyPort string, defaultPort int) *url.
return p.guessBaseURL(keyHost, keyPort, defaultPort)
}

func (p *Config) DisablePublicHealthRequestLog() bool {
return p.p.Bool(ViperKeyDisablePublicHealthRequestLog)
}

type DomainAlias struct {
BasePath string `json:"base_path"`
Scheme string `json:"scheme"`
Expand Down Expand Up @@ -749,6 +755,10 @@ func (p *Config) SelfPublicURL(r *http.Request) *url.URL {
return primary
}

func (p *Config) DisableAdminHealthRequestLog() bool {
return p.p.Bool(ViperKeyDisableAdminHealthRequestLog)
}

func (p *Config) SelfAdminURL() *url.URL {
return p.baseURL(ViperKeyAdminBaseURL, ViperKeyAdminHost, ViperKeyAdminPort, 4434)
}
Expand Down
24 changes: 24 additions & 0 deletions embedx/config.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -1350,6 +1350,18 @@
"admin": {
"type": "object",
"properties": {
"request_log": {
"type": "object",
"properties": {
"disable_for_health": {
"title": "Disable health endpoints request logging",
"description": "Disable request logging for /health/alive and /health/ready endpoints",
"type": "boolean",
"default": false
}
},
"additionalProperties": false
},
"base_url": {
"title": "Admin Base URL",
"description": "The URL where the admin endpoint is exposed at.",
Expand Down Expand Up @@ -1388,6 +1400,18 @@
"public": {
"type": "object",
"properties": {
"request_log": {
"type": "object",
"properties": {
"disable_for_health": {
"title": "Disable health endpoints request logging",
"description": "Disable request logging for /health/alive and /health/ready endpoints",
"type": "boolean",
"default": false
}
},
"additionalProperties": false
},
"cors": {
"type": "object",
"additionalProperties": false,
Expand Down